Providing Custom Entitlements to an iOS Application
Note: This blog post was ported from where I originally posted it, on Medium. Some formatting might be off. Shoutout to Medium to Markdown for helping get this moved over.
Giving an application custom entitlements can be tricky — especially for some basic users. This guide was created to assist less tech-savvy individuals (or just users that don’t understand how to use Xcode and want to entitle an application)
So what’s required?
- Mac Computer (with the latest version of macOS)
You’ll also need administrative privileges on the computer.
- Xcode (latest version)
- Apple Configurator 2 (latest version)
**.p12**file- Two different
**.mobileprovision**files
Commonly, the two **.mobileprovision** files are named the following:
**CustomProfile.mobileprovision****Profile.mobileprovision**
Step One
Open your .xcodeproj file. For this guide, we’re going to be compiling the unc0ver jailbreak application for iOS 11.0–11.4b3. To follow along, you can grab the latest source by opening a Terminal of your choosing, and typing
git clone -recursive https://github.com/pwn20wndstuff/Undecimus.git
And navigating to the cloned repository with
cd Undecimus (in the working directory you cloned it in)
And finally, opening the file
open Undecimus.xcodeproj
(Of course, you can use any Xcode project here, I’m just using this one for demonstration purposes)
Cool, Xcode is open! Now what?
Step Two
Now that our project is open within Xcode, we can start working with those files we listed earlier. It’s best to keep these files in a folder on your computer — you might need them again.
Open the **.p12** file — Keychain Access will open and present the following
Make sure the keychain you add this to is the Login keychain.
You will be prompted to enter your admin password to add the item.
You might also be prompted to enter a password for this file. Most commonly, this password is 123456
Step Three
Previously in Step Two, we gave the user on the computer ‘credentials’ to use, that allow the application to be codesigned upon compilation. Step Three makes your device able to ‘receive’ that codesigned app.
Open Apple Configurator 2 with your device connected via USB.
If prompted, DO NOT, at this time, update your iOS device.
Locate the (commonly named) **Profile.mobileprovision** in Finder. Once you’ve found the file, drag and drop this file (it’s a profile) onto the device on your screen.
Once you drag the profile onto your device, you should see a prompt — do not disconnect your device.
Once the prompt goes away, the profile transfer is complete — Apple didn’t seem to want to notify you on that, for whatever reason, but it more than likely successfully transferred. If you have any reason to believe it did not transfer correctly, try again — you should only be prompted that it fails when it fails.
Step Four
Return to your Xcode project and go to the General Project Settings. Under both of your signing options, for Debug and Release you should see this
To clear this error, we can now import the last file as seen below
And select the (most commonly named) **CustomProfile.mobileprovision** file.
After importing, a different error might be prompted
This one is easier to fix. In the error, where it says
_‘has app ID “com.__.custom”’
Copy the value of the specified app ID (without parentheses) and paste it in the Identity section
And the error should disappear! For one section at least, if you didn’t import the profile for both. If you only imported one earlier, the other signing option should have an Eligible provisioning profile option (that’s what you want to select!)
Step Five
At this point, we’ve successfully entitled this app with custom entitlements.
To install this app on your device, make sure it’s connected via USB. You can use **CMD ⌘** +**B** to build the project and **CMD ⌘** +**R** to immediately run it.
Conclusion
I hope this guide makes signing applications with custom entitlements easier for you