Make dumpdecrypted work on iOS 9.3.3

If you come across Killed: 9 too:

FunMaker-SE:/User/Downloads root# DYLD_INSERT_LIBRARIES=dumpdecrypted.dylib /var/containers/Bundle/Application/6476E127-11B7-4861-B742-D781D0DBBD3A/
Killed: 9

Then running the script as mobile may do the trick:

FunMaker-SE:/User/Downloads root# su mobile
FunMaker-SE:/User/Downloads mobile$ DYLD_INSERT_LIBRARIES=dumpdecrypted.dylib /var/containers/Bundle/Application/6476E127-11B7-4861-B742-D781D0DBBD3A/
mach-o decryption dumper

DISCLAIMER: This tool is only meant for security research purposes, not for application crackers.

iOSRE: uid = 501, euid = 501, gid = 501, egid = 501.

[+] detected 64bit ARM binary in memory.
[+] offset to cryptid found: @0x10008cc58(from 0x10008c000) = c58
[+] Found encrypted data at address 00004000 of length 12828672 bytes - type 1.
[+] Opening /private/var/containers/Bundle/Application/6476E127-11B7-4861-B742-D781D0DBBD3A/ for reading.
[+] Reading header
[+] Detecting header type
[+] Executable is a plain MACH-O image
[+] Opening ChinaUnicom4.x.decrypted for writing.
[+] Copying the not encrypted start of the file
[+] Dumping the decrypted data into the file
[+] Copying the not encrypted remainder of the file
[+] Setting the LC_ENCRYPTION_INFO->cryptid to 0 at offset c58
[+] Closing original file
[+] Closing dump file
FunMaker-SE:/User/Downloads mobile$ ls
ChinaUnicom4.x.decrypted  dumpdecrypted.dylib

Happy hacking​:wink:

4 个赞

maybe some user need latest .dylib with iOS 10.2 sdk… and some tutorial for iOS 10.2 :hugs:

能够解释下为什么要输入su mobile这条命令吗?