Difference between revisions of "IOS app decrypt"
(Created page with "1. Using MAC OS X<br> 2. Using dumpdecrypted. github link https://github.com/stefanesser/dumpdecrypted <pre> git clone git@github.com:stefanesser/dumpdecrypted.git #My phone...") |
|||
| (4 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| + | ==ios7 2014== | ||
| + | This wiki shows an easy method to decrypt ios apps and dump classes.<br> | ||
1. Using MAC OS X<br> | 1. Using MAC OS X<br> | ||
| − | 2. Using dumpdecrypted. github link | + | 2. Using dumpdecrypted. github link https://github.com/stefanesser/dumpdecrypted |
<pre> | <pre> | ||
git clone git@github.com:stefanesser/dumpdecrypted.git | git clone git@github.com:stefanesser/dumpdecrypted.git | ||
| Line 11: | Line 13: | ||
3. Upload dumpdecrypted.dylib to iphone, then ssh to iphone | 3. Upload dumpdecrypted.dylib to iphone, then ssh to iphone | ||
<pre> | <pre> | ||
| − | iPhone:~ root# DYLD_INSERT_LIBRARIES=dumpdecrypted.dylib /var/mobile/ | + | iPhone:~ root# DYLD_INSERT_LIBRARIES=dumpdecrypted.dylib /var/mobile/Containers/Bundle/Application/xx-xxxx-xx/Scan.app/Scan mach-o decryption dumper |
</pre> | </pre> | ||
Then Scan.decrypted will be saved to current directory | Then Scan.decrypted will be saved to current directory | ||
| Line 18: | Line 20: | ||
iPhone:~ root# class-dump-z Scan.decrypted | iPhone:~ root# class-dump-z Scan.decrypted | ||
</pre> | </pre> | ||
| + | class-dump-z download link https://code.google.com/p/networkpx/wiki/class_dump_z | ||
| + | |||
| + | ==iOS8 2015== | ||
| + | |||
| + | iOS8 have some updates. | ||
| + | |||
| + | use Clutch to decrypt https://github.com/KJCracks/Clutch | ||
| + | |||
| + | class-dump use this link http://stevenygard.com/projects/class-dump/ | ||
| + | |||
| + | You need to copy the dump decrypted files to you mac. | ||
| + | |||
| + | The user applications are no longer located at the location /var/mobile/Applications. The application bundle is stored in the location /var/mobile/Containers/Bundle/Application (Appname.app) whereas the application data (Documents, Library, tmp folder) is stored in the location /var/mobile/Containers/Data/Application. The name of the folder (a unique ID) will also be different for the same application. So while checking an application, it is recommended to look at both the locations. | ||
| + | |||
| + | Refer to http://resources.infosecinstitute.com/ios-application-security-part-37-adapting-ios-8/ | ||
Latest revision as of 21:46, 18 August 2015
ios7 2014
This wiki shows an easy method to decrypt ios apps and dump classes.
1. Using MAC OS X
2. Using dumpdecrypted. github link https://github.com/stefanesser/dumpdecrypted
git clone git@github.com:stefanesser/dumpdecrypted.git #My phone is iOS 7, so I do not need to change the make file make
3. Upload dumpdecrypted.dylib to iphone, then ssh to iphone
iPhone:~ root# DYLD_INSERT_LIBRARIES=dumpdecrypted.dylib /var/mobile/Containers/Bundle/Application/xx-xxxx-xx/Scan.app/Scan mach-o decryption dumper
Then Scan.decrypted will be saved to current directory Run this to verify if it's decrypted.
iPhone:~ root# class-dump-z Scan.decrypted
class-dump-z download link https://code.google.com/p/networkpx/wiki/class_dump_z
iOS8 2015
iOS8 have some updates.
use Clutch to decrypt https://github.com/KJCracks/Clutch
class-dump use this link http://stevenygard.com/projects/class-dump/
You need to copy the dump decrypted files to you mac.
The user applications are no longer located at the location /var/mobile/Applications. The application bundle is stored in the location /var/mobile/Containers/Bundle/Application (Appname.app) whereas the application data (Documents, Library, tmp folder) is stored in the location /var/mobile/Containers/Data/Application. The name of the folder (a unique ID) will also be different for the same application. So while checking an application, it is recommended to look at both the locations.
Refer to http://resources.infosecinstitute.com/ios-application-security-part-37-adapting-ios-8/
