paradiseduo/appdecrypt paradiseduo/appdecrypt

  • Stars
    star
    732
  • Rank 61,915 (Top 2 %)
  • Language
    Swift
  • License
    GNU General Publi...
  • Created over 3 years ago
  • Updated about 1 month ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
paradiseduo/appdecrypt
github

paradiseduo

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

appdecrypt is a tool to make decrypt application encrypted binaries on macOS when SIP-enabled (macOS 11.3 or below)

appdecrypt

Decrypt application encrypted binaries on macOS when SIP-enabled (macOS 11.3 or below).

This works well and compiles for iOS nicely, if you want use it at iOS devices, you can use build-ios.sh (Thanks @dlevi309).

How to use

On mac with M1 CPU

> git clone https://github.com/paradiseduo/appdecrypt.git
> cd appdecrypt
> chmod +x build-macOS_arm.sh
> ./build-macOS_arm.sh
> ./appdecrypt
Version 2.1

appdecrypt is a tool to make decrypt application encrypted binaries on macOS when SIP-enabled.

Examples:
    mac:
        appdecrypt /Applicaiton/Test.app /Users/admin/Desktop/Test.app
    iPhone:
        appdecrypt /var/containers/Bundle/Application/XXXXXX /tmp

USAGE: appdecrypt encryptMachO_Path decryptMachO_Path

ARGUMENTS:
  <encryptApp_Path>     The encrypt app file path.
  <decrypt_Path>        The path output file.

OPTIONS:
  -h, --help              Show help information.

For Example

> ./appdecrypt /Applicaiton/Test.app /Users/admin/Desktop/Test.app
Success to copy file.
Dump /Applications/Test.app/Wrapper/Test.app/Test Success
Dump /Applications/Test.app/Wrapper/Test.app/PlugIns/TestNotificationService.appex/TestNotificationService Success
Dump /Applications/Test.app/Wrapper/Test.app/Frameworks/trackerSDK.framework/trackerSDK Success
Dump /Applications/Test.app/Wrapper/Test.app/Frameworks/AgoraRtcKit.framework/AgoraRtcKit Success
> cd /Users/admin/Desktop/Test.app
> ls
WrappedBundle Wrapper
> cd Wrapper
> ls
BundleMetadata.plist Test.app            iTunesMetadata.plist

On Jailbreak iPhone with arm64 CPU

First you should connect jailbreak iPhone with USB.

> brew install ldid
> git clone https://github.com/paradiseduo/appdecrypt.git
> cd appdecrypt
> chmod +x build-iOS.sh
> ./build-iOS.sh
> scp -P 2222 appdecrypt [email protected]:/tmp

// In iPhone shell
> cd /tmp
> ./appdecrypt
Version 2.1

appdecrypt is a tool to make decrypt application encrypted binaries on macOS when SIP-enabled.

Examples:
    mac:
        appdecrypt /Applicaiton/Test.app /Users/admin/Desktop/Test.app
    iPhone:
        appdecrypt /var/containers/Bundle/Application/XXXXXX /tmp

USAGE: appdecrypt encryptMachO_Path decryptMachO_Path

ARGUMENTS:
  <encryptApp_Path>     The encrypt app file path.
  <decrypt_Path>        The path output file.

OPTIONS:
  -h, --help              Show help information.

For Example

// In iPhone shell
> ./appdecrypt /var/containers/Bundle/Application/5B5D4E97-E760-4AC5-BFEE-F0FF72EBB19E /tmp
Success to copy file.
Dump /var/containers/Bundle/Application/5B5D4E97-E760-4AC5-BFEE-F0FF72EBB19E/KingsRaid.app/KingsRaid Success
Dump /var/containers/Bundle/Application/5B5D4E97-E760-4AC5-BFEE-F0FF72EBB19E/KingsRaid.app/Frameworks/FBSDKGamingServicesKit.framework/FBSDKGamingServicesKit Success
Dump /var/containers/Bundle/Application/5B5D4E97-E760-4AC5-BFEE-F0FF72EBB19E/KingsRaid.app/Frameworks/FBLPromises.framework/FBLPromises Success
Dump /var/containers/Bundle/Application/5B5D4E97-E760-4AC5-BFEE-F0FF72EBB19E/KingsRaid.app/Frameworks/FBSDKShareKit.framework/FBSDKShareKit Success
Dump /var/containers/Bundle/Application/5B5D4E97-E760-4AC5-BFEE-F0FF72EBB19E/KingsRaid.app/Frameworks/GoogleUtilities.framework/GoogleUtilities Success
Dump /var/containers/Bundle/Application/5B5D4E97-E760-4AC5-BFEE-F0FF72EBB19E/KingsRaid.app/Frameworks/FBSDKLoginKit.framework/FBSDKLoginKit Success
Dump /var/containers/Bundle/Application/5B5D4E97-E760-4AC5-BFEE-F0FF72EBB19E/KingsRaid.app/Frameworks/nanopb.framework/nanopb Success
Dump /var/containers/Bundle/Application/5B5D4E97-E760-4AC5-BFEE-F0FF72EBB19E/KingsRaid.app/Frameworks/FBSDKCoreKit.framework/FBSDKCoreKit Success
Dump /var/containers/Bundle/Application/5B5D4E97-E760-4AC5-BFEE-F0FF72EBB19E/KingsRaid.app/Frameworks/Protobuf.framework/Protobuf Success
> cd Payload
> ls
BundleMetadata.plist  KingsRaid.app/  iTunesMetadata.plist
> tar -cvf /tmp/dump.tar ./


