Skip to main content

Extract and Decode IPA File

For a lot of the information gathering, and static analysis of the mobile app, we need to first extract the IPA file. The IPA file is nothing more than a zip file which means we can extract it with existing tools on the macOS system.

To extract the IPA file:

/usr/bin/unzip -qq -d App filename.ipa

To decode the executable, and save the data our for post-processing:

# First obtain the executable name
/usr/libexec/PlistBuddy -c Print:CFBundleExecutable App/Payload/Example.app/Info.plist

# Dump headers from the executable (use the output of the last command for ${BINARY})
ktool dump --headers --out App/headers App/Payload/Example.app/${BINARY}

# Dump strings from the executable
/usr/bin/strings -n 6 binary > App/Strings.txt

# Dump classes & methods
/usr/bin/otool -oV binary > App/Classes_Methods.txt