Menu
I need to control an arbitrary application on an iOS device, my plan is to inject an executable to the IPA ( where remote control logic is implemented ) and then re-package it.
Since the application should run in a controlled environment ( a specific device ), I plan on using my provisioning profile with my development certificate for re-packaging/signing.
To begin with, I am trying to re-package the 3rd party app w/o Injecting any code, this is done is the following manner:
1. Unzip the existing IPA
2. Copy the provisioning profile to %APP_NAME%.app/embedded.mobileprovisioning
3. export CODESIGN_ALLOCATE="/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/codesign_allocate"
4. signcode --force --deep -s "%Dev Cert Name%" "%Path/To/APP_NAME%.app"
5. zip the re-signed code back together
The Above is working great for an applications I manually build using Xcode, however, when using IPAs downloaded from the AppStore this doesn't work with the following device log error:
<Debug>: AppleFairplayTextCrypterSession::fairplayOpen() failed, error -42112
Inspecting the 'Mach-O' Executable of the application, I have verified that the "Code Signature" section of the relevant architecture was fully changed ( by the 'signcode' tool ).
685
Apps from the AppStore are not just signed, the binary is also encrypted.
App Store binaries are signed by both their developer and Apple. This encrypts the binary so that decryption keys are needed in order to make the binary readable. When iOS executes the binary, the decryption keys are used to decrypt the binary into a readable state where it is then loaded into memory and executed. iOS can tell the encryption status of a binary via the cryptid struture member of LC_ENCRYPTION_INFO MachO load command. If cryptid is a non-zero value then the binary in encrypted.
149
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
