AppSync

From AwkwardTV

Jump to: navigation, search

Contents

Background

NOTE: PLEASE USE THIS TUTORIAL ONLY FOR LEGIT PURPOSES

This tutorial will give you the necessary background on how to manually prepare ipa files for AppSync unified on iOS. It mainly serves to cater towards tvOS but will be applicable to other iOS versions as well. You will need a mac with Xcode, a Jaillbroken AppleTV 4 and AppSync unified installed via nitoTV.

The brief overview of steps to achieve this process (once pre-reqs are met)

  • Set up password free SSH on your device
  • Create a self signed codesign certificate

The step aftewards depends on if you already have the ipa you want to re-sign or if you are building it through Xcode

If building through Xcode:

  • Create Xcode build script for post build signing & scping/installing

If trying to resign an IPA

  • Unzip / manually sign / rezip, scp, install (or use an app like iResign)

I will spend the rest of this page outlining these steps in more detail.

Pre-Requisites

  • A Mac with Xcode installed
  • Jailbroken AppleTV 4
  • AppSync unified installed (available in nitoTV)

Logging in without a username or password

Everything here is done on your Mac, unless explicitly stated otherwise.

Checking for an existing identity

First, check to see if you have an identity already; if not, make one:

cd ; ls .ssh/id_rsa

If you see a file called id_rsa, then you already have an identity, and you can skip the next step.

Creating a new identity

Do this step only if you have no id_rsa file. (Don't worry if you have other files in .ssh- they don't matter, and we won't disturb them.)

To create a new identity file, type:

ssh-keygen

It'll ask for input three times, with lines that begin with "Enter". Just hit return each time. (You can use a passphrase if you're comfortable that you know what you're doing. Leave the filename alone.) It'll look like this, though the username and fingerprint will be different:

Generating public/private rsa key pair.
Enter file in which to save the key (/Users/alexis/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /Users/alexis/.ssh/id_rsa.
Your public key has been saved in /Users/alexis/.ssh/id_rsa.pub.
The key fingerprint is:
ef:3a:22:12:30:8e:37:7f:b5:0e:47:d4:e8:2f:9b:e9 alexis@alexis

Make SSH use username "root" automatically

Do this on your Mac. It will only affect connections from your Mac to the AppleTV: (Your address might differ from apple-tv local if you changed the name)

cat >>.ssh/config
Host apple-tv.local
 User root
^D

"^D" means you must hit the Control and D button synchronously.

Once this is done, you can just do "ssh apple-tv.local" instead of "ssh root@apple-tv.local". Or, if you're really lazy (like me), this (instead of the above) will let you do just "ssh atv" to connect!

cat >>.ssh/config
Host apple-tv.local atv
 HostName apple-tv.local
 User root
^D

Installing the ssh key on the AppleTV

  • Copy your public key to your AppleTV. You'll need to enter the password, but you no longer need to specify a username:
scp .ssh/id_rsa.pub apple-tv.local:~/
  • ssh to your AppleTV (still using password "alpine", but you no longer have to give a username):
ssh apple-tv.local
  • Now, while still connected to the AppleTV, make an .ssh directory on your AppleTV, create an "authorized_keys" file and move your public key into it.
mkdir .ssh
mv id_rsa.pub .ssh/authorized_keys

You're done. Exit the ssh session, and try it again. This time, you can connect to the AppleTV without having to enter a password (or by using your passphrase, if you chose to use one).

For more information, see the man pages for ssh, ssh-keygen, and sshd.

Creating a self signed codesign certificate

  • Open /Applications/Utilities/Keychain Access.app
  • Keychain Access -> Certificate Assistant -> Create a Certificate
  • Enter the name for the cert
  • Choose "Code Signing" under certificate type
  • Select "Let me override defaults" checkbox
  • Continue then Continue again on Alert warning
  • Change the validity period to whatever you want
  • Continue

You shouldn't have to fill in any of the info aside from Common name if you don't want to. The rest of the sections you don't need to change anything, the list below is just to be thorough. The screen name is listed with the button to press in parenthesis

  • Certificate Information (Continue)
  • Key Pair Information (Continue)
  • Key Usage Extension (Continue)
  • Extended Key Usage extension (Continue)
  • Basic constraints Extension (Continue)
  • Subject Alternate Name Extension (Continue)
  • Specify a location for the Certificate (Create)

Okay you're done with the self signed certificate step, if you did everything right you have a certificate that you should be able to use to codesign and sideload with AppSync. NOTE: Self signed certificates will NOT work unless you have appsync installed. This process is not applicable to devices that aren't jailbroken.

Using Xcode build script to install

I'm pretty much just going to include an example of an Xcode build script and comment it line by line. If you don't know how to add an Xcode build script, this tutorial probably wasn't for you ;-P

## Build script start

export PATH=/usr/bin/opt/local/bin:/opt/local/sbin:/usr/local/git:$PATH
export SRCROOT="$SRCROOT"

# only used if we SCP the deb over

ATV_DEVICE_IP=atvjb.local

# the common name you set for your certificate

CODESIGN_ID=nitoTV
IPA_ROOT=com.nito.tuyTV
IPA_TMP=$IPA_ROOT.zip
IPA_NAME=$IPA_ROOT.ipa

 # this could be done easier with arch probably, but it works, dont want to scp over simulator builds.

BASE_SDK=`basename $SDKROOT`

if  $BASE_SDK == *"Simulator"* 
then
exit 0
fi

# xcodes path to the the full application

TARGET_BUILD_APPLICATION="$TARGET_BUILD_DIR"/"$PRODUCT_NAME".$WRAPPER_EXTENSION

FULL_IPA_PATH="$SRCROOT"/$IPA_NAME
IPA_BACKUP="$SRCROOT"/backup_$IPA_NAME
IPA_TMP_FILE="$SRCROOT"/$IPA_TMP
APPLETV_APP_FOLDER="$SRCROOT"/Payload

# final application location in the staging directory

FINAL_APP_PATH=$APPLETV_APP_FOLDER/"$PRODUCT_NAME".$WRAPPER_EXTENSION

# remove previous builds

rm -rf "$FINAL_APP_PATH"

# back it up

cp "$FULL_IPA_PATH" "$IPA_BACKUP"

# remove previous ipa

rm "$FULL_IPA_PATH"

#make the folder

mkdir -p "$APPLETV_APP_FOLDER"

mkdir -p "$FINAL_APP_PATH"

# copy from the default build location into an easier to reach location

cp -r "$TARGET_BUILD_APPLICATION" "$APPLETV_APP_FOLDER"

# change to root project directory

pushd "$SRCROOT"

# recursively delete '.DS_Store' files

find . -name ".DS_Store" | xargs rm -f

# codesigns the app binary, NOTE: if there are frameworks or top shelf you need to sign those too!

codesign -fs "$CODESIGN_ID" --no-strict "$FINAL_APP_PATH"

# zip the payload

zip -r $IPA_TMP Payload 

# change the file from *.zip to *.ipa

mv "$IPA_TMP_FILE" "$FULL_IPA_PATH"

# scp the ipa file over

/usr/bin/scp "$FULL_IPA_PATH" root@$ATV_DEVICE_IP:~

# install the ipa

/usr/bin/ssh root@$ATV_DEVICE_IP "/usr/bin/appinst ~/$IPA_NAME"

 exit 0

Using iResign to install

I have recently updated a fork of iResign to make it as easy as possible to resign and install an IPA on a Jailbroken AppleTV 4.

NOTE: This could easily be used to legimately resign an app or a deb or whatever as well, just sign with a valid provisioning profile, entitlements and certificate and don't try to sync over SCP

  • Choose IPA/deb
  • Choose Certificate from popup
  • Check Install on ATV 4
  • Choose your AppleTV from the popup
  • Resign
  • Wait & Enjoy

Sideloading Kodi

Personal tools