IPA Permasigner

Kuba Pawlakqbap | Research
IPA Permasigner

Linus Henze discovered a new bug where CoreTrust will allow to use of any root certificate to permanently sign any IPA file for all jailbroken devices running iOS 14.0 up to iOS 15.4.1. Once installed, the app will continue to work when rebooted to stock.

What is IPA Permasigner?

IPA Permasigner is a python script for Windows, Mac, and Linux allowing you to easily sign IPA files permanently for jailbroken iDevices running on 14.0 up to 14.8.1. This bug will work also on jailbreaks released for iOS 15 - iOS 15.4.1. It uses the CoreTrust bypass by Linus Henze.

This bug is especially useful to install a jailbreak tool released as an IPA package such as unc0ver, Taurine, and Odyssey, which will work even after restarting the device. Using this method you can also sign and install other apps without revokes from our IPA Library.

IPA Permasigner unzips the IPA file, patches the signing certificate, and creates a DEB file that can be installed on any jailbroken devices running iOS 14 and iOS 15. The script requires to use of a python environment on Mac OS X 10.5.0 and newer. Both codesign and ldid can be used.

Screenshot of IPA Permasigner script ruined on macOS Terminal app.

The script supports IPA files stored locally but it can also download IPA files from a URL. Once IPA Permasigner will sign the app with a permanent certificate it will generate a new DEB file that can be installed on any jailbroken device. DEB is a package like IPA, used to install tweaks and apps through Cydia Repositories. The permanently signed DEB file can be installed with Filza.

IPA Permasigner is created by Nebula, and it's based on the original scripts created by zhuowei and CoreTrust bypass by Linus Henze. It's super easy to use and it can also run on Debian-based Linux thanks to the ldid support. IPA Permasigner was released as an open-source script.

The latest release or Permasigner 1.1 adds support for iOS, Windows, FreeBSD, and Raspberry Pi (armv7l).

@powen, the developer behind AltStore Linux, is also working on PermasigneriOS app that can sign IPA files directly on your jailbroken device. It will convert any IPA file to a permanently signed DEB package that can be installed on your device. Once installed an app will run on stock iOS even after restart. Do a permanent sign on your iOS device.

If you are running a device without jailbreak you can try the TrollStore app. It uses a similar technique to install permanently apps on stock iOS and it doesn't require a jailbroken environment. It works on iOS 14.0 up to iOS 14.8.1 and iOS 15 up to iOS 15.1.1.

Install IPA Permasigner

IPA Permasigner scrip can run on a macOS. To install the script be sure first that you have python and brew installed. Next, you will need to copy the official GitHub Repository to your local drive and install all required dependencies with the pip package installer for Python.

  1. Clone official repository:
    git clone https://github.com/itsnebulalol/permasigner
  2. Install all requirements with the python command:
    pip install -r requirements.txt
  3. Edit the app.entitlements file with a Text editor when required. Some apps like DolphiniOS​​​ use different entitlements, but for some IPAs, you can just keep it how it is.
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
    <plist version="1.0">
    <dict>
      <key>platform-application</key>
      <false/>
      <key>com.worthdoingbadly.entitlement.dummy1</key>
      <false/>
      <key>com.worthdoingbadly.entitlement.dummy2</key>
      <false/>
    </dict>
    </plist>
  4. Install dpkg package using brew to allow generate DEB packages.
    brew install dpkg

How to permanently sign an IPA file

As mentioned already IPA Permasigner creates from an IPA file a revoke-free DEB package that can be installed on any jailbroken device. When you install the app using this method it will work without revoking even after restarting your iDevice. Of course, the jailbreak will stop working.

Step 1. Run the script:

[email protected] ~ % cd permasigner
[email protected] permasigner % python3 main.py

Step 2. Use an IPA stored on the web, or on your system? [external, local] local

[?] Paste in the path to an IPA in your file system: /Users/qbap/Downloads/cercube.ipa

Step 3. The signed DEB package will be available in the following location.

[email protected] Documents % cd permasigner/output/

Step 4. Send the generated cercube.deb package to your iPhone.

Step 5. Open the cercube.deb file with Filza package manager and install it.

Step 6. To verify if the app is permanently signed restart your device.

This script makes a deb file for you based on an IPA. Tested with Taurine and Odyssey, but should work with many others. It seems that the unc0ver isn't working correctly at this time.

Source Code

Nebula published IPA Permasigner script as an open-source project under the BSD-3-Clause license. The script's source code was released through the private GitHub Repository. The source code was written in 90.8% Python, 8.2% Dockerfile, and 1.0% Shell.

Feel free to check out how the IPA Permasigner signs permanent IPAs for jailbroken iDevices (persists on stock). The script was written in python and it can use both codesign or if preferred ldid. Remember to install all dependencies before running the script on your computer.

What's new

  • Fix plugins in apps like YouTube.
  • Fixed macOS support.
  • A ton of code improvements.
  • Now with iOS support on Elucubratus jailbreaks.
  • Updated file names for the ldid downloader.
  • Added Windows support, FreeBSD support, and Raspberry Pi (armv7l) support.
  • Added .deb signing support.
  • Now with an option to sign a whole directory of IPAs.
  • Fix hash-checking issues.
  • Updated dependencies.
  • Added support to permanently sign unc0ver 8.0.2.
  • Added option to install packages on your iDevice when connected.
  • Overall improvements and optimizations.
  • Initial release of IPA Permasigner.
  • Switch to ldid for possible Linux support.
  • Added support for Linux distributions based on Debian.
  • Support for dumping the entitlements.
  • Automatically downloading ldid when not installed.

Post a comment