Instrument iOS application with customer certificate

During the normal instrumentation process, a Perfecto library is added to the app’s binary. Specific function calls inside the app may be replaced with calls to functions from the Perfecto library.  As a result of this processing:

  • Apps have to be re-signed with a Perfecto iOS certificate after the binary has been modified, due to iOS code signature requirements

  • Apps using special entitlements that require the original author's certificate may not work after the re-signing process.

Perfecto offers a feature that enables customers to instrument an application with the Perfecto library and then re-sign with the customer's own certificate. The main advantages of the Customized Instrumentation feature include:

  • Users have the ability to instrument the app while maintaining the original application entitlements and signature.

  • The instrumentation process remains the same, except for the re-sign step.

    Instead of re-signing with the Perfecto certificate, the application signature is performed locally, at the customer's premises, on a Mac machine with the customer’s enterprise certificate.

Limitations

You cannot use multiple certificates to sign the application.

How it works

The re-sign process is performed on a Mac machine within the customer's environments.

The Keychain on the signing Mac should include:

  • The enterprise certificate used to re-sign the instrumented application
  • The .mobileprovision file matching the enterprise certificate

Perfecto will provide the user with a script, to run on the Mac machine, that executes the following steps (also shown in the following image):

Step 1: Upload the application file (*.ipa file) to Perfecto's instrumentation service.

Step 2: Download the instrumented application file (*.ipa file) from Perfecto's instrumentation service.

Step 3: Re-sign the instrumented application file with the customer's certificate.

Requirements for the Mac machine

  • macOS Mojave or later

  • XCode 8.3.3 or later 

  • Python 3.6 or later, with requests module installed

    To install the requests module, run the following command:

    Copy 
    pip3 install requests

  • Open to internet connection (to access Perfecto services)

  • Keychain on Mac should contain the required enterprise certificate

    Because duplicate names are not allowed, you must verify that only a single entry with this name is included in the keychain list.

  • Keychain password

  • .mobileprovision file matching the enterprise certificate

  • *.ipa file of the application (which should be instrumented) 

Download the Python script

Go to GitHub to download the Python script: customInstrumentWrapper.py

Run Perfecto's re-sign script on the Mac machine

  • Run the script with the Python service.

    Script name: customInstrumentWrapper.py

    Copy

    Example script activation

    python3 customInstrumentWrapper.py -i inputIPA.ipa -o outputIPA.ipa -t token.txt -p provision.mobileprovision -c "certificate name" -u LAB.perfectomobile.com -v <labVersionNum> -ih -is

Required parameters

Parameter Description
-i (IPA) Original .ipa file to instrument
-o (OUTPUT_FILE) Name for the Instrumented .ipa file
-p PROVISIONING_PROFILE .mobileprovision profile file to use
-c CERTIFICATE_NAME Name of the certificate to use, as saved in the keychain
-t TOKEN Text file containing a valid security token
-u URL Perfecto cloud URL
-v VERSION Perfecto cloud version

Instrumentation flags

At least one of the following instrumentation flags is required.

Flag Description
-ih  Enables hybrid instrumentation
-is Enables sensor instrumentation

Optional parameters

Parameter Description
-en (Optional) Entitlements file. Add a prepared entitlements plist profile in place of the generic entitlements section generated by the script, based on the information provided.

Script output

During execution, the script reports its progress through the steps indicated above. Upon completion, the fully instrumented and signed .ipa file is generated.

Demo