This is a slightly-tweaked version of some code by Google's Amit Singh. I've juggled things a little and added support for scanning through fat binaries encrypting all valid architectures in a single pass. It will automatically detect whether it's currently encrypted or decrypted, and will apply or remove encryption as appropriate.
This uses the standard Apple Binary Protection interface, which means that your encrypted application will run happily on Apple-supplied Intel-CPU hardware. ABP doesn't exist on PowerPC Macs, so it does nothing there.
I had originally cleaned this up as part of a protection mechanism against those lovely people at Appulous who hacked Outpost, but it looks as though something very different is happening on the iPhone, *sigh*
Probably means I'll have to mess about with the code for signed binaries in the Security framework instead; that'll be a pain. Ever looked at the code for Apple's Security framework? The guy who wrote it is evidently a guru-level C++ guy. Unfortunately, that makes following the thread of execution by just reading the code very very difficult. But I digress…
To use the tool itself, you just supply two arguments: an input file and an output file. At present it doesn't support in-place editing, and it will explicitly fail if the output file already exists. At some point I'll probably add a shell-script wrapper for use as an Xcode build step, but please feel free to make your own; it should just encrypt to a temp file, exchange files if all was ok, and delete the original. Is there a command-line tool which does FSExchangeFiles()? That would help there somewhat.