How to sideload on iOS without jailbreak or Revoked for free in the easiest way possible?
Sideload Esign No worries, this is a tutorial, and if you’re an experienced torrent user, you’ll likely pick it up quickly even without the full explanation. For everyone else, this guide is designed to be straightforward, with everything you need right here—no jumping between multiple sources.
Sideloading Guide
- DNS
https://github.com/khoindvnDNS/iOS/raw/main/DNS/khoindns.mobileconfig - Esign
https://github.com/khoindvnDNS/iOS/tree/main/Esign-iPA - Certs
https://github.com/khoindvnDNS/iOS/raw/main/DNS/Esign-Certs.zip - Repo
https://repo.apptesters.org
Before we start:
It’s important to carefully read through the entire tutorial to understand the concepts and technical details. This way, you can troubleshoot or prevent issues on your own, rather than blindly following along and ending up surprised like Linus Sebastian with a shocked Pikachu face later on.
Start DNS
About: This is a pre-made DNS profile provided by Khơindvn on GitHub, thanks to a YouTuber named “Pork the Jork.” It’s designed to prevent Apple servers from verifying the bundle ID of apps downloaded outside the App Store. This profile allows apps to be signed before installation, bypassing the verification process, which has been in place since iOS 13 (as apps are no longer signed locally like on PC or Mac). This mechanism, known as Bypass Revoke, helps you regain access even if you’ve been blacklisted.
Step 1:
For those coming from Android or Windows, manually installing any profile is standard behavior on iOS or iPadOS, unlike macOS (at least the older versions before things got more restrictive). This applies even to DNS profiles like NextDNS, AdGuard, or AhaDNS Blitz. If there were any additional permissions or concerns, Apple would clearly state them at the bottom of the prompt when requesting your approval.
Alternatively, you may also manually add these as filter:
ocsp.apple.com
ocsp2.apple.com
valid.apple.com
crl.apple.com
certs.apple.com
appattest.apple.com
vpp.itunes.apple.com
You can create a free CloudFlare Zero Trust account and manually block the mentioned domains. The ReadMe text also provides instructions on filtering adware by creating your own .mobileconfig
file. Alternatively, Egern is a native iOS app that lets you set domain block rules locally if you’re familiar with scripting. This app is also compatible with AdGuard Home users.
Install Esign
Step 2:
- Visit the link (or alternate link) to install Esign (Free version only) from the bottom of the page.
- If one certificate doesn’t work, try another one.
- Go to Settings → General → VPN, DNS, & Device Management → Enterprise App.
- Tap on the certificate name and press the Trust button.
- Open the Esign app, and under the Download tab in the bottom navigation bar, tap the ellipses (•••) at the top.
- Go to Settings and enable both Auto Import and Auto Delete.
Get Certs
About: Cert is simply short for certificate where we’ll use the expired ones instead of the latest one… presumably HDFC Life Insurance (Indian) or older like Sunshine Insurance Group (Chinese) but you’ll be downloaded with all of them.
Step 3:
-
-
- Tap on the link here or copy it from above, then go to your:
- Esign → Download → ••• → URL › Paste.
- A zip file should appear in your Files section. Use the inbuilt uncompressor by tapping on the file; this will create an extracted folder with the same name.
- Inside the extracted folder, you should see a list of certificates. Select the one that you used to install Esign.
- After a successful import, you can delete both the folder and the zip file.
- Now, go to the main Settings in the app (bottom bar) for Sign Default Config, enable Install after signed, and then exit the settings.
- Tap on the link here or copy it from above, then go to your:
-
Load Repo
About:
Repo stands for repository, which serves as an app library. The one mentioned here is the TrollStore iPA Library from GitHub, allowing you to access a variety of iPA files conveniently.
Step 4:
-
- Tap on the link or manually copy it from above.
- Open Esign → App Source (Top Left) → +.
- You should now be able to search for and download apps natively.
Shortcut tool to find the RAW URL of any GitHub File Link for repo source.
Install Part
About: If you’ve been following attentively up to here then you’d notice you’re yet to install an app and that’s because unlike the AppStore itself the search function only downloads the app as you’d need to sign it first.
Step 5:
- You’ll notice that at the start of this final process, there’s a ‘Signature’ button located above the ‘Install’ button. This button is more important and will be used frequently, unless you’re duplicating an already signed app, such as WhatsApp (more on that later).
Additional Repo Source
If you read till here, as a reward these are some additional repo which I personally use:
iTorrent Repo (Direct)
https://xitrix.github.io/iTorrent/AltStore.json
YTLitePlus Repo (Direct)
https://raw.githubusercontent.com/Balackburn/YTLitePlusAltstore/main/apps.json
EeveeSpotify Repo (Direct)
https://raw.githubusercontent.com/whoeevee/EeveeSpotify/swift/repo.json
CyPwn IPA Repo (Egern)
https://ipa.cypwn.xyz/cypwn.json
You don’t need to add every repo on Earth unless they serve a particular niche category.
Extras
If you’re still reading then you’re actually done with sideloading and good to go.
How to use VPN with Bypass Revoke?
About: VPN stands for Virtual Private Network and for this we’ll use CloudFlare Warp.
Setup:
Make sure you have visited the settings for CloudFlare Warp first to add a Gateway DoH Subdomain.
- Go to Advanced → Connection Options → DNS Settings and enter: ciwelz9v7y.
- After successfully adding the subdomain, the interface should change to Zero Trust.
- Continue using your VPN as normal without revoking access.
- Before deactivating the VPN each time, enable Airplane Mode first:
- Enable Airplane Mode → Disable VPN → Turn off Airplane Mode.
- You can then continue using the internet normally without revoking access.
For other VPN services based on WireGuard, ensure to define the DNS Server (DoH) instead of DNS in your settings.
Gateway DoH Endpoint:
https://ciwelz9v7y.cloudflare-gateway.com/dns-query
Injecting dylibs with Esign
About: Dylibs stand short for Dynamic Libraries and this is what allows to run tweaks or fixes.
Setup:
- Before injecting with anything, the first thing you’d want to do is visit:
Esign Settings → Sign Default Config → Library Injection Settings - Change ‘inject folder‘ from / to Frameworks/
Now, if you have the AppTester Repo loaded for example then you can directly search for a dylib or just filter them by category.
The Sideloadbypass dylib allows you to fix crashes for a decrypted iPA file after injection, such as with Egern. To inject the dylib, simply return to Step 5 or select More Settings before tapping Signature when installing a new app.
Important Note: Ensure that the iPA file isn’t decrypted from TrollStore, as it will crash regardless. The dylib can only be used with apps installed through TrollStore.
Esign No Logs Version
I have come across quite a chatter about Esign No Logs (5.0) which is a custom version of Esign iPA file that sans all of its telemetry. You can simply create a custom DNS filter list of these instead like for Bypass Revoke before: (Update: It’s now native from the download site)
qmuiteam.com
h.trace.qq.com
ios.bugly.qq.com
ios.bugly.qcloud.com
ucc.umeng.com
ulogs.umeng.com
alogus.umeng.com
utoken.umeng.com
aspect-upush.umeng.com
ulogs.umengcloud.com
aladdinsys.com
baidu.com
api.nuosike.com
If you’re facing problems then you can block esign.yyyue.xyz
safely by simply heading to Esign Settings → Sign Default Config → Install Address and change to ‘Local‘