Skip to main content

Decrypt App

iOS apps that are installed from the Apple App Store will be protected with Apple's Digital Rights Management (DRM) software called FairPlay. However, when the app launches, iOS will load it unencrypted into memory. So, defeating this is as simple as extracting the app from memory. Either of the two tools below will easily automate this for you.

Decrypt with frida-ios-dump

OWASP MSTG (Using frida-ios-dump section)

The frida-ios-dump program is a Python3 script that uses Frida to decrypt the binary and then dump the application into an IPA file. The IPA file is saved locally on the host that runs the script.

To run the script, follow these instructions:

cd frida-ios-dump
python dump.py -o /path/to/save/ipa appname

For output, you only select the directory - no filename is required (filename is based on display name). The appname is the name of the app you want to decrypt. The app must be running in the foreground on the device.