YEEEAAAAHHHH!!!!! I have my IPA with injected crack!
I write the steps, if can help other users
- Installed the app from AppStore on iPhone with iOS 9.3.1 with jailbreak.
- Decrypted the ipa with Clutch2, (tried with Rasticrac, but not work, the list is everyime empty)
- (Test the decrpyt) Resigned the decripted ipa (using IOS App Signer), and installed with XCode on my iphone not jailbreaked, and the app work.
- Created folder "Patcher" where i have downloaded the patch used online to patch "Pokemon", and copied my ABA.ipa
- Downloaded the .deb package that i would inject (the crack), decompressed it ( ar -x filename.deb ), and copied the file "ABAEnglish.dylib" in directory Patcher.
- Edited the file "patchapp.sh", changing "DYLIB=ABAEnglish.dylib", removing the block of "re-sign Frameworks" (not work with folders), removing the block of "generate the correct entitlements" and the "re-sign the .app". (removed the resign, then i do resign with external ios app signer)
- Need to edit the "dylib" dependencies (after installed a ipa with a original dylib, it not start, and i think that is problem of dependencies... ):
to view the dependecies use: "otool -L ABAEnglish.dylib" and analyzed the references at paths of jailbroken device, i used thes commands:
install_name_tool -id /usr/lib/ABAEnglish.dylib ABAEnglish.dylib
install_name_tool -change "/Library/Frameworks/CydiaSubstrate.framework/CydiaSubstrate" "@executable_path/CydiaSubstrate" ABAEnglish.dylib
- now (as can find for Pokemon), executed the "patchapp.sh path ABA.ipa [mobileprovisionpath]" that inject the dylib in ipa and recreate it.
- signed the ipa created with ios app signer
- installed the ipa with XCode: WORK!!!