5

I'm trying to distribute an unsigned .ipa via itms-services protocol for jailbroken device WITH NO CYDIA. I went through guides about how to create an unsigned app for cydia from: http://www.alexwhittemore.com/developing-jailbroken-iphone-ios-401/ and I managed to make it work except the "Share" option from the Organizer. It says: Error: Codesign check fails... But maybe it's not the issue here.

Taking the .app folder of my app and compress it to .ipa extension with no signature worked, but when I upload my app to my server and try to download it via itms-services protocol, the progress bar on the device is going almost to the end and fails to download....

Anyone has experience with that?

Alexei Robsky
  • 221
  • 5
  • 11

2 Answers2

3

Sorry about reawakening an ages-old thread, but just in case anyone has this question in the future:

The itms-services protocol makes requests to two servers: oscp.apple.com, and another server (which you can find out more about on Apple's website). The servers check whether Apple has generated the public keys for the signing certificates, and whether or not they have been revoked.

Normally, there would be no way to bypass this, but what the iPhone checks for is a "bad" response. If it detects one, it rejects the app. If it doesn't receive a response at all, then it doesn't reject the app, however.

So what you want to do here is probably create a custom DNS server, that will list the two Apple servers as two other servers. Then, create a mobile configuration file that will change the iPhone's default DNS server to your server. The application should then install properly.

Toby Allen
  • 10,997
  • 11
  • 73
  • 124
user1522362
  • 74
  • 6
1

I have exactly the same question as you have : I am looking for a way to distribute iOS Apps for jailbroken iPhone, without going through Cydia.

itms-services works for when I do provide a valid provisioning profile. Whit no provisioning profile, it does not work.

One note however for you Alexei : unsigned app won't work on an iPhone, even if it is jailbreak. You need at least a self-signed app. Jailbreak removes the need for Apple approved developer signature, it does not remove the need for signature at all. You can self-sign your code with "ldid -S" on a jailbroken device. There is also a ldid version for Mac OS X at http://dl.dropbox.com/u/3157793/ldid

Please keep updating this thread with your progress - I will do the same.

[EDITED]

It is possible to generate a self signed certificate and use it from Xcode. The application can then be installed using scp -r command.

I then manually created an IPA file and serve it through a web server with the itms-services URL. Installation fails with ""App" could not be installed at this time"

When looking at the console, it says :

Mar 14 17:31:32 unknown installd[4276] <Error>: developer cert trust result = 5 Mar 14 17:31:32 unknown installd[4276] <Error>: 00485000 verify_signer_identity: Could not copy validate signature: -402620392 Mar 14 17:31:32 unknown installd[4276] <Error>: 00485000 preflight_application_install: Could not verify executable at /var/tmp/install_staging.AnmaAp/foo_extracted/Payload/App.app Mar 14 17:31:32 unknown com.apple.itunesstored[4272] <Notice>: MobileInstallationInstall: failed with -1 Mar 14 17:31:32 unknown installd[4276] <Error>: 00485000 install_application: Could not prefligh

Reason is that /usr/libexec/installd program is checking for valid signature when installing application. This can be patched and disabled with tools like http://hackulo.us/wiki/AppSync or http://jamesisbored.com/iphone/bootleg) but I wouldn't go that way for two reasons :

  • First it opens the door to any installation on the iPhone
  • secondly because your user will have to that again after each iOS update (and the availability of a patch is not guaranteed for future versions)

So, this leaves me with two options : A/ abandon this idea B/ develop my own MISValidateSignatureAndCopyInfo bypassing code and use it temporary for the time needed to install my app.

Sébastien Stormacq
  • 14,301
  • 5
  • 41
  • 64
  • Before trying to distribute it, did you test if the application works from a manual installation on the device (using scp to store files on the device) ?? – Sébastien Stormacq Mar 14 '12 at 08:53
  • Thanks! the note helps! And yes, I checked the app from a manual installation, and even with a valid provisioning profile. And it works. Do you know of a way to install provisioning profile without the cable? – Alexei Robsky Mar 14 '12 at 09:27
  • yes, just expose it in a web page and download it from Mobile Safari (http://your_server/file.mobileprovision) – Sébastien Stormacq Mar 14 '12 at 10:11
  • As far as jailbreak *is not* concerned, this blog post helped a lot too : http://jeffreysambells.com/posts/2010/06/22/ios-wireless-app-distribution/ – Sébastien Stormacq Mar 14 '12 at 10:35
  • If I understand correctly, you can expose the file.mobileprovision and the device could install it. Afterwards, you can use itms-services://URL_TO_PLIST... and install your app that signed in the provisioning profile. Could work? – Alexei Robsky Mar 14 '12 at 12:16
  • Also, from: http://www.alexwhittemore.com/developing-jailbroken-iphone-ios-401/ I saw that the script is using mac's codesign. So, I guess that the app is signed after all. – Alexei Robsky Mar 14 '12 at 12:40
  • 1
    let's distinguish the case of a valid Xcode Signature (with Apple Developer's subscription certificate) - in this case, yes, you can expose the mobile provision profile from a web app and use the itms-services URL to download and install the app. I tried this is working. The other case is self signed app to deploy on a jailbreak device. I could not install the app using the itms-services url method. I receive an error message saying that the app can not be installed and no error message in the console. – Sébastien Stormacq Mar 14 '12 at 12:52
  • App should be either signed with a self signed certificate (Apple's code sign method) either marked with ldid -S (see http://www.saurik.com/id/8 for details) – Sébastien Stormacq Mar 14 '12 at 12:54
  • I get the same message also, about the itms-services. Is it possible to manipulate the mobileprovision file so that it would recognize the self-signed certificate? and then to distribute the mobileprovision and the self-signed app? – Alexei Robsky Mar 14 '12 at 14:59
  • About the edit: don't forget that if you want to use scp, you should install openssh (or any other ssh server) on your device. Also, you need to password for that. But if I want to install the ipa on a device that is not mine, and I don't have the password or ssh installed? – Alexei Robsky Mar 20 '12 at 14:13
  • then your "user" must install the installd patch to bypass the verification process when itms-service triggers installd daemon. The patch is available from Cydia – Sébastien Stormacq Mar 20 '12 at 20:47