If you want to continue down this path, you’ll have to learn a lot more about code signing, entitlements, the trusted execution system, and so on. To get started, check out the links in the Code Signing Resources and Trusted Execution Resources pinned posts. I will continue digging. Thanks for links. I already saw them. Unfortunately I have no enough experience to create working solution now. Or you could choose a simpler starting point (-: For me this is a challenge. So I will try to do my best with it.

So you’re re-signing another developer’s app. To what end? What do you hope to achieve by this that you can’t achieve by running the app directly? This is first step for me. I want to change some data in app via hex editor. This matters because some re-signing tasks are impossible due to the way that provisioning profiles work. How I could get this info? I could cut off all sign data from previous signing?

entitlements.plist used: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.security.cs.allow-jit</key> <true/> <key>com.apple.security.cs.allow-unsigned-executable-memory</key> <true/> <key>com.apple.security.cs.disable-executable-page-protection</key> <true/> <key>com.apple.security.cs.allow-dyld-environment-variables</key> <true/> <key>com.apple.security.cs.disable-library-validation</key> <true/> </dict> </plist>

I’m not sure how to interpret that. The error from your first post indicates that you have an app, namely Foo.app. Did you create that app? Or did someone else? I installed app from internet and try to deal with it. No source code, only bundle. Foo.app is just alias for target app. Not quite. By default Macs will run ad hoc signed code. This is equivalent to Sign to Run Locally in Xcode. In logs information about that: /Applications/Foo.app/Contents/MacOS/Foo not valid: Error Domain=AppleMobileFileIntegrityError Code=-423 "The file is adhoc signed or signed by an unknown certificate chain" UserInfo={NSURL=file:///Applications/Foo.app/Contents/MacOS/Foo, NSLocalizedDescription=The file is adhoc signed or signed by an unknown certificate chain} I have M1 Macbook Air. I googled that security settings were changed for Apple Silicon. I installed all dev certs, but no changes. After I signed with my dev cert via codesign -f -o runtime --timestamp -s "Apple Development: ***@gmail.com (XXXXXXXXXX)" /Applications/Foo.app I had error for mapping process and mapped file (non-platform) have different Team IDs Next try with entitlements codesign -f -o runtime --entitlements /Users/zubastic/Desktop/entitlements.plist --timestamp -s "Apple Development: ***@gmail.com (XXXXXXXXXX)" /Applications/Foo.app: System Integrity Protection: enabled Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_INSTRUCTION (SIGILL) Exception Codes: 0x0000000000000001, 0x00000000741f2a42 Termination Reason: Namespace SIGNAL, Code 4 Illegal instruction: 4 Terminating Process: exc handler [2976] Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 Foo 0x105abf704 0x104fb4000 + 11581188 1 dyld 0x1958201d8 invocation function for block in dyld4::Loader::findAndRunAllInitializers(dyld4::RuntimeState&) const::$_0::operator()() const + 168 2 dyld 0x195861c60 invocation function for block in dyld3::MachOAnalyzer::forEachInitializer(Diagnostics&, dyld3::MachOAnalyzer::VMAddrConverter const&, void (unsigned int) block_pointer, void const*) const + 172 3 dyld 0x1958551a4 invocation function for block in dyld3::MachOFile::forEachSection(void (dyld3::MachOFile::SectionInfo const&, bool, bool&) block_pointer) const + 528 4 dyld 0x1958002d8 dyld3::MachOFile::forEachLoadCommand(Diagnostics&, void (load_command const*, bool&) block_pointer) const + 296 5 dyld 0x1958541cc dyld3::MachOFile::forEachSection(void (dyld3::MachOFile::SectionInfo const&, bool, bool&) block_pointer) const + 192 6 dyld 0x195856cfc dyld3::MachOFile::forEachInitializerPointerSection(Diagnostics&, void (unsigned int, unsigned int, bool&) block_pointer) const + 160 7 dyld 0x195861904 dyld3::MachOAnalyzer::forEachInitializer(Diagnostics&, dyld3::MachOAnalyzer::VMAddrConverter const&, void (unsigned int) block_pointer, void const*) const + 432 8 dyld 0x19581c85c dyld4::Loader::findAndRunAllInitializers(dyld4::RuntimeState&) const + 448 9 dyld 0x19581cc10 dyld4::Loader::runInitializersBottomUp(dyld4::RuntimeState&, dyld3::Array<dyld4::Loader const*>&) const + 220 10 dyld 0x195820264 dyld4::Loader::runInitializersBottomUpPlusUpwardLinks(dyld4::RuntimeState&) const::$_1::operator()() const + 112 11 dyld 0x19581cd90 dyld4::Loader::runInitializersBottomUpPlusUpwardLinks(dyld4::RuntimeState&) const + 304 12 dyld 0x195840984 dyld4::APIs::runAllInitializersForMain() + 468 13 dyld 0x1958052d0 dyld4::prepare(dyld4::APIs&, dyld3::MachOAnalyzer const*) + 3480 14 dyld 0x195803e18 start + 1964 Log output: zubastic@MacBook-Air ~ % codesign -f -o runtime --entitlements /Users/zubastic/Desktop/entitlements.plist --timestamp -s "Apple Development: ***@gmail.com (XXXXXXXXXX)" /Applications/Foo.app /Applications/Foo.app: replacing existing signature zubastic@MacBook-Air ~ % codesign -dv -r- /Applications/Foo.app Executable=/Applications/Foo.app/Contents/MacOS/Foo Identifier=com.Test.Foo Format=app bundle with Mach-O universal (x86_64 arm64) CodeDirectory v=20500 size=301795 flags=0x10000(runtime) hashes=9420+7 location=embedded Signature size=9192 Timestamp=19 Sep 2023, 15:36:31 Info.plist entries=35 TeamIdentifier=YYYYYYYYYY Runtime Version=13.1.0 Sealed Resources version=2 rules=13 files=1306 designated => identifier "com.Test.Foo" and anchor apple generic and certificate leaf[subject.CN] = "Apple Development: ***@gmail.com (XXXXXXXXXX)" and certificate 1[field.1.2.840.113635.100.6.2.1] /* exists */ zubastic@MacBook-Air ~ % codesign -vv /Applications/Foo.app /Applications/Foo.app: valid on disk /Applications/Foo.app: satisfies its Designated Requirement

Also I solved problem with internal error in code signing subsystem when use codesign. Another error was appeared Operation not permitted. So you should add terminal to Full Disc Access list.

Is this an app you created? No. I just have compiled bundle. And is it distributed independently? Yes. Or another third-party developer? Yes. I use codesign --force --deep --sign - so, I guess, --deep is redundant, also I googled that dash in that command used for adhoc signature, so my mac can not use it for run.