IOS reverse development – Installation and use of the decrypted and Frida-ios-dump tools

IOS Reverse development – Simple instructions for theOS installation and configuration

Guide language: I just learned reverse development, stepped on pit in the process of installing shinning tools, there may be friends encounter the same problem, so record for everyone’s reference, if there is any problem, please correct, thank you…

dumpdecrypted

• Download the dumpDecrypted address

1. Download the decompressed CD to the dumpdecrypted file directory
2. performmakeCommand to generate a dylib file
3. Copy the dylib file to the iPhone (/var/root is recommended if you are root)
4. CD to the directory where dylib resides (/var/root for mobile phone)
5. Inject dylib into the executable to be shelled

• Such as:

Log in to the mobile phone from the terminal. 2. Run the CD /var/root command. Command: ps - A | grep Weibo (the Weibo executable file path) 4. Command: DYLD_INSERT_LIBRARIES=dumpdecrypted.dylib /var/containers/Bundle/Application/78B3CFFF-1E04-4552-BD7B-D39530838B8D/Weibo.app/Weibo 5. Command: ls -l (check whether the decryption is successful, if it is successful it generates a Weibo. Decrypted file in the current folder) 6. Copy to computer, do not use iFunBox guide files have problems, you can use ace assistant export, Can use the command remote copy (SCP -p root @ localhost: 10010 / var/root/Weibo. The decrypted/Users/frzeng/Desktop/tuoqiao) 7. CD to the export file directory, execute the command: Otool -l Weibo. Decrypted | grep cry, if is cryptid 0, hulling successCopy the code

You can run ps -a to obtain the path

DYLD_INSERT_LIBRARIES=dumpdecrypted.dylib Path to the executable file of the software to be decryptedCopy the code

• If peeling encounters signature problems, a signature is required

ldid -S dumpdecrypted.dylib
Copy the code

---

frida-ios-dump

• Download frida – ios – dump

• The installation and configuration process is a bit troublesome, the computer end pit is quite many (maybe I took a detour), I don’t know whether some steps are really needed, if there are friends who have installed some simple steps, please correct them, thank you

• Ios reverse (2) Frida-ios-dump one-click shell-crushing detailed version and ios reverse – shell-crushing Frida-ios-dump installation and use

• Frida installation prerequisite

Install wget: brew install wget 3. PIP installation: the wget https://bootstrap.pypa.io/get-pip.py sudo python get - PIP. Py 4. Rm ~/get-pip.py 5. Python2.7 is available on the PC, and Python3.9 is available on the PC. SSH has been configured (I use USB connection)Copy the code

• Frida installation steps

1. Install Frida on Cydia (https://build.frida.re)

2. ERROR: Command errored out with exit status 1:… ERROR: Command errored out with exit status 1:… (A lot)

3. Python3.9 –> Double-click Install Certificates.com. Mand

4. Unzip frida-ios-dump and go to frida-ios-dump-master

5. Run the sudo pip3 install -r requires. TXT –upgrade command to complete the installation

• After the installation is complete, configurefrida-ios-dump-masterDump. Py in the directory

User = 'root' Password = 'alpine' Host = 'localhost' // If WiFi is connected, enter the phone IP Port = 10010 // If WiFi is connected, the Port should be 22Copy the code

• Use the frida – ios – dump – master

0. For USB port bridge users, set USB bridge status on terminals

1. On another terminal, go to the frida-ios-dump-master directory and run python3 dump.py -l to check the bundle ID of the project

2. Run the python3 dump.py com.xx.xx command to start the unshell (open the APP to be unshell first, so as not to time out).

3. The ipA file is successfully unshelled and stored in the frida-ios-dump-master directory