search

sauce-archives / isign

Code sign iOS applications, without proprietary Apple software or hardware
Other
756 stars 316 forks source link

ipas can not install on ios11 beta? #98

Open leofantast opened 7 years ago

leofantast commented 7 years ago

I found that ipas resigned by isgin can not be installed on ios11 beta. is there anyone troubled with this? and how to resolve itšŸ™

thank you guys~

leofantast commented 7 years ago

I have checkout the ipas between resigned by isign and codesignļ¼Œ then basically affirm that itā€™s because apple use sha256 on ios11 beat. now Iā€™m trying to make progress base on issue #91 and #72

If you people have the same trouble, work with me, thx~

dabear commented 7 years ago

Any updates here? :)

leofantast commented 7 years ago

@dabear you can refer to #72 @justindhill's codes, it's mostly support sha256.

ewan-realitymine commented 7 years ago

It's worth knowing that when we upgrade an ios 10.3 device with isign signed IPAs to ios 11, the app stops running.

I assume this is the same for you?

justindhill commented 7 years ago

That is expected behavior. iOS 11 enforces a valid SHA-256 code signature. Since isign does not currently embed one, the code signing check on app launch fails and your app will not run.

or2333 commented 7 years ago

Any updates for iOS 11?

ewan-realitymine commented 7 years ago

The Apperian fork at https://github.com/apperian/isign has added iOS 11 support which works in my testing

ghost commented 7 years ago

@ewan-realitymine it didnt work for me. I cloned the git and used the ./install.sh im using debian linux. its a shame becuase i relied on this for multiple projects and now it doesnt work on ios 11

ewan-realitymine commented 7 years ago

This probably isn't the best place to discuss it, but it does work. You'll need to switch to the develop branch after cloning from https://github.com/apperian/isign before running the install scripts

ghost commented 7 years ago

@ewan-realitymine how do i switch to develop before installing?

eric1lubow commented 7 years ago

@ewan-realitymine Thanks, It's work for me. @ZameerJDev I follow these steps on centos 6:

  1. git clone the repo to local
  2. cd root dir, and open setup.py, goto line 45: 
    install_requires=[
    'biplist==0.9',
    'construct==2.5.2',
    'memoizer==0.0.1',
    'pyOpenSSL==0.15.1'
],

then modifty the openSSL requiement to : pyOpenSSL==16.2.0

  1. build and install , exec these in terminal: 
    sh version.sh
sudo python setup.py build
sudo python setup.py install

    ok, you can use isign now.

andreyzapt commented 7 years ago

@eric1lubow did you check it on the release version of iOS11. It doesn't work on my end. It probably depends from the IPA package (structure)

UPDATE: I found the roots, it cannot sign when I added additional command to load dylib in the main executable. UPDATE2: It works. Issue was in a wrong original Signature. isign doesn't regenerate it, just take as is.

nghiadhd commented 7 years ago

@andreyzapt Can you explain more detail? I got the error even use isign of apperian (develop branch)

[ 70%] VerifyingApplication
2017-10-31 15:14:49.890 ios-deploy[71785:489271] [ !! ] Error 0xe8000067: There was an internal API error. AMDeviceSecureInstallApplication(0, device, url, options, install_callback, 0)