Automatically install apps on a jailbroken device iOS device and generate decrypted IPAs
- Linux/macOS device (tested on Arch Linux and macOS 12) with Python 3.7+
- Jailbroken iOS device (tested on [iPhone 6s, iOS 14.2, iPhone 6, iOS 12.5.4 and iPhone Xʀ iOS 14.5])
- Set device language to English or German or alternativly make a folder with images of the buttons of your language and theme. Take the existing folder as an example and use the
--imagedir
argument. - Disable password prompt for installing free apps under settings (Apple account -> Media & Purchases -> Password Settings)
- Connect the device to your computer and make sure to accept the trust dialog
- Install the following packages from Cydia:
- OpenSSH
- Open for iOS 11
- Frida from https://build.frida.re
- FoulDecrypt from https://repo.misty.moe/apt
- NoAppThinning from https://n3d1117.github.io
- ZXTouch from https://zxtouch.net
-
connect to iOS device via USB
-
Setup OpenSSH (needs to work with keyfile):
- run
ssh-keygen -t ed25519 -f iphone
(don't use a passphrase) - run
iproxy 22222 22
(Run this background/another terminal session) - run
ssh-copy-id -p 22222 -i iphone root@localhost
(default password isalpine
)
- run
-
Install ideviceinstaller (this should also install iproxy/libusbmuxd as requirement)
- On macOS install using brew
brew install libusbmuxd
andbrew install libimobiledevice
- On macOS install using brew
-
Install ipadumper with
pip install ipadumper
-
Run
ipadumper help
usage: ipadumper [-h] [-v {warning,info,debug}]
{help,usage,itunes_info,bulk_decrypt,dump,ssh_cmd,install}
...
Automatically install apps on a jailbroken device iOS device and generate
decrypted IPAs
positional arguments:
{help,usage,itunes_info,bulk_decrypt,dump,ssh_cmd,install}
Desired action to perform
help Print this help message
usage Print full usage
itunes_info Downloads info about app from iTunes site
bulk_decrypt Installs apps, decrypts and uninstalls them
dump Decrypt app binary und dump IPA
ssh_cmd Execute ssh command on device
install Opens app in appstore on device and simulates touch
input to download and installs the app
optional arguments:
-h, --help show this help message and exit
-v {warning,info,debug}, --verbosity {warning,info,debug}
Set verbosity level (default: info)
All commands in detail:
itunes_info:
usage: ipadumper itunes_info [-h] [--country COUNTRY] itunes_id
Downloads info about app from iTunes site
positional arguments:
itunes_id iTunes ID
optional arguments:
-h, --help show this help message and exit
--country COUNTRY Two letter country code (default: us)
Common optional arguments for bulk_decrypt, dump, ssh_cmd, install:
optional arguments:
--device_address HOSTNAME device address (default: localhost)
--device_port PORT device port (default: 22222)
--ssh_key PATH Path to ssh keyfile (default: iphone)
--imagedir PATH Path to appstore images (default:
$HOME/.local/lib/python3.9/site-
packages/ipadumper/appstore_images)
--theme THEME Theme of device dark/light (default: dark)
--lang LANG Language of device (2 letter code) (default: en)
--udid UDID UDID (Unique Device Identifier) of device
(default: None)
--base_timeout SECONDS Base timeout for various things (default: 15)
bulk_decrypt:
usage: ipadumper bulk_decrypt [-h] [--device_address HOSTNAME]
[--device_port PORT] [--ssh_key PATH]
[--imagedir PATH] [--theme THEME] [--lang LANG]
[--udid UDID] [--base_timeout SECONDS]
[--parallel PARALLEL]
[--timeout_per_MiB SECONDS] [--country COUNTRY]
itunes_ids output
Installs apps, decrypts and uninstalls them
positional arguments:
itunes_ids File containing lines with iTunes IDs
output Output directory
optional arguments:
--theme THEME Theme of device dark/light (default: dark)
--lang LANG Language of device (2 letter code) (default: en)
--udid UDID UDID (Unique Device Identifier) of device
(default: None)
--parallel PARALLEL How many apps get installed in parallel (default:
3)
--timeout_per_MiB SECONDS Timeout per MiB (default: 0.5)
--country COUNTRY Two letter country code (default: us)
dump:
usage: ipadumper dump [-h] [--device_address HOSTNAME] [--device_port PORT]
[--ssh_key PATH] [--imagedir PATH] [--theme THEME]
[--lang LANG] [--udid UDID] [--base_timeout SECONDS]
[--frida] [--timeout SECONDS]
bundleID PATH
Decrypt app binary und dump IPA
positional arguments:
bundleID Bundle ID from app like com.app.name
PATH Output filename
optional arguments:
--theme THEME Theme of device dark/light (default: dark)
--lang LANG Language of device (2 letter code) (default: en)
--udid UDID UDID (Unique Device Identifier) of device
(default: None)
--frida Use Frida instead of FoulDecrypt (default: False)
--timeout SECONDS Dump timeout (default: 120)
ssh_cmd:
usage: ipadumper ssh_cmd [-h] [--device_address HOSTNAME] [--device_port PORT]
[--ssh_key PATH] [--imagedir PATH] [--theme THEME]
[--lang LANG] [--udid UDID] [--base_timeout SECONDS]
cmd
Execute ssh command on device
positional arguments:
cmd command
optional arguments:
--theme THEME Theme of device dark/light (default: dark)
--lang LANG Language of device (2 letter code) (default: en)
--udid UDID UDID (Unique Device Identifier) of device
(default: None)
install:
usage: ipadumper install [-h] [--device_address HOSTNAME] [--device_port PORT]
[--ssh_key PATH] [--imagedir PATH] [--theme THEME]
[--lang LANG] [--udid UDID] [--base_timeout SECONDS]
itunes_id
Opens app in appstore on device and simulates touch input to download and
installs the app
positional arguments:
itunes_id iTunes ID
optional arguments:
--theme THEME Theme of device dark/light (default: dark)
--lang LANG Language of device (2 letter code) (default: en)
--udid UDID UDID (Unique Device Identifier) of device
(default: None)