Last active

Embed URL

HTTPS clone URL

SSH clone URL

You can clone with HTTPS or SSH.

Download Gist

A simple tool for resigning an iOS app ipa with a new certificate/mobileprovision

View resign.sh
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48
#!/usr/bin/env bash
 
if [[ ! ( # any of the following are not true
# 1st arg is an existing regular file
-f "$1" &&
# ...and it has a .ipa extension
"${1##*.}" == "ipa" &&
# 2nd arg is an existing regular file
-f "$2" &&
# ...and it has an .mobileprovision extension
"${2##*.}" == "mobileprovision" &&
# 3rd arg is a non-empty string
-n "$3"
) ]];
then
echo ' Usage: resign.sh Application.ipa foo/bar.mobileprovision "iPhone Distribution: I can haz code signed"'
exit;
fi
 
## Exit on use of an uninitialized variable
set -o nounset
## Exit if any statement returns a non-true return value (non-zero)
set -o errexit
## Announce commands
#set -o xtrace
 
realpath(){
echo "$(cd "$(dirname "$1")"; echo -n "$(pwd)/$(basename "$1")")";
}
 
TMP="$(mktemp -d -t ./resign)"
IPA="$(realpath $1)"
IPA_NEW="$(pwd)/$(basename $IPA .ipa).resigned.ipa"
PROVISION="$(realpath $2)"
CERTIFICATE="$3"
CLEANUP_TEMP=0 # Do not remove this line or "set -o nounset" will error on checks below
#CLEANUP_TEMP=1 # Uncomment this line if you want this script to clean up after itself
cd "$TMP"
[[ $CLEANUP_TEMP -ne 1 ]] && echo "Using temp dir: $TMP"
unzip -q "$IPA"
echo App has AppID $(/usr/libexec/PlistBuddy -c 'Print :CFBundleIdentifier' Payload/*.app/Info.plist)
security cms -D -i Payload/AtlantaJournal.app/embedded.mobileprovision > mobileprovision.plist
echo "Trying to resign with '$(/usr/libexec/PlistBuddy -c "Print :Name" mobileprovision.plist)', which supports '$(/usr/libexec/PlistBuddy -c "Print :Entitlements:application-identifier" mobileprovision.plist)'"
rm -rf Payload/*.app/_CodeSignature Payload/*.app/CodeResources
cp "$PROVISION" Payload/*.app/embedded.mobileprovision
/usr/bin/codesign -f -s "$CERTIFICATE" --resource-rules Payload/*.app/ResourceRules.plist Payload/*.app
zip -qr "$IPA_NEW" Payload
[[ $CLEANUP_TEMP -eq 1 ]] && rm -rf "$TMP"

The .app filename (AtlantaJournal.app) is hardcoded and should be parametrized. I made a number of modifications and posted my fork as a gist here: https://gist.github.com/charlesmchen/5534599

Thanks Richard.

renexu commented

it does not work for me, so I made some changes and publish it here https://gist.github.com/renexu/5597853
Thanks Richard

I built an OS X version of an app re-signer called ReSignMe. I'm looking for people to test it as I feel that it doesn't cover every use case just yet. Anyone interested can clone the repo on GitHub.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.