Tag Archives: build iOS app for real device without paying 99$

Build ipa file using XCode without provisioning profile

To develop an application for iOS devices one should first obtain a provisioning profile by joining the iPhone Developer Program (which costs $99). However, some simple tricks can be used to build self signed applications using Xcode, that can be installed on Jailbroken devices. The steps provided below explains the detailed procedure to build ipa files without developer certificate for Jailbroken devices. This is tested on Mountain Lion 10.8, Xcode 4.5 and iOS 6 SDK.

Steps to build ipa file using Xcode:
1. Create a self signed code signing certificate.

On Mac OS X, go to Keychain Access -> Certificate Assistant -> Create a Certificate. It opens the certificate assistant window. Enter name (in my case it is and select certificate type as Code signing. Check let me override defaults option. Hit continue until it creates the certificate.

OS X self signed certificate

After creation of the certificate, the keychain looks as shown in the image below.

Certificate in keychain1

2. Copy /Applications/ to desktop. Edit the plist file and replace all occurrences of XCiPhoneOSCodeSignContext by XCCodeSignContext (3 places – defaultproperties, runtimerequirements, overrideproperties).

Before modification:

xcode info plist before modification

After modification:

xcode info plist after modification

3. Copy the modified Info.plist file to /Applications/ directory and replace the existing file.
4. Close and Restart the XCode.
5. Create your project in the XCode and in the project target settings choose the certificate created in step 1 as the code signing identity. Project target settings are shown below.

xcode project code signing settings

6. Build the project for iOS device (Project->Build).
7. Build creates the .app file in the build/Debug-iphoneos folder.

Xcode build app

Default location for .app file is –
/Users/[user name]/Library/Developer/Xcode/DerivedData/[your app]/Build/Products/Debug-iphoneos/

xcode build directory

8. Create a folder named Payload and copy the .app file into it.

Payload folder

9. Archive the Payload folder. It creates
10. Rename the to [app name].ipa. We have successfully created the ipa file without developer certificate and this can be installed on a jailbroken device using iPhone configuration utility.

This comes handy for pentesters as well, if they want to create vulnerable demo apps.

Update on 16-Feb-2013: To install self signed ipa on iOS 6 devices, (Thanks to Leo for sharing this info) 
1. Go to Cydia->Manage and add as a source.

appsync cydia

2. Download and install AppSync for iOS 6.x from Cydia.
3. Now you can install the ipa file using the iPhone configuration utility.


Posted by on December 26, 2012 in iPhone


Tags: , , , , , , , ,