Some iOS apps check the version of the operating system on the device. Recently, while testing an application, I just ran into a similar check. If the iOS version was lower than 7.1, the application was not installed and an error occurred.

This article will cover the following topics:

• Change the iOS version in the SystemVersion.plist file.
• Change the version in the plist file that is in the application package.
• Using the "iOS-ssl-Kill switch" utility to bypass certificate validation.

Changing the iOS version in the SystemVersion.plist file

The iOS version can be changed (on a jailbroken device) in two simple steps by changing the corresponding value in the SystemVersion.plist file:

1. We connect to the jailbreak device via SSH protocol (or use ifile available in cydia) to view the contents of the system directory.
2. Change the value of "ProductVersion" in the file "/System/Library/CoreServices/SystemVersion.plist".

Figure 1: Contents of the SystemVersion.plist file

This trick allows you to change the value displayed in the "Settings/General/about" section. However, the method will only work for applications that check the version in the SystemVersion.plist file. If after changing the version, the application still refuses to work, use the second method.

Change the version in the plist file that is in the application package

The second method, which allows you to change the version, consists of three simple steps:

1. Rename the ipa file to .zip and unpack the archive.
2. We change the value of "minimum ios version" in the info.plist file, which is usually located in the \Payload\appname.app folder.
3. Pack the archive and rename it back to ipa. [ Note: some applications check the "minimum ios version" value in other plist files that are in the package].

Figure 2: Contents of the info.plist file

After changing the plist files, the signature of the package is broken. To solve this problem, you need to register the IPA using the utility from this article.

Some apps check the iOS version during installation. When a user installs an app using iTunes or xcode using an IPA, the version of iOS running on the device is checked, and if the version is lower than required, an error occurs.

Figure 3: Error when installing application via xcode

Such a check also costs several steps:

1. Rename the .ipa file to .zip and extract the .app folder.
2. Copy the .app folder to where iOS applications are installed (/root/application) using any SFTP client (for example, WinSCP).
3. We connect to the device via SSH, go to the folder where the IPA is installed, and then set the launch rights for the .app folder (chmod -R 755 or chmod -R 777). An alternative way is to right-click on the .app folder in WinSCP and change the properties of the directory to set the appropriate permissions.
4. After restarting the iOS device, the application will be successfully installed.

Figure 4: Setting new permissions for a directory

Certificate validation bypass

Some applications check the certificate to prevent traffic from being proxified by utilities like Burp. Usually, the client certificate is hardwired into the binary file of the application. The server verifies this certificate, and if the validation fails, an error is raised. You can read more about this in my other article co-authored with Steve Kern.

Sometimes it can be difficult to extract the certificate from the application and install it inside the proxy. An alternative is to use the ios-ssl-kill-switch utility. ios-ssl-kill-switch hooks into the Secure Transport API (lowest level) and disables certificate verification. Most checks use NSURLConnection at a higher level. More details can be found.

Verifying a certificate takes several steps:

1. Install the kill-ssl-switch utility.
2. All dependent packages must be installed beforehand.
3. Restart the device or restart the SpringBoard with the following command "killall -HUP SpringBoard".
4. Set the Disable Certificate Validation option in the "Settings/SSL Kill Switch" section.
5. We restart the application, after which the traffic should be intercepted successfully.

Certificate pinning is bypassed by hooking into the API that validates the certificate and always returning true when validated. The Mobilesubstrate framework is quite suitable for solving this problem. There are several other useful utilities for disabling snapping, such as "Trustme" and "Snoop-it".

Figure 5: Disable certificate verification in SSL Kill Switch

Electronic signing and sending of documents will facilitate interaction with customers and employees. With the DocuSign mobile app, you can sign contracts, approvals, and other agreements in minutes from almost anywhere. Manage your business quickly and efficiently with an e-signature platform trusted by millions of users around the world.

Send documents for signing to other users.
Securely store and manage documents with access from any device, anytime.

Main functions.

Signing of documents
Fill out and sign documents for free with no monthly limit.
Email signed documents to anyone. mail or via Dropbox, Box, Evernote, Google Drive, and more.
Create and customize personal signatures right from your iPhone or iPad.
Supports PDF, Word, Excel documents, image files (JPEG, PNG, TIFF), TXT text files, etc.
Open email attachments or important documents from cloud services in DocuSign, including Dropbox, Box, Google Drive, Evernote, and Salesforce.
Offline access allows you to sign documents even without an Internet connection.

Sending documents
Mobile work features allow you to import and prepare documents on your mobile device.
"Sign here" tags tell document recipients the exact place where they need to sign.
Customize the signing order and process for multiple users.
Remind recipients of a pending document with the click of a button.
Cancel documents already sent for signature.
Consider the possibility of personal and remote signing.

Legality and security:

Legal force - official DocuSign signatures comply with the law on electronic signatures in international and national commercial circulation.
A detailed audit trail allows you to see who, when and where was signed.
Documents are stored in encrypted form - it is safer and more reliable than paper storage.
DocuSign complies with ISO 27001 and SSAE16 standards.

In addition to our free plan with unlimited subscriptions, we offer Premium plans that include more features and allow you to send more documents. Information about Premium plans can be obtained by clicking the "Update" button in the application.

Standard plan:
Access to additional fields, including the most used ones in DocuSign.

Real estate plan
Sending documents for signature.
Powerful real estate features including zipForm(r) Plus integration and website branding.

personal plan
Limited sending of documents. Possibility to send up to 10 documents per month.
Access to required fields. Possibility to request signature, date and name.
Reusable templates for document standardization.

Subscription Information:
Payment will be charged to your iTunes Account at confirmation of purchase. Subscription automatically renews unless this feature is turned off at least 24 hours before the end of the current period. To renew your subscription, your account will be charged the appropriate amount within 24 hours prior to the end of the current period. The subscription is managed by the user. Auto-renewal may be turned off by going to the user's Account Settings after purchase. Cancellation is not possible during the subscription period

For questions or feedback, please email [email protected]

Learn more about DocuSign and electronic signatures at https://www.docusign.com/how-it-works.

DocuSign Privacy Policy: https://www.docusign.com/company/privacy-policy

DocuSign terms of use: https://www.docusign.com/company/terms-of-use

The golden cage of reliability and security, in which all owners of mobile devices running the iOS operating system are located, has its negative sides. One of these sides is the inability to return to a previous version of any program. Reading reviews of games in the AppStore, you can often notice that new versions greatly disappoint their users. Many of them have a reasonable question how to return their favorite version of the program?

As it turned out, it's not so easy. The first solution in such situations is usually to jailbreak the operating system. But because of one application, it is clearly not worth refusing the possibility of further official updates, reducing the stability of the device and losing the manufacturer's warranty obligations. There is another way - this is installing applications from an IPA file with signing it with a developer certificate.

IPA is an extension for the installation files of various programs for the iPhone, iPad and iPod Touch. All IPA files, when officially installed from the AppStore on the selected device, are signed with a special digitally signed certificate. This signature is a protection against unauthorized distribution of programs and applications from the AppStore. An application installed and signed for one device cannot be installed on another. Therefore, in order to be able to install an old version of the game or any other program, you need to take the corresponding application that does not have a digital signature, sign it with a certificate corresponding to the selected device, and only after that it will be possible to install it.

We will not dwell on the question of where to get unsigned applications, since if you have the skills to use search engines, it can be solved quite simply. Let us dwell in more detail on the technical side of signing applications with a digital signature.

We note right away that this manipulation can only be performed by users of Apple computers running Mas OS X 10.6.8 (Snow Leopard) and higher. If you do not have such an operating system, then you can install it using one of the virtualization systems for your operating system. For example, vmware.

If the above conditions are met, you can sign the application with a certificate if you have a paid developer account and the UDID number of the device entered in this account. On the Internet, special services have appeared that provide such services for a nominal fee.

The whole process of installing an application from an IPA file will consist in this case of the following steps.

1. Download a program for Mac OS that will be used to digitally sign the application. At the time of this writing, the following programs are known and used for digitally signing applications: InstaSign , iModSign , iReSign And iSignature . We recommend that you first of all pay attention to the first two programs from the list.
   
2. Determine the UDID - the device's unique identification number. To do this, connect your iPhone, iPad or iPod Touch to your computer and launch iTunes on it. In the device overview page, click on its serial number and in its place you will see a 40-character alphanumeric UDID code. Copy it to any text document.

   

   
   
3. Link a UDID to a developer account and get certificates and a profile for your device. To do this, use one of the services on the Internet. For instance, . In the store of the indicated site, you must purchase Certificate + Rvisioning Profile , making sure to specify the UDID of the device for which you are ordering certificates.

   

   
   
4. After successful payment, you should receive at least three necessary files by mail:
   • certificate with extension *.cer ;
     
   • certificate with extension *.p12 ;
     
   • profile of your device with extension *.mobileprovision .
     
   Also, the letter should contain the password that is used when adding certificates to A bunch of keys(keychain).
   
5. Add certificates to A bunch of keys. To do this, double-click the left mouse button on the certificate with the extension *.p12. Enter your password in the window that appears.

   

   
   
6. After successfully adding developer certificates in the left column Keychains find the added certificates under " Certificates' and enter a certificate starting with iPhone Developer:. Copy the common developer name corresponding to this certificate, which will look like this iPhone Developer: Ivan Ivanov (Х1YZ2AB3C4). It will need to be used later when signing the program.

   

   

   
   
7. Run the program used to sign the IPA application. In our example, we used the program InstaSign.
   
8. Drag the application to be signed into the program window with the mouse. As a result, it should appear on the first line of the program.
   
9. Specify the name of the developer, which was defined in step 6, and the folder to save the signed application. By default, it will be saved to the desktop.
   
10. Click the button InstaSign application signing software. As a result of these actions, the digital certificate of the selected application will be signed with the extension *.ipa.

    

    

    
    
11. Download the developer profile with extension *.mobileprovision to your device. The easiest way to do this is by sending the profile file to your mail and opening this letter using the Safari browser built into your iPhone or iPad. When a profile file is opened by a browser, it will be automatically installed in the device.
    
12. Now an IPA-signed app can now be installed on an iPhone, iPad, or iPod Touch device for which UDID certificates have been obtained. For this purpose, you can use either the standard iTunes or the more convenient iTools utility.