Pentest List Wiki
  • What is Pentest List Wiki?
  • OFFENSIVE SECURITY
    • External Infrastructure
      • Discovery
        • Email Address Discovery
        • Subdomain Discovery
        • Data Discovery
        • Port & Service Discovery
      • Exploitation
        • Password Spraying
        • Vulnerability Scanning
    • Internal Infrastructure
      • General Discovery
        • AD Attack Path Discovery
        • Port & Service Discovery
      • Credential Discovery
        • Passwords and NetNTLM
        • SAM & LSA secrets
        • NTDS.dit secrets
        • LSASS secrets
        • DCSync
        • DPAPI secrets
      • Movement
        • Credential Spraying
        • SMB Relaying
        • Pass The Hash
      • Infiltration/Exfiltration
        • Pivoting (Proxying)
    • Web Application
      • Discovery
        • Testing API Keys
        • Vulnerability Scan
        • Web Content Discovery
        • Parameter Discovery
        • VHOST Discovery
        • CMS Scanners
      • Exploitation
        • Authentication
          • Email Address Forms
          • AWS Cognito
        • JSON Web Tokens
        • Injection Attacks
          • SQL Injection
          • Cross-Site Scripting
          • HTTP Headers
      • Bypasses
        • Cloudflare Bypass
        • HTTP 403 Bypass
    • Mobile (iOS/Android)
      • iOS
        • IPA Decryption
        • Filesystem Analysis
        • Static Analysis
    • Cloud
      • AWS
        • Vulnerability Scanners
        • S3 Buckets
      • Azure
        • Vulnerability Scanners
        • m365 & Entra ID
  • DEFENSIVE SECURITY
    • Forged Kerberos Tickets
    • Logon Event Visualisation
Powered by GitBook
On this page
  • Decrypting an IPA
  • Frida Dump
  1. OFFENSIVE SECURITY
  2. Mobile (iOS/Android)
  3. iOS

IPA Decryption

How to decrypt and IPA file.

PreviousiOSNextFilesystem Analysis

Last updated 11 months ago

If an IPA file is retrieved from the apple store, it must be decrypted.

Decrypting an IPA

Firstly, using your iOS testing device, download the IPA from the app store

Frida Dump

To retrieve the IPA file, you can use Frida Dump. You will need an iOS testing device and a Mac.

To setup Frida Dump on your iOS testing device and Mac, conduct the following steps:

  1. (On phone) Add the Frida source to your JailBreak app

  2. (on mac) use the command

    1. iproxy 2222 22

  3. (on mac) use the command

    1. python3 dump -l

  4. (on mac) use the command

    1. python3 -o ~/Desktop/<app.ipa> <app bundle from above cmd>

  5. (on mac) use the command

    1. unzip <app.ipa>

Now check if IPA binary is encrypted or not (on mac) using the following command:

  • otool -l Payload/<app.app>/app_binary | grep cryptid

    • 1 = encrypted

    • 0 = not encrypted

https://github.com/AloneMonkey/frida-ios-dump
https://build.frida.re/
dump.py