Shulou(Shulou.com)06/03 Report--

This article is about how iOS uses script resignatures. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

Step 1: get the shelled ipa package

Download (macOS Mojave Doesn't Support) directly from iTunes 12.6.3 and previous versions. In this way, you can get the authentic ipa. You need to use Clutch, dumdecrypted and other tools to shell first, otherwise other people's encryption verification will not be able to install various assistants to download jailbreak ipa packages, export jailbreak phones, Xcode packaging, and so on.

Here I downloaded the prison-break version of Wechat's ipa package for demonstration.

Step 2: resign on the command line

1. Unzip the ipa and go to the directory where the .app is located, and type

Codesign-d-vv WeChat.app

View the signature information of the executable file:

You can see that the signature information is still owned by Tencent.

2. Enter:

Security find-identity-v-p codesigning

View a list of certificates local to Mac:

Make a note of the string in the double quotes (including double quotes) of the certificate you want to sign, which you will use later.

3. Confirm whether the ipa package has been shelled, and enter:

Cd WeChat.app otool-l WeChat | grep crypt

Will output:

If cryptid is 0, it has been shelled, and if it is 1, it is encrypted. There are two sets of data here because this is an executable file that supports two CPU schemas. You can enter file WeChat to view the schemas supported by the executable file:

4. Delete plug-in files that cannot be signed: PlugIns folder, Watch folder

5. Force resignature for each framework in the Frameworks folder in the .app folder: .framework for the certificate information to be signed in codesign-fs step 2

Be careful not to leave it out. Each framework should be resigned with its own certificate.

6. Change the name of your description file to embedded.mobileprovision, drag it into .app, and then change the Bundle identifier in the info.plist file in .app to our own BundleID.

7. Create a new entitlements.plist file in the .app directory and view the contents of the description file:

Security cms-D-I embedded.mobileprovision sets the

......

To the newly created entitlements.plist file

8. In the last step, sign the entire package, return to the directory where the app resides, and enter the certificate information recorded in step 2 of codesign-fs-- no-strict-- entitlements=entitlements.plist WeChat.app signed successfully!

9. Package: zip-ry WeiChat.ipa Payload

The above is through the command line step-by-step implementation of the application of re-signature.

Finally: play the script of automatic resignature

Now I'm going to write a script like this:

# ${SRCROOT} it is the TEMP_PATH= "${SRCROOT} / Temp" # resource folder where the project files are located. We create a new APP folder under the project directory ahead of time. Put the ipa package ASSETS_PATH= "${SRCROOT} / APP" # destination ipa package path TARGET_IPA_PATH= "${ASSETS_PATH} / * .ipa" # clear the Temp folder rm-rf "${SRCROOT} / Temp" mkdir-p "${SRCROOT} / Temp" #-- # 1. Decompress IPA to Temp unzip-oqq "$TARGET_IPA_PATH"-d "$TEMP_PATH" # the path to get the extracted temporary APP TEMP_APP_PATH=$ (set-"$TEMP_PATH/Payload/" * .app; echo "$1") # echo "path is: $TEMP_APP_PATH" #-# 2. Enter the extracted .app copy into the path of the APP package generated by the # BUILT_PRODUCTS_DIR project under the project # TARGET_NAME target name TARGET_APP_PATH= "$BUILT_PRODUCTS_DIR/$TARGET_NAME.app" echo "app path: $TARGET_APP_PATH" rm-rf "$TARGET_APP_PATH" mkdir-p "$TARGET_APP_PATH" cp-rf "$TEMP_APP_PATH/"$TARGET_APP_PATH" #- -# 3. Delete extension and WatchAPP. Personal certificate cannot be signed by Extentionrm-rf "$TARGET_APP_PATH/PlugIns" rm-rf "$TARGET_APP_PATH/Watch" #-# 4. Update the info.plist file CFBundleIdentifier# settings: "Set: KEY Value", "destination file path" / usr/libexec/PlistBuddy-c "Set: CFBundleIdentifier $PRODUCT_BUNDLE_IDENTIFIER", "$TARGET_APP_PATH/Info.plist" #-# 5. Give the execution permission on the MachO file # get the path of the MachO file APP_BINARY= `plutil-convert xml1-o-$TARGET_APP_PATH/Info.plist | grep-A1 Exec | tail-N1 | cut-f2-d\ > | cut-F1-d\ Build Phases-> New Run Script Phase:

Now, drop the ipa package you want to re-sign into the new folder Temp under the project directory, and Run it directly! Any app will run on your real machine! This is also the reverse preparatory work that we will talk about later.

Thank you for reading! This is the end of this article on "how to apply script re-signature in iOS". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, you can share it out for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.