时光

时光的时光轴

寄以时间,予以文字
telegram
github
微信公众号

Installing any app on iPhone

You may have a significant need for dual-opening chat software (such as small and beautiful), or you may have learned about some strange apps from your friends. However, due to Apple's app mechanism, they cannot be directly installed and used on your device.

So, friends who know more will see some familiar terms: XX sign, enterprise certificate, developer certificate, AltStore, etc. Here, let's mention the principle of AltStore again:

These software are implemented through the "self-signed certificate" prepared by Apple for developers, in order to facilitate developers to develop on their own devices before the app is on the shelves. AltStore runs a server in the local area network to simulate a Mac to complete the application and signing of the certificate, and finally sends the signed software to the phone for installation.

However, it is still not very convenient to do this:

  • The developer's self-signed certificate is only valid for 7 days, and your app will not run after the time is up.
  • You can only install and re-sign software in the local area network running the AltStore server.

The first problem is easy to solve. Just wait until the time is almost up and re-sign it. What about the second one? This article will introduce the Altstore branch SideStore driven by the open-source community.

It uses WireGuard to deceive the system and make it think that the software package being installed is from the local area network. SideStore also developed a signing server through the HTTP protocol. This way, you can complete the signing process anywhere.

Installing SideStore#

Currently, the official SideStore has not developed a Windows version of the installation server, so this part will be written separately.

Enable Developer Mode#

If your phone's system version is updated to iOS 16.0, then you need to enable the Developer Mode in the system.

The path to enable it is Settings App Privacy and Security Developer Mode

open_developer_mode-2.png

You will be asked to restart the device, and after restarting, you will be asked to enter your password once, which completes the enabling process.

Install on Mac#

Visit the SideServer-Macos project and download the latest version in the Releases section, then open it.

SideServer will run in the status bar, and just like the installation method of AltStore, connect the device you want to install to the Mac, then click the SideServer icon and select Install SideStore..., and then select your device name.

iShot_2023-02-11_18.53.21.png

You will be asked to use an Apple ID. In this step, you can use the account logged in on your device. If you have a known developer account, that would be even better.

Install on Windows#

Currently, the SideServer-Windows project has not yet released its first version, but we can install SideStore using AltServer. The .ipa file of SideStore can be downloaded from the SideStore project.

According to the current tutorial, you need to install iCloud and iTunes on your computer.

Visit AltStore, then download the Windows version client and run it. Connect your device, hold down Shift and click the Altserver icon, select Sideload.ipa, and then select the .ipa file of SideStore.

26e1a4ae-570c-4641-b17c-f8b5b81496ab.png
Image source: https://www.feng.com/post/13660328

Trust on the Device#

After a while, you will see the SideStore icon on your device. Try opening it. If you are prompted with a message like Not Trusted, go to Settings App General Device Management and select the Apple ID you just logged in with, then trust it.

If you have enabled developer mode and installed SideStore using the account that was already logged in on the device, you may not need to perform this step.

sidestore-2.png

The software looks similar to AltStore, but with a different color.

Setting Up the Anisette Service#

Before logging in to SideStore, Anisette is used to provide the software signing function for SideStore. It is written in D language (you can think of it as a hybrid of Java and C++). We don't need to worry about how it runs. We can directly deploy it using the Docker image provided by the official.

Image name: dadoum/anisette-server, Anisette project address.

The official provides the docker run command: docker run -d -v lib_cache:/opt/lib/ --restart=always -p 6969:6969 --name anisette dadoum/anisette-server:latest

If you need to customize the deployment, according to the interpretation of the command, Anisette needs to provide a directory mapped to the container /opt/lib/ and forward the 6969 port. You can change some parts according to your actual needs. For example, lib_cache can be modified to a path instead of a storage volume.

After running, when you see these in the log:

It means that it has been successfully started. Use a browser to access the exposed 6969 port, and you should get similar content:

{"X-Apple-I-Client-Time":"time","X-Apple-I-MD":"xxx","X-Apple-I-MD-LU":"xxx","X-Apple-I-MD-M":"xxx","X-Apple-I-MD-RINFO":"50660608","X-Apple-I-SRL-NO":"0","X-Apple-I-TimeZone":"UTC","X-Apple-Locale":"en_US","X-MMe-Client-Info":"<MacBookPro17,1> <macOS;12.2.1;21D62> <com.apple.AuthKit/1 (com.apple.dt.Xcode/3594.4.19)>","X-Mme-Device-Id":"xxx"}

What if I don't have a device that can run Docker?#

The official has considered this situation, so the official documentation mentions using the Render service to run it. You can learn more details in the installation documentation.

However, you can also install it using similar services that support running Docker containers, such as Heroku, but it is no longer free. You should be able to find many similar services online.

Home computers can also be used#

Maybe you have something like a software router at home. As long as it can run Docker, it is not difficult to see that this Anisette completes the interaction through the HTTP protocol, which means that you can use products like Cloudflare ZeroTrust Tunnel to put the HTTP server on the public network.

Just mention this idea, this article will not record the operation.

Modifying the Anisette Server in SideStore#

After setting up the Anisette service, open Settings App SideStore and turn off Use preferred servers, then enter the address of the Anisette server you just set up in Anisette URL.

setup-2.png

As you can see in the picture, I added HTTPS to the Anisette service through a reverse proxy, so when entering the address, you can omit the port.

Installing WireGuard#

This step requires an Apple ID from a non-Chinese region to complete. Just download it from the App Store. Of course, you can also install it first using AltStore...

Then download the provided WireGuard configuration file. If the link is invalid, you can also try creating a SideStore.conf file and write the following content into it:

Then start it!

0988e41d-d036-4d41-b035-50e3d3aed46c.png

Install an App to Try#

Open SideStore, log in to your Apple ID in Settings, and if your Anisette server is working properly, you will log in successfully.

Then go to Browse and find an app to download and try. I have chosen Flappy Bird.

e5dfc48e-3215-4689-be9d-121bb735d45c.png

If all the previous steps are correct, this Flappy Bird will appear on your home screen soon and you can open it and play it normally.

Install IPA#

The installation process is very simple. In My Apps, click the + button in the upper left corner, and then select the app saved on your phone.

If you are a related software developer, you can refer to the SideStore URL definition to facilitate the installation for your users.

Precautions#

  • Remember to disconnect the WireGuard connection after installation.
  • If you are a free developer account (haven't contributed 688 to Apple), each account can only activate three apps at the same time.
  • If you are a free account, you need to re-sign every 7 days. Remember to turn on Background Refresh in Settings. If you don't update the SideStore signature within 7 days, you need to repeat the steps in the Installing SideStore section.
  • Try to avoid installing third-party apps from unknown sources. Although there is a sandbox mechanism to protect them, just like the unc0ver jailbreak, one app can obtain the highest system permissions.
Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.