fixing dumped IPAs

Clutch and frida-ios-dump are essential for archiving iOS apps, but just appinst-ing the resulting IPAs doesn't always work. A few crash instantly; many seem to work but won't save logins. This occurs if entitlements are lost. The solution is hardly worth a webpage, but it stumped me for a bit, and no tutorials seem to mention it.

retrieve encrypted bundle

After dumping the IPA as usual, unzip it and check the app bundle's name. Then, on iOS:
bundlePath="$(find /private -name <name>.app)" tar cf encrypted.tar "$bundlePath"

Transfer the resulting archive to a Mac.

dump entitlements

Unzip the encrypted app. Dump its entitlements:
codesign --dump --entitlements /tmp/entitlements.xml --xml <name>.app

re-sign

Unzip the dumped IPA. Ad-hoc sign it with the dumped entitlements:
codesign -f -s - --deep --entitlements /tmp/entitlements.xml <name>.app

With certain apps, such as Twitter, it seems necessary to re-run this command for individiual frameworks that handle the keychain.

You can now re-zip the Payload folder, rename to IPA, and install on a jailbroken device.