9.3.3 jailbreak and certificates

Discussion in 'Jailbreaks and iOS Hacks' started by Cycling Asia, Jul 28, 2016.

  1. Cycling Asia macrumors regular

    Mar 19, 2016
    So, after the certificate being revoked and leaving many with the contemplation of having to use free provisioning certificates that expire after a week, I thought I would have a look at how the stock apps are signed.

    There are a couple of apps (take the compass app for example) that has a CodeResources file that does not contain any hash values. The md5 for these files (for me) is always 18c8afe9be28947d55f4477a72071077.

    My theory is that if the Pangu app was moved from the /var/mobile/... directory into the /Applications/ directory and one of these CodeResources file placed in the _CodeSignature directory, it would be allowed to run when the phone is not in jailbroken mode.

    Anyway, I haven't tried it (maybe on the weekend), but I thought I would put it out there as a possible "solution" to the signing problem.

    So the process would be:
    - sign the IPA using a free provisioning cert,
    - install openssh on the device
    - ssh into the device and move the PP app to the /Applications/ directory
    - copy the compass _CodeSignature directory into the PP directory.
    - logout and reboot the device
    - attempt to run the PP app.

    Anyone want to test it?
  2. srf4real macrumors 68040


    Jul 25, 2006
    paradise beach FL
    Sounds legit. Let us know if it works.. maybe the compass app in iOS might actually have some value after all :)
  3. Cycling Asia thread starter macrumors regular

    Mar 19, 2016
    Tried it, it didn't work. When in non jailbreak mode, the fake signed app failed to open (as if it had no signatures). Perhaps someone with more experience in the workings of iOS could have more of an attempt. For now I'll stick with the chinese language app with the enterprise cert.

Share This Page