iOS -- look inside provisioning profile?

Question

Is it possible to inspect the insides of a provisioning profile? I am dealing with a code signing error because the entitlements do not match. Fixing this is rather difficult as I don't know how to inspect the entitlements in the provisioning profile. Hence I am shooting in the dark.

Related questions, none of which seem to help in my case:

score 122 · Accepted Answer · edited Jan 12 '21 at 14:53

122

You can also do a text dump by typing

security cms -D -i <prov>

FWIW

security is to Administer Keychains, keys, certificates and the Security framework.
cms is a command within the security framework it stands for Cryptographic Message Syntax
-D is for decoding
-i means infile use infile as source of data (default: stdin)

edited Jan 12 '21 at 14:53

mfaani

33,269
19
164
293

answered Jul 11 '13 at 21:32

Sean Danzeiser

9,141
12
52
90

3

getting following warning with this command: security: SecPolicySetValue: One or more parameters passed to a function were not valid. – Fabian Köbel Feb 05 '18 at 08:59
getting: security: failed to add data to decoder: UNKNOWN (-8183(d) security: problem decoding – Romit Kumar Mar 03 '23 at 06:57

score 9 · Answer 2 · answered Aug 06 '12 at 19:45

You can more (or less) it in the terminal (Applications -> Utilities -> Terminal). Just respond with y to the question about viewing binary data.

The xml part is readable. For example you can view the ApplicationIdentifierPrefix and the keychain-access-groups. In the past those gave me some headaches.

score 8 · Answer 3 · edited May 13 '20 at 19:13

8

A number of Quick Look plug-ins have been developed to inspect provisioning profiles:

After installing, just select the provisioning profile file in Finder and press space!

Quick Look plug-in for provisioning profiles

edited May 13 '20 at 19:13

pkamb

33,281
23
160
191

answered Jan 30 '14 at 21:35

Jorge Vicente Mendoza

686
9
23

The [here] link above has been stripped, and there is no indication anywhere what the name of the app is. This looks interesting. Can you give us a reference (as opposed to a live link)? – Phill Apley Dec 01 '14 at 19:49
2

ch hockenberry's provisioning quicklook generator is great. It even extracts all the relevant information when applied to a .ipa file. Up till now I had to rename the file as a zip file, unpack it, search for the provisioning profile, dump the text from it, then grep for the bits I needed. Now it's all right there. – Phill Apley Dec 02 '14 at 23:00

score 7 · Answer 4 · answered Feb 07 '20 at 17:11

No need for an external app. The quickest and easiest way to observe the contents on a mac is by clicking on the profile in the Finder. The preview will list the following things (as well as others):

App ID Name
App ID
Team Name
Creation, Expiration date
Entitlements
Certs
Device whitelist

score 3 · Answer 5 · answered Aug 17 '15 at 19:10

3

Simply select the embedded.mobileprovision and Open With... your favorite Text Editor. It may show a variety of encoding errors, but the parts you're concerned with, such as Entitlements and other keys, should be readily visible:

0Å   *H÷ ¶0²10 +0 +0 Ì!YëýI¬nuèzÑöçö°
...
<plist version="1.0">
<dict>
    <key>AppIDName</key>
    <string>Your App Name</string>

    ...

    <key>Entitlements</key>
    <dict>
        ...
        <key>aps-environment</key>
        <string>production</string>

answered Aug 17 '15 at 19:10

pkamb

33,281
23
160
191

FWIW the `embeded.mobileprovision` is something that is only made available when you're looking building into a device. otherwise you won't be able to find it. For more on its exact location see [here](https://stackoverflow.com/a/65117697/5175709) – mfaani Jan 12 '21 at 14:37

score 0 · Answer 6 · answered Jun 30 '20 at 09:12

0

Right click and select "Get Info". It will show you certificates, provisioned devices and entitlements.

answered Jun 30 '20 at 09:12

Whip

1,891
22
43

iOS -- look inside provisioning profile?

6 Answers6