iOS逆向工具08-codeSign重签名

一.重签名是啥

1. 越狱手机已经破解了系统权限,不需要验证签名,所以可以安装任何macho文件(任何应用)
2. 想要把一个ipa文件装到iOS手机上运行,必须经过iOS手机对ipa中mach-o文件的签名验证.
3. 如果我们修改了ipa中mach-o的内容,那么便过不了iOS手机原有的签名验证.
4. 所以我们需要重签名,将ipa中mach-o文件的签名和iOS手机的签名保持一致性.
5. 重签名的应用可以将ipa安装到非越狱机上.

二. 准备工作

• 使用codesign -vv -d WeChat.app查看WeChat的签名信息

Executable=/Users/LYK/Desktop/My_iOS/tweak_WeChat/Payload/WeChat.app/WeChat
Identifier=com.tencent.xin
Format=app bundle with Mach-O thin (arm64)
CodeDirectory v=20500 size=1573403 flags=0x0(none) hashes=24579+7 location=embedded
Signature size=4390
Authority=Apple iPhone OS Application Signing
Authority=Apple iPhone Certification Authority
Authority=Apple Root CA
Info.plist entries=66
TeamIdentifier=88L2Q4487U
Sealed Resources version=2 rules=22 files=1388
Internal requirements count=1 size=96

• 使用security find-identity -v -p codesigning查看我们的证书

1) 2FD3F12C1331F6DA6D95AD91318C251021B78C6C "iPhone Developer: jing liu (98KRJBJXD8)"

三.使用

1.删除掉ipa中的PlugIns文件夹
2.删除掉ipa中的Watch文件夹

3. 将Frameworks文件下的framework 一一签名

codesign -fs "iPhone Developer: jing liu (98KRJBJXD8)" mars.framework
codesign -fs "iPhone Developer: jing liu (98KRJBJXD8)" marsbridgenetwork.framework
codesign -fs "iPhone Developer: jing liu (98KRJBJXD8)" matrixreport.framework
codesign -fs "iPhone Developer: jing liu (98KRJBJXD8)" MultiMedia.framework
codesign -fs "iPhone Developer: jing liu (98KRJBJXD8)" QMapKit.framework
codesign -fs "iPhone Developer: jing liu (98KRJBJXD8)" TXLiteAVSDK_Smart_No_VOD.framework
codesign -fs "iPhone Developer: jing liu (98KRJBJXD8)" WCDB.framework

4. chmod +x WeChat给与其执行权限
5. 修改 info.plist文件的bundleID,防止和手机上已有的bundleID重复(重复了就安装不上).
6. 从development_pp.mobileprovision文件里抽取entitlements文件
   ①:security cms -D -i embedded.mobileprovision > temp.plist
   ②/usr/libexec/PlistBuddy -x -c 'Print :Entitlements' temp.plist > entitlements.plist
   ③删除 temp.plist
7. 将entitlements.plist复制到WeChat.app同级路径,对整个包签名
   codeSign -fs "iPhone Developer: jing liu (98KRJBJXD8)" --no-strict --entitlements entitlements.plist WeChat.app
8. 使用codesign -vv -d WeChat.app查看重签过的WeChat

Executable=/Users/LYK/Desktop/My_iOS/tweak_WeChat/Payload/WeChat.app/WeChat
Identifier=com.tencent.yk
Format=app bundle with Mach-O thin (arm64)
CodeDirectory v=20400 size=786802 flags=0x0(none) hashes=24579+5 location=embedded
Signature size=4823
Authority=iPhone Developer: jing liu (98KRJBJXD8)
Authority=Apple Worldwide Developer Relations Certification Authority
Authority=Apple Root CA
Signed Time=Aug 8, 2019 at 19:18:20
Info.plist entries=66
TeamIdentifier=MQW9JGK5AS
Sealed Resources version=2 rules=10 files=1201
Internal requirements count=1 size=172

9. 将签名好的app放到Payload文件夹中,zip -ry WeChat.ipa Payload,得到WeChat.ipa
10. 打开xcode -> window -> Devices and Simulators -> +号 安装ipa.(前提是此iphone在pp文件的设备列表里面)

四.脚本签名

下面附脚本签名,需要修改少量的东西,例如开发者账号.

#! /bin/bash
#
#将mobileprovision和ipa放到同一目录下,给应用重签名
#
developerName="iPhone Developer: jing liu (98KRJBJXD8)"


read -p "请输入文件夹的路径:" path
tempPath="$path/temp"
rm -rf $tempPath
mkdir $tempPath
unzip -oqq "$path/*.ipa" -d $tempPath
appPath=$(set -- "$tempPath/Payload/"*.app; echo "$1")
cd ${appPath}

#1.删除掉ipa中的PlugIns文件夹
rm -rf ${appPath}"/PlugIns"

#2.删除掉ipa中的Watch文件夹
rm -rf ${appPath}"/Watch"

#3.将Frameworks文件下的framework 一一签名
cd ${appPath}"/Frameworks"
for frameworkName in `ls`
do
    codesign -fs "$developerName" $frameworkName
done
cd ..


#4.给 WeChat 执行权限   (/Users/LYK/Desktop/WeChat.app    截取到WeChat)
rightPath=`echo ${appPath##*/}`   #WeChat.app
chmod +x `echo ${rightPath%.*}`   #WeChat

#5.修改 info.plist文件的bundleID,防止和手机上已有的bundleID重复(重复了就安装不上).
read -p "请输入新的bundleID:" newBI
/usr/libexec/PlistBuddy -c "Set :CFBundleIdentifier $newBI" info.plist

#6.从development_pp.mobileprovision文件里抽取entitlements文件
cd $path
security cms -D -i development_pp.mobileprovision > temp.plist
/usr/libexec/PlistBuddy -x -c 'Print :Entitlements' temp.plist > entitlements.plist

#7.对整个包签名
codeSign -fs "$developerName" --no-strict --entitlements entitlements.plist $appPath

#8.生成新的ipa包
mkdir Payload
mv $appPath ./Payload
zip -ry new.ipa Payload

if(($?==0))
then
    echo "重签完成..."
else
    echo "压缩失败"
fi

rm -rf Payload
rm -rf $tempPath
rm temp.plist
rm entitlements.plist