Sign applications for iOS. How to sign a PDF document on iPhone and iPad using the Mail app. Retrieving a package of application files

iSignature

Developer: ILYA2606 (based on sources)
Date of issue: July 7, 2011
Version: 2.6 (December 4, 2011)
Language: Only Russian

System requirements

  • Mac OS X 10.6 and higher (VM, Hack, Macintosh).
  • iDevice of any model.
  • iOS 2.x or higher (compatible with iOS 5.1)
  • Developer Certificate File
  • Profile file (provision)

Description

The application is able to sign a cracked (broken or unlinked from an account) application under its certificate and easily install it via iTunes on a device without jailbreak!

Instructions

1) If you are a developer with your own Apple certificate.

  1. Go to iOS Provisioning Portal/Provisioning and next to your profile, click “Download” to download the profile file.
  2. Go to iOS Provisioning Portal/Certificates and next to the certificate, click “Download” to download the certificate file.
  3. Add the downloaded *.p12 certificate file to the Keychain in the System section (if not added earlier).
  4. Launch iSignature. Choose any broken ipa that needs to be signed. Enter the name of your certificate, which is listed in the Keychain, in the signature input field. For example, iPhone Developer: ILIA SHKOLNIK (*********).

2) If you are not a developer.

  1. Add the UDID of your device to a certified developer,
  2. Take from the developer his profile file (provision) *.mobileprovision, to which your device was added.
  3. Take from the developer his *.p12 certificate file, to which the provision was added.
  4. Move the *.mobileprovision profile file to the iTunes icon with the mouse, then synchronize with the device. This will install the profile on the device.
  5. Add the *.p12 certificate file to the Keychain in the System section.
  6. Launch iSignature. Choose any broken ipa that needs to be signed. Enter the name of your certificate, which is listed in the Keychain, in the signature input field. For example, iPhone Developer: lalalya (***********).

How to create a .p12 certificate

How it works?

Everything is very simple. The application signs the ipa file with the developer's signature from the certificate file. Thus, iTunes thinks that this is a regular developer build and quietly installs it on the device whose UDID is included in this certificate.

Functionality is being gradually added.

What's new in version 1.0:
– Full Russian localization
– Terminate the application by clicking on the cross

What's new in version 2.0:

  • Enable/Disable auto-adding signed files in iTunes
  • Notifications changed
  • Added ProgressBar and stage information

    • What's new in version 2.1:

    • Added Sparkle update
    • Bug fixed
    • Graphical improvements

    What's new in version 2.2:

    • Tested the functionality of the Sparkle update

    What's new in version 2.2.1:

    • Added auto-saving of settings on exit

    What's new in version 2.3:

    • Adding .ipa files by transferring them to the iSignature icon or via “Open with”
    • Support for adding multiple files at once

    What's new in version 2.4:

    • Automatically adding the required certificate on first launch
    • Added “Clear data” button to the menu

    What's new in version 2.5:

    • Added profile selection for integration into the application

    What's new in version 2.6:

    • Added code signing utility from Mac OS X 10.7.2
    • Errors translated and solutions added

    Who has the error? CSSMERR_TP_NOT_TRUSTED) when signing - download BURO and add it to the keychain:
    Download OFFICE

    I would be grateful for good advice for the development of this project

    Not every iPhone and iPad user knows that using the standard email application you can create and sign PDF documents.

    With the Mail app, you can open a document as an image or PDF, add notes and a handwritten signature, and then send it to the recipient. This feature appeared in Mail on iOS 9.

    How to sign a PDF document on iPhone, iPod touch and iPad using Mail?

    1 . Get any PDF document at mailbox(for example, send it to yourself).

    2 . Open the application " Mail» on iPhone, iPod touch or iPad.

    3 . Go to folder Inbox and open the document with the file.

    4 . Tap the file to start downloading from the server and tap on the downloaded file.

    5 . Tap on the display in work area once so that the control panel appears, and then click on the briefcase icon in the lower right corner.

    6 . This action will take you to markup mode. Again, in the lower right corner there is an icon responsible for creating a digital signature. Click on it.

    7 . Sign and then click the " Ready».

    8 . On the page Marking place your completed signature in in the right place. If necessary, select the required scale and color.

    9 . Click the button Ready».

    10 . All that remains is to change the addressee in the “ To whom" and change the subject of the message if necessary, and then send the letter.

    Only for Mac OS X users. For a small fee we provide certificates and a mobile profile (5 files in total),
    allowing you to install any number of paid programs on your device without hacking or jailbreak during the validity period of the UDID binding (up to one year). How to use it? Read on.

    Thousands of programs have been written for iOS, many of which are published in the AppStore and cost a lot of money,
    but the developers do not provide the opportunity to test them before purchasing.
    Even more programs do not make it into the official AppStore at all and therefore are not installed on the device.
    And all because applications for iOS have a special digital signature, which iTunes checks when uploading an IPA file to the device and the device itself when the application starts.
    No certificate from Apple - no signature. No signature - the application will not start.

    No wonder hacking or jailbreak is so popular operating system mobile device,
    giving the opportunity to put anything on it, without control from Apple.
    Hacking opportunities are gradually closing with the release of new versions of iOS.
    So the user has a choice: either a fresh iOS or jailbreak and installation of any programs.
    Do you want both (and maybe without bread)? Then read on...

    - these are programs with the help of which applications receive a digital signature, which iTunes accepts as native and “uploads” the application to the device.
    And no iOS hacking.

    Unfortunately, the programs are only available for Mac OS X, but for Windows users there are virtualization systems, for example, VmWare,
    which will allow you to run Mac OS on Windows in a separate window.
    After signing the application on the virtual machine, you just need to transfer it back to Windows and upload it to iTunes.

    I) This needs to be downloaded and installed in advance:

    1) Mac OS 10.9 (Mavericks) or later. On older versions of Mac OS (10.7, 10.8), difficulties with signing were noticed - we do not recommend it.
    If there is no Mac, the axis can be installed virtually on VMWARE.

    2) Command Line Tools for Xcode - they are different for each Mac OS.

    Command Line Tools contain libraries that are usually not enough for signing and which may simply not be on your system - without this set it is unlikely that you will be able to sign something.
    If you want to develop iOS applications yourself, you can immediately install Xcode entirely.

    3) Signing program or iOS App Signer.

    II) We give this after payment (via the form on the main page):

    1) Two *.cer certificates and one *.p12 key - all this is placed in the “Keychain Access” (standard Mac OS utility) in the “login” section, also known as “login”;

    2) *.mobileprovision profile generated for your UDID, which is loaded into the device (phone, tablet, “body”) along with signed *.ipa applications.
    Starting with iOS 9, the profile is not displayed in the device, although it continues to work;

    3) New! Another profile is iOS_12_beta_Configuration_Profile.mobileconfig. It is only needed if you are interested in beta versions of iOS.
    Send it to yourself by e-mail and open it with a click through the standard mail program on your device, and the betas will download themselves over the air, like regular updates.
    Unlike the previous profile, this one has an updated format and its presence can be seen in the device settings. There is no such profile for iOS 13 yet.

    4) And most importantly: we link the UDID to the developer account. Without UDID binding to a specific device, certificates are useless—there is no point in distributing them to others. And take other people's too. 🙂

    III) Signing Application:

    How to prepare your device to download signed apps (without this they won't work, so do that first):

    Method 1: Transfer .mobileprovision to your device using a free program

    Apple Configurator 2 (Mac only).

    Method 2: The method is old and may not work in newer versions of iOS. Transfer the profile.mobileprovision to the device using iTunes.
    With the device connected, drag the .mobileprovision profile file into iTunes into the Apps section, like a regular application, and start synchronizing with the device.
    This should be done before synchronizing signed applications, and not simultaneously with them. Otherwise you will have to synchronize again.

    Method 3: Same old way, and also most likely no longer works. Send yourself the profile file.mobileprovision by e-mail and open it on your iPhone.
    This will lead to automatic installation of the profile, although it is not visible on the device.

    How to check if the installation is correct:


    To check that the profile and UDID connection are installed correctly,
    you can download a test application - iTransmission 5.0 torrent client, already signed with a certificate (only for the current pool!).
    If it installs and works on your device, then the UDID registration and profile installation were successful. However, there is no guarantee that all other applications will be able to be signed.
    But there is no other way to check - registration does not outwardly manifest itself in any way until beta is installed on the phone.
    And the profile is not visible on the device at all: in versions of iOS 9 and higher, it is no longer displayed in the “profile” section, even if installed correctly.
    This is the peculiarity. Apple seems to love to surprise...

    However, recently another one appeared indirect sign successful UDID registration: This is the iOS_11_beta_Configuration_Profile.mobileconfig file.
    If you managed to install it in the device and it is visible in the main settings in the “Profile” section (it’s at the very bottom, the section appears only with the profile together), then everything is fine.

