Skip to content

Instantly share code, notes, and snippets.

@insi2304

insi2304/Frida iOS patch and deploy

Forked from gwsu2008/resign.sh
Last active December 12, 2021 18:55
Show Gist options
  • Save insi2304/14a384c3d1cf785952fb5661a210fbc7 to your computer and use it in GitHub Desktop.
Save insi2304/14a384c3d1cf785952fb5661a210fbc7 to your computer and use it in GitHub Desktop.
Download ZIP
Frida iOS patch and deploy
Raw
Frida iOS patch and deploy
Grab UDID:
ios-deploy -c | grep -oE 'Found ([0-9A-Za-z\-]+)' | sed 's/Found //g'
system_profiler SPUSBDataType | sed -n -E -e '/(iPhone|iPad)/,/Serial/s/ *Serial Number: *(.+)/\1/p'
instruments -s devices | grep -v Simulator
-----------------------------------------------------------
Frida patch and deploy using objection:
security find-identity -p codesigning -v
objection patchipa --source <IPAfile> --codesign-signature <IDENT1TY> -P emb.mobileprovision
unzip <patchedlPAfile>
ios-deploy --bundle Payload/my-app.app -W -d
objection explore
---------------------------------------------------------------
https://blog.securityinnovation.com/frida
rename ipa to zip and unzip it
rm -f embedded.mobileprovision and _CodeSign folder
cp ~/Library/Developer/Xcode/DerivedData/pentest1-exsojslupbntkfbnffktzafuoftk/Build/Products/Debug-iphoneos/pentest1.app/embedded.mobileprovision App.app/
cd Payload
codesign -d --entitlements - App.app > entitlements.plist
cat entitlements.plist
cd ..
mv Payload/entitlements.plist .
codesign -f -s "iPhone Distribution: Company Cert" --entitlements entitlements.plist Payload/App.app
KEYCHAIN_PASSWD='xyz'
KEYCHAIN=$(ls $HOME/Library/Keychains/login.keychain-db 2>/dev/null)
/usr/bin/security list-keychains -s $KEYCHAIN
/usr/bin/security unlock-keychain -p "$KEYCHAIN_PASSWD" $KEYCHAIN
/usr/bin/security show-keychain-info $KEYCHAIN
/usr/bin/security find-identity -p codesigning -v
codesign -f -s "iPhone Distribution: Company Cert" --entitlements entitlements.plist Payload/App.app
zip -qr resigned.ipa Payload
unzip -p myapp.ipa \*/embedded.mobileprovision | grep -a -A 2 ExpirationDate | grep date | sed -e 's/^.*<date>\(.*\)<\/date>/\1/'
====================
Steps
Assumptions:
.ipa filename is app.ipa
app is called MyApp
new provisioning profile resides at: ~/Downloads/AdHoc.mobileprovision
distribution certificate name is Company Certificate
may not need resource-rules parameter
provisioning profile is either for Adhoc, or Enterprise distribution
Commands:
unzip app.ipa
rm -rf Payload/MyApp.app/_CodeSignature/
cp ~/Downloads/AdHoc.mobileprovision Payload/MyApp.app/embedded.mobileprovision
codesign -f -s "iPhone Distribution: Company Certificate" --resource-rules Payload/MyApp.app/ResourceRules.plist Payload/MyApp.app
zip -qr app-resigned.ipa Payload/
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment