GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → paradiseduo → appdecrypt

paradiseduo / appdecrypt

Licence: GPL-3.0 license
appdecrypt is a tool to make decrypt application encrypted binaries on macOS when SIP-enabled

Programming Languages

swift
15916 projects
shell
77523 projects

Labels

maciosappdumpipamachominim1macho-parseripadumpfrida-ios-dump

Projects that are alternatives of or similar to appdecrypt

dwex
DWARF Explorer - a GUI utility for navigating the DWARF debug information
Stars: ✭ 58 (-87.02%)
Mutual labels:  macho, macho-parser
go-macho
Package macho implements access to and creation of Mach-O object files.
Stars: ✭ 68 (-84.79%)
Mutual labels:  macho, macho-parser
Dumpling
Dumpling is a fast, easy-to-use tool written by Go for dumping data from the database(MySQL, TiDB...) to local/cloud(S3, GCP...) in multifarious formats(SQL, CSV...).
Stars: ✭ 134 (-70.02%)
Mutual labels:  dump
pagebuster
PageBuster - dump all executable pages of packed processes.
Stars: ✭ 188 (-57.94%)
Mutual labels:  dump
extrude
🕵️ Analyse binaries for missing security features, information disclosure and more...
Stars: ✭ 51 (-88.59%)
Mutual labels:  macho
Dumpclass
Dump classes from running JVM process.
Stars: ✭ 156 (-65.1%)
Mutual labels:  dump
ipa-deploy
Deploy .IPA package to iOS device with a command line tool
Stars: ✭ 40 (-91.05%)
Mutual labels:  ipa
Telegram Messages Dump
Command-line tool to dump message history of a Telegram chat.
Stars: ✭ 96 (-78.52%)
Mutual labels:  dump
cassandra-exporter
Simple Tool to Export / Import Cassandra Tables into JSON
Stars: ✭ 44 (-90.16%)
Mutual labels:  dump
SignTools-CI
Sign iOS apps on demand using CI. Part of: https://github.com/SignTools/SignTools
Stars: ✭ 145 (-67.56%)
Mutual labels:  ipa
checksec.rs
Fast multi-platform (ELF/PE/MachO) binary checksec written in Rust.
Stars: ✭ 71 (-84.12%)
Mutual labels:  macho
mysql-backup-golang
Mysql backup golang
Stars: ✭ 25 (-94.41%)
Mutual labels:  dump
Pwned
A command-line tool for querying the 'Have I been pwned?' service.
Stars: ✭ 161 (-63.98%)
Mutual labels:  dump
OS-X-HP-EliteDesk-800-G3-DM-Clover
Files needed for installing Mac OSX on HP EliteDesk 800 G3 Desktop Mini Business PC 65W/35W. Feel free to contribute!
Stars: ✭ 24 (-94.63%)
Mutual labels:  mini
Laravel Artisan Dd
Quickly run some code via Artisan
Stars: ✭ 136 (-69.57%)
Mutual labels:  dump
IPAPatch
Patch iOS Apps, The Easy Way, Without Jailbreak.
Stars: ✭ 301 (-32.66%)
Mutual labels:  ipa
Telegram Cli Backup
A simple Lua script to backup Telegram messages into a CSV or sqlite database
Stars: ✭ 101 (-77.4%)
Mutual labels:  dump
Laravel Tinker Server
Tinker with your variables while working on your Laravel application
Stars: ✭ 203 (-54.59%)
Mutual labels:  dump
LuaKit
Lua核心工具包,包含对面向对象,组件系统(灵活的绑定解绑模式),mvc分模块加载,事件分发系统等常用模式的封装。同时提供打印,内存泄漏检测,性能分析等常用工具类。
Stars: ✭ 112 (-74.94%)
Mutual labels:  dump
godump
Dumps information about a variable Like var_dump() in php.
Stars: ✭ 54 (-87.92%)
Mutual labels:  dump
View All Similar Projects ➔

appdecrypt

Decrypt application encrypted binaries on macOS when SIP-enabled.

This works well and compiles for iOS nicely, if you want use it at iOS devices, you can use build-ios.sh (Thanks @dlevi309).

How to use

On mac with M1 CPU

> git clone https://github.com/paradiseduo/appdecrypt.git
> cd appdecrypt
> chmod +x build-macOS_arm.sh
> ./build-macOS_arm.sh
> ./appdecrypt
Version 2.1

appdecrypt is a tool to make decrypt application encrypted binaries on macOS when SIP-enabled.

Examples:
    mac:
        appdecrypt /Applicaiton/Test.app /Users/admin/Desktop/Test.app
    iPhone:
        appdecrypt /var/containers/Bundle/Application/XXXXXX /tmp

USAGE: appdecrypt encryptMachO_Path decryptMachO_Path

ARGUMENTS:
  <encryptApp_Path>     The encrypt app file path.
  <decrypt_Path>        The path output file.