// In mac shell
> cd ~/Desktop
> scp -P 2222 [email protected]:/tmp/dump.tar .
dump.tar

Principle

This was discovered independently when analyzing kernel sources, but it appears that the technique was first introduced on iOS :

https://github.com/JohnCoates/flexdecrypt

but now works on macOS:

https://github.com/meme/apple-tools/tree/master/foulplay

LICENSE

This software is released under the GPL-3.0 license.

Stargazers over time

Stargazers over time

More Repositories

1

ShadowsocksX-NG-R8

ShadowsocksX-NG-R for MacOS, ShadowsocksR
Swift
1,372
star
2

ApplicationScanner

An open source application scanning tool
Python
448
star
3

ClashXR

A rule based custom proxy with GUI for Mac base on clash.
Swift
446
star
4

IPAPatch

Patch iOS Apps, The Easy Way, Without Jailbreak.
Objective-C
375
star
5

tcping

tcping command, written with Objective-C, on macOS,tcping for mac,ping over a tcp connection
Objective-C
297
star
6

resymbol

A reverse engineering tool to restore stripped symbol table and dump Objective-C class or Swift types for machO file.
Swift
190
star
7

Trojan

GUI for trojan client on macOS, trojan for mac, written by Swift
Swift
171
star
8

inject

Command Line Tool for interacting with MachO binaries on OSX/iOS
Swift
149
star
9

dsdump

An improved nm + Objective-C & Swift class-dump
Python
129
star
10

GTA5-NativeTrainer

GTA5 Epic最新版修改器(汉化版)
33
star
11

AntiFrida

What is Frida,Why is Frida, How about Frida
JavaScript
31
star
12

Frida-Class-Dump

ios application class-dump use frida
Swift
30
star
13

Kcptun

GUI for kcptun client on macOS, kcptun for mac, written by Swift
Swift
26
star
14

Converter

Convert an IPA (iOS) to mac App (M1)
Swift
25
star
15

subweb

Utility to convert between various subscription format
HTML
24
star
16

Anti-Disassembly-On-Arm64

Objective-C
18
star
17

fridahook

常用测试脚本
JavaScript
17
star
18

TTNetworkManager

SSL pinning that TikTok/抖音
JavaScript
15
star
19

YSDTool

10
star
20

ClassView

一款适用于iOS的隐私合规检测工具
Swift
9
star
21

ida-swift-demangle

A tool to demangle Swift function names in IDA.
Python
5
star
22

dsc_extractor

dsc_extractor
C
5
star
23

FreeNovelDownload

听说你想下载免费小说?
Go
5
star
24

LetMeCode

LeetCode练习,每日一道,强身健体
Go
3
star
25

paradiseduo

3
star
26

Konverter

Konverter can help you quickly convert URL encode(decode), uppercase and lowercase, md5, sha256, Base64 encode(decode), Unicode encode(decode), Hex encode(decode), SSR encode(decode), SS encode(decode),HTML encode(decode) on macOS
Objective-C
3
star
27

mobileprovision

Quick search connect device in which mobileprovision
Python
3
star
28

EW

2
star
29

force

使用golang编写的服务弱口令检测
Go
2
star
30

PlistReader

An application can read other application's plist file.
Objective-C
2
star
31

AppleReview

A python tool to help apple review your code and ipa
Python
2
star
32

ImageHub

Shell
2
star
33

Tiktok

Tiktok是一个AST扫描器,用于发现敏感函数调用链,方便通过静态扫描的方式提前做隐私合规水位预警
Swift
2
star
34

QRcode

Mac QR Code scan application
C++
1
star
35

paradiseduo.github.io

HTML
1
star
36

RzUpdater

fix RzUpdater crash
1
star
37

puzzle

Objective-C
1
star