3 Steps to Decrypt Any iOS App on iOS 13+

While performing a security assessment of the iOS apps, one of the important steps is to analyze the decrypted app!

In this blog, I’ll quickly show you how you can decrypt any iOS app from Appstore in 3 easy steps.

Requirements:

  • Jailbroken iPhone running iOS 13 or above ( I have tested this technique on the latest iOS! It should work on the older version too).
  • iPhone connected over USB

Step 1: Install Frida on the system (Mac/Windows) and iPhone

I’m using Mac and installed frida using #pip install frida-tools

frida-tools on Mac.png

Also, install the Frida on the jailbroken iPhone. Add source build.frida.re and install Frida.

IMG_0009.PNG

Once Frida is installed on Mac and iPhone, perform a smoke test using #frida-ps -U

Frida Smoke Test.png

Step 2: Connect to iPhone (over USB) and select the app you want to decrypt

Download Frida dump iOS from https://github.com/AloneMonkey/frida-ios-dump.

After connecting iPhone over USB, use iproxy for SSH over USB

Screenshot 2020-04-14 at 8.19.44 PM.png

In dump.py, make sure the same port is configured

Screenshot 2020-04-14 at 8.21.11 PM.png

You can list the apps (to be decrypted) using #python dump.py -l

listing apps.png

Step 3: Decrypt the app

From the above list, I have selected the Instagram app to decrypt.

decryption.png

Finally, you can check the decrypted Instagram app here

Decrypred IPA.png

That’s all! You can use this decrypted IPA for further analysis! Let me know if these steps were useful to you or facing issues in the comments section!

Happy Hacking!

References:

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s