OPTIONS:
  -h, --help              Show help information.

For Example

> ./appdecrypt /Applicaiton/Test.app /Users/admin/Desktop/Test.app
Success to copy file.
Dump /Applications/Test.app/Wrapper/Test.app/Test Success
Dump /Applications/Test.app/Wrapper/Test.app/PlugIns/TestNotificationService.appex/TestNotificationService Success
Dump /Applications/Test.app/Wrapper/Test.app/Frameworks/trackerSDK.framework/trackerSDK Success
Dump /Applications/Test.app/Wrapper/Test.app/Frameworks/AgoraRtcKit.framework/AgoraRtcKit Success
> cd /Users/admin/Desktop/Test.app
> ls
WrappedBundle Wrapper
> cd Wrapper
> ls
BundleMetadata.plist Test.app            iTunesMetadata.plist

On Jailbreak iPhone with arm64 CPU

First you should connect jailbreak iPhone with USB.

> brew install ldid
> git clone https://github.com/paradiseduo/appdecrypt.git
> cd appdecrypt
> chmod +x build-iOS.sh
> ./build-iOS.sh
> scp -P 2222 appdecrypt [email protected]:/tmp

// In iPhone shell
> cd /tmp
> ./appdecrypt
Version 2.1

appdecrypt is a tool to make decrypt application encrypted binaries on macOS when SIP-enabled.

Examples:
    mac:
        appdecrypt /Applicaiton/Test.app /Users/admin/Desktop/Test.app
    iPhone:
        appdecrypt /var/containers/Bundle/Application/XXXXXX /tmp

USAGE: appdecrypt encryptMachO_Path decryptMachO_Path

ARGUMENTS:
  <encryptApp_Path>     The encrypt app file path.
  <decrypt_Path>        The path output file.

OPTIONS:
  -h, --help              Show help information.

For Example

// In iPhone shell
> ./appdecrypt /var/containers/Bundle/Application/5B5D4E97-E760-4AC5-BFEE-F0FF72EBB19E /tmp
Success to copy file.
Dump /var/containers/Bundle/Application/5B5D4E97-E760-4AC5-BFEE-F0FF72EBB19E/KingsRaid.app/KingsRaid Success
Dump /var/containers/Bundle/Application/5B5D4E97-E760-4AC5-BFEE-F0FF72EBB19E/KingsRaid.app/Frameworks/FBSDKGamingServicesKit.framework/FBSDKGamingServicesKit Success
Dump /var/containers/Bundle/Application/5B5D4E97-E760-4AC5-BFEE-F0FF72EBB19E/KingsRaid.app/Frameworks/FBLPromises.framework/FBLPromises Success
Dump /var/containers/Bundle/Application/5B5D4E97-E760-4AC5-BFEE-F0FF72EBB19E/KingsRaid.app/Frameworks/FBSDKShareKit.framework/FBSDKShareKit Success
Dump /var/containers/Bundle/Application/5B5D4E97-E760-4AC5-BFEE-F0FF72EBB19E/KingsRaid.app/Frameworks/GoogleUtilities.framework/GoogleUtilities Success
Dump /var/containers/Bundle/Application/5B5D4E97-E760-4AC5-BFEE-F0FF72EBB19E/KingsRaid.app/Frameworks/FBSDKLoginKit.framework/FBSDKLoginKit Success
Dump /var/containers/Bundle/Application/5B5D4E97-E760-4AC5-BFEE-F0FF72EBB19E/KingsRaid.app/Frameworks/nanopb.framework/nanopb Success
Dump /var/containers/Bundle/Application/5B5D4E97-E760-4AC5-BFEE-F0FF72EBB19E/KingsRaid.app/Frameworks/FBSDKCoreKit.framework/FBSDKCoreKit Success
Dump /var/containers/Bundle/Application/5B5D4E97-E760-4AC5-BFEE-F0FF72EBB19E/KingsRaid.app/Frameworks/Protobuf.framework/Protobuf Success
> cd Payload
> ls
BundleMetadata.plist  KingsRaid.app/  iTunesMetadata.plist
> tar -cvf /tmp/dump.tar ./


// In mac shell
> cd ~/Desktop
> scp -P 2222 [email protected]:/tmp/dump.tar .
dump.tar

Principle

This was discovered independently when analyzing kernel sources, but it appears that the technique was first introduced on iOS :

https://github.com/JohnCoates/flexdecrypt

but now works on macOS:

https://github.com/meme/apple-tools/tree/master/foulplay

LICENSE

This software is released under the GPL-3.0 license.

Stargazers over time

Stargazers over time

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].