[Bug] Decrypted App Store ipas cause a crash mid-sideload

[captinc]

Hi, this is a pretty strange bug. Certain ipas work without problems, yet others cause AltDeploy to crash mid-install. For me, sideloading an ipa of YouTube causes the crash (info on how I got this ipa is below). The last text displayed is "Beginning installation". Here is the crash log: https://pastebin.com/tL7zRLGh

Additionally, Cydia Impactor, ReProvision and iOS App Signer + Xcode can all successfully sideload my ipa, yet AltServer beta, AltServerPatcher, and AltDeploy all crash mid-install. It seems like this is a bug in the underlying Alt-X code. Remember: what's really strange is AltDeploy works with some ipas and not with others

How I got this ipa:

1. Turned on "Disable app thinning" in AppStore++ (repo: https://cokepokes.github.io/)
2. Downloaded the official YouTube app from the App Store (YouTube was not installed on my iPhone before starting this process)
3. Installed bfdecrypt (repo: https://level3tjg.xyz/repo/) and used that to dump YouTube into an ipa
4. Transferred ipa to Mac & tried installing with AltDeploy

I also tried using frida-ios-dump, Apple Configurator 2, and iMazing to get the ipa of YouTube, but all 3 methods also cause AltDeploy to crash. I also tried various other App Store apps (Spotify and Pandora) and they too cause a crash. Next I tried sideloading an ipa of Zebra and unc0ver with AltDeploy, which succeeded. So, it appears AltDeploy struggles with installing ipas of decrypted App Store apps. I did a fair amount of research on this topic, so feel free to ask questions. Thank you for your hard work and time!

[WorldTheDebug]

Same but I finally found a youtube ipa that will not crash: Cercube 5.1.3 from iosninja

[taronaeo]

Looks like someone found out what is causing all the application crashing whilst attempting to install. I'll have a test on this theory tonight, and will update again later once it has completed.

Good job on your findings thus far! 🙂

[pixelomer]

I'll try to reproduce this problem tomorrow.

Edit from the future: I didn't, instead I worked on other things. I'll look at it when I have time.

[nil-malh]

I found a little patch until the next update :)

Rename your .ipa file into yourappname.zip extract it

Open the folder called "Paylaod" and you should find your application icon with a forbid sign on right click on it and select Show package content

Now you might see a folder called "_CodeSignature" just remove it and then select your Payload folder compress it and rename it back into "yourappname.ipa"

It worked for me with Spotify++

Hope this might help you

[DFNCTSC]

@N1l0uu Spotify++ is not an App Store app. As well, '_CodeSignature' is where the files are stored that show the IPA signature so that doesn't make sense.