codesigning issue with free developer account

[leonjza]

Hey, I'm hoping I am just being dumb here, but it seems like signing using free developer accounts may be broken at the moment? Using DVIA as an example app, I get error code 0xe8008001 when trying to install a resigned app. I am not really sure why.

To reproduce

Using a mobileprovision generated using a blank app deployed to an iPhone, I would first run applesign:

applesign -a DVIA-v2-swift.ipa -m /Users/.../embedded.mobileprovision -i ...319 

Next, I would deploy the resultant IPA to the device which bails with the aforementioned error:

ios-deploy -b DVIA-v2-swift-resigned.ipa
...
2020-10-16 06:34:36.019 ios-deploy[27277:3460674] [ !! ] Error 0xe8008001: An unknown error has occurred. AMDeviceSecureInstallApplication(0, device, url, options, install_callback, 0)

Device logs have these:

0x16f017000 +[MICodeSigningVerifier _validateSignatureAndCopyInfoForURL:withOptions:error:]: 77: Failed to verify code signature of /var/installd/Library/Caches/com.apple.mobile.installd.staging/temp.ThMpQm/extracted/Payload/DVIA-v2.app : 0xe8008001 (An unknown error has occurred.)

0x16f3d3000 handle_install: Installation failed: Error Domain=MIInstallerErrorDomain Code=13 "Failed to verify code signature of /var/installd/Library/Caches/com.apple.mobile.installd.staging/temp.ThMpQm/extracted/Payload/DVIA-v2.app : 0xe8008001 (An unknown error has occurred.)" UserInfo={LibMISErrorNumber=-402620415, LegacyErrorString=ApplicationVerificationFailed, SourceFileLine=77, FunctionName=+[MICodeSigningVerifier _validateSignatureAndCopyInfoForURL:withOptions:error:], NSLocalizedDescription=Failed to verify code signature of /var/installd/Library/Caches/com.apple.mobile.installd.staging/temp.ThMpQm/extracted/Payload/DVIA-v2.app : 0xe8008001 (An unknown error has occurred.)}

[trufae]

Try using -c

[leonjza]

With -c I am getting the same error in ios-deploy.

2020-10-16 12:28:56.875 ios-deploy[30292:3661681] [ !! ] Error 0xe8008001: An unknown error has occurred. AMDeviceSecureInstallApplication(0, device, url, options, install_callback, 0)

[trufae]

Drop the -a, its no longer needed

[leonjza]

Thanks for the responses. Still seems the same.

applesign DVIA-v2-swift.ipa -m /.../embedded.mobileprovision -i ...19

ios-deploy -b DVIA-v2-swift-resigned.ipa
...
2020-10-16 12:41:16.898 ios-deploy[30484:3668512] [ !! ] Error 0xe8008001: An unknown error has occurred. AMDeviceSecureInstallApplication(0, device, url, options, install_callback, 0)

For completions sake from Console.app

0x16f347000 handle_install: Installation failed: Error Domain=MIInstallerErrorDomain Code=13 "Failed to verify code signature of /var/installd/Library/Caches/com.apple.mobile.installd.staging/temp.SVEC5j/extracted/Payload/DVIA-v2.app : 0xe8008001 (An unknown error has occurred.)" UserInfo={LibMISErrorNumber=-402620415, LegacyErrorString=ApplicationVerificationFailed, SourceFileLine=77, FunctionName=+[MICodeSigningVerifier _validateSignatureAndCopyInfoForURL:withOptions:error:], NSLocalizedDescription=Failed to verify code signature of /var/installd/Library/Caches/com.apple.mobile.installd.staging/temp.SVEC5j/extracted/Payload/DVIA-v2.app : 0xe8008001 (An unknown error has occurred.)}

[rustymagnet3000]

Hey @leonjza, did you get it working?

I wrote up some ways to fix ios-deploy errors here.

https://gist.github.com/rustymagnet3000/605c333519cd265c7eac9d556f46dc75

Hope it helps. I spent a long time getting unknown error with ios-deploy when I had my device proxying via Burp. I forgot that Apple's "Trust the Developer Profile and App" won't work when proxied [ as it has it's own cert pinning ].

[leonjza]

Hey @leonjza, did you get it working?

I did not with applesign, but using this tool I was able to get the signing to work: https://github.com/DanTheMan827/ios-app-signer

[xfoxfu]

I am experiencing similar issue, and found out that adding -c to preserve entitlements works.

[trufae]

@leonjza can you confirm the issue is gone?

[leonjza]

@trufae I have to test this myself still, but have heard of some folks still experiencing this. Will feedback with my own results soonest.

[Manouchehri]

Stolen advice from @Siguza, check what you're allowed to sign with first:

openssl smime -verify -noverify -inform der -in yourthing.mobileprovision

[leonjza]

@leonjza can you confirm the issue is gone?

Just tested this again, same issue. ios-app-signer however still works.

[dki]

I'm able to reproduce this - will try to get a PR in to fix it tomorrow.

[dki]

@leonjza When you have a chance, can you try signing with -b and the bundle ID in your mobile provision file to see if you get different results? Something like this:

$ applesign -b com.janethepirate.JaneProvisionApp -m embedded.mobileprovision -c -a iGoat-Swift.ipa

[leonjza]

@dki hah! That worked!

$ applesign -b za.sensepost.ipewpew DVIA-v2-swift.ipa -m embedded.mobileprovision -i <ident> -c

[dki]

@leonjza I think there must be different restrictions on free accounts vs. paid that enforce the bundle ID matching between the provisioning file and the ipa. In any case, glad we found a solution! Thanks for reporting it!

[leonjza]

Yeah I also suspect free accounts are to blame here. I'll update the use case in objection to extract the bundle identifier from the mobile provision and set that, regardless of account type for now.

Appreciate you looking into this @dki :D

[dki]

Happy to help @leonjza! I updated the wiki page as well (https://github.com/nowsecure/node-applesign/wiki/Setting-up-your-resigning-environment#re-signing) to be a bit more explicit about what options work with free accounts too. Feel free to point folks there if you hear of similar issues!

[rcM0D]

Hi @dki , I've experienced an error while installing the application after I signed it.

applesign -m embedded.mobileprovision -i F65C7C7C47767CE97C0FFEFC351726AED5BFB7B0 -I frida-gadget-12.9.7-ios-universal.dylib -c -a Sample.ipa

then when I try to install it using ideviceinstaller. This is the error: Install: VerifyingApplication (40%)ERROR: Install failed. Got error "ApplicationVerificationFailed" with code 0xe8008001: Failed to verify code signature of /var/installd/Library/Caches/com.apple.mobile.installd.staging/temp.BtoW52/extracted/Payload/Sample.app : 0xe8008001 (An unknown error has occurred.)

But when I tried to use IOS App SIgner and tried to patch it again with applesign to inject Frida it worked.

I'm using a Free Developer Account.

Any help will do! Thank you

[dki]

@kaleb-g What happens if you try signing with the -b flag?

applesign -m embedded.mobileprovision -b [bundle identifier] -i F65C7C7C47767CE97C0FFEFC351726AED5BFB7B0 -I frida-gadget-12.9.7-ios-universal.dylib -c -a Sample.ipa

[rcM0D]

applesign -m embedded.mobileprovision -b [bundle identifier] -i F65C7C7C47767CE97C0FFEFC351726AED5BFB7B0 -I frida-gadget-12.9.7-ios-universal.dylib -c -a Sample.ipa

Hi @dki Different errors occur still when installing the resigned IPA.

"Install: PreflightingApplication (30%)ERROR: Install failed. Got error "AppexBundleIDNotPrefixed" with code 0x00000000: Appex bundle at "/var/installd/Library/Caches/com.apple.mobile.installd.staging/temp.xMsKhk/extracted/Payload/Sample.app/PlugIns/OneSignalNotificationServiceExtension.appex" with identifier "com.sample.OneSignalNotificationServiceExtension" does not have expected identifier prefix "com.PT.sample-."

[dki]

@kaleb-g I'm going to move discussion to the new issue you opened.