前言
一般改变了应用的二进制文件,或者增加、修改了应用里面的资源,应用本身的签名就会被破坏。
security Usage
Usage
Usage: security [-h][-i] [-l][-p prompt] [-q][-v] [command][opt …]
-i Run in interactive mode. -l Run /usr/bin/leaks -nocontext before exiting. -p Set the prompt to "prompt" (implies -i). -q Be less verbose. -v Be more verbose about what's going on.security commands are:
help Show all commands, or show usage for a command.
搜索本机的证书
find-identity
security find-identity -v -p codesigning
查看签名证书
- 包含:app ID(AppIDName )、授权文件(Entitlements )、包含公钥的开发证书(DeveloperCertificates )、ProvisionedDevices (可安装设备列表)的签名证书
查看开发配置文件
security cms -D -i filepathsecurity cms -D -i /Users/devzkn/Downloads/my/IOS开发任务总结/真机调试/xx.mobileprovision
III 、 重签名
手动完成Xcode签名
3.1 获取证书列表
- security find-identity -v -p codesigning
3.2 生成Entitlements.plist: 沙盒的配置列表
列出了哪些行为会被允许,哪些行为会被拒绝。在签名的时候,Xcode会将这个文件作为 –entitlements 参数的内容传递给codesign.
xcode 的
capabilities选项卡上进行的相应权限操作,相关条目也会添加到授权文件。查询一个应用的授权文件
➜ provision git:(master) ✗ codesign -d --entitlements - /Users/devzkn/decrypted/WeChat6.6.0/Payload/WeChat.app Executable=/Users/devzkn/decrypted/WeChat6.6.0/Payload/WeChat.app/WeChat ??qqh<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.developer.siri</key> <true/> <key>com.apple.developer.team-identifier</key> <string>88L2Q4487U</string> <key>com.apple.developer.healthkit</key> <true/> <key>application-identifier</key> <string>532LCLCWL8.com.tencent.xin</string> <key>com.apple.developer.networking.HotspotHelper</key> <true/> <key>com.apple.developer.networking.networkextension</key> <array> <string>packet-tunnel-provider</string> <string>app-proxy-provider</string> <string>content-filter-provider</string> </array> <key>aps-environment</key> <string>production</string> <key>com.apple.developer.networking.HotspotConfiguration</key> <true/> <key>com.apple.developer.associated-domains</key> <array> <string>applinks:help.wechat.com</string> </array> <key>com.apple.security.application-groups</key> <array> <string>group.com.tencent.xin</string> </array> </dict> </plist>%
3.2.1 编译生成目标app,从目标app目录下获取embedded.mobileprovision
获取profile.plist
security cms -D -i /Users/devzkn/Library/Developer/Xcode/DerivedData/2018wxrobot-eenymyxpjytdqfhdejnwlypbodwy/Build/Products/Debug-iphoneos/2018wxrobot.app/embedded.mobileprovision > profile.plist
使用plistBuddy 从profile.plist 提取Entitlements
/usr/libexec/plistBuddy -x -c 'print :Entitlements' profile.plist > entitlements.plist
3.2.2 从开发者后台下载PP文件,然后提取授权文件( 略)
3.3 复制xx.mobileprovision 到.app 目录下
3.4 签名
对.app 目录下的所有动态库、插件、watch目录下的extension进行签名
codesign -f -s 0B3D26F0E551CC07F2iPhoneDeveloperkey xxx.dylib
对整个app目录进行签名
codesign -f -s 0B3D26F0E551CC07F2iPhoneDeveloperkey --entitlements entitlements.plist target.app
3.5 打包
mkdir -p Payload
cp -a Target.app ./Payload
zip -qr Target.ipa ./Payload
举例
签名动态库
- 列出可签名证书
security find-identity -v -p codesigning- 为dumpecrypted.dylib签名
codesign --force --verify --verbose --sign "iPhone Developer: xxx xxxx (xxxxxxxxxx)" dumpdecrypted.dylib
See Also
plistBuddy
➜ ~ /usr/libexec/plistBuddy Usage: plistBuddy [-cxh] <file.plist> -c "<command>" execute command, otherwise run in interactive mode -x output will be in the form of an xml plist where appropriate -h print the complete help info, with command guide
/Users/devzkn/bin//knpost security Command line interface to keychains and Security framework -t iosre #原来""的参数,需要自己加上""
