During the normal instrumentation process, a Perfecto library is added to the app’s binary. Specific function calls inside the app may be replaced with calls to functions from the Perfecto library. As a result of this processing:
-
Apps have to be re-signed with a Perfecto iOS certificate after the binary has been modified, due to iOS code signature requirements.
-
Apps using special entitlements that require the original author's certificate may not work after the re-signing process.
Perfecto offers script instrumentation, a customized instrumentation feature that enables customers to instrument an application with the Perfecto library and then re-sign it with the customer's own certificate. The main advantages of the script instrumentation include:
-
You can instrument the app while maintaining the original application entitlements and signature.
-
The instrumentation process remains the same, except for the re-sign step.
Instead of re-signing with the Perfecto certificate, the application signature is performed locally, at your organization's premises, on a Mac machine with the your enterprise certificate.
Limitations
You cannot use multiple certificates to sign the application.
How it works
The re-sign process is performed on a Mac machine within the customer's environments.
The Keychain on the signing Mac should include:
- The enterprise certificate used to re-sign the instrumented application
- The
.mobileprovisionfile matching the enterprise certificate
Perfecto will provide the user with a script, to run on the Mac machine, that executes the following steps (also shown in the following image):
Step 1: Upload the application file (*.ipa file) to Perfecto's instrumentation service.
Step 2: Download the instrumented application file (*.ipa file) from Perfecto's instrumentation service.
Step 3: Re-sign the instrumented application file with the customer's certificate.
Requirements for the Mac machine
-
macOS Mojave or later
-
XCode 8.3.3 or later
-
Python 3.6 or later, with
requestsmodule installedTo install the
requestsmodule, run the following command:Copypip3 install requests -
Open to internet connection (to access Perfecto services)
-
Keychain on Mac should contain the required enterprise certificate
Because duplicate names are not allowed, you must verify that only a single entry with this name is included in the keychain list.
-
Keychain password
-
.mobileprovisionfile matching the enterprise certificate -
*.ipafile of the application (which should be instrumented)
Download the Python script
Go to GitHub to download the Python script: customInstrumentWrapper.py
Run Perfecto's re-sign script on the Mac machine
-
Run the script with the Python service.
Script name: customInstrumentWrapper.py
CopyExample script activation
python3 customInstrumentWrapper.py -i inputIPA.ipa -o outputIPA.ipa -t token.txt -p provision.mobileprovision -c "certificate name" -u LAB.perfectomobile.com -v <labVersionNum> -ih -is
Required parameters
| Parameter | Description |
|---|---|
-i (IPA)
|
Original .ipa file to instrument |
-o (OUTPUT_FILE)
|
Name for the Instrumented .ipa file |
-p PROVISIONING_PROFILE |
.mobileprovision profile file to use |
-c CERTIFICATE_NAME
|
Name of the certificate to use, as saved in the keychain |
-t TOKEN
|
Text file containing a valid security token |
-u URL
|
Perfecto cloud URL |
-v VERSION
|
Perfecto cloud version |
Instrumentation flags
At least one of the following instrumentation flags is required.
| Flag | Description |
|---|---|
-ih |
Enables hybrid instrumentation |
-is
|
Enables sensor instrumentation |
Optional parameters
| Parameter | Description |
|---|---|
-en
|
(Optional) Entitlements file. Add a prepared entitlements plist profile in place of the generic entitlements section generated by the script, based on the information provided. |
Script output
During execution, the script reports its progress through the steps indicated above. Upon completion, the fully instrumented and signed .ipa file is generated.
Demo