Scribd Logo
Upload

Welcome to Scribd!

  • IPA File Extraction Using Jailbroken Iphone - by Shashank's Blog - Medium

    Uploaded by

    shashank_gosavi_25
    46 views7 pages
    This document discusses extracting IPA files from a jailbroken iPhone using Frida and iproxy. It outlines the prerequisites including installing iproxy via Homebrew and cloning the Frida-ios-dump GitHub repository. It then explains the extraction process, which involves running Frida-ps to get the display name of the target app, and using the dump.py script to download an unencrypted version of the IPA file. Extracting the IPA in this way allows for easier static analysis compared to using tools like iFunbox that provide encrypted files.

    Original Description:

    Extracting IPA (Apple App) from Jailbroken iPhone

    Original Title

    IPA File Extraction using Jailbroken iPhone _ by Shashank's Blog _ Medium

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses extracting IPA files from a jailbroken iPhone using Frida and iproxy. It outlines the prerequisites including installing iproxy via Homebrew and cloning the Frida-ios-dump GitHub repository. It then explains the extraction process, which involves running Frida-ps to get the display name of the target app, and using the dump.py script to download an unencrypted version of the IPA file. Extracting the IPA in this way allows for easier static analysis compared to using tools like iFunbox that provide encrypted files.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    46 views7 pages

    IPA File Extraction Using Jailbroken Iphone - by Shashank's Blog - Medium

    Uploaded by

    shashank_gosavi_25
    This document discusses extracting IPA files from a jailbroken iPhone using Frida and iproxy. It outlines the prerequisites including installing iproxy via Homebrew and cloning the Frida-ios-dump GitHub repository. It then explains the extraction process, which involves running Frida-ps to get the display name of the target app, and using the dump.py script to download an unencrypted version of the IPA file. Extracting the IPA in this way allows for easier static analysis compared to using tools like iFunbox that provide encrypted files.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 7

    Open in app

    Shashank's Blog
    Dec 11, 2021 · 3 min read · Listen

    Save

    IPA File Extraction using Jailbroken iPhone

    S tatic analysis is an important aspect of any MAPT activity. Tools like MobSF are helping
    pentesters performing automated static analysis. But to perform these scans we need an
    IPA file. In this short post, we will look at one such such method which provides sure shot way to
    extract IPA file out of an Jailbroken iPhone (or iPad for that matter).

    Pre-requisite

    a. MacOS (Don’t worry if you don’t have MacBook. I have wrote a detailed article on How to
    Create an almost perfect MacOS VM)

    b. Jailbroken iPhone with Frida installed on it.

    c. Frida-tools installed on MacOS

    Setup

    We will be using couple of free, open-source tools for this activity.

    a. iproxy: This little utility helps connecting iPhone SSH over USB. This is not by default installed
    in MacOS.

    iproxy not found error

    You can install it via Homebrew by simply running following command:

    brew install usbmuxd

    3
    Open in app

    iproxy installed via Homebrew

    Note: If you don’t about Homebrew, it is an amazing package manager just like APT (Linux) or
    Chocolatey (Windows). You must explorer it.

    You can verify successful install by running following command:

    iproxy 2222 22

    iproxy running successfully

    b. AloneMonkey’s Frida-ios-dump: This is the utility which will allow us to extracted


    unencrypted iOS IPA files.
    Open in app

    frida-ios-dump

    It’s installation is straight forward.

    Pull it from Github, by running command:

    git clone https://github.com/AloneMonkey/frida-ios-dump

    Git Clone

    Install the requirements mentioned requirements.txt file inside cloned directory. It doesn’t matter
    which Python 3.x or 2.x. It supports both.

    sudo pip install -r requirements.txt --upgrade


    Open in app

    Requirements installed

    With this pre-requisites are met.

    IPA Extraction

    a. Connect iPhone to MacOS

    b. Run frida-ps command in order to get “Display Name” of target app.

    Getting Display Name of Target App

    c. Run following command to download decrypted version of IPA.

    python dump.py <display name>


    Open in app
    Open in app

    It generally ask you to start app on iPhone before initiating dump, so make sure to run app on
    device.

    On successful completion, IPA file get generated on same folder as frida-ios-dump folder.

    Why this tedious way than iFunbox?

    Now you may ask why follow this bit inconvenient way to extract IPA file. We can use iMazing or
    iFunbox as well, right? Well, most important reason to use this particular tools is because it gives
    out “unencrypted” IPA files. Which means these files are easy for static analysis. Not only that,
    these IPAs works fine when sideloaded on other iPhones as well as Corellium VMs too.

    Hope this was useful!!! Will meet in next post :)


    Open in app

    Get an email whenever Shashank publishes.


    You cannot subscribe to yourself

    You might also like