NOTE: PLEASE USE THIS TUTORIAL ONLY FOR LEGIT PURPOSES
This tutorial will give you the necessary background on how to manually prepare ipa files for AppSync unified on iOS. It mainly serves to cater towards tvOS but will be applicable to other iOS versions as well. You will need a mac with Xcode, a Jaillbroken AppleTV 4 and AppSync unified installed via nitoTV.
The brief overview of steps to achieve this process (once pre-reqs are met)
- Set up password free SSH on your device
- Create a self signed codesign certificate
The step aftewards depends on if you already have the ipa you want to re-sign or if you are building it through Xcode
If building through Xcode:
- Create Xcode build script for post build signing & scping/installing
If trying to resign an IPA
- Unzip / manually sign / rezip, scp, install (or use an app like iResign)
I will spend the rest of this page outlining these steps in more detail.
- A Mac with Xcode installed
- Jailbroken AppleTV 4
- AppSync unified installed (available in nitoTV)
Logging in without a username or password
Everything here is done on your Mac, unless explicitly stated otherwise.
Checking for an existing identity
First, check to see if you have an identity already; if not, make one:
cd ; ls .ssh/id_rsa
If you see a file called id_rsa, then you already have an identity, and you can skip the next step.
Creating a new identity
Do this step only if you have no id_rsa file. (Don't worry if you have other files in .ssh- they don't matter, and we won't disturb them.)
To create a new identity file, type:
It'll ask for input three times, with lines that begin with "Enter". Just hit return each time. (You can use a passphrase if you're comfortable that you know what you're doing. Leave the filename alone.) It'll look like this, though the username and fingerprint will be different:
Generating public/private rsa key pair. Enter file in which to save the key (/Users/alexis/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /Users/alexis/.ssh/id_rsa. Your public key has been saved in /Users/alexis/.ssh/id_rsa.pub. The key fingerprint is: ef:3a:22:12:30:8e:37:7f:b5:0e:47:d4:e8:2f:9b:e9 alexis@alexis
Make SSH use username "root" automatically
Do this on your Mac. It will only affect connections from your Mac to the AppleTV: (Your address might differ from apple-tv local if you changed the name)
cat >>.ssh/config Host apple-tv.local User root ^D
"^D" means you must hit the Control and D button synchronously.
Once this is done, you can just do "ssh apple-tv.local" instead of "ssh email@example.com". Or, if you're really lazy (like me), this (instead of the above) will let you do just "ssh atv" to connect!
cat >>.ssh/config Host apple-tv.local atv HostName apple-tv.local User root ^D
Installing the ssh key on the AppleTV
- Copy your public key to your AppleTV. You'll need to enter the password, but you no longer need to specify a username:
scp .ssh/id_rsa.pub apple-tv.local:~/
- ssh to your AppleTV (still using password "alpine", but you no longer have to give a username):
- Now, while still connected to the AppleTV, make an .ssh directory on your AppleTV, create an "authorized_keys" file and move your public key into it.
mkdir .ssh mv id_rsa.pub .ssh/authorized_keys
You're done. Exit the ssh session, and try it again. This time, you can connect to the AppleTV without having to enter a password (or by using your passphrase, if you chose to use one).
For more information, see the man pages for ssh, ssh-keygen, and sshd.
Creating a self signed codesign certificate
- Open /Applications/Utilities/Keychain Access.app
- Keychain Access -> Certificate Assistant -> Create a Certificate
- Enter the name for the cert
- Choose "Code Signing" under certificate type
- Select "Let me override defaults" checkbox
- Continue then Continue again on Alert warning
- Change the validity period to whatever you want
You shouldn't have to fill in any of the info aside from Common name if you don't want to. The rest of the sections you don't need to change anything, the list below is just to be thorough. The screen name is listed with the button to press in parenthesis
- Certificate Information (Continue)
- Key Pair Information (Continue)
- Key Usage Extension (Continue)
- Extended Key Usage extension (Continue)
- Basic constraints Extension (Continue)
- Subject Alternate Name Extension (Continue)
- Specify a location for the Certificate (Create)
Okay you're done with the self signed certificate step, if you did everything right you have a certificate that you should be able to use to codesign and sideload with AppSync. NOTE: Self signed certificates will NOT work unless you have appsync installed. This process is not applicable to devices that aren't jailbroken.
Using Xcode build script to install
I'm pretty much just going to include an example of an Xcode build script and comment it line by line. If you don't know how to add an Xcode build script, this tutorial probably wasn't for you ;-P
## Build script start export PATH=/usr/bin/opt/local/bin:/opt/local/sbin:/usr/local/git:$PATH export SRCROOT="$SRCROOT" # only used if we SCP the deb over ATV_DEVICE_IP=atvjb.local # the common name you set for your certificate CODESIGN_ID=nitoTV IPA_ROOT=com.nito.tuyTV IPA_TMP=$IPA_ROOT.zip IPA_NAME=$IPA_ROOT.ipa # this could be done easier with arch probably, but it works, dont want to scp over simulator builds. BASE_SDK=`basename $SDKROOT` if $BASE_SDK == *"Simulator"* then exit 0 fi # xcodes path to the the full application TARGET_BUILD_APPLICATION="$TARGET_BUILD_DIR"/"$PRODUCT_NAME".$WRAPPER_EXTENSION FULL_IPA_PATH="$SRCROOT"/$IPA_NAME IPA_BACKUP="$SRCROOT"/backup_$IPA_NAME IPA_TMP_FILE="$SRCROOT"/$IPA_TMP APPLETV_APP_FOLDER="$SRCROOT"/Payload # final application location in the staging directory FINAL_APP_PATH=$APPLETV_APP_FOLDER/"$PRODUCT_NAME".$WRAPPER_EXTENSION # remove previous builds rm -rf "$FINAL_APP_PATH" # back it up cp "$FULL_IPA_PATH" "$IPA_BACKUP" # remove previous ipa rm "$FULL_IPA_PATH" #make the folder mkdir -p "$APPLETV_APP_FOLDER" mkdir -p "$FINAL_APP_PATH" # copy from the default build location into an easier to reach location cp -r "$TARGET_BUILD_APPLICATION" "$APPLETV_APP_FOLDER" # change to root project directory pushd "$SRCROOT" # recursively delete '.DS_Store' files find . -name ".DS_Store" | xargs rm -f # codesigns the app binary, NOTE: if there are frameworks or top shelf you need to sign those too! codesign -fs "$CODESIGN_ID" --no-strict "$FINAL_APP_PATH" # zip the payload zip -r $IPA_TMP Payload # change the file from *.zip to *.ipa mv "$IPA_TMP_FILE" "$FULL_IPA_PATH" # scp the ipa file over /usr/bin/scp "$FULL_IPA_PATH" root@$ATV_DEVICE_IP:~ # install the ipa /usr/bin/ssh root@$ATV_DEVICE_IP "/usr/bin/appinst ~/$IPA_NAME" exit 0
Using iResign to install
I have recently updated a fork of iResign to make it as easy as possible to resign and install an IPA on a Jailbroken AppleTV 4.
NOTE: This could easily be used to legimately resign an app or a deb or whatever as well, just sign with a valid provisioning profile, entitlements and certificate and don't try to sync over SCP
- Choose IPA/deb
- Choose Certificate from popup
- Check Install on ATV 4
- Choose your AppleTV from the popup
- Wait & Enjoy