Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

9.3.3 jailbreak and certificates

C

Cycling Asia

macrumors 6502
Original poster
Mar 19, 2016
273
217
So, after the certificate being revoked and leaving many with the contemplation of having to use free provisioning certificates that expire after a week, I thought I would have a look at how the stock apps are signed.

There are a couple of apps (take the compass app for example) that has a CodeResources file that does not contain any hash values. The md5 for these files (for me) is always 18c8afe9be28947d55f4477a72071077.

My theory is that if the Pangu app was moved from the /var/mobile/... directory into the /Applications/ directory and one of these CodeResources file placed in the _CodeSignature directory, it would be allowed to run when the phone is not in jailbroken mode.

Anyway, I haven't tried it (maybe on the weekend), but I thought I would put it out there as a possible "solution" to the signing problem.

So the process would be:
- sign the IPA using a free provisioning cert,
- install openssh on the device
- ssh into the device and move the PP app to the /Applications/ directory
- copy the compass _CodeSignature directory into the PP directory.
- logout and reboot the device
- attempt to run the PP app.

Anyone want to test it?
 
  • Like
Reactions: AppleFanatic10 and StarkCity
srf4real

srf4real

macrumors 68040
Jul 25, 2006
3,001
26
paradise beach FL
Cycling Asia said:
So, after the certificate being revoked and leaving many with the contemplation of having to use free provisioning certificates that expire after a week, I thought I would have a look at how the stock apps are signed.

There are a couple of apps (take the compass app for example) that has a CodeResources file that does not contain any hash values. The md5 for these files (for me) is always 18c8afe9be28947d55f4477a72071077.

My theory is that if the Pangu app was moved from the /var/mobile/... directory into the /Applications/ directory and one of these CodeResources file placed in the _CodeSignature directory, it would be allowed to run when the phone is not in jailbroken mode.

Anyway, I haven't tried it (maybe on the weekend), but I thought I would put it out there as a possible "solution" to the signing problem.

So the process would be:
- sign the IPA using a free provisioning cert,
- install openssh on the device
- ssh into the device and move the PP app to the /Applications/ directory
- copy the compass _CodeSignature directory into the PP directory.
- logout and reboot the device
- attempt to run the PP app.

Anyone want to test it?
Click to expand...
Sounds legit. Let us know if it works.. maybe the compass app in iOS might actually have some value after all :)
 
C

Cycling Asia

macrumors 6502
Original poster
Mar 19, 2016
273
217
Tried it, it didn't work. When in non jailbreak mode, the fake signed app failed to open (as if it had no signatures). Perhaps someone with more experience in the workings of iOS could have more of an attempt. For now I'll stick with the chinese language app with the enterprise cert.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom