George Garside Blog

A place of many ramblings about macOS and development. If you find something useful on here, it's probably an accident.

With a jailbreak, you can add your own custom entitlements to any app you install on your device. This can give apps more access to your device that would otherwise not be possible for an app distributed on the App Store, or re-add entitlements to sideloaded apps such as access to iCloud containers.

Create an entitlements.plist

The entitlements you wish to apply to the app need to be declared in an entitlements.plist file. This is the same file that would be included in the app bundle of an app that has these entitlements officially ‘set’ in the app.

Apple provide a list of entitlements that can be applied to an iOS app officially, either granted for anyone to use (providing an App ID is set up with the entitlement) or specifically granted on request to Apple.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "">
<plist version="1.0">

Resign app binary with entitlements

  1. Extract the binary from the IPA. IPAs are just ZIP archives, so you can extract it by renaming to .zip or using the command line:
    unzip -qd extracted-ipa /path/to/app.ipa
  2. Find the app’s binary. PlistBuddy can read the Info.plist file for the CFBundleExecutable:
    /usr/libexec/PlistBuddy -c "print :CFBundleExecutable" extracted-ipa/Payload/*.app/Info.plist
  3. Code sign the executable:
    codesign --force --sign "iPhone Developer" --entitlements "/path/to/entitlements.plist" extracted-ipa/Payload/*.app/"$binary"
    replacing the path to the entitlements plist and the $binary being the output from the previous command.
  4. Compress the bundle back into an IPA:
    cd && extracted-ipa && zip -qr "../output.ipa" "Payload/"

Script for multiple apps

If you need to apply entitlements to one or more apps, you can use this script. Save the script and
chmod +x
then run with
./ /path/to/entitlements.plist /path/to/app1.ipa /path/to/app2.ipa

#!/usr/bin/env bash
set -e
[ -d "extracted-ipa" ] && { echo "extracted-ipa already exists"; exit 1; }
for app; do
	ipa="$(basename "$app")"
	printf "%s " "$ipa"
	unzip -qd extracted-ipa "$app"
	binary="$(/usr/libexec/PlistBuddy -c "print :CFBundleExecutable" extracted-ipa/Payload/*.app/Info.plist)"
	printf "%s\n" "$binary"
	codesign --force --sign "iPhone Developer" --entitlements "$entitlements" extracted-ipa/Payload/*.app/"$binary"
	(cd extracted-ipa && zip -qr "../ic-$ipa" "Payload/")
	trash extracted-ipa

Leave a Reply

No comments