• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号
登陆 注册
描述文字

paradiseduo/appdecrypt: appdecrypt is a tool to make decrypt application encrypt ...

原作者: [db:作者] 来自: 网络 收藏 邀请

开源软件名称(OpenSource Name):

paradiseduo/appdecrypt

开源软件地址(OpenSource Url):

https://github.com/paradiseduo/appdecrypt

开源编程语言(OpenSource Language):

Swift 86.0%

开源软件介绍(OpenSource Introduction):

appdecrypt

Decrypt application encrypted binaries on macOS when SIP-enabled.

This works well and compiles for iOS nicely, if you want use it at iOS devices, you can use build-ios.sh (Thanks @dlevi309).

How to use

On mac with M1 CPU

> git clone https://github.com/paradiseduo/appdecrypt.git
> cd appdecrypt
> chmod +x build-macOS_arm.sh
> ./build-macOS_arm.sh
> ./appdecrypt
Version 2.1

appdecrypt is a tool to make decrypt application encrypted binaries on macOS when SIP-enabled.

Examples:
    mac:
        appdecrypt /Applicaiton/Test.app /Users/admin/Desktop/Test.app
    iPhone:
        appdecrypt /var/containers/Bundle/Application/XXXXXX /tmp

USAGE: appdecrypt encryptMachO_Path decryptMachO_Path

ARGUMENTS:
  <encryptApp_Path>     The encrypt app file path.
  <decrypt_Path>        The path output file.

OPTIONS:
  -h, --help              Show help information.

For Example

> ./appdecrypt /Applicaiton/Test.app /Users/admin/Desktop/Test.app
Success to copy file.
Dump /Applications/Test.app/Wrapper/Test.app/Test Success
Dump /Applications/Test.app/Wrapper/Test.app/PlugIns/TestNotificationService.appex/TestNotificationService Success
Dump /Applications/Test.app/Wrapper/Test.app/Frameworks/trackerSDK.framework/trackerSDK Success
Dump /Applications/Test.app/Wrapper/Test.app/Frameworks/AgoraRtcKit.framework/AgoraRtcKit Success
> cd /Users/admin/Desktop/Test.app
> ls
WrappedBundle Wrapper
> cd Wrapper
> ls
BundleMetadata.plist Test.app            iTunesMetadata.plist

On Jailbreak iPhone with arm64 CPU

First you should connect jailbreak iPhone with USB.

> brew install ldid
> git clone https://github.com/paradiseduo/appdecrypt.git
> cd appdecrypt
> chmod +x build-iOS.sh
> ./build-iOS.sh
> scp -P 2222 appdecrypt [email protected]:/tmp

// In iPhone shell
> cd /tmp
> ./appdecrypt
Version 2.1

appdecrypt is a tool to make decrypt application encrypted binaries on macOS when SIP-enabled.

Examples:
    mac:
        appdecrypt /Applicaiton/Test.app /Users/admin/Desktop/Test.app
    iPhone:
        appdecrypt /var/containers/Bundle/Application/XXXXXX /tmp

USAGE: appdecrypt encryptMachO_Path decryptMachO_Path

ARGUMENTS:
  <encryptApp_Path>     The encrypt app file path.
  <decrypt_Path>        The path output file.

OPTIONS:
  -h, --help              Show help information.

For Example

// In iPhone shell
> ./appdecrypt /var/containers/Bundle/Application/5B5D4E97-E760-4AC5-BFEE-F0FF72EBB19E /tmp
Success to copy file.
Dump /var/containers/Bundle/Application/5B5D4E97-E760-4AC5-BFEE-F0FF72EBB19E/KingsRaid.app/KingsRaid Success
Dump /var/containers/Bundle/Application/5B5D4E97-E760-4AC5-BFEE-F0FF72EBB19E/KingsRaid.app/Frameworks/FBSDKGamingServicesKit.framework/FBSDKGamingServicesKit Success
Dump /var/containers/Bundle/Application/5B5D4E97-E760-4AC5-BFEE-F0FF72EBB19E/KingsRaid.app/Frameworks/FBLPromises.framework/FBLPromises Success
Dump /var/containers/Bundle/Application/5B5D4E97-E760-4AC5-BFEE-F0FF72EBB19E/KingsRaid.app/Frameworks/FBSDKShareKit.framework/FBSDKShareKit Success
Dump /var/containers/Bundle/Application/5B5D4E97-E760-4AC5-BFEE-F0FF72EBB19E/KingsRaid.app/Frameworks/GoogleUtilities.framework/GoogleUtilities Success
Dump /var/containers/Bundle/Application/5B5D4E97-E760-4AC5-BFEE-F0FF72EBB19E/KingsRaid.app/Frameworks/FBSDKLoginKit.framework/FBSDKLoginKit Success
Dump /var/containers/Bundle/Application/5B5D4E97-E760-4AC5-BFEE-F0FF72EBB19E/KingsRaid.app/Frameworks/nanopb.framework/nanopb Success
Dump /var/containers/Bundle/Application/5B5D4E97-E760-4AC5-BFEE-F0FF72EBB19E/KingsRaid.app/Frameworks/FBSDKCoreKit.framework/FBSDKCoreKit Success
Dump /var/containers/Bundle/Application/5B5D4E97-E760-4AC5-BFEE-F0FF72EBB19E/KingsRaid.app/Frameworks/Protobuf.framework/Protobuf Success
> cd Payload
> ls
BundleMetadata.plist  KingsRaid.app/  iTunesMetadata.plist
> tar -cvf /tmp/dump.tar ./


// In mac shell
> cd ~/Desktop
> scp -P 2222 [email protected]:/tmp/dump.tar .
dump.tar

Principle

This was discovered independently when analyzing kernel sources, but it appears that the technique was first introduced on iOS :

https://github.com/JohnCoates/flexdecrypt

but now works on macOS:

https://github.com/meme/apple-tools/tree/master/foulplay

Stargazers over time

Stargazers over time

鲜花
握手
雷人
路过
鸡蛋
该文章已有0人参与评论

请发表评论

全部评论

专题导读
More+
上一篇:
sindresorhus/do-not-disturb: Control the macOS `Do Not Disturb` feature发布时间:2022-08-18
下一篇:
quarkslab/LLDBagility: A tool for debugging macOS virtual machines发布时间:2022-08-18
热门推荐
More+
热门话题
More+
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap