Skip to content
Create a gist now

Instantly share code, notes, and snippets.

Embed URL


Subversion checkout URL

You can clone with
Download ZIP
A simple tool for resigning an iOS app ipa with a new certificate/mobileprovision
#!/usr/bin/env bash
if [[ ! ( # any of the following are not true
# 1st arg is an existing regular file
-f "$1" &&
# ...and it has a .ipa extension
"${1##*.}" == "ipa" &&
# 2nd arg is an existing regular file
-f "$2" &&
# ...and it has an .mobileprovision extension
"${2##*.}" == "mobileprovision" &&
# 3rd arg is a non-empty string
-n "$3"
) ]];
echo ' Usage: Application.ipa foo/bar.mobileprovision "iPhone Distribution: I can haz code signed"'
## Exit on use of an uninitialized variable
set -o nounset
## Exit if any statement returns a non-true return value (non-zero)
set -o errexit
## Announce commands
#set -o xtrace
echo "$(cd "$(dirname "$1")"; echo -n "$(pwd)/$(basename "$1")")";
TMP="$(mktemp -d -t ./resign)"
IPA="$(realpath $1)"
IPA_NEW="$(pwd)/$(basename $IPA .ipa).resigned.ipa"
PROVISION="$(realpath $2)"
CLEANUP_TEMP=0 # Do not remove this line or "set -o nounset" will error on checks below
#CLEANUP_TEMP=1 # Uncomment this line if you want this script to clean up after itself
cd "$TMP"
[[ $CLEANUP_TEMP -ne 1 ]] && echo "Using temp dir: $TMP"
unzip -q "$IPA"
echo App has AppID $(/usr/libexec/PlistBuddy -c 'Print :CFBundleIdentifier' Payload/*.app/Info.plist)
security cms -D -i Payload/ > mobileprovision.plist
echo "Trying to resign with '$(/usr/libexec/PlistBuddy -c "Print :Name" mobileprovision.plist)', which supports '$(/usr/libexec/PlistBuddy -c "Print :Entitlements:application-identifier" mobileprovision.plist)'"
rm -rf Payload/*.app/_CodeSignature Payload/*.app/CodeResources
cp "$PROVISION" Payload/*.app/embedded.mobileprovision
/usr/bin/codesign -f -s "$CERTIFICATE" --resource-rules Payload/*.app/ResourceRules.plist Payload/*.app
zip -qr "$IPA_NEW" Payload
[[ $CLEANUP_TEMP -eq 1 ]] && rm -rf "$TMP"

The .app filename ( is hardcoded and should be parametrized. I made a number of modifications and posted my fork as a gist here:

Thanks Richard.


it does not work for me, so I made some changes and publish it here
Thanks Richard


I built an OS X version of an app re-signer called ReSignMe. I'm looking for people to test it as I feel that it doesn't cover every use case just yet. Anyone interested can clone the repo on GitHub.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.