Last active
April 16, 2023 02:29
A simple tool for resigning an iOS app ipa with a new certificate/mobileprovision
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
if [[ ! ( # any of the following are not true | |
# 1st arg is an existing regular file | |
-f "$1" && | |
# ...and it has a .ipa extension | |
"${1##*.}" == "ipa" && | |
# 2nd arg is an existing regular file | |
-f "$2" && | |
# ...and it has an .mobileprovision extension | |
"${2##*.}" == "mobileprovision" && | |
# 3rd arg is a non-empty string | |
-n "$3" | |
) ]]; | |
then | |
echo ' Usage: resign.sh Application.ipa foo/bar.mobileprovision "iPhone Distribution: I can haz code signed"' | |
exit; | |
fi | |
## Exit on use of an uninitialized variable | |
set -o nounset | |
## Exit if any statement returns a non-true return value (non-zero) | |
set -o errexit | |
## Announce commands | |
#set -o xtrace | |
realpath(){ | |
echo "$(cd "$(dirname "$1")"; echo -n "$(pwd)/$(basename "$1")")"; | |
} | |
TMP="$(mktemp -d -t ./resign)" | |
IPA="$(realpath $1)" | |
IPA_NEW="$(pwd)/$(basename $IPA .ipa).resigned.ipa" | |
PROVISION="$(realpath $2)" | |
CERTIFICATE="$3" | |
CLEANUP_TEMP=0 # Do not remove this line or "set -o nounset" will error on checks below | |
#CLEANUP_TEMP=1 # Uncomment this line if you want this script to clean up after itself | |
cd "$TMP" | |
[[ $CLEANUP_TEMP -ne 1 ]] && echo "Using temp dir: $TMP" | |
unzip -q "$IPA" | |
echo App has AppID $(/usr/libexec/PlistBuddy -c 'Print :CFBundleIdentifier' Payload/*.app/Info.plist) | |
security cms -D -i Payload/AtlantaJournal.app/embedded.mobileprovision > mobileprovision.plist | |
echo "Trying to resign with '$(/usr/libexec/PlistBuddy -c "Print :Name" mobileprovision.plist)', which supports '$(/usr/libexec/PlistBuddy -c "Print :Entitlements:application-identifier" mobileprovision.plist)'" | |
rm -rf Payload/*.app/_CodeSignature Payload/*.app/CodeResources | |
cp "$PROVISION" Payload/*.app/embedded.mobileprovision | |
/usr/bin/codesign -f -s "$CERTIFICATE" --resource-rules Payload/*.app/ResourceRules.plist Payload/*.app | |
zip -qr "$IPA_NEW" Payload | |
[[ $CLEANUP_TEMP -eq 1 ]] && rm -rf "$TMP" |
it does not work for me, so I made some changes and publish it here https://gist.github.com/renexu/5597853
Thanks Richard
I built an OS X version of an app re-signer called ReSignMe. I'm looking for people to test it as I feel that it doesn't cover every use case just yet. Anyone interested can clone the repo on GitHub.
Can i do it in windows or ubuntu ?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The .app filename (AtlantaJournal.app) is hardcoded and should be parametrized. I made a number of modifications and posted my fork as a gist here: https://gist.github.com/charlesmchen/5534599
Thanks Richard.