MCPcopy
hub / github.com/AloneMonkey/frida-ios-dump

github.com/AloneMonkey/frida-ios-dump @main sqlite

repository ↗ · DeepWiki ↗
44 symbols 86 edges 2 files 1 documented · 2%
README

frida-ios-dump

Pull a decrypted IPA from a jailbroken device

Usage

  1. Install frida on device
  2. sudo pip install -r requirements.txt --upgrade
  3. Run usbmuxd/iproxy SSH forwarding over USB (Default 2222 -> 22). e.g. iproxy 2222 22
  4. Run ./dump.py Display name or Bundle identifier

For SSH/SCP make sure you have your public key added to the target device's ~/.ssh/authorized_keys file.

./dump.py Aftenposten
Start the target app Aftenposten
Dumping Aftenposten to /var/folders/wn/9v1hs8ds6nv_xj7g95zxyl140000gn/T
start dump /var/containers/Bundle/Application/66423A80-0AFE-471C-BC9B-B571107D3C27/AftenpostenApp.app/AftenpostenApp
start dump /private/var/containers/Bundle/Application/66423A80-0AFE-471C-BC9B-B571107D3C27/AftenpostenApp.app/Frameworks/AFNetworking.framework/AFNetworking
start dump /private/var/containers/Bundle/Application/66423A80-0AFE-471C-BC9B-B571107D3C27/AftenpostenApp.app/Frameworks/ATInternet_iOS_ObjC_SDK.framework/ATInternet_iOS_ObjC_SDK
start dump /private/var/containers/Bundle/Application/66423A80-0AFE-471C-BC9B-B571107D3C27/AftenpostenApp.app/Frameworks/SPTEventCollector.framework/SPTEventCollector
start dump /private/var/containers/Bundle/Application/66423A80-0AFE-471C-BC9B-B571107D3C27/AftenpostenApp.app/Frameworks/SPiDSDK.framework/SPiDSDK
start dump /private/var/containers/Bundle/Application/66423A80-0AFE-471C-BC9B-B571107D3C27/AftenpostenApp.app/Frameworks/libswiftCore.dylib
start dump /private/var/containers/Bundle/Application/66423A80-0AFE-471C-BC9B-B571107D3C27/AftenpostenApp.app/Frameworks/libswiftCoreData.dylib
start dump /private/var/containers/Bundle/Application/66423A80-0AFE-471C-BC9B-B571107D3C27/AftenpostenApp.app/Frameworks/libswiftCoreGraphics.dylib
start dump /private/var/containers/Bundle/Application/66423A80-0AFE-471C-BC9B-B571107D3C27/AftenpostenApp.app/Frameworks/libswiftCoreImage.dylib
start dump /private/var/containers/Bundle/Application/66423A80-0AFE-471C-BC9B-B571107D3C27/AftenpostenApp.app/Frameworks/libswiftCoreLocation.dylib
start dump /private/var/containers/Bundle/Application/66423A80-0AFE-471C-BC9B-B571107D3C27/AftenpostenApp.app/Frameworks/libswiftDarwin.dylib
start dump /private/var/containers/Bundle/Application/66423A80-0AFE-471C-BC9B-B571107D3C27/AftenpostenApp.app/Frameworks/libswiftDispatch.dylib
start dump /private/var/containers/Bundle/Application/66423A80-0AFE-471C-BC9B-B571107D3C27/AftenpostenApp.app/Frameworks/libswiftFoundation.dylib
start dump /private/var/containers/Bundle/Application/66423A80-0AFE-471C-BC9B-B571107D3C27/AftenpostenApp.app/Frameworks/libswiftObjectiveC.dylib
start dump /private/var/containers/Bundle/Application/66423A80-0AFE-471C-BC9B-B571107D3C27/AftenpostenApp.app/Frameworks/libswiftQuartzCore.dylib
start dump /private/var/containers/Bundle/Application/66423A80-0AFE-471C-BC9B-B571107D3C27/AftenpostenApp.app/Frameworks/libswiftUIKit.dylib
Generating Aftenposten.ipa

Done.

Congratulations!!! You've got a decrypted IPA file.

Drag to MonkeyDev, Happy hacking!

Support

Python 2.x and 3.x

issues

If the following error occurs:

  • causes device to reboot
  • lost connection
  • unexpected error while probing dyld of target process

please open the application before dumping.

Core symbols most depended-on inside this repo

getU32
called by 14
dump.js
getExportFunction
called by 9
dump.js
swap32
called by 5
dump.js
allocStr
called by 4
dump.js
getAllAppModules
called by 3
dump.js
get_applications
called by 2
dump.py
malloc
called by 2
dump.js
open
called by 2
dump.js

Shape

Function 36
Method 7
Class 1

Languages

TypeScript52%
Python48%

Modules by API surface

dump.js23 symbols
dump.py21 symbols

For agents

$ claude mcp add frida-ios-dump \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact