What is the binary data around the plist in a provisioning profile file?

Question

The structure of a .mobileprovision file looks something like this:

<!-- small binary data -->

<?xml version="1.0" encoding="UTF-8"?>
<!-- plist data -->
</plist>

<!-- large binary data -->

I have a few questions around this:

1. What is this binary data?
2. Is it useful?
3. How can I extract the plist from a .mobileprovision file without searching for XML boundaries?

Specifically, I will consider this question as answered (and award the +100 bounty alongwith it) when both Q1 and Q3 above are answered.

Answer 1

I finally got the answer from an answer to another question on SO.

Basically the .mobileprovision file is a CMS encrypted XML file. It can be decoded using security on OS X:

security cms -D -i /path/to/profile.mobileprovision

Answer 2

I don't have an answer to your initial question, but I can explain how to extract the signing certificate from the .mobileprovision file:

1. The plist part of the .mobileprovision has a key 'DeveloperCertificates', whose value is an array of NSData.
2. Each NSData is a .cer file - the signing certificate you are looking for.

I have a short shell script for extracting the subject of the signing certificate directly from the .mobileprovision file here: https://gist.github.com/2147247 - the script works with only one certificate in the array mentioned earlier, which should be the common case.

As you can see in the script, I have no answer to your third question, I am just cutting away the first line and everything after the closing tag.