今是昨非

今是昨非

日出江花红胜火,春来江水绿如蓝

iPA Resigning + Fragrant Boudoir, WeChat Resigning Practical Combat

Background#

After changing phones, I couldn't download Xiangse Guige anymore and lost it during the transfer. Recently, I saw someone taking a screenshot of having two WeChat apps installed on their iPhone, one of which was re-signed by themselves. I thought about using my developer account to re-sign the Xiangse Guige app. Can I install Xiangse Guige and have multiple instances of WeChat by re-signing them?

Steps#

Let's get started. First, let's start with something simple and try re-signing Xiangse Guige before attempting WeChat. Since Xiangse Guige has fewer files and is relatively simple compared to WeChat, we'll follow these steps:

Re-signing Xiangse Guige#

First, search online and download the Xiangse Guige IPA package. If you don't have it, you can download it from here: yuedu.ipa.

Then, change the file extension of the IPA to .zip and extract it. You will see a Payload folder, inside which there is a file named StandarReader.app. Select StandarReader.app, right-click, and choose "Show Package Contents" to see all the contents of the app, as shown in the following images:

Unzipping IPA

Showing Package Contents

Package Content

Re-signing means creating a new app with your own account (defining your own bundle ID), running it on your phone, finding the running app (xxx/DriveData/xxx/Build/Products/Debug-iphoneos/xxx.app), or generating an IPA using the AdHoc method (to obtain the provisioning profile and Entitlements.plist). Make sure the provisioning profile you choose includes the devices you want to install the app on. Then, replace the bundle ID, certificate, and provisioning profile of the app you want to re-sign with your own.

Here are the typical modifications that need to be made:

  • Bundle ID in Info.plist
  • embedded.mobileprovision provisioning file
  • Contents of _CodeSignature
  • Since regular accounts cannot sign plugins, find the Watch and PlugIns folders in the app's content path and delete them
  • Re-sign frameworks

For the Xiangse Guige IPA, there are no plugins or frameworks, so the files that need to be modified are: Info.plist, embedded.mobileprovision, and the contents of _CodeSignature. Let's take a closer look at how to modify them:

Modifying the bundle ID in Info.plist#

Find the Info.plist file in Payload/StandarReader.app, open it with Xcode or any other text editor, and locate the Bundle identifier. You will see that the bundle ID for Xiangse Guige is com.appbox.StandarReader. Replace com.appbox.StandarReader with the bundle ID of your own app, as shown in the following image:

Ps: If you're not using Xcode, you can directly search and replace the text.

Replacing the bundle ID

Replacing embedded.mobileprovision#

Obtain the new embedded.mobileprovision from your own newly created app's IPA. Follow the same steps as before: change the file extension to .zip, extract it, and find the embedded.mobileprovision file. Copy it and place it outside the Payload directory that you want to replace, as shown in the following image:

New embedded.mobileprovision

Then, replace the original embedded.mobileprovision in the Xiangse Guige app with the new one. You can do this using the command line, as follows:

  1. Delete the original provisioning file in the app:
    rm -rf Payload/xxx.app/embedded.mobileprovision
    
  2. Copy the new provisioning file into the xxx.app:
    cp embedded.mobileprovision Payload/xxx.app/
    

Resigning the app#

Obtain the Entitlements.plist from your own app's embedded.mobileprovision. Note that you should get it from your own app, not from the Xiangse Guige app. Then, delete the _CodeSignature folder in the Xiangse Guige app and use the generated Entitlements.plist to re-sign the app. Follow these steps:

  1. Generate Entitlements.plist:
    /usr/libexec/PlistBuddy -x -c "print:Entitlements " /dev/stdin <<< $(security cms -D -i xxx.app/embedded.mobileprovision) > Entitlements.plist
    
  2. Delete the _CodeSignature folder in the Xiangse Guige app:
    rm -rf Payload/xxx.app/_CodeSignature/
    
  3. Re-sign the Xiangse Guige app using the new Entitlements.plist:
    // First, get the certificate name
    security find-identity -v -p codesigning
    // Sign using the certificate you used to create the app
    codesign -f -s "Certificate Name" --entitlements entitlements.plist Payload/xxx.app
    

Packaging and installation#

Compress the Payload folder back into an IPA file using the following command:

zip -r xxx.ipa Payload/

Finally, install the IPA file using Xcode. Select Xcode, then go to Windows -> Device And Simulators, or use the shortcut Shift+CMD+2 to open the window. Select the device and click on the "+" button to choose the generated IPA file for installation.

