Decrypt application encrypted binaries on macOS when SIP-enabled.

Last update: Jan 5, 2023

Related tags

Cryptocurrency mac ios app dump ipa macho mini m1 macho-parser ipadump frida-ios-dump

Overview

appdecrypt

Decrypt application encrypted binaries on macOS when SIP-enabled.

This works well and compiles for iOS nicely, if you want use it at iOS devices, you can use build-ios.sh (Thanks @dlevi309).

How to use

> git clone https://github.com/paradiseduo/appdecrypt.git
> cd appdecrypt
> chmod +x build-macOS_arm.sh
> ./build-macOS_arm.sh
> cd .build/release
> ./appdecrypt
Version 1.0

appdecrypt is a tool to make decrypt application encrypted binaries on macOS when SIP-enabled.

Examples:
    appdecrypt /Applicaiton/Test.app/Wrapper/Test.app/Test /Users/admin/Desktop/Test

USAGE: appdecrypt encryptMachO_Path decryptMachO_Path

ARGUMENTS:
  <encryptMachO_Path>     The encrypt machO file path.
  <decryptMachO_Path>     The path output decrypt machO file.

OPTIONS:
  -h, --help              Show help information.

Principle

This was discovered independently when analyzing kernel sources, but it appears that the technique was first introduced on iOS :

https://github.com/JohnCoates/flexdecrypt

but now works on macOS:

https://github.com/meme/apple-tools/tree/master/foulplay

Comments

Decrypt IPA occur error

I tried to decrypt IPA "JW library" but it occurred error. Here is what I done: 1.rename .ipa to zip and unzip it 2.mkdir on Desktop and name it "payload" 3.decrypt app where in unzipped floder

here is error message I received:

opened by xellosiris 7
xcrun: error: unable to find utility "xctest"

error: terminated(72): /usr/bin/xcrun --sdk macosx --find xctest output: xcrun: error: unable to find utility "xctest", not a developer tool or in PATH

Macos version: 11.5.1 device: macbook pro with apple silicon(M1) how to fix it? thx!

opened by Master-cai 5
在Mac上破壳IPA运行时间过长，且无报错

如题，时间过长指30分钟。 Mac信息： MacBook Air (M1, 2020)，macOS Big Sur 11.5.2; IPA信息：明日方舟，版本1.5.60，来源：借由 Apple Configurator 2 下载的适用于 iPhone 的 IPA 文件，MacO文件大小：159.6MB； Appdecrypt 安装方式：通过 Release 界面下载，解压后置于/usr/local/bin 终端界面如下： Last login: Sat Aug 28 21:15:40 on ttys000 yy@YYdeMacBook-Air ~ % appdecrypt /Users/yy/Desktop/Arknights/Payload/arknights.app /Users/yy/Downloads

opened by YYAppleFan 2
This also works perfectly on iOS

Sorry for creating an issue, I just wanted to let you know that this actually works fully on iOS. Unlike flexdecrypt, it doesn't require spawning the executable, and after a couple of tests to confirm this works, I've been able to decrypt + install the final ipa's with no issues.

I created a repo with my build configuration and a pre-compiled binary under releases if you wan't to try this out and maybe integrate iOS support into the main repo. https://github.com/dlevi309/appdecrypt-ios

opened by dlevi309 1

Error while building

error: 'appdecrypt': Invalid manifest
/Users/user/appdecrypt/Package.swift:3:8: error: no such module 'PackageDescription'
import PackageDescription
       ^

opened by ForestOfLight 4

mmap failed！

iphone567:/tmp root# ./appdecrypt /private/var/containers/Bundle/Application/90F191CD-4192-45A0-9B53-BF1E15098F3E/ /tmp Success to copy file. Dump /private/var/containers/Bundle/Application/90F191CD-4192-45A0-9B53-BF1E15098F3E/neighborhood.app/neighborhood fail, because of mmap fail with Invalid argument Dump /private/var/containers/Bundle/Application/90F191CD-4192-45A0-9B53-BF1E15098F3E/neighborhood.app/PlugIns/NotificationService.appex/NotificationService fail, because of mmap fail with Invalid argument

too many app decrypt failed!

opened by piaoapiao 0
zsh: segmentation fault ./appdecrypt /Users/madstsk/.myWirdFiles/sideload/HCR2/Payload/hcrwc-iOS.app
This is how I have done it.

Got an IPA from my iPhone using iMazing

Renamed it to a .zip

Decompressed the zip file.

