Original Author: Stefan Esser (@i0nic) 2011-2014
Modified By: Kyle Levin (@crylico) 2014
This fork of dumpdecrypted contains a CLI which improves the ease of use of dumpdecrypted. A complete package is available at http://repo.kylelevin.com/ via Cydia.
Once installed, run dumpdecrypted -h for usage info.
Special thanks to MP0w (https://github.com/MP0w/) for providing the basis of this extension.
Dumps decrypted iPhone Applications to a file - better solution than those GDB scripts for non working GDB versions (C) Copyright 2011-2014 Stefan Esser
Compile:
First adjust the Makefile if you have a different iOS SDK installed.
And then just: make
Usage:
iPod:~ root# DYLD_INSERT_LIBRARIES=dumpdecrypted.dylib /var/mobile/Applications/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/Scan.app/Scan mach-o decryption dumper
DISCLAIMER: This tool is only meant for security research purposes, not for application crackers.
[+] Found encrypted data at address 00002000 of length 1826816 bytes - type 1. [+] Opening /private/var/mobile/Applications/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/Scan.app/Scan for reading. [+] Reading header [+] Detecting header type [+] Executable is a FAT image - searching for right architecture [+] Correct arch is at offset 2408224 in the file [+] Opening Scan.decrypted for writing. [-] Failed opening. Most probably a sandbox issue. Trying something different. [+] Opening /private/var/mobile/Applications/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/tmp/Scan.decrypted for writing. [+] Copying the not encrypted start of the file [+] Dumping the decrypted data into the file [+] Copying the not encrypted remainder of the file [+] Closing original file [+] Closing dump file