While performing a security assessment of the iOS apps, one of the important steps is to analyze the decrypted app!
In this blog, I’ll quickly show you how you can decrypt any iOS app from Appstore in 3 easy steps.
- Jailbroken iPhone running iOS 13 or above ( I have tested this technique on the latest iOS! It should work on the older version too).
- iPhone connected over USB
Step 1: Install Frida on the system (Mac/Windows) and iPhone
I’m using Mac and installed frida using #pip install frida-tools
Also, install the Frida on the jailbroken iPhone. Add source build.frida.re and install Frida.
Once Frida is installed on Mac and iPhone, perform a smoke test using #frida-ps -U
Step 2: Connect to iPhone (over USB) and select the app you want to decrypt
Download Frida dump iOS from https://github.com/AloneMonkey/frida-ios-dump.
After connecting iPhone over USB, use iproxy for SSH over USB
In dump.py, make sure the same port is configured
You can list the apps (to be decrypted) using #python dump.py -l
Step 3: Decrypt the app
From the above list, I have selected the Instagram app to decrypt.
Finally, you can check the decrypted Instagram app here
That’s all! You can use this decrypted IPA for further analysis! Let me know if these steps were useful to you or facing issues in the comments section!
- Frida – https://frida.re/
- Frida dump – https://github.com/AloneMonkey/frida-ios-dump