3 Steps to Decrypt Any iOS App on iOS 13+

While performing a security assessment of the iOS apps, one of the important steps is to analyze the decrypted app!

In this blog, I’ll quickly show you how you can decrypt any iOS app from Appstore in 3 easy steps.

Requirements:

  • Jailbroken iPhone running iOS 13 or above ( I have tested this technique on the latest iOS! It should work on the older version too).
  • iPhone connected over USB

Step 1: Install Frida on the system (Mac/Windows) and iPhone

I’m using Mac and installed frida using #pip install frida-tools

Also, install the Frida on the jailbroken iPhone. Add source build.frida.re and install Frida.

Once Frida is installed on Mac and iPhone, perform a smoke test using #frida-ps -U

Step 2: Connect to iPhone (over USB) and select the app you want to decrypt

Download Frida dump iOS from https://github.com/AloneMonkey/frida-ios-dump.

After connecting iPhone over USB, use iproxy for SSH over USB

In dump.py, make sure the same port is configured

You can list the apps (to be decrypted) using #python dump.py -l

Step 3: Decrypt the app

From the above list, I have selected the Instagram app to decrypt.

Finally, you can check the decrypted Instagram app here

That’s all! You can use this decrypted IPA for further analysis! Let me know if these steps were useful to you or facing issues in the comments section!

Happy Hacking!

References:

  • Frida – https://frida.re/
  • Frida dump – https://github.com/AloneMonkey/frida-ios-dump

Leave a Comment