fixing dumped IPAs
Clutch and
frida-ios-dump are essential for archiving iOS apps, but just
appinst-ing the resulting IPAs doesn't always work. A few crash instantly; many seem to work but won't save logins. This occurs if entitlements are lost. The solution is hardly worth a webpage, but it stumped me for a bit, and no tutorials seem to mention it.
retrieve encrypted bundle
After dumping the IPA as usual, unzip it and check the app bundle's name. Then, on iOS:
bundlePath="$(find /private -name <name>.app)"
tar cf encrypted.tar "$bundlePath"
Transfer the resulting archive to a Mac.
dump entitlements
Unzip the encrypted app. Dump its entitlements:
codesign --dump --entitlements /tmp/entitlements.xml --xml <name>.app
re-sign
Unzip the dumped IPA. Ad-hoc sign it with the dumped entitlements:
codesign -f -s - --deep --entitlements /tmp/entitlements.xml <name>.app
With certain apps, such as Twitter, it seems necessary to re-run this command for individiual frameworks that handle the keychain.
You can now re-zip the
Payload
folder, rename to IPA, and install on a jailbroken device.