IOS app re-signature – re-signature wechat

One, foreword

When submitting forward development packages on a daily basis, we sign our apps and upload them to the App Store. XCode has already done this for us, we just need to configure the certificate and description file. But if we want to learn about other applications and do some reverse development, we need to debug other applications, and we need to re-sign those applications first.

2. IOS dual-layer signature mechanism

2.1 Encryption Methods

First, let’s take a look at the encryption method used in iOS signature, RSA & Hash.

RSA encryption: an asymmetric encryption, also called modern encryption (different from traditional symmetric encryption). Encryption in this way produces a pair of public and private keys, and if the public key is encrypted, the private key is used to decrypt, and vice versa. Normally, we keep our own private key.

Symmetric encryption: The two ends of a communication agree on a key and use the key to encrypt the plaintext to generate ciphertext. This encryption method is characterized by high encryption efficiency (compared with asymmetric encryption), but once the key is leaked, there are great security risks.

Hash: Converts input of arbitrary length into output of fixed length by using the Hash algorithm. The result is 128-bit binary, that is, 32-bit hexadecimal characters. The characteristic of Hash is that the same result will be obtained for the same data, and different data will generally have different results (except Hash conflict). Therefore, it can be used as a kind of information summary, or information “fingerprint”, for data identification.

2.2 App Store signature verification

In order to ensure security, Apple has not only done a lot of security design for iOS, but also done a lot of control over application verification and installation channels. For example, how to download an App from the App Store and install it on your phone goes through the following steps:

  • 1. Apple will generate a pair of public and private keys. The private key is kept by Apple itself, and the public key is built into the iOS device
  • 2. Apple performs symmetric encryption and signature on the application, and encrypts the signature information with the private key

The two steps to appeal are done before the App is in the store. The following steps happen after the App is downloaded to the phone

  • 3. After the application is downloaded to the mobile phone, the iOS system uses the public key to verify the signature information. If the application passes, it is installed to the mobile phone
  • 4. Decrypt the application every time the application is running

2.3 Signature verification for debugging and installation

The above is the verification process for downloading an App from the App Store, but we usually do not download an App from the App Store during the development process, and there is no private key for encryption, how will Apple verify? First, let’s look at the demand for apples:

  • 1. You don’t need to download it from the AppStore
  • 2. In order to ensure the security of the system, the installation of apps shall not be out of the control of Apple, and shall be permitted by Apple, and shall not lead to the installation of non-developed apps

To achieve this, Apple has introduced a two-layer signature mechanism, which can be summarized as follows:

The steps are as follows

  • 1. Generate a pair of public and private keys on the Mac, denoted as public key M and private key M. Upload the CSR file containing the public key M to the Apple server
  • 2. Apple performs A Hash signature on public key M, encrypts the signature information using public key A, and generates A certificate containing public key M and signature information
  • 3. In order to control the number of installed devices and other requirements, Apple generates a description file containing the certificate, App ID, and device information and returns it to the Mac
  • 4. During the XCode packaging process, the application package is signed once, and then the private key M is used to encrypt the signature information
  • 5. Package the application package, encrypted signature, and description file into an installation package and send it to the iOS device. Perform step 4 in the figure

3. Re-signing the iOS app

3.1 Re-signing Principle

IOS application re-signing: Re-signing an application to make it work in our project.

Through introducing the theory application in the previous section about signature, we found that if the application to be signed description file to replace our description of the file, and use our certificate to sign again, can make the iOS system think it is the application of our own engineering installation, in order to analyze the other application and debugging.

3.2 Procedure for applying re-signature

We take the installation package of wechat 7.0.8 as an example to re-sign.

3.2.1 premise

When resigning an application, use an unhulled application; otherwise, the signature will fail. We can use the otool command to see if the application is shelled

Otool -l Specifies the name of an application executable file

As shown in the figure, the value of cryptid is 0, indicating that the application has been unhulled; if the value is 1, indicating that the application has not been unhulled.

Shell: As described in section 2.2, Apple encrypts app executables and resource files, commonly known as shell. If you want to re-sign and debug the application, you decrypt it first, a process known as unhulling.

3.2.2 Applying re-signing

  • 1, we need to create our own project, and run on the phone, the purpose of the run is to install our description files on the phone; Also find our description file in the Product application package

  • 2. Delete plugin and Watch from the unshell WeChat installation package, because common certificates cannot sign plugin and Watch, deletion will not affect the re-signing of WeChat application.

  • 3. The Frameworks were re-signed. There were 6 Frameworks in WeChat, which needed to be signed one by one

If you use the WeChat 8.0.2 version, its Framework structure is as follows, and the library files in it also need to be re-signedFirst use the security command to look at the certificates on the computer and find our own certificate

security find-identity -v -p codesigning

Use codesign command to re-sign farmework (if it is wechat 8.0.2, there will be many dylib swift libraries, these also need to be re-signed, the command is the same as below)

Codesign-fs “Certificate name” File to be signed

  • 4. Next, the description file needs to be replaced. Find the description file saved in the first step and put it in the app package of WeChat. (If the app package to be signed contains a description file, replace it directly. There is no such file in wechat, just put our description file in).

  • 5. Find the info.plist file in wechat and change the bundleId to the bundleId of our new project

  • 6. View the description file to find the authorization information

Run the following command to view the description file

Security CMs-di embedded. Mobileprovision (Embedded. Mobileprovision is the file name)

Copy the dict tag pair information (saving the application authorization information) under Entitlements and save it to a PList fileA new plist file is created in the project for convenience, and can also be created in other places.

Pitting point: Note that the red mark in the figure may be R45LY736NP.*, you need to manually replace * with your own bundleId (ResignDemo here), otherwise the replacement package will fail later, resulting in the installation failure

  • 7. Put the wechat app package in the same folder as the plist file in the previous step, and use the following command to re-sign the application package

Codesign-fs “certificate” –no-strict –entitlement=plist file name xxx.app

Replacing Existing Signature is shown in the preceding figure.

  • 8. Run the project and replace the app package of our own project with the re-signed wechat installation package

Click the plus sign as shown in the figure, select the wechat APP package just re-signed, and replace the App package of ResignDemo project with that shown in the figure.

  • 9. At this time, the ResignDemo of the mobile phone will be replaced with WeChat, including the icon and name. Find the latest WeChat process in XCode — Debug — Attach to Process, and then Attach the WeChat process to the ResignDemo project. After successful attachment, View Debug can be performed, as shown in the figure

Four,

This time, we took wechat as an example to carry out a re-signature practice. The main steps are summarized as follows:

1. Delete plug-ins and app packages with plug-ins (such as Watch)

2. Re-sign the library in Frameworks

3. Give the executable file +x (executable) permission (usually not needed, if there is no execution limit, use chmod +x file name to add permission)

4. Add description file (new project, real machine compilation)

5. Replace BundleID

6. Re-sign the. App package through Entilements

The above is a summary of the practical knowledge about the application of re-signature, if there is incorrect or understanding is not in place, welcome to correct 🙏