Pentest List Wiki
  • What is Pentest List Wiki?
  • OFFENSIVE SECURITY
    • External Infrastructure
      • Discovery
        • Email Address Discovery
        • Subdomain Discovery
        • Data Discovery
        • Port & Service Discovery
      • Exploitation
        • Password Spraying
        • Vulnerability Scanning
    • Internal Infrastructure
      • General Discovery
        • AD Attack Path Discovery
        • Port & Service Discovery
      • Credential Discovery
        • Passwords and NetNTLM
        • SAM & LSA secrets
        • NTDS.dit secrets
        • LSASS secrets
        • DCSync
        • DPAPI secrets
      • Movement
        • Credential Spraying
        • SMB Relaying
        • Pass The Hash
      • Infiltration/Exfiltration
        • Pivoting (Proxying)
    • Web Application
      • Discovery
        • Testing API Keys
        • Vulnerability Scan
        • Web Content Discovery
        • Parameter Discovery
        • VHOST Discovery
        • CMS Scanners
      • Exploitation
        • Authentication
          • Email Address Forms
          • AWS Cognito
        • JSON Web Tokens
        • Injection Attacks
          • SQL Injection
          • Cross-Site Scripting
          • HTTP Headers
      • Bypasses
        • Cloudflare Bypass
        • HTTP 403 Bypass
    • Mobile (iOS/Android)
      • iOS
        • IPA Decryption
        • Filesystem Analysis
        • Static Analysis
    • Cloud
      • AWS
        • Vulnerability Scanners
        • S3 Buckets
      • Azure
        • Vulnerability Scanners
        • m365 & Entra ID
  • DEFENSIVE SECURITY
    • Forged Kerberos Tickets
    • Logon Event Visualisation
Powered by GitBook
On this page
  • Decrypting an IPA
  • Frida Dump
  1. OFFENSIVE SECURITY
  2. Mobile (iOS/Android)
  3. iOS

IPA Decryption

How to decrypt and IPA file.

If an IPA file is retrieved from the apple store, it must be decrypted.

Decrypting an IPA

Firstly, using your iOS testing device, download the IPA from the app store

Frida Dump

To retrieve the IPA file, you can use Frida Dump. You will need an iOS testing device and a Mac.

  • https://github.com/AloneMonkey/frida-ios-dump

To setup Frida Dump on your iOS testing device and Mac, conduct the following steps:

  1. (On phone) Add the Frida source to your JailBreak app

    1. https://build.frida.re/

  2. (on mac) use the command

    1. iproxy 2222 22

  3. (on mac) use the command

    1. python3 dump -l

  4. (on mac) use the command

    1. python3 dump.py -o ~/Desktop/<app.ipa> <app bundle from above cmd>

  5. (on mac) use the command

    1. unzip <app.ipa>

Now check if IPA binary is encrypted or not (on mac) using the following command:

  • otool -l Payload/<app.app>/app_binary | grep cryptid

    • 1 = encrypted

    • 0 = not encrypted

PreviousiOSNextFilesystem Analysis

Last updated 10 months ago