一.重签名是啥
- 越狱手机已经破解了系统权限,不需要验证签名,所以可以安装任何macho文件(任何应用)
- 想要把一个ipa文件装到iOS手机上运行,必须经过iOS手机对ipa中mach-o文件的签名验证.
- 如果我们修改了ipa中mach-o的内容,那么便过不了iOS手机原有的签名验证.
- 所以我们需要重签名,将ipa中mach-o文件的签名和iOS手机的签名保持一致性.
- 重签名的应用可以将ipa安装到非越狱机上.
二. 准备工作
- 使用
codesign -vv -d WeChat.app查看WeChat的签名信息
Executable=/Users/LYK/Desktop/My_iOS/tweak_WeChat/Payload/WeChat.app/WeChat
Identifier=com.tencent.xin
Format=app bundle with Mach-O thin (arm64)
CodeDirectory v=20500 size=1573403 flags=0x0(none) hashes=24579+7 location=embedded
Signature size=4390
Authority=Apple iPhone OS Application Signing
Authority=Apple iPhone Certification Authority
Authority=Apple Root CA
Info.plist entries=66
TeamIdentifier=88L2Q4487U
Sealed Resources version=2 rules=22 files=1388
Internal requirements count=1 size=96
- 使用
security find-identity -v -p codesigning查看我们的证书
1) 2FD3F12C1331F6DA6D95AD91318C251021B78C6C "iPhone Developer: jing liu (98KRJBJXD8)"
三.使用
1.删除掉ipa中的PlugIns文件夹
2.删除掉ipa中的Watch文件夹
- 将
Frameworks文件下的framework 一一签名
codesign -fs "iPhone Developer: jing liu (98KRJBJXD8)" mars.framework
codesign -fs "iPhone Developer: jing liu (98KRJBJXD8)" marsbridgenetwork.framework
codesign -fs "iPhone Developer: jing liu (98KRJBJXD8)" matrixreport.framework
codesign -fs "iPhone Developer: jing liu (98KRJBJXD8)" MultiMedia.framework
codesign -fs "iPhone Developer: jing liu (98KRJBJXD8)" QMapKit.framework
codesign -fs "iPhone Developer: jing liu (98KRJBJXD8)" TXLiteAVSDK_Smart_No_VOD.framework
codesign -fs "iPhone Developer: jing liu (98KRJBJXD8)" WCDB.framework
-
chmod +x WeChat给与其执行权限 - 修改
info.plist文件的bundleID,防止和手机上已有的bundleID重复(重复了就安装不上). - 从development_pp.mobileprovision文件里抽取entitlements文件
①:security cms -D -i embedded.mobileprovision > temp.plist
②/usr/libexec/PlistBuddy -x -c 'Print :Entitlements' temp.plist > entitlements.plist
③删除 temp.plist - 将
entitlements.plist复制到WeChat.app同级路径,对整个包签名
codeSign -fs "iPhone Developer: jing liu (98KRJBJXD8)" --no-strict --entitlements entitlements.plist WeChat.app - 使用
codesign -vv -d WeChat.app查看重签过的WeChat
Executable=/Users/LYK/Desktop/My_iOS/tweak_WeChat/Payload/WeChat.app/WeChat
Identifier=com.tencent.yk
Format=app bundle with Mach-O thin (arm64)
CodeDirectory v=20400 size=786802 flags=0x0(none) hashes=24579+5 location=embedded
Signature size=4823
Authority=iPhone Developer: jing liu (98KRJBJXD8)
Authority=Apple Worldwide Developer Relations Certification Authority
Authority=Apple Root CA
Signed Time=Aug 8, 2019 at 19:18:20
Info.plist entries=66
TeamIdentifier=MQW9JGK5AS
Sealed Resources version=2 rules=10 files=1201
Internal requirements count=1 size=172
- 将签名好的app放到Payload文件夹中,
zip -ry WeChat.ipa Payload,得到WeChat.ipa - 打开xcode -> window -> Devices and Simulators -> +号 安装ipa.(前提是此iphone在pp文件的设备列表里面)
四.脚本签名
下面附脚本签名,需要修改少量的东西,例如开发者账号.
#! /bin/bash
#
#将mobileprovision和ipa放到同一目录下,给应用重签名
#
developerName="iPhone Developer: jing liu (98KRJBJXD8)"
read -p "请输入文件夹的路径:" path
tempPath="$path/temp"
rm -rf $tempPath
mkdir $tempPath
unzip -oqq "$path/*.ipa" -d $tempPath
appPath=$(set -- "$tempPath/Payload/"*.app; echo "$1")
cd ${appPath}
#1.删除掉ipa中的PlugIns文件夹
rm -rf ${appPath}"/PlugIns"
#2.删除掉ipa中的Watch文件夹
rm -rf ${appPath}"/Watch"
#3.将Frameworks文件下的framework 一一签名
cd ${appPath}"/Frameworks"
for frameworkName in `ls`
do
codesign -fs "$developerName" $frameworkName
done
cd ..
#4.给 WeChat 执行权限 (/Users/LYK/Desktop/WeChat.app 截取到WeChat)
rightPath=`echo ${appPath##*/}` #WeChat.app
chmod +x `echo ${rightPath%.*}` #WeChat
#5.修改 info.plist文件的bundleID,防止和手机上已有的bundleID重复(重复了就安装不上).
read -p "请输入新的bundleID:" newBI
/usr/libexec/PlistBuddy -c "Set :CFBundleIdentifier $newBI" info.plist
#6.从development_pp.mobileprovision文件里抽取entitlements文件
cd $path
security cms -D -i development_pp.mobileprovision > temp.plist
/usr/libexec/PlistBuddy -x -c 'Print :Entitlements' temp.plist > entitlements.plist
#7.对整个包签名
codeSign -fs "$developerName" --no-strict --entitlements entitlements.plist $appPath
#8.生成新的ipa包
mkdir Payload
mv $appPath ./Payload
zip -ry new.ipa Payload
if(($?==0))
then
echo "🍎重签完成..."
else
echo "压缩失败"
fi
rm -rf Payload
rm -rf $tempPath
rm temp.plist
rm entitlements.plist
