A tool for extracting decrypted IPA files from jailbroken devices.
This fork no longer requires using scp
, unlike the original project.
This is possible because I used the Frida File API to read all bytes inside a Module
file and then parse it into a MachO
object.
Currently, this class does not implement all Apple specifications.
By doing this, the tool doesn't generate auxiliary files on the APFS filesystem, as they are only stored as ArrayBuffer
(and node:Buffer
) in memory.
After patching, I can send the file to PC/macOS using the send
Frida primitive.
Furthermore, this solution extends the ConsoleApplication
class, thereby avoiding issues with argument handling.
To use frida-ios-dump, follow these steps:
- Install frida on your device.
Note
My repo is no more necessary because since Frida 16.1.5 supports rootless and rootfull JB. Anyway if you want to compile your own Frida DEB you can run my script. -
Clone this project by entering the following command in your terminal:
git clone --depth=1 https://github.com/miticollo/frida-ios-dump.git cd frida-ios-dump/
- Create a virtual environment.
python -m venv --upgrade-deps ./.venv source ./.venv/bin/activate
- Run
pip -vvv install frida-tools --require-virtualenv --upgrade --upgrade-strategy 'eager'
to install the Frida dependency.Note
This command will also upgrade dependencies. - (Optional) Connect your iDevice to macOS/PC using a USB lightning cable. You can also decrypt iOS over Wireless using the remote communication provided by Frida, although USB is recommended.
- Run the following command to install agent dependencies:
npm -ddd install
- Run the following commands to decrypt apps:
-
This spawns YouTube and then decrypts it.
python ./decrypter.py -U -f com.google.ios.youtube
-
Use this after opening the Spotify app.
python ./decrypter.py -U -n Spotify
-
To install the app, sideload it as follows:
- Use Sideloadly
Note
Enable “Sideload Spoofer” as some apps may not work after decryption.
- iPhone XR with iOS 15.1b1 jailbroken using Dopamine
- iPhone X with iOS 16.3.1 rootfull JB
- iPhone 8 with iOS 15.6 jailbroken using palera1n
- iPhone XR with iOS 15.1b1 jailbroken using RootHide