Skip to content

Instantly share code, notes, and snippets.

@0xallie

0xallie/ios_app_signing_no_mac.md

Last active October 8, 2022 20:17
Show Gist options
  • Save 0xallie/3d9addcf701afc9a803c06e45d82c078 to your computer and use it in GitHub Desktop.
Save 0xallie/3d9addcf701afc9a803c06e45d82c078 to your computer and use it in GitHub Desktop.
Download ZIP
How to create an iOS app signing certificate without a Mac
Raw
ios_app_signing_no_mac.md

How to create an iOS app signing certificate without a Mac

  1. openssl genrsa -out development.key 2048
  2. openssl req -new -key development.key -out development.csr -subj / (subject field doesn't matter, it will be overridden anyway)
  3. Go to developer portal (https://developer.apple.com/account/) -> Certificates, Identifiers & Profiles
  4. Create a new certificate, choose "Apple Development", and upload the .csr file
  5. Download the resulting .cer file
  6. Download the Apple WWDR intermediate certificate from https://www.apple.com/certificateauthority/ (the one that expires in 2030: https://www.apple.com/certificateauthority/AppleWWDRCAG3.cer)
  7. openssl x509 -inform der -in development.cer -out development.pem
  8. openssl x509 -inform der -in AppleWWDRCAG3.cer -out AppleWWDRCAG3.pem
  9. openssl pkcs12 -export -out development.p12 -inkey development.key -in development.pem -certfile AppleWWDRCAG3.pem
  10. Go back to the developer portal, and under "Devices" register the UDID of each device you want to sideload apps on (you can get this using iTunes or https://get.udid.io/)
  11. Under "Identifiers", create a new wildcard app ID, make the bundle ID something like yourteamid.* (you can see the team ID in the top right corner next to your name), the name can be anything like "Wildcard"
  12. Under "Profiles", create a new iOS App Development provisioning profile and select the app ID created in the previous step
  13. After downloading the resulting provisioning profile, you should now have the required .p12 and .mobileprovision files.

Signing apps with zsign

$ zsign --force -k development.p12 -p PASSWORD m ios_development.mobileprovision AppName.ipa -o AppName-signed.ipa

For apps containing app extensions, you may have to unzip the IPA and sign the folders inside PlugIns individually with separate provisioning profiles if they need to use app groups or other entitlements. Then sign the main folder and pack it up like this:

$ cd AppName
$ zip -r ../AppName.ipa Payload

You can inject dylibs with zsign -l Tweak.dylib. For some tweaks you may have to change paths inside the dylib with install_name_tool and/or copy CydiaSubstrate.tbd into the app's directory.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment