public
Last active

A simple tool for resigning an iOS app ipa with a new certificate/mobileprovision

  • Download Gist
resign.sh
Shell
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48
#!/usr/bin/env bash
 
if [[ ! ( # any of the following are not true
# 1st arg is an existing regular file
-f "$1" &&
# ...and it has a .ipa extension
"${1##*.}" == "ipa" &&
# 2nd arg is an existing regular file
-f "$2" &&
# ...and it has an .mobileprovision extension
"${2##*.}" == "mobileprovision" &&
# 3rd arg is a non-empty string
-n "$3"
) ]];
then
echo ' Usage: resign.sh Application.ipa foo/bar.mobileprovision "iPhone Distribution: I can haz code signed"'
exit;
fi
 
## Exit on use of an uninitialized variable
set -o nounset
## Exit if any statement returns a non-true return value (non-zero)
set -o errexit
## Announce commands
#set -o xtrace
 
realpath(){
echo "$(cd "$(dirname "$1")"; echo -n "$(pwd)/$(basename "$1")")";
}
 
TMP="$(mktemp -d -t ./resign)"
IPA="$(realpath $1)"
IPA_NEW="$(pwd)/$(basename $IPA .ipa).resigned.ipa"
PROVISION="$(realpath $2)"
CERTIFICATE="$3"
CLEANUP_TEMP=0 # Do not remove this line or "set -o nounset" will error on checks below
#CLEANUP_TEMP=1 # Uncomment this line if you want this script to clean up after itself
cd "$TMP"
[[ $CLEANUP_TEMP -ne 1 ]] && echo "Using temp dir: $TMP"
unzip -q "$IPA"
echo App has AppID $(/usr/libexec/PlistBuddy -c 'Print :CFBundleIdentifier' Payload/*.app/Info.plist)
security cms -D -i Payload/AtlantaJournal.app/embedded.mobileprovision > mobileprovision.plist
echo "Trying to resign with '$(/usr/libexec/PlistBuddy -c "Print :Name" mobileprovision.plist)', which supports '$(/usr/libexec/PlistBuddy -c "Print :Entitlements:application-identifier" mobileprovision.plist)'"
rm -rf Payload/*.app/_CodeSignature Payload/*.app/CodeResources
cp "$PROVISION" Payload/*.app/embedded.mobileprovision
/usr/bin/codesign -f -s "$CERTIFICATE" --resource-rules Payload/*.app/ResourceRules.plist Payload/*.app
zip -qr "$IPA_NEW" Payload
[[ $CLEANUP_TEMP -eq 1 ]] && rm -rf "$TMP"

The .app filename (AtlantaJournal.app) is hardcoded and should be parametrized. I made a number of modifications and posted my fork as a gist here: https://gist.github.com/charlesmchen/5534599

Thanks Richard.

it does not work for me, so I made some changes and publish it here https://gist.github.com/renexu/5597853
Thanks Richard

I built an OS X version of an app re-signer called ReSignMe. I'm looking for people to test it as I feel that it doesn't cover every use case just yet. Anyone interested can clone the repo on GitHub.

Please sign in to comment on this gist.

Something went wrong with that request. Please try again.