Installing IPA with Xcode

Resigning WeChat#

The first step is to obtain the WeChat IPA file. Make sure to download a usable IPA, as it can be frustrating to go through the steps only to find out that the package is not working. You might think there's an issue with the steps, but it could be due to the package itself. The version I found to be working can be downloaded from here: WeChat IPA

Once the IPA is downloaded, follow similar steps as before: change the file extension to .zip, extract it, and find the WeChat.app in the Payload folder, as shown in the following image:

WeChat_app

Create a new app with your own account (defining your own bundle ID), run it on your phone, find the running app (xxx/DriveData/xxx/Build/Products/Debug-iphoneos/xxx.app), or generate an IPA using the AdHoc method (to obtain the provisioning profile and Entitlements.plist). Make sure the provisioning profile you choose includes the devices you want to install the app on. Then, replace the bundle ID, certificate, and provisioning profile of the app you want to re-sign with your own.

Modifying the bundleIdentifier in info.plist#

Next, examine the contents of the WeChat.app and find the info.plist file. Replace the bundleIdentifier with your own (There are many files in the WeChat.app, you can sort them by modification date to make it easier to find the file you want to modify), as shown in the following image:

Modifying WeChat bundleIdentifier

Replacing embedded.mobileprovision#

Obtain the embedded.mobileprovision from your own newly created app, and replace the embedded.mobileprovision in the WeChat.app with it. You can simply copy and replace it.

Resigning Frameworks#

In contrast to Xiangse Guige, this process involves re-signing the frameworks. You need to re-sign all the libraries in the Frameworks folder with your own certificate. The contents of the Frameworks folder are shown in the following image (there might be unofficial libraries included, but signing them won't affect the process):

Frameworks Content

To re-sign the frameworks, use the following command repeatedly until all the libraries in the Frameworks folder are signed:

codesign -fs "Your Certificate" xxx.framework

Replacing framework signatures

Removing Plugins#

The version of WeChat.app that I downloaded did not contain any Plugins in its content, so no action is needed.

Replacing the signature#

Obtain the embedded.mobileprovision from your own newly created app and generate the Entitlements.plist. Use the following command:

   /usr/libexec/PlistBuddy -x -c "print:Entitlements " /dev/stdin <<< $(security cms -D -i xxx.app/embedded.mobileprovision) > Entitlements.plist

Then, delete the _CodeSignature folder in the WeChat.app and re-sign it using the generated Entitlements.plist. Execute the following command, making sure to replace the paths with the actual paths of Entitlements.plist and WeChat.app:

codesign -fs "Your Certificate" --no-strict --entitlements=Entitlements.plist Payload/WeChat.app/

Resigning WeChat.app

Finally, compress the /Payload/WeChat.app folder into a xxx.ipa file using the following command:

zip -r xxx.ipa Payload/

Lastly, use Xcode to install xxx.ipa on your phone. Follow these steps:
Select Xcode, open the window using the shortcut Shift+CMD+2, select the device, click on "+", and choose xxx.ipa for installation. Wait for the installation to complete.

The final result after installation should look like this:

Final Result

Summary#

In summary, re-signing an IPA involves replacing the certificate and provisioning profile of the package with your own. The overall steps are as follows:

  • Find a usable IPA.
  • Create a new project, compile or package it, and obtain the corresponding embeded.mobileprovision.
  • Modify and replace the bundle ID of the package with your own.
  • Update and replace the embeded.mobileprovision in the package.
  • Re-sign the Frameworks.
  • Remove the Plugins.
  • Generate Entitlements.plist from your own embeded.mobileprovision, then re-sign the xxx.app using it.
  • Finally, package the xxx.app into xxx.ipa and install it.

References#

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.