IOS app decrypt

From Hawk Wiki
Revision as of 21:46, 18 August 2015 by Hall (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

ios7 2014

This wiki shows an easy method to decrypt ios apps and dump classes.
1. Using MAC OS X
2. Using dumpdecrypted. github link https://github.com/stefanesser/dumpdecrypted

git clone git@github.com:stefanesser/dumpdecrypted.git

#My phone is iOS 7, so I do not need to change the make file
make


3. Upload dumpdecrypted.dylib to iphone, then ssh to iphone

iPhone:~ root# DYLD_INSERT_LIBRARIES=dumpdecrypted.dylib /var/mobile/Containers/Bundle/Application/xx-xxxx-xx/Scan.app/Scan mach-o decryption dumper

Then Scan.decrypted will be saved to current directory Run this to verify if it's decrypted.

iPhone:~ root# class-dump-z Scan.decrypted

class-dump-z download link https://code.google.com/p/networkpx/wiki/class_dump_z

iOS8 2015

iOS8 have some updates.

use Clutch to decrypt https://github.com/KJCracks/Clutch

class-dump use this link http://stevenygard.com/projects/class-dump/

You need to copy the dump decrypted files to you mac.

The user applications are no longer located at the location /var/mobile/Applications. The application bundle is stored in the location /var/mobile/Containers/Bundle/Application (Appname.app) whereas the application data (Documents, Library, tmp folder) is stored in the location /var/mobile/Containers/Data/Application. The name of the folder (a unique ID) will also be different for the same application. So while checking an application, it is recommended to look at both the locations.

Refer to http://resources.infosecinstitute.com/ios-application-security-part-37-adapting-ios-8/