Ran the command: appdecrypt % ./appdecrypt /Users/madstsk/.myWirdFiles/sideload/HCR2/Payload/hcrwc-iOS.app /Users/madstsk/.myWirdFiles/sideload/HCR2-decrypted.app

Got this output: zsh: segmentation fault ./appdecrypt /Users/madstsk/.myWirdFiles/sideload/HCR2/Payload/hcrwc-iOS.app I have tried to chmod -R 777 the parentfolder.
opened by Maki2007 1
decrypt fail

Dump /var/containers/Bundle/Application/AA24AA4E-DF06-4D35-B314-0B120A7DE876/XXX.app/XXX fail, because of mmap fail with Invalid argument other framework Success. Why? How to do?

opened by fengyunyongjie 0
iPhone:~ root# appdecrypt /var/containers/Bundle/Application/6EAF497A-E921-4BB7-9006-F7FB6D813003/ ./ Success to copy file. Dump /var/containers/Bundle/Application/6EAF497A-E921-4BB7-9006-F7FB6D813003/QQNews.app/QQNews fail, because of encrypted fail with Operation not permitted

iPhone:~ root# appdecrypt /var/containers/Bundle/Application/6EAF497A-E921-4BB7-9006-F7FB6D813003/ ./
Success to copy file. Dump /var/containers/Bundle/Application/6EAF497A-E921-4BB7-9006-F7FB6D813003/QQNews.app/QQNews fail, because of encrypted fail with Operation not permitted

opened by lgq2015 1

Releases(2.1)

2.1(Oct 25, 2021)

Source code(tar.gz)
Source code(zip)
appdecrypt_arm64_iOS.zip(19.75 KB)
appdecrypt_arm64_macOS.zip(16.76 KB)
2.0(Aug 13, 2021)

Source code(tar.gz)
Source code(zip)
appdecrypt-arm64-iOS.zip(21.48 KB)
appdecrypt-arm64-macOS.zip(15.90 KB)
v1.0(Jul 29, 2021)

Source code(tar.gz)
Source code(zip)
appdecrypt.zip(27.40 KB)

Owner

Alibaba Summary: Learn these development knowledge and beat the interviewer in minutes.

GitHub

Build a viable browser extension Ethereum wallet for Safari on macOS and especially iOS

Safari Wallet This is an experiment to see whether we can build a viable browser extension Ethereum wallet for Safari on macOS and especially iOS. Ove

40 Dec 14, 2022

SIP calculator calculates the future value of SIP (Systematic Investment Plan) payments.

SIP calculator calculates the future value of SIP (Systematic Investment Plan) payments. This app is available in the AppStore. Learn more here. #Desc

26 Dec 7, 2022

macOS menu bar app that displays the current status of SIP (System Integrity Protection)

MenuBarSIPDetector This is a DEMO app for my Swift library TINURecovery and it is a macOS menu bar app that displays the current status of SIP (System

19 Dec 18, 2022

Arm64 architecture handler - It uses unicorn and libffi to run iOS arm64 binaries on x86_64 macOS

aah arm64 architecture handler. It uses unicorn and libffi to run iOS arm64 binaries on x86_64 macOS, with varying degrees of success. Most things wil

159 Dec 2, 2022

QMK Agent is a macOS menubar application which sends commands to a QMK enabled keyboard

QMKagent QMK Agent is a macOS menubar application which sends commands to a QMK enabled keyboard Features System volume indicator using top row (Esc t

4 Apr 24, 2022

Native and encrypted password manager for iOS and macOS.

Open Sesame Native and encrypted password manager for iOS and macOS. What is it? OpenSesame is a free and powerful password manager that lets you mana

432 Jan 7, 2023

Native and encrypted password manager for iOS and macOS.

Open Sesame Native and encrypted password manager for iOS and macOS. What is it? OpenSesame is a free and powerful password manager that lets you mana

431 Dec 28, 2022

//afone is the reference implementation for SIP Telephony on iOS

//afone is the reference implementation for SIP Telephony on iOS that can be used on different SIP stacks with no effort. It comes with an easily exte

31 Nov 16, 2022

A simple and opinionated AES encrypt / decrypt Objective-C class that just works.

AESCrypt-ObjC - Simple AES encryption / decryption for iOS and OS X AESCrypt is a simple to use, opinionated AES encryption / decryption Objective-C c

782 Oct 12, 2022

RSA encrypt and decrypt in Swift

MZRSA_Swift MZRSA_Swift是一个轻量级框架，框架功能包含RSA加密/解密Data、RSA加密/解密String，支持字符串密钥和证书密钥公钥加密&私钥解密(字符串密钥) 代码示例 let PUBLIC_KEY = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8

8 Jan 5, 2023

PGPro can encrypt and decrypt messages as well as manage all your OpenPGP keys. It is free, simple and lightweight. Everything stays on your device. PGPro is made in Switzerland.

PGPro can encrypt and decrypt messages as well as manage all your OpenPGP keys. It is free, simple and lightweight. Everything stays on your device. P