A tool to extract a decrypted IPA from a jailbroken, rootless device.
To use frida-ios-dump, follow these steps:
- Install frida on your device. You have two options:
-
Clone this project by typing the following command in your terminal window:
git clone --depth=1 -j8 https://github.com/miticollo/frida-ios-dump.git cd frida-ios-dump/
- Create a virtual environment.
python -m venv ./.venv source ./.venv/bin/activate
- Run
pip install -r requirements.txt --upgrade
to install the necessary dependencies.Note
Upgrade dependencies such asfrida-tools
andfrida
using the commandsudo pip install -r requirements.txt --upgrade
. - Enable SSH forwarding over USB using
iproxy
. For example, runiproxy -ddd 2222:22
. - On the device, install
curl
,ldid
andopenssh
from Procursus. Then, run the following commands as root either over SSH or in a terminal window:curl -LO --output-dir /var/tmp/ 'https://raw.githubusercontent.com/miticollo/frida-ios-dump/master/scp.entitlements' ldid -S/var/tmp/scp.entitlements -M "$(which scp)" rm -v /var/tmp/scp.entitlements
- Open the target app on the device.
- Connect iDevice to macOS/PC using USB lightning cable.
- Run
./dump.py <target>
./dump.py Spotify
Start the target app Spotify
Dumping Spotify to /var/folders/q2/x23bcyr53w3dnmlh2fqjp2mr0000gp/T
start dump /private/var/containers/Bundle/Application/56AE666E-0F06-4969-91C8-5B63F33ECF58/Spotify.app/Spotify
Spotify.fid: 100%|██████████| 112M/112M [00:03<00:00, 35.5MB/s]
start dump /private/var/containers/Bundle/Application/56AE666E-0F06-4969-91C8-5B63F33ECF58/Spotify.app/Frameworks/SpotifyShared.framework/SpotifyShared
SpotifyShared.fid: 100%|██████████| 4.26M/4.26M [00:00<00:00, 19.8MB/s]
AppIntentVocabulary.plist: 125MB [00:10, 13.1MB/s]
Generating "Spotify.ipa"
0.00B [00:00, ?B/s]
Congratulations!!! You've got a decrypted IPA file.
To install the app, sideload it as follows:
- Use Sideloadly
Note
Enable “Sideload Spoofer” as some apps may not work after decryption.