Page tree
Skip to end of metadata
Go to start of metadata

Last updated: Feb 08, 2021 12:15

During the normal instrumentation process, a Perfecto library is added to the app’s binary. Specific function calls inside the app may be replaced with calls to functions from the Perfecto library.  As a result of this processing:

  • Apps have to be resigned with a Perfecto iOS certificate after the binary has been modified, due to iOS code signature requirements 

  • Apps using special entitlements, that require the original author's certificate, may not work after the resigning process.

Perfecto offers a feature that enables customers to instrument an application with the Perfecto library and then re-sign with the customer's own certificate. The main advantages of the Customized Instrumentation feature include:

  • Users have the ability to instrument the app while maintaining the original application entitlements and signature. 

  • The instrumentation process remains the same, except for the resign step;

    • Instead of resigning with Perfecto certificate, the application signature is performed locally, at the customer's premises, on a Mac machine with the customer’s enterprise certificate.

On this page:

How it works

The resign process is performed on a Mac machine within the Customer's environs.

The Keychain on the signing Mac should include:

  • The enterprise certificate used to resign the instrumented application, 
  •  Mobileprovision file matching the enterprise certificate.

Perfecto will provide the user with a script, to run on the Mac machine, that executes the following steps (see diagram above):

step 1: Upload the application file (*.ipa file) to Perfecto's instrumentation service.

step 2: Download the instrumented application file (*.ipa file) from Perfecto's instrumentation service.

step 3: Resign the instrumented application file with the customer's certificate.

Requirements for the Mac machine

  • OS - High Sierra or later

  • XCode 8.3.3 or later 

  • Python 3.6 and above - with "requests" module installed.

    • To install "requests" module run the following command:

      pip3 install requests

  • Open to internet connection (to access Perfecto services) 

  • Keychain on Mac should contain the required enterprise certificate (no duplicate names- verify only a single entry with this name in the keychain list) 

  • Keychain password 

  • Mobileprovision file matching the enterprise certificate 

  • *.ipa file of the application (which should be instrumented) 

Download the Python Script

Go to GitHub to download the Python script:

Run Perfecto's resign script on the Mac machine

  1. Run the script with the Python service.

    Example Script Activation
    python3 -i inputIPA.ipa -o outputIPA.ipa -t token.txt -p provision.mobileprovision -c "certificate name" -u -v <labVersionNum> -ih -is

    Script name:

  2. Required Parameters: 

  -i (IPA) - Original ipa File to Instrument 

  -o (OUTPUT_FILE) - Name for the Instrumented ipa File 

  -p PROVISIONING_PROFILE - Mobile Provisioning Profile File to use 

  -c CERTIFICATE_NAME - Name of the Certificate to use, as saved in the Keychain 

  -t TOKEN - Text file Containing a Valid Security Token 

  -u URL -  Perfecto Lab URL 

  -v VERSION - Perfecto Lab Version 

  • Instrumentation Flags, at least one of the following is required: 

  -ih - Enables Hybrid Instrumentation 

  -is - Enables Sensors Instrumentation

Optional Parameters
         -ent – (Optional) Entitlements File. Add a prepared entitlements plist profile in place of the generic entitlements section generated by the script, based on the information provided.

Script Output

During execution - the script reports its progress through the steps indicated above.

Upon completion, the fully instrumented and signed ipa file is generated.


Limitations and troubleshooting

  • Using multiple certificates to sign the application is not supported.
  • For troubleshooting, see this article.