Skip to content

Instantly share code, notes, and snippets.

@ryantan
Last active November 14, 2024 01:50
Show Gist options
  • Save ryantan/ef536cad1189228dc0b36aaf5e13abf2 to your computer and use it in GitHub Desktop.
Save ryantan/ef536cad1189228dc0b36aaf5e13abf2 to your computer and use it in GitHub Desktop.
How to resign an .ipa

How to Resign an iOS App

Let's say you receive an app (e.g. MyApp.ipa) from another developer, and you want to be able to install and run it on your devices (by using ideviceinstaller, for example).

Or your certificates and provision profiles have expired and you want to provide a new build to your clients without having to make a new build on the latest XCode or iOS SDK.

Prepare New Signing Assets

The first step is to attain a Provisioning Profile which includes all of the devices you wish to install and run on. Ensure that the profile contains a certificate that you have installed in your Keychain Access (e.g. iPhone Developer: Some Body (XXXXXXXXXX) ). Download the profile (MyProfile.mobileprovision) so you can replace the profile embedded in the app.

Choose how painful you want the process to be

Painless - use fastlane

Using Fastlane is much easier:

  1. Install fastlane if not already installed

  2. Create a txt file Fastfile in a fastlane directory, (e.g. nano ./fastlane/Fastfile).

  3. Adapt the below contents

lane :resignipa do
  resign(
    ipa: "path-to-your-ipa-file.ipa",
    signing_identity: "Apple Distribution: Your name (your ID)",
    provisioning_profile: "path-to-you-provision-file.mobileprovision",
  )
end

Note the paths should be relative to the directory containing the fastlane directory.

  1. Run fastlane resignipa in the directory containing the fastlane directory.

Your should see something like:

[✔] 🚀 
[12:04:21]: Get started using a Gemfile for fastlane https://docs.fastlane.tools/getting-started/ios/setup/#use-a-gemfile
[12:04:23]: Driving the lane 'resignipa' 🚀
[12:04:23]: --------------------
[12:04:23]: --- Step: resign ---
[12:04:23]: --------------------

... a list of all frameworks it also signs

[12:04:25]: Successfully signed path-to-your-ipa-file.ipa!
[12:04:25]: Successfully re-signed .ipa 🔏.

+------+--------+-------------+
|      fastlane summary       |
+------+--------+-------------+
| Step | Action | Time (in s) |
+------+--------+-------------+
| 1    | resign | 2           |
+------+--------+-------------+

[12:04:25]: fastlane.tools finished successfully 🎉

You should be done!

Painful - manually

If you don't have access to fastlane, or interested to understand the internals, or just really like pain, read on:

Next, we are going to prepare an entitlements file to include in the signing. Open up your terminal and run the following.

$ security cms -D -i path/to/MyProfile.mobileprovision > provision.plist

This will create an xml file describing your Provisioning Profile. Next, we want to extract the entitlements into a file.

$ /usr/libexec/PlistBuddy -x -c 'Print :Entitlements' provision.plist > entitlements.plist

Replace The Provisioning Profile and Resign App

If you are working with a .ipa file, first, unzip the app (if you have a .app instead, you can skip this step).

$ unzip MyApp.ipa

Your working directory will now contain Payload/ and Payload/MyApp.app/. Next, remove the old code signature files.

$ rm -rf Payload/MyApp.app/_CodeSignature

Replace the existing provisioning profile (i.e. embedded.mobileprovision) with your own.

$ cp path/to/MyProfile.mobileprovision Payload/MyApp.app/embedded.mobileprovision

Now sign the app with the certificate included in your provisioning profile and the entitlements.plist that you created earlier.

$ /usr/bin/codesign -f -s "iPhone Developer: Some Body (XXXXXXXXXX)" --entitlements entitlements.plist Payload/MyApp.app

IMPORTANT: You must also resign all frameworks included in the app. You will find these in Payload/MyApp.app/Frameworks. If the app is written in Swift or if it includes any additional frameworks these must be resigned or the app will install but not run.

$ /usr/bin/codesign -f -s "iPhone Developer: Some Body (XXXXXXXXXX)" --entitlements entitlements.plist Payload/MyApp.app/Frameworks/*

You can now rezip the app.

$ zip -qr MyApp-resigned.ipa Payload

Done

You may now remove the Payload directory since you have your original app (MyApp.ipa) and your resigned version (MyApp-resigned.ipa). You can now install MyApp-resigned.ipa on any device included in your provisioning profile.

@notjustman22
Copy link

i did all this steps the app not install

@abduelhamit
Copy link

@notjustman22 Try to sign the frameworks and plugins first.

@notjustman22
Copy link

I try this way still not installing

if you could plz try the steps above your self and tell me if its working

@ryantan
Copy link
Author

ryantan commented Aug 19, 2022

There’s a better way now using fastlane, I can post what I’m using now when I get in front of my com

@notjustman22
Copy link

I know about it and try it its working good but some apps and games after install crashing every time and some of if working great

@notjustman22
Copy link

Games like Shinsekai Into the Depths and Oddmar after install its keep crashing every time

@abduelhamit
Copy link

@notjustman22 Yeah, I've done those steps yesterday, and it worked.

After doing those steps, run this command to detect what the errors are:
codesign --verify --verbose Payload/MyApp.app

@notjustman22
Copy link

Okay will try it

@notjustman22
Copy link

I don't no why this not working with me
Could you please record a video doing it for me ? That will be a big favor so i can know what’s wrong i did

@ryantan
Copy link
Author

ryantan commented Mar 7, 2023

There’s a better way now using fastlane, I can post what I’m using now when I get in front of my com

Using Fastlane is much easier:

  1. Install fastlane if not already installed

  2. Create a txt file Fastfile in a fastlane directory, (e.g. nano ./fastlane/Fastfile).

  3. Adapt the below contents

lane :resignipa do
  resign(
    ipa: "path-to-your-ipa-file.ipa",
    signing_identity: "Apple Distribution: Your name (your ID)",
    provisioning_profile: "path-to-you-provision-file.mobileprovision",
  )
end

Note the paths should be relative to the directory containing the fastlane directory.

  1. Run fastlane resignipa in the directory containing the fastlane directory.

Your should see something like:

[✔] 🚀 
[12:04:21]: Get started using a Gemfile for fastlane https://docs.fastlane.tools/getting-started/ios/setup/#use-a-gemfile
[12:04:23]: Driving the lane 'resignipa' 🚀
[12:04:23]: --------------------
[12:04:23]: --- Step: resign ---
[12:04:23]: --------------------

... a list of all frameworks it also signs

[12:04:25]: Successfully signed path-to-your-ipa-file.ipa!
[12:04:25]: Successfully re-signed .ipa 🔏.

+------+--------+-------------+
|      fastlane summary       |
+------+--------+-------------+
| Step | Action | Time (in s) |
+------+--------+-------------+
| 1    | resign | 2           |
+------+--------+-------------+

[12:04:25]: fastlane.tools finished successfully 🎉

@khanhjp1
Copy link

please you can manual to video! Thank you very much!

@ryantan
Copy link
Author

ryantan commented Mar 6, 2024

Had to set up ruby again just now:

rbenv install 3.3.0
rbenv global 3.3.0
rbenv rehash
eval "$(rbenv init -)"
gem install bundler

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment