@snakeninny wrote:
If you come across
Killed: 9
too:FunMaker-SE:/User/Downloads root# DYLD_INSERT_LIBRARIES=dumpdecrypted.dylib /var/containers/Bundle/Application/6476E127-11B7-4861-B742-D781D0DBBD3A/ChinaUnicom4.x.app/ChinaUnicom4.x Killed: 9
Then running the script as
mobile
may do the trick:FunMaker-SE:/User/Downloads root# su mobile FunMaker-SE:/User/Downloads mobile$ DYLD_INSERT_LIBRARIES=dumpdecrypted.dylib /var/containers/Bundle/Application/6476E127-11B7-4861-B742-D781D0DBBD3A/ChinaUnicom4.x.app/ChinaUnicom4.x mach-o decryption dumper DISCLAIMER: This tool is only meant for security research purposes, not for application crackers. iOSRE: uid = 501, euid = 501, gid = 501, egid = 501. [+] detected 64bit ARM binary in memory. [+] offset to cryptid found: @0x10008cc58(from 0x10008c000) = c58 [+] Found encrypted data at address 00004000 of length 12828672 bytes - type 1. [+] Opening /private/var/containers/Bundle/Application/6476E127-11B7-4861-B742-D781D0DBBD3A/ChinaUnicom4.x.app/ChinaUnicom4.x for reading. [+] Reading header [+] Detecting header type [+] Executable is a plain MACH-O image [+] Opening ChinaUnicom4.x.decrypted for writing. [+] Copying the not encrypted start of the file [+] Dumping the decrypted data into the file [+] Copying the not encrypted remainder of the file [+] Setting the LC_ENCRYPTION_INFO->cryptid to 0 at offset c58 [+] Closing original file [+] Closing dump file FunMaker-SE:/User/Downloads mobile$ ls ChinaUnicom4.x.decrypted dumpdecrypted.dylib
Happy hacking
Posts: 1
Participants: 1