This should be possible, I think you could do it like this.
First extract some likely entitlements from the App Store provisioning profile. This may need further editing.
/usr/libexec/PlistBuddy -x -c "print :Entitlements " /dev/stdin <<< $(security cms -D -i AppStore.mobileprovision) > entitlements.plist
Then resign the binary using the
codesign -f -s YourDistributionSigningIdentity --entitlements entitlements.plist --resource-rules your.app/ResourceRules.plist your.app
And package it as an IPA
xcrun -sdk iphoneos PackageApplication -v -o `pwd`/out.ipa your.app
If the app wasn't code signed, then your ResourceRules.plist may be missing. These are generic, just copy something like this into place.