Make dumpdecrypted work on iOS 9.3.3


#1

If you come across Killed: 9 too:

FunMaker-SE:/User/Downloads root# DYLD_INSERT_LIBRARIES=dumpdecrypted.dylib /var/containers/Bundle/Application/6476E127-11B7-4861-B742-D781D0DBBD3A/ChinaUnicom4.x.app/ChinaUnicom4.x
Killed: 9

Then running the script as mobile may do the trick:

FunMaker-SE:/User/Downloads root# su mobile
FunMaker-SE:/User/Downloads mobile$ DYLD_INSERT_LIBRARIES=dumpdecrypted.dylib /var/containers/Bundle/Application/6476E127-11B7-4861-B742-D781D0DBBD3A/ChinaUnicom4.x.app/ChinaUnicom4.x
mach-o decryption dumper

DISCLAIMER: This tool is only meant for security research purposes, not for application crackers.

iOSRE: uid = 501, euid = 501, gid = 501, egid = 501.

[+] detected 64bit ARM binary in memory.
[+] offset to cryptid found: @0x10008cc58(from 0x10008c000) = c58
[+] Found encrypted data at address 00004000 of length 12828672 bytes - type 1.
[+] Opening /private/var/containers/Bundle/Application/6476E127-11B7-4861-B742-D781D0DBBD3A/ChinaUnicom4.x.app/ChinaUnicom4.x for reading.
[+] Reading header
[+] Detecting header type
[+] Executable is a plain MACH-O image
[+] Opening ChinaUnicom4.x.decrypted for writing.
[+] Copying the not encrypted start of the file
[+] Dumping the decrypted data into the file
[+] Copying the not encrypted remainder of the file
[+] Setting the LC_ENCRYPTION_INFO->cryptid to 0 at offset c58
[+] Closing original file
[+] Closing dump file
FunMaker-SE:/User/Downloads mobile$ ls
ChinaUnicom4.x.decrypted  dumpdecrypted.dylib

Happy hacking😉


iOS 9.3.3中使用dumpdecrypted砸壳,killed:9
iOS 9.3.3 and dumpdecrypted Killed: 9 error message
iOS9.3.3 、微信(6.3.23.18)dumpdecrypted 砸壳失败,求大神帮忙解决下!!!
iOS 9.3可以越狱了, 我在越狱设备上进行砸壳和cycript, 但是失败, 错误原因也找不到解决办法
#3

maybe some user need latest .dylib with iOS 10.2 sdk… https://masbog.com/dumpdecrypt/ and some tutorial for iOS 10.2 :hugs:


#4

能够解释下为什么要输入su mobile这条命令吗?


#5

我也不知道为什么,我只知道这样可行