Page 1 of 1

resign app from appstore and launch it

PostPosted: Thu Nov 30, 2017 4:01 am
by Wingzero
Hi there,

Maybe it's a newbie question, but I couldn't find a right answer from google.

There is app like 'app signer' (https://github.com/DanTheMan827/ios-app-signer) which can resign apps.

Now I use my apple account downloaded abc.ipa from other people which is from AppStore. I can use Xcode to install abc.ipa to my iPhone, and launch it, without problem;

Then I use my own develop certs and wildcard provisioning file to sign it, app signer works without any issue and give me a new ipa.

However when using Xcode to install it, after install, every time I click the app button, it will crash then. So, any mistake, or it's impossible to do so?

I tried to use a new bundle id when resigning, but still crashed.

Re: resign app from appstore and launch it

PostPosted: Thu Nov 30, 2017 5:40 pm
by angu2111
AppStore app are encrypted by Apple before download, therefore resigning will not work.
You will need an not encrpyted version of the ececutable in order to be able to resign it (for instance https://github.com/KJCracks/Clutch)

Re: resign app from appstore and launch it

PostPosted: Fri Dec 01, 2017 2:03 am
by Wingzero
angu2111 wrote:AppStore app are encrypted by Apple before download, therefore resigning will not work.
You will need an not encrpyted version of the ececutable in order to be able to resign it (for instance https://github.com/KJCracks/Clutch)


Thanks! I have learned cryptography sometime, so knowing encryption and signing techniques. I wonder what's the order o signing and encrypting? I'm not clear about the details, but I guess resign does not touch encrypted binary, so it should be fine. So if apple encrypt the binary first and sign it, we simply resign the encrypted binary, but this is clearly not the case we are facing. It seems encryption also encrypts signature?

Where can we find more details? Thank in advance.

Re: resign app from appstore and launch it

PostPosted: Fri Dec 01, 2017 3:07 pm
by Siguza
Encryption encrypts the __TEXT segment. The signature depends on hashes of the code in the text segment. If the text segment is encrypted, a valid signature cannot be calculated.

Signatures themselves are, to my knowledge, not encrypted though, so if there is a signature present already, it should be possible to use the existing hashes to create a new one... J, feature request for jtool? :P