Last Updated: November 19, 2020
·
35.7K
· _jeffreyjackson

resign .ipa with new CFBundleIdentifier and certificate

Assumptions:

  1. .ipa filename is app.ipa
  2. app is called MyApp
  3. new provisioning profile resides at: ~/Downloads/AdHoc.mobileprovision
  4. distribution certificate name is Company Certificate
  5. may not need resource-rules parameter
  6. provisioning profile is either for Adhoc, or Enterprise distribution
  7. The bundle identifier needs to change. (Otherwise, look at my other pro-tip here: https://coderwall.com/p/cea3fw).
  8. com.mycompany.newbundleidentifier is the new CFBundleIdentifier

Commands:

unzip app.ipa

rm -rf Payload/MyApp.app/_CodeSignature/

/usr/libexec/PlistBuddy Payload/MyApp.app/Info.plist

While in PlistBuddy you will need to do the following commands:

Set :CFBundleIdentifier com.mycompany.newbundleidentifier
save
quit

Now we are back in Terminal!

cp ~/Downloads/AdHoc.mobileprovision Payload/MyApp.app/embedded.mobileprovision 

codesign -f -s "iPhone Distribution: Company Certificate" --resource-rules Payload/MyApp.app/ResourceRules.plist  Payload/MyApp.app

zip -qr app-resigned.ipa Payload/

Related protips:

Installing Xcode Command Line Tools on OS X Mavericks

7 Responses
Add your response

Still didn't work

over 1 year ago ·

If you are not familiar with command line, you could also try AirSign.app (http://www.airsignapp.com).

You cn change your bundle ID, resign your .ipa and then send it for over-the-air installation.

over 1 year ago ·

I got an ipa and I re-signed it with EXPIRED provisioning profile (Enterprise) and with a valid certificate(.p12). using steps mentioned below :-

and Re-Sign it with steps provided by you

when I am extracting ipa (getting .App file) -> doing show package Contents (on .App) -> checking content of embedded.mobileprovision. it show same expired provisioning profile that i used to Re-sign the ipa.

Problem : I am successfully able to install it to ipad and able to run the app. Ideally App should not work with Expired provisioning profile.

Question : If we Re-signing the app through Command-line with Expired profile Will it work.?

over 1 year ago ·

Bruces-Mac:WeChat bruce$ codesign -f -s "iPhone Distribution: your compnay Co., Ltd" --resource-rules Payload/WeChat.app/ResourceRules.plist Payload/WeChat.app
Warning: --resource-rules has been deprecated in Mac OS X >= 10.10!
Payload/WeChat.app/ResourceRules.plist: cannot read resources

What should I do to solve this problem?

over 1 year ago ·

First, thanks for this post, it really helped me. But as some others i still run into the problem while signing an app. My iPhone did not installing the app and threw an errors concerning wrong signing. My goal was to sign an app that was originally not developed by myself.

Perform all the steps above, until the step where you actually have to sign the app (codesign -f -s "iPhone ...").

We need to create an entitlements.xml where the Bundle Identifier matches what you want to sign.

Retrieve entitlements from the app (In case there is no entitlements in the App, create an xCode Projekt and retrieve the entitlements from there.)

codesign -d --entitlements entitlements.xml Example.app/Example

This entitlements.xml has some strange characters at the beginning, looks like some integrity check (CRC?) just remove it. That the file actually starts with <xml

Now change the bundle identifier to the one of your App: com.example.AppName The important step here, leave the AppName as it is, or if it does not match the App name, rename it that it does. (See exammple below to get an idea what to do)

This step will replace the codesign step from above:

codesign --entitlements entitlements.xml -f -s "iPhone Distribution: Company Certificate" Payload/Example.app/

Now do the last step above and zip the app.

Example entitlements.xml

ABCDEFGHIJ = apple developer team identifier
com.example.AppName = bundle identifier com.example needs to match your developer identifier, AppName the identifier of the app

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>application-identifier</key>
        <string>ABCDEFGHIJ.com.example.AppName</string>
        <key>com.apple.developer.team-identifier</key>
        <string>ABCDEFGHIJ</string>
        <key>get-task-allow</key>
        <true/>
        <key>keychain-access-groups</key>
        <array>
                <string>ABCDEFGHIJ.com.example.AppName</string>
        </array>
</dict>
</plist>
over 1 year ago ·

Ubeamus, great update. Your modification allowed me to proceed and sign successfully.

over 1 year ago ·

I am running into issues resigning an .ipa for a project where I use CocoaPods. The resigning proceeds successfully, but when I attempt to upload to the App Store I run into validation errors. Here is a validation error example.

ERROR ITMS-90179: "Invalid Code Signing. The executable 'Payload/MyApp.app/Frameworks/Deviceswift.framework/Deviceswift' must be signed with the certificate that is contained in the provisioning profile."

I will see a message of this type for every CocoaPods framework included in the project. For example, if I have seven different frameworks, I will see seven error messages, each pointing at the individual framework in question.

It appears that the frameworks have their own signing process or reference to the signing certificate that needs to be updated.

Has anyone run into this issue? Thoughts? Solution?

over 1 year ago ·