Scenario: You have an IPA that you want to test on a device, but the IPA was generated using a provisioning profile that does not include the device, and was signed with a certificate that is not yours. You drag this IPA to XCode’s organizer window hoping it would be installed on the connected device, but this results in an Unknown error.

Turns out that this is easy to fix. Here’s how to make it work.

First, unpack the IPA (unzip -q <IPA>). This would create a directory named Payload and a few other files. Delete the existing signature in the extracted package:

    rm -rf "Payload/*.app/_CodeSignature" "Payload/*.app/CodeResources"

For the next step, you need two things: a valid provisioning profile and a valid certificate. Both can be obtained via the iOS developer portal.

Replace the provisioning profile first

    cp <PROVISIONING_PROFILE> "Payload/*.app/embedded.mobileprovision"

Then resign using your certificate (the certificate must be present in your keychain)

    /usr/bin/codesign -f -s "<CERTIFICATE>" --resource-rules "Payload/*.app/ResourceRules.plist" "Payload/*.app"

Now you can recreate the IPA and then drag & drop it in the XCode organizer to install it on the device!

    zip -qr <IPA_resigned> Payload

Edit: If you are looking for user friendly options, check out the script by Daniel or the app by Brian.