Selfsigned certificate and provisioning profile for Xcode iOS building

Doesn’t work in Xcode 10

Xcode now allows anyone with an Apple ID to build and run app, from anywhere. But, what if, I’m jailbroken and not satisfied with 7-days expiration? Or I’m trying to build an open-source app, but can’t build because the bundle id is already taken and submitted to iTunes?

Since we are jailbroken, everything should just work if we use selfsigned certificate. But somehow, Xcode just keeps asking for a “provisioning profile”, and which is kind of messy to play around. But finally I got it working.

Provisioning profile, is a Cryptographic Message Syntax (CMS) signed property list (plist), which includes team, app, and permission info.

For those who don’t want to bother with cert generating and plist signing, you can just take CodeSigning.zip, import the p12 into keychain, open provisioning profile in Xcode, and skip to the last step, and you are all set.

If you’d like to create the cert from scratch, here’s the detailed steps.

Create selfsigned certificate for code signing

Things is different here because we are going to sign the plist, so for key usage you need not only “Code Signing”, but also “Any” and “Email Protection”, everything else should be famillar if you tried to create a code signing cert in the past. Note that you need to fill in “Organizational Unit”, and this will be your team id, so don’t leave white space in here.

Choose Code Signing type and don’t forget to check the “Let me override defaults”

Fill in the Organizational Unit, everything else can leave blanked

Any and Email Protection must be included or you can’t sign the profile later

Create provision plist

Now you have a working certficate, it’s time to create the provision plist. Here is the template plist file:

Here’s a few thing you need to change in this plist.

  • Paste your certificate content after DeveloperCertificates entry. Open Terminal.app and run “security find-certificate -c “iPhone Developer” -p” and copy things between the dashes.
  • Change all the team identifier SELFSIGNED if you chose your own “Organizational Unit” name when creating cert.
  • Change the CreationDate, ExpirationDate, and TimeToLive to match your cert’s validation info.
  • (Optional) Run “uuidgen” in Terminal and change the UUID entry.

Signing the provision profile

After you modified the plist, the easiest way should be running

Though, for some reason, my machine keep running into error. If you have the same problem, export the cert and private key from keychain and sign it with openssl. (Note that the openssl cli utility comes with mac does not have cms function, you might need to compile one yourself or find another platform)

 

Configure Xcode to use the certificate and provisioning profile

So we finally got everything set up, but wait! There’s the last step.

First open the .mobileprovision file in Xcode, it will not react or pop anything, but you can check “~/Library/MobileDevice/Provisioning Profiles” directory if your generated uuid is there.

Then go to project’s “Build Setting” – Signing, select your certificate in “Code Signing Identity”, change “Code Signing Style” to “Manual”, leave “Development Team” empty, and select your provisioning profile in both “Provisioning Profile” and “Provisioning Profile (Deprecated)”

 

Now check the Gerenal tab, and it should not complaint about signing anymore.

プリコネR 1.6 与 cdb、通信加密 与 coneshell.dll

早在版本更新前的一次资源更新的时候,我这边就注意到master db的改动了,新增了一个cdb,编码不明,但应该就是用来新版本的加密版db。当时故障原因是一直以来masterdb manifest只有一行,所以我直接拆逗号,但这一次cdb在unity bundle前面,于是提取失败cron爆炸

当时改完了正规按行读取后就等着新版本了,想着肯定会大改这部分。于是 8/3 的 10002700 更完,一周后1.6就更新了

下完dmm版扔进dnspy,直接看到这么个切换cdb的代码

而当跟随这个OpenCustomVFS之后,发现他调用了一个 coneshell.dll 里面的函数,而这个dll只有一个导出入口,作用是循环输出一个数组里的函数指针

然后就是和dll战了几天,本来想研究透内部逻辑的,然后星月佬一句“你调用不就完了,linux还有wine”,于是…我就扭头去模拟调用了()

不过就算是调用,也要摸好半天各种函数。打开cdb我模拟了半天也没成功,那天我就直接睡了,后来Utaha写了个另一个版本的代码给读出来了,然后调用 sqlite3_backup_init 直接保存出来db了。

就在研究cdb的时候,我又注意到另一个事情:服务器一直在报代理失效,判定原因是返回200但无body内容。而我手动curl的却发现代理没有问题,排查了好久,最后把完整的header和body都带上,果然0长度了。也就是说1.6不仅改了db,还改了通信。那天发现到这里我就去上跑步机了,在跑步时候我就发的“我有种预感,我一会儿还会碰到一个coneshell的调用”。跑完下来继续研究发现果然,unpack里还是一个外部调用。

刚开始本想直接拆一个客户端的响应,但是一直都是unpack出错,最后Utaha给我提说是有一个初始化的函数,输入了udid和随机32B。于是发觉拆解已有响应好像还不如直接自己构造客户端容易

摸了半天之后才算摸清了各个函数的用途与参数

然后经过一通猜测body并对比已有的请求大小,构造出了一堆请求后,才终于看到服务器返回的不是错误的212字节而是492字节了,也就是说构造成功了,接下来就是扔给dll 解包了

但是当我直接扔给了 _g 的时候,他依然给我返回了-1……想了二十分钟整理了下逻辑,意识到如果是游戏正常运行的话,是pack之后等待响应然后紧跟着unpack的,这里会不会有内部状态的改变?于是在unpack之前我又调用了一次pack,这次res正确返回了解包长度,成功了!

于是美滋滋完成编译,rpm源还只有x64 wine,又去找了个一键x86 wine编译在服务器跑了一个小时才跑完。然后就直接扔上去了,于是service back online(

redive/main.php

Coneshell_call/main.cpp


后话:

我挂上了新版本cdb代码,原本猜测的是Hatsune’s Notes现有版本估计就完全死了。但是14号 10002800 更新后发现怎么还有bundle版本的db,虽然有点奇怪cy为什么还不停用传统db,不过他有我就继续用着

这几天其他几位大佬依然在缓慢地彻底研究内部逻辑,我这种不会的咸鱼只能在旁边膜了


8/22 后记2

你西歪太拼了,我这刚完成没几天,现在有了cdb ver.3了,怕是下版本实装


8/28 后记3

cy昨天更了167了,cdb ver3 online

我这种菜渣,拆是不可能拆的,这辈子也看不懂汇编的,您们谁大能收了西歪吧

prcn-ios-1.6.7.7z

等一个最终提交,这破游戏我研究也就到这了,打扰了,告辞

cy,我前天拆cdb的时候,你偷看了吧