In the app Store app analysis, the first step to do is to decrypt the Mach-o file, decryption of the excellent tools have crackulous,cracknshare,clutch, but faced with iOS upgrade (or a variety of blocked) has gradually become unable to use. Today is to introduce Stefan Esser Daniel (the permanent guest of iOS jailbreak Conference, iOS Kernel Vulnerability mining Daniel) to contribute a very useful decryption tool dumpdecrypted.
compile dumpdecrypted source code, generate dumpdecrypted.dylib
Download Source code
DANI-LEE-2:git clone https://github.com/stefanesser/ Dumpdecrypted.git
Modify the makefile file, mainly modify the GCC, SDK path to the actual path
DANI-LEE-2:dumpdecrypted danqingdani$ vim Makefile
PLATFORM=/applications/Xcode. App/Contents/Developer/platforms/Iphoneos. Platform/Developer
sdk_ver=5.1
BIN=$(PLATFORM)/Usr/Bin
Gcc_bin=$(BIN)/Gcc
#GCC = $ (gcc_base)-arch armv6
Gcc=$(Gcc_base) -Arch ARMv7
Gcc_universal=$(Gcc_base) -Arch ARMv6-Arch ARMv7
Gcc_native=Gcc
SDK=$(PLATFORM)/SDKs/iphoneos$(sdk_ver). SDK/
CFLAGS=
Gcc_base=$(Gcc_bin) -Os$(CFLAGS) -Wimplicit -Isysroot $(Sdk) -f$(Sdk)System/Library/Frameworks -f$(Sdk)System/Library/PrivatEframeworks
All:dumpdecrypted.Dylib
dumpdecrypted.Dylib:dumpdecrypted.O
$(Gcc_universal) -Dynamiclib-o [email protected] $^
Span class= "pun" >%. o: %. $ (gcc_universal -dynamiclib -c -o [email protected] $<
clean:
RM -< Span class= "PLN" >f *.. Dylib
Compile
DANI-LEE-2:dumpdecrypted danqingdani$ make
Signature
DANI-LEE-2:dumpdecrypted danqingdani$ codesign -FS Tanjiti< Self-signed certificates > dumpdecrypted. Dylib
Decrypt the Mach-o file
Copy the Dumpdecrypted.dylib to your iOS device
dani-lee-2 :dumpdecrypted danqingdani$ SCP Dumpdecrypteddylib [Email protected]. 0.0. 3:/tmp/
[email protected]. 0.0. 3 s password:
dumpdecrypted.dylib 100% 46KB 45.8kb/s 00:00
dani-lee-2: dumpdecrypted danqingdani$ ssh [email protected] < actual ip>
[Email protected] 's password:
Decrypt the Mach-o file to decrypt Ctrip's travel as an example
Danimato-Ipad:/tmp root#dyld_insert_libraries=dumpdecrypted.dylib/var/Mobile/applications/2664b392 -0b9b-4cb5-9EFC-5f0d8e3d5c80/ctrip_wireless. App/ctrip_wireless Mach-O Decryption dumper DISCLAIMER: ThisToolIsOnly meantForSecurity and purposes, Not ForApplication Crackers. [+]Offset to cryptid found: @0xeba78(From 0xeb000) =A78[+] FoundEncrypted data at address00002000of length10551296bytes-Type1. [+] Opening /Private/Var/Mobile/Applications/2664b392-0b9b-4cb5-9EFC-5f0d8e3d5c80/Ctrip_wireless.App/Ctrip_wirelessForReading. [+] ReadingHeader[+] DetectingHeader type[+] Executable IsA FAT image-SearchingForRight architecture[+] CorrectArchIsAt offset4096 InchThe file[+] Opening ctrip_wireless. Decrypted ForWriting. [+] CopyingTheNotEncrypted start of the file[+] dumping The decrypted data into the file [+] copying the not encrypted remainder of the file [+] Setting the Lc_encryption_info->cryptid to 0 at offset 1a78 [+]< Span class= "PLN" > closing original file [+]closing dump file
Verify that decryption is successful based on the value of Cryptid
Danimato-iPad:/tmp root# otool-l/private/var/tmp/CTRIP_ WIRELESS. Decrypted | grep cryptid cryptid 0
Cryptid 0 Instructions for decryption success!
Reference:
https://github.com/stefanesser/dumpdecrypted
Decrypting math-o files with dumpdecrypted