    How to sign an application:

    Double click mouse, install two certificates in the Keychain: AppleWWDRCA.cer and ios_development.cer (install in login / input), and one *.p12 (with the password, which is in the password.txt file), received from us - all this will be displayed in A bunch of keys.
    This is done once. When asked about using keys, answer “Always allow.” And do not change the certificate reliability settings - leave everything as default!

    - Open the signing program you downloaded from this site and make sure it recognizes the certificate. Also show her the path to her mobile profile.

    — Drag into it with the mouse all the .ipa files that you want to sign.

    — Click the “Start Job” button.
    The program will “think” a little, and the same .ipa files will appear in the iModSigned folder specially created for this on the desktop, but with the “correct” signature.
    Throw them into iTunes and synchronize with your device (the .mobileprovision profile should already be installed on it by this point).
    Please keep in mind that a program signed in this way cannot be updated via the AppStore - every new version you will need to search, download and sign again.

    P.S. We do not promote piracy!
    This installation method will allow you to try out the apps you want to purchase for a period of time. limited period, while the UDID binding is in effect.
    Remember that buying legal software is much nicer and more convenient than using pirated software.
    and we strongly encourage you to support the developers and buy the apps you like.

    A golden cage of reliability and safety in which all owners are located mobile devices running the iOS operating system has its own negative sides. One of these aspects is the inability to return to previous version any program. Reading reviews of games in the AppStore, you can often notice that new versions greatly disappoint their users. Many of them have a reasonable question: how to return their favorite version of the program?

    As it turned out, it's not that simple. The first solution in such situations is usually to jailbreak the operating system. But because of one application, it is clearly not worth giving up the possibility of further official updates, reducing the stability of the device and losing the manufacturer’s warranty. There is another option - installing applications from an IPA file and signing it with a developer certificate.

    IPA is an extension of the installation files of various programs for iPhone, iPad and iPod Touch. All IPA files, when officially installed from the AppStore on the selected device, are signed with a special certificate with a digital signature. This signature is protection against unauthorized distribution of programs and applications from the AppStore. An application installed and signed for one device cannot be installed on another. Therefore, in order to be able to install old version game or any other program, you need to take the corresponding application, which does not have a digital signature, sign it with a certificate corresponding to the selected device, and only after that will it be possible to install it.

    We will not dwell on the question of where to get unsigned applications, since if you have the skills to use search engines solved quite simply. Let us dwell in more detail on the technical side of signing applications with a digital signature.

    Let us immediately note that this manipulation can only be performed by users of Apple computers running the Mas OS X 10.6.8 (Snow Leopard) operating system and higher. If you do not have such an operating system, then you can install it using one of the virtualization systems for your operating system. For example, VmWare.

    If the above conditions are met, you can sign an application with a certificate if you have a paid developer account and the UDID number of the device entered into this account. Special services have appeared on the Internet that provide similar services for a nominal fee.

    The entire process of installing an application from an IPA file will in this case consist of the following steps.

    1. Download a program for Mac OS that will digitally sign the application. At the time of writing, the following programs are known and used to digitally sign applications: InstaSign , iModSign , iReSign And iSignature . We recommend that you first pay attention to the first two programs on the list.
    2. Determine UDID - unique device identification number. To do this, connect your iPhone, iPad or iPod Touch to your computer and launch iTunes on it. On the device overview page, click on its serial number and in its place you will see a 40-digit alphanumeric UDID code. Copy it into any text document.


    3. Link your UDID to your developer account and receive certificates and a profile for your device. To do this, use one of the services on the Internet. Eg, . In the store of the specified site you must purchase Certificate + Visioning Profile , making sure to indicate the UDID of the device for which you are ordering certificates.


    4. After successful payment, you should receive at least three necessary files by email:
      • certificate with extension *.cer ;
      • certificate with extension *.p12 ;
      • profile of your device with extension *.mobileprovision .
      The letter must also contain the password that is used when adding certificates to A bunch of keys(Keychain).
    5. Add certificates to A bunch of keys. To do this, double-click with the left mouse button on the certificate with the extension *.p12. Enter your password in the window that appears.


    6. After successfully adding developer certificates in the left column Keychains find the added certificates under " Certificates" and enter the certificate starting with iPhone Developer:. Copy common name developer corresponding to this certificate, which will look like iPhone Developer: Ivan Ivanov (Х1YZ2AB3C4). It will need to be used in the future when signing the program.


    7. Run the program used to sign the IPA application. In our example we used the program InstaSign.
    8. Drag the application that will be signed into the program window. As a result, it should appear in the first line of the program.
    9. Specify the name of the developer, which was defined in step 6, and the folder to save the signed application. By default, it will be saved to the desktop.
    10. Click the button InstaSign programs for signing applications. As a result of these actions, the selected application will be signed with a digital certificate with the extension *.ipa.


    11. Download the developer profile with extension *.mobileprovision to your device. The easiest way to do this is by sending a profile file to your email and opening this email using the Safari browser built into your iPhone or iPad. When you open a profile file with a browser, it will automatic installation into the device.
    12. Now the IPA signed application can now be installed on the iPhone, iPad or iPod Touch device for which the UDID certificates have been obtained. For this purpose, you can use either standard iTunes or the more convenient iTools utility.


    At the end of the article, we can give a recommendation to always create backups your favorite applications using the iTools program, so that there is no need to repeat the steps described above after disappointment from the next update of your favorite game or program.

    Some iOS apps check the version of the operating system on the device. Recently, while testing an application, I came across a similar check. If the iOS version was lower than 7.1, the application would not be installed and an error would appear.

    This article will cover the following topics:

    • Changing the iOS version in the SystemVersion.plist file.
    • Changing the version in a plist file located in the application package.
    • Using the "iOS-ssl-Kill switch" utility to bypass certificate validation.

    Changing the iOS version in the SystemVersion.plist file

    The iOS version can be changed (on a jailbroken device) in two simple steps by changing the corresponding value in the SystemVersion.plist file:

    1. We connect to the jailbroken device via SSH (or use ifile, available in cydia) to view the contents of the system directory.
    2. Change the "ProductVersion" value in the file "/System/Library/CoreServices/SystemVersion.plist".

    Figure 1: Contents of the SystemVersion.plist file

    This trick allows you to change the value displayed in the "Settings/General/about" section. However, the method will only work for applications that check the version in the SystemVersion.plist file. If after changing the version the application still refuses to work, use the second method.

    Changing the version in a plist file located in the application package

    The second method to change the version consists of three simple steps:

    1. Rename the ipa file to .zip and unpack the archive.
    2. We change the value of "minimum ios version" in the info.plist file, which is usually located in the \Payload\appname.app folder.
    3. We pack the archive and rename it back to ipa. [ Note: some applications check the "minimum ios version" value in other plist files in the package].

    Figure 2: Contents of info.plist file

    After changing plist files, the package signature is broken. To solve this problem, you need to register the IPA using the utility from this article.

    Some apps check the iOS version during installation. When a user installs an application using iTunes or xcode using IPA, it checks the version of iOS running on the device and if the version is lower than required, an error appears.

    Figure 3: Error when installing an application via xcode

    Such a check also requires several steps:

    1. Rename the .ipa file to .zip and extract the .app folder.
    2. Copy the .app folder to where the iOS applications are installed (/root/application) using any SFTP client (for example, WinSCP).
    3. We connect to the device via SSH, go to the folder where IPA is installed, and then set the launch permissions for the .app folder (chmod -R 755 or chmod -R 777). Alternative way- right-click on the .app folder in WinSCP and change the directory properties, setting the appropriate rights.
    4. After restarting the iOS device, the application will be installed successfully.

    Figure 4: Setting new permissions for the directory

    Bypassing certificate validation

    Some applications check the certificate to prevent traffic from being proxied using utilities like Burp. Typically, the application binary file has a client certificate hardwired into it. The server validates this certificate and if the validation fails, an error is thrown. You can read more about this in my other article co-authored with Steve Kern.

    Sometimes it can be difficult to extract the certificate from the application and install it inside the proxy. An alternative is to use the ios-ssl-kill-switch utility. ios-ssl-kill-switch hooks onto the Secure Transport API (the most low level) and disables certificate verification. Most checks use NSURLConnection for more than high level. More details can be found.

    Verifying a certificate involves several steps:

    1. Install the kill-ssl-switch utility.
    2. All dependent packages must be installed in advance.
    3. Restart the device or restart SpringBoard using the following command "killall -HUP SpringBoard".
    4. Set the Disable Certificate Validation option in the "Settings/SSL Kill Switch" section.
    5. We restart the application, after which the traffic should be intercepted successfully.

    Certificate pinning is circumvented by hooking into the API that validates the certificate and always returning “true” when verified. The Mobilesubstrate framework is quite suitable for solving this problem. There are several other useful utilities for disabling snapping, such as "Trustme" and "Snoop-it".

    Figure 5: Disabling certificate verification in SSL Kill Switch

    © 2024 kigp.ru - Motors for boats. Boats. Gasoline engines. Equipment and accessories