Install iOS app via sideloading

Tram Ho

During the pentest implementation with the iOS app, there will be many cases where we have to install applications or tools that are not released on the App Store. The lack of these tools will limit us a lot in the process of working, so in this article I will help people learn how to simply install a custom app on iOS devices via sideloading.

I. Sideloading

1. Definition

Sideloading, as defined by wikipedia, is a process similar to “upload” and “download” but makes the transfer from one device to another locally. For example, from a computer to a mobile device connected to it. For iOS, the use of sideloading to install applications that are not authenticated by apple so that application can run on iOS devices. Therefore, it can be sumptuous to call that iOS is an Apple crystal prison. That is also the reason that we will use sideloading to pass this prison.

2. Code-signing and Apple Developer Program

First, to talk about why you have to use sideloading instead of the usual installation, I will talk about two main points: Apple code-signing and Apple Developer Program.

Firstly, about code-signing. Apple has developed a DRM (Digital rights management) system – a complex digital rights management system – with only one purpose: only a sign-by-apple product that runs on iOS. Therefore, legally (because there are other ways), users will only be able to install applications through the App Store – where the applications have been moderated and signed by Apple.

Secondly, about the Apple Developer Program, this is an apple program for iOS developers. When participating in this program, developers can develop, compile and deploy applications and post their products on the App Store (Of course, it still has to be Apple censored). Developers will have to pay an annual fee for this. In addition, Apple also allows free developer accounts to compile and deploy applications.

3. Methods to install applications via sideloading.

There are many ways to install applications via sideloading, but within the article, I will introduce the 3 most common and easiest ways to do it:

  • Use XCode
  • Through Cydia Impactor
  • Use self-signed and repackaging using Objection.

II. Sideloading via XCode.

1. Create a developer account

  • Go to the project home page
  • Click on the account
  • Select Tạo tài khoản của bạn ngay bây giờ
  • At the registration page, enter the required information and click Tiếp tục
  • Enter the verification code and we will redirect to the Apple Developer Agreement page
  • Integrated confirm read and submit

So we have a free developer account from Apple.

2. Install the app to the device via XCode

First, open up XCode

Next step, you can open an existing app or create a new project. Here, I will create a new project.

For simplicity, choose the Single View App always

Fill in the information and select next. (the team part can be left blank)

Go to the Signing and Capacibilities tab in the Team section, select Add an Account and add the Apple ID you just created above.

Next, on the toolbar choose where to build is an iOS device:

Click on build.

Switch to your iOS device, go to Settings> General> Profile & Device Management> Trust “Apple Development ….”

Done, we have installed the app on the device. For prebuilt apps, the installation method is the same as above.

III. Sideloading through Cydia Impactor.

This part, I default as the device used has been jailbroken, where we will have 1 application named Cydia

Source is the source of the packages that you can install. You can add your sources at Source> edit> add

Use Search to search for the package to be installed

Now just press install package to install it

IV. Sideloading through resign and repackage using Objection

First, a simple introduction through the objection was introduced as a “runtime mobile exploration toolkit, powered by Frida”. Objection installation is very simple via pip3:


Next are the steps to use this tool:

1. Prepare with XCode

Go to XCode> Preference> Account

Click on Management Certificate, click + and choose Apple Development or iOS Development

You can check it with the following command:

2. Prepare mobileprovision

To create mobileprovision file, you can do the same as the app install with XCode above, here I will not repeat it.

3. Patching Dependencies

We will talk over the dependencies we will need to patching:

a. applesign

Applesign can be simply installed via the command:

b. insert_dylib

insert_dylib is a bit more complicated:

4. Patching an IPA

Next, we will patch an ipa file with the command:

with 0C2E8200Dxxxx is the output we have from step 1.

This command will unpack 1 ipa, search in binary code and patch with FridaGadget.dylib, codesign the dylib and binary code, finally repackaging for us.

Then use this file to install the app on iOS devices with ios-deploy

IV. Conclusion

Above is what I know about sideloading as well as a few ways to install iOS software through sideloading. In addition to the above, there are many other ways, people can refer more. Hopefully if the article has errors or errors will be added by everyone, pointing out to me. Thanks for reading.

Share the news now

Source : Viblo