Skip to content

Instantly share code, notes, and snippets.

@RichardBronosky
Last active April 16, 2023 02:29
Show Gist options
  • Save RichardBronosky/2878446 to your computer and use it in GitHub Desktop.
Save RichardBronosky/2878446 to your computer and use it in GitHub Desktop.
A simple tool for resigning an iOS app ipa with a new certificate/mobileprovision
#!/usr/bin/env bash
if [[ ! ( # any of the following are not true
# 1st arg is an existing regular file
-f "$1" &&
# ...and it has a .ipa extension
"${1##*.}" == "ipa" &&
# 2nd arg is an existing regular file
-f "$2" &&
# ...and it has an .mobileprovision extension
"${2##*.}" == "mobileprovision" &&
# 3rd arg is a non-empty string
-n "$3"
) ]];
then
echo ' Usage: resign.sh Application.ipa foo/bar.mobileprovision "iPhone Distribution: I can haz code signed"'
exit;
fi
## Exit on use of an uninitialized variable
set -o nounset
## Exit if any statement returns a non-true return value (non-zero)
set -o errexit
## Announce commands
#set -o xtrace
realpath(){
echo "$(cd "$(dirname "$1")"; echo -n "$(pwd)/$(basename "$1")")";
}
TMP="$(mktemp -d -t ./resign)"
IPA="$(realpath $1)"
IPA_NEW="$(pwd)/$(basename $IPA .ipa).resigned.ipa"
PROVISION="$(realpath $2)"
CERTIFICATE="$3"
CLEANUP_TEMP=0 # Do not remove this line or "set -o nounset" will error on checks below
#CLEANUP_TEMP=1 # Uncomment this line if you want this script to clean up after itself
cd "$TMP"
[[ $CLEANUP_TEMP -ne 1 ]] && echo "Using temp dir: $TMP"
unzip -q "$IPA"
echo App has AppID $(/usr/libexec/PlistBuddy -c 'Print :CFBundleIdentifier' Payload/*.app/Info.plist)
security cms -D -i Payload/AtlantaJournal.app/embedded.mobileprovision > mobileprovision.plist
echo "Trying to resign with '$(/usr/libexec/PlistBuddy -c "Print :Name" mobileprovision.plist)', which supports '$(/usr/libexec/PlistBuddy -c "Print :Entitlements:application-identifier" mobileprovision.plist)'"
rm -rf Payload/*.app/_CodeSignature Payload/*.app/CodeResources
cp "$PROVISION" Payload/*.app/embedded.mobileprovision
/usr/bin/codesign -f -s "$CERTIFICATE" --resource-rules Payload/*.app/ResourceRules.plist Payload/*.app
zip -qr "$IPA_NEW" Payload
[[ $CLEANUP_TEMP -eq 1 ]] && rm -rf "$TMP"
@charlesmchen
Copy link

The .app filename (AtlantaJournal.app) is hardcoded and should be parametrized. I made a number of modifications and posted my fork as a gist here: https://gist.github.com/charlesmchen/5534599

Thanks Richard.

@renexu
Copy link

renexu commented May 17, 2013

it does not work for me, so I made some changes and publish it here https://gist.github.com/renexu/5597853
Thanks Richard

Copy link

ghost commented Jul 1, 2013

I built an OS X version of an app re-signer called ReSignMe. I'm looking for people to test it as I feel that it doesn't cover every use case just yet. Anyone interested can clone the repo on GitHub.

@istorepro
Copy link

Can i do it in windows or ubuntu ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment