To develop an application for iOS devices one should first obtain a provisioning profile by joining the iPhone Developer Program (which costs $99). However, some simple tricks can be used to build self signed applications using Xcode, that can be installed on Jailbroken devices. The steps provided below explains the detailed procedure to build ipa files without developer certificate for Jailbroken devices. This is tested on Mountain Lion 10.8, Xcode 4.5 and iOS 6 SDK.
Steps to build ipa file using Xcode:
1. Create a self signed code signing certificate.
On Mac OS X, go to Keychain Access -> Certificate Assistant -> Create a Certificate. It opens the certificate assistant window. Enter name (in my case it is securitylearn.net) and select certificate type as Code signing. Check let me override defaults option. Hit continue until it creates the certificate.
After creation of the certificate, the keychain looks as shown in the image below.
2. Copy /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Info.plist to desktop. Edit the plist file and replace all occurrences of XCiPhoneOSCodeSignContext by XCCodeSignContext (3 places – defaultproperties, runtimerequirements, overrideproperties).
3. Copy the modified Info.plist file to /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/ directory and replace the existing file.
4. Close and Restart the XCode.
5. Create your project in the XCode and in the project target settings choose the certificate created in step 1 as the code signing identity. Project target settings are shown below.
6. Build the project for iOS device (Project->Build).
7. Build creates the .app file in the build/Debug-iphoneos folder.
Default location for .app file is –
/Users/[user name]/Library/Developer/Xcode/DerivedData/[your app]/Build/Products/Debug-iphoneos/
8. Create a folder named Payload and copy the .app file into it.
9. Archive the Payload folder. It creates Payload.zip.
10. Rename the Payload.zip to [app name].ipa. We have successfully created the ipa file without developer certificate and this can be installed on a jailbroken device using iPhone configuration utility.
This comes handy for pentesters as well, if they want to create vulnerable demo apps.
Update on 16-Feb-2013: To install self signed ipa on iOS 6 devices, (Thanks to Leo for sharing this info)
1. Go to Cydia->Manage and add http://gdeluxe.com/repo as a source.
2. Download and install AppSync for iOS 6.x from Cydia.
3. Now you can install the ipa file using the iPhone configuration utility.