Sometimes we need to install other people’s IPA package in our mobile phone for debugging, but it cannot be installed in our mobile phone due to the certificate problem. At this time, we need to re-sign ipA package. We will first provide a simple and convenient re-signature method, and we will talk about the principle of signature and re-signature later.

Script re-signing

A new project

Name it at will, choose your certificate, choose your own real machine, run it, the purpose is to get Xcode to follow the certificate of the project to the phone

2. Prepare packages and scripts to be re-signed

Create the following files in the project root directory:

APP: store ipA packets to be re-signed
Temp: The newly signed package is copied here
Appsign. sh: re-signing script

Script content:

${SRCROOT}/Temp =" TEMP_PATH="${SRCROOT}/Temp" ASSETS_PATH="${SRCROOT}/APP" TARGET_IPA_PATH="${ASSETS_PATH}/*. Ipa "${SRCROOT}/Temp" mkdir -p "${SRCROOT}/Temp" #---------------------------------------- # 1. Unzip -oqq "$TARGET_IPA_PATH" -d "$TEMP_PATH" # Retrieve the temporary APP path TEMP_APP_PATH=$(set --) "$TEMP_PATH/Payload/"*.app; Echo "$1") # echo path is: $TEMP_APP_PATH "# -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- # 2. # TARGET_NAME Target name of the app package generated by # BUILT_PRODUCTS_DIR TARGET_APP_PATH="$BUILT_PRODUCTS_DIR/$target_name. app" echo "app path :$TARGET_APP_PATH" rm -rf "$TARGET_APP_PATH" mkdir -p "$TARGET_APP_PATH" cp -rf "$TEMP_APP_PATH/" "$TARGET_APP_PATH" #---------------------------------------- # 3. Rm -rf "$TARGET_APP_PATH/PlugIns" rm -rf "$TARGET_APP_PATH/Watch" # -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- # 4. Update info. Plist file CFBundleIdentifier # Set: /usr/libexec/plistbuddy -c "Set :CFBundleIdentifier $PRODUCT_BUNDLE_IDENTIFIER" "$TARGET_APP_PATH/Info.plist" #---------------------------------------- # 5. To execute permissions on MachO file # to MachO file path WeChat APP_BINARY = ` plutil - convert xml1 - o - $TARGET_APP_PATH/Info. The plist | grep - A1 Exec | tail - n1 | the cut - f2 - d \ > | the cut - f1 - d \ < ` # on executable permissions chmod + x "$TARGET_APP_PATH / $APP_BINARY" # -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- # 6. $frameworks_path ="$frameworks_path/FrameWorks "if [-d "$TARGET_APP_FRAMEWORKS_PATH"]; Then for FRAMEWORK in "$TARGET_APP_FRAMEWORKS_PATH/"* do # $usr/bin/coDesign --force --sign "$EXPANDED_CODE_SIGN_IDENTITY" "$FRAMEWORK" done fi # injected #yololib "$TARGET_APP_PATH/$APP_BINARY" "Frameworks/HankHook.framework/HankHook"Copy the code

The last line of code is used for ipA package code injection, temporarily useless comment out

Set up automatic script execution

Create a new Run Script in Build Phases and fill it with **./appSign.sh**

This will automatically execute the AppSign.sh script after compilation

4. Operation project

We found that the IPA we wanted to sign was running on our phone, and if there was a log while running, it would be printed

Code injection

When we run the ipA package on the phone, we usually need to do something about the package, but we do not have the source code, this time we need to do code injection

Create a dynamic library framework

Create the injection code

The ZJJInjection class is created in the framework, and the load method is implemented. If the ZJJInjection class is printed, the injection is successful

3. Code injection through Yololib

Add the Copy File to Build Phases by placing the yololib tool executable in the /usr⁩/local⁩/bin⁩ directory on the MAC. This will enable you to use yololib on the terminal, open the last line of the script, and add the Copy File to Build Phases

When we run it again, we find that when we run the re-signed package on the phone, it will output our print, indicating that the code injection is successful

GitHub address: github.com/zj504225418…

In addition to injecting framework, we can also inject dylib, which is the difference between injecting framework and creating macOS Library instead of framework

Then change the last line of the script to the following code

yololib "$TARGET_APP_PATH/$APP_BINARY" "Frameworks/Injection.dylib"
Copy the code

mo4tech.com (Moment For Technology) is a global community with thousands techies from across the global hang out!Passionate technologists, be it gadget freaks, tech enthusiasts, coders, technopreneurs, or CIOs, you would find them all here.

IOS Reverse – Script autosign IPA and code injection

Script re-signing

A new project

2. Prepare packages and scripts to be re-signed

Set up automatic script execution

4. Operation project

Code injection

Create a dynamic library framework

Create the injection code

3. Code injection through Yololib

IOS Reverse – Script autosign IPA and code injection

Script re-signing

A new project

2. Prepare packages and scripts to be re-signed

Set up automatic script execution

4. Operation project

Code injection

Create a dynamic library framework

Create the injection code

3. Code injection through Yololib

Related Posts

IOS get Chinese [simplified Chinese] stroke number

IOS Reverse Development – Summary of Terminal Tool Commands (1)

Use ARKit to enjoy the full moon in your own room