Decrypt iOS Apps

Python script to SSH into your jailbroken device via USB, decrypt an iOS App and transfer it to your local machine.

Dependencies

  • Paramiko:

    • Description: Paramiko is a Python (2.7, 3.4+) implementation of the SSHv2 protocol
    • Install: pip install paramiko
  • iTunnel:

    • Description: A simple command line tool which provides network tunnelling over the USB cable to a jailbroken iDevice
    • Install: Download the latest and copy to /usr/local/bin

Assumptions

  • You have either clutch or bfinject setup on your device.
  • If you use clutch, it should be executable from any path.
  • If you use bfinject the scripts and libraries should be in the /jb/bfinