How to dump iOS Applications on a jailbroken iPhone- MacOS Edition
This guide will walk you through the complete process of dumping an installed application on your iPhone to an IPA.
Requirements:
- A mac
- A jailbroken iPhone
- Patience and interest to continue…….
1. Install brew Package manager for your mac if you haven’t already.
Brew is a package manager that you have to have on your MacOS system. It has various repositories (known as taps) and packages (known as formulas). Setting up and running brew is pretty straight forward. Follow the steps below:
· Open safari and go to https://brew.sh
· Copy the highlighted text under the heading “Install Homebrew” and paste it in your terminal.
· Hit Enter/return on keyboard and let the process finish. While the process goes on, you may need to open Settings>Software Update page and click on update as it will install command line tools for your mac.
· When all goes well brew should be installed. You can verify brew installation by running the command brew — version. You should get the following output.
2. Installing python3 using brew
Most Macs come with python pre installed but we will be needing the latest version of python as our tool uses latest python3 Installing python3 (or any software ) using brew is very easy. Just follow the steps below:
· Open Terminal and type
brew install python3
· Just let the process complete in terminal and if all goes without errors (which should if brew is installed correctly), python 3 should be installed.
· You can verify your python3 installation using the command python3. It should give you a similar output.
3. Installing libimobiledevice on mac
Libimobiledevice is a library to communicate with your ios devices natively. Chances are when you installed brew and it in turn installed command line Xcode tools, libimobiledevice would have been installed natively. If not sure, install it via brew.
· Installing via brew is similar to other process. Just type brew install libimobiledevice. Let the process complete and we should be good to go.
4. Downloading Frida-ios-dump on your mac.
For dumping the installed applications we need the awesome tool frida-ios-dump. Its a free open source tool available on github and its pretty simple to use. You can read more about it on its official github page.
- Create a new folder on Desktop and name it Frida
- Open terminal and type
cd Desktop/Frida
- Now we need to git clone the repository. Just type
- After the repository is cloned, which should not take more than seconds move to the frida-ios-dump folder by typing the command
cd frida-ios-dump
- Now we need to install the requirements for frida. Just type
sudo pip3 install -r requirements.txt
It will take some time , let the process complete without errors.
5. Downloading Frida for your iPhone
Now that we have frida dump ready on our MacOS system, we need to install the frida server on our iPhone. Installing frida on iPhone is as easy as installing any tweak.
- Jailbreak your device
- Open the package manager of your choice- Cydia/Zebra/Sileo and add the following repository
- Once added search for Frida and you should get the following results:
- Install frida based on your device configuration.
6. Enough!! Lets dive into action now.
Well enough of all the installations and setups. Lets do what you guys came here to do. dump an ios application. Lets finish what we started…
- Connect your iPhone to your mac via usb cable and trust the computer if it asks so.
- On your Mac open up a terminal and type the following command
iproxy 2222 22
You should get an output similar to this:
- Leave this terminal window open in background and open a new Terminal Window and navigate to the directory where we cloned the frida-ios-dump repository by using following command:
cd Desktop/Frida/frida-ios-dump
- Once in frida-ios-dump folder with your iPhone connected and iproxy terminal session running in background type the following command to list the applications installed on your iPhone:
python3 dump.py -l
You should get an output listing all your applications like this:
- Make note of the application identifier of the application you want to dump and copy it. I will be dumping the Netflix app as an example so I will be using the netflix app identifier. Replace the identifier with that of your desired app in the following command:
python3 dump.py com.netflix.Netflix
- The application should launch on your iphone automatically. If it doesn’t you can manually launch the app so the process starts. You will get the following output:
Thats it!! You should now have your decrypted IPA in the folder where your ran frida commands.
You can now use this IPA for static analysis of the application using MobSF or its binary analysis using IDA or Hopper. You can also save the current version of ipa to install it later on your device using Altstore or Cydia Impactor.
I hope you guys enjoyed this dumping of iOS applications. I will soon come up with the similar guide to do this on Windows. Till that time, Enjoy!!!!
