Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Distribute unsigned app iPhone for jailbroken iPhone with no Cydia

I'm trying to distribute an unsigned .ipa via itms-services protocol for jailbroken device WITH NO CYDIA. I went through guides about how to create an unsigned app for cydia from: http://www.alexwhittemore.com/developing-jailbroken-iphone-ios-401/ and I managed to make it work except the "Share" option from the Organizer. It says: Error: Codesign check fails... But maybe it's not the issue here.

Taking the .app folder of my app and compress it to .ipa extension with no signature worked, but when I upload my app to my server and try to download it via itms-services protocol, the progress bar on the device is going almost to the end and fails to download....

Anyone has experience with that?

like image 684
Alexei Robsky Avatar asked Oct 09 '22 10:10

Alexei Robsky


2 Answers

Sorry about reawakening an ages-old thread, but just in case anyone has this question in the future:

The itms-services protocol makes requests to two servers: oscp.apple.com, and another server (which you can find out more about on Apple's website). The servers check whether Apple has generated the public keys for the signing certificates, and whether or not they have been revoked.

Normally, there would be no way to bypass this, but what the iPhone checks for is a "bad" response. If it detects one, it rejects the app. If it doesn't receive a response at all, then it doesn't reject the app, however.

So what you want to do here is probably create a custom DNS server, that will list the two Apple servers as two other servers. Then, create a mobile configuration file that will change the iPhone's default DNS server to your server. The application should then install properly.

like image 132
user1522362 Avatar answered Oct 12 '22 12:10

user1522362


I have exactly the same question as you have : I am looking for a way to distribute iOS Apps for jailbroken iPhone, without going through Cydia.

itms-services works for when I do provide a valid provisioning profile. Whit no provisioning profile, it does not work.

One note however for you Alexei : unsigned app won't work on an iPhone, even if it is jailbreak. You need at least a self-signed app. Jailbreak removes the need for Apple approved developer signature, it does not remove the need for signature at all. You can self-sign your code with "ldid -S" on a jailbroken device. There is also a ldid version for Mac OS X at http://dl.dropbox.com/u/3157793/ldid

Please keep updating this thread with your progress - I will do the same.

[EDITED]

It is possible to generate a self signed certificate and use it from Xcode. The application can then be installed using scp -r command.

I then manually created an IPA file and serve it through a web server with the itms-services URL. Installation fails with ""App" could not be installed at this time"

When looking at the console, it says :

Mar 14 17:31:32 unknown installd[4276] <Error>: developer cert trust result = 5 Mar 14 17:31:32 unknown installd[4276] <Error>: 00485000 verify_signer_identity: Could not copy validate signature: -402620392 Mar 14 17:31:32 unknown installd[4276] <Error>: 00485000 preflight_application_install: Could not verify executable at /var/tmp/install_staging.AnmaAp/foo_extracted/Payload/App.app Mar 14 17:31:32 unknown com.apple.itunesstored[4272] <Notice>: MobileInstallationInstall: failed with -1 Mar 14 17:31:32 unknown installd[4276] <Error>: 00485000 install_application: Could not prefligh

Reason is that /usr/libexec/installd program is checking for valid signature when installing application. This can be patched and disabled with tools like http://hackulo.us/wiki/AppSync or http://jamesisbored.com/iphone/bootleg) but I wouldn't go that way for two reasons :

  • First it opens the door to any installation on the iPhone
  • secondly because your user will have to that again after each iOS update (and the availability of a patch is not guaranteed for future versions)

So, this leaves me with two options : A/ abandon this idea B/ develop my own MISValidateSignatureAndCopyInfo bypassing code and use it temporary for the time needed to install my app.

like image 39
Sébastien Stormacq Avatar answered Oct 12 '22 10:10

Sébastien Stormacq