IPA Decryption

If an IPA file is retrieved from the apple store, it must be decrypted.

Decrypting an IPA

Firstly, using your iOS testing device, download the IPA from the app store

Frida Dump

To retrieve the IPA file, you can use Frida Dump. You will need an iOS testing device and a Mac.

• https://github.com/AloneMonkey/frida-ios-dump

To setup Frida Dump on your iOS testing device and Mac, conduct the following steps:

1. (On phone) Add the Frida source to your JailBreak app

   1. https://build.frida.re/

2. (on mac) use the command

   1. iproxy 2222 22

3. (on mac) use the command

   1. python3 dump -l

4. (on mac) use the command

   1. python3 dump.py -o ~/Desktop/<app.ipa> <app bundle from above cmd>

5. (on mac) use the command

   1. unzip <app.ipa>

Now check if IPA binary is encrypted or not (on mac) using the following command:

• otool -l Payload/<app.app>/app_binary | grep cryptid

  • 1 = encrypted

  • 0 = not encrypted