Dump IPAs off a jailbroken iOS device automatically.
- Jailbreak the device
- Using your favorite package manager, add and install Frida using the Frida repo https://build.frida.re (Install docs)
- on the device, install the following:
openplutil- An SSH server
- Run
frida-server(By default this will listen on0.0.0.0:27042- use-l ip:portto override)
Important
The idevice must be awake, otherwise the app cannot open.
- Clone this repo
- Copy
.env.exampleto.env - Fill out
.envideviceSSH: SSH string to connect to the idevice inuser@hostformat (You can also use presets from your SSH config)ideviceIP: IP of the idevice to SSH into and use Frida fromideviceUser: User for SSH (This is generallymobile)idevicePort: SSH port for the idevice (This is generally2222or22)FridaPort: The port for the Frida server (frida-serverruns on27042by default)IPAServer: The web directory where you host IPAs (Should return200if the IPA exists,404otherwise)UploadDirectory: The directory the IPAs are hosted from forIPAServerAppName: The app's name (The first letter is usually capitalized)AppIdentifier: The app's identifier (This usually looks likeTLD.company.app)DiscordWebhook[Optional]: The URL for the webhook
- Run
setup.sh(You may need tochmod +xthe file)- This script does the following:
- Clones required submodules into the repository
- Adds execution permission to
GetIPA.sh - Initializes a Python virtual environment
- Installs required Python dependencies
- Run
GetIPA.sh- This script does the following:
- Grabs variables from the
.envfile - SSHs into the idevice to get the app version information
- Checks whether the IPA exists already on the server
- If it does, exit.
- SSHs into the idevice and uses
opento open the specified app - Runs
frida-ios-dump'sdecrypter.py- This places the IPA file into the current folder
- Rename the IPA file to
{name}_{semver}_{build}.ipaand move to the server directory