Is it possible to modify the bundle and re-sign an app store signed IPA with a wildcard ah hoc profile?
Question
Is it possible to:
- Download the IPA of the an app store iOS app (eg The Facebook app)
- Change an asset in the bundle. (eg swap out an image image)
- Resign the bundle with an ad hoc profile. (It will need to be a wildcard profile)
- Install the app on a development device. (eg using the iPhone configuration utility)
The reason being, I though up a theoretical vulnerability with SSL pinning and I want to know if it would be possible in practice.
I am fairly sure 1, 2 and 3 would work, but I am not sure iOS would allow it to be installed or not (step 4).
1 answers
solution1
0 2013-09-10 20:13:08
Theoretically that should be possible. The IPA is just a ZIP file, rename it and extract, then you can modify it to your hearts content. Then resign it using codesign , and you should be rockin.
I'm a bit confused what vulnerability you are exploiting; you specified that you're signing it with a development profile and installing it on a development device. You aren't really breaking any of the sandbox security by doing this. If you were able to modify the IPA contents and get it to run without resigning it, now that would be an exploit.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.