Last updated: Aug 20, 2019 16:37
During the normal instrumentation process, a Perfecto library is added to the app’s binary. Specific function calls inside the app may be replaced with calls to functions from the Perfecto library. As a result of this processing:
Apps have to be resigned with a Perfecto iOS certificate after the binary has been modified, due to iOS code signature requirements.
Apps using special entitlements, that require the original author's certificate, may not work after the resigning process.
Perfecto offers a feature that enables customers to instrument an application with the Perfecto library and then re-sign with the customer's own certificate. The main advantages of the Customized Instrumentation feature include:
Users have the ability to instrument the app while maintaining the original application entitlements and signature.
The instrumentation process remains the same, except for the resign step;
Instead of resigning with Perfecto certificate, the application signature is performed locally, at the customer's premises, on a Mac machine with the customer’s enterprise certificate.
How it works?
The resign process is performed on a Mac machine within the Customer's environs.
The Keychain on the signing Mac should include:
- The enterprise certificate used to resign the instrumented application,
- Mobileprovision file matching the enterprise certificate.
Perfecto will provide the user with a script, to run on the Mac machine, that executes the following steps (see diagram above):
step 1: Upload the application file (*.ipa file) to Perfecto's instrumentation service.
step 2: Download the instrumented application file (*.ipa file) from Perfecto's instrumentation service.
step 3: Resign the instrumented application file with the customer's certificate.
Requirements for the Mac machine:
OS - El Capitan or higher
XCode 8.3.3 or later
Python 3.6 and above - with "requests" module installed.
To install "requests" module run the following command:
Open to internet connection- (to access Perfecto services)
Keychain on Mac should contain the required enterprise certificate (no duplicate names- verify only a single entry with this name in the keychain list)
Mobileprovision file matching the enterprise certificate
*.ipa file of the application (which should be instrumented)
Download the Python Script
How to run Perfecto's resign script on the Mac machine:
Run the script with the Python service.
Script name: customInstrumentWrapper.py
- Required Parameters:
-i (IPA) - Original ipa File to Instrument
-o (OUTPUT_FILE) - Name for the Instrumented ipa File
-p PROVISIONING_PROFILE - Mobile Provisioning Profile File to use
-c CERTIFICATE_NAME - Name of the Certificate to use, as saved in the Keychain
-t TOKEN - Text file Containing a Valid Security Token
-u URL - Perfecto Lab URL
-v VERSION - Perfecto Lab Version
Instrumentation Flags, at least one of the following is required:
-ih - Enables Hybrid Instrumentation
-is - Enables Sensors Instrumentation
-ent – (Optional) Entitlements File. Add a prepared entitlements plist profile in place of the generic entitlements section generated by the script, based on the information provided.
During execution - the script reports its progress through the steps indicated above.
Upon completion, the fully instrumented and signed ipa file is generated.
Limitations and Troubleshooting
- Using multiple certificates to sign the application is not supported.
- For troubleshooting, see this article.