WatchOS app signing

Questions and Answers about all things *OS (macOS, iOS, tvOS, watchOS)

WatchOS app signing

Postby Orph » Tue Sep 01, 2020 10:56 am

Hello all,

I need help regarding resigning the watch component of an application. It might not be possible, but at least I need to understand what is the process there, as I already spent some time and neurones on this issue.
What I discovered so far by myself:
-the watchkit app component has a hash validation when installed with an iOS app signed by a developer certificate; the hash is compared either versus a com.apple.WK (_WatchKitStub/WK) component or against a per-architecture constant stored inside installd if WK is missing.
- this tells me that you either have a default component or you need a valid WK stub which hashes to the same value as your app.
- since the actual Watch component is signed with own certificate, I expect com.apple.WK is signed by Apple, but I fail to understand the process of generating the Stub, or how you can ensure they have same hash value
- if I understood correctly, the hashed part of the Watch app would cover also its signature, which makes me wonder how you can ensure parity with the Stub hash, which I expect is signed by Apple only
- signing with codesign did not help that much, I did not manage to get an installable .ipa

Now, I do not mind if this is not solvable, but the flow itself is interesting. I presume the whole Stub thing has a precise purpose and I am very curious what it is. I confess I still struggle with trying to generate a signature with isign fork, but that is anyway beyond the point.

Thank you all,
Orph
Orph
 
Posts: 6
Joined: Wed Sep 21, 2016 8:42 am

Return to Questions and Answers

Who is online

Users browsing this forum: No registered users and 5 guests

cron