If you come across Killed: 9 too:
FunMaker-SE:/User/Downloads root# DYLD_INSERT_LIBRARIES=dumpdecrypted.dylib /var/containers/Bundle/Application/6476E127-11B7-4861-B742-D781D0DBBD3A/ChinaUnicom4.x.app/ChinaUnicom4.x
Killed: 9
Then running the script as mobile may do the trick:
FunMaker-SE:/User/Downloads root# su mobile
FunMaker-SE:/User/Downloads mobile$ DYLD_INSERT_LIBRARIES=dumpdecrypted.dylib /var/containers/Bundle/Application/6476E127-11B7-4861-B742-D781D0DBBD3A/ChinaUnicom4.x.app/ChinaUnicom4.x
mach-o decryption dumper
DISCLAIMER: This tool is only meant for security research purposes, not for application crackers.
iOSRE: uid = 501, euid = 501, gid = 501, egid = 501.
[+] detected 64bit ARM binary in memory.
[+] offset to cryptid found: @0x10008cc58(from 0x10008c000) = c58
[+] Found encrypted data at address 00004000 of length 12828672 bytes - type 1.
[+] Opening /private/var/containers/Bundle/Application/6476E127-11B7-4861-B742-D781D0DBBD3A/ChinaUnicom4.x.app/ChinaUnicom4.x for reading.
[+] Reading header
[+] Detecting header type
[+] Executable is a plain MACH-O image
[+] Opening ChinaUnicom4.x.decrypted for writing.
[+] Copying the not encrypted start of the file
[+] Dumping the decrypted data into the file
[+] Copying the not encrypted remainder of the file
[+] Setting the LC_ENCRYPTION_INFO->cryptid to 0 at offset c58
[+] Closing original file
[+] Closing dump file
FunMaker-SE:/User/Downloads mobile$ ls
ChinaUnicom4.x.decrypted dumpdecrypted.dylib
Happy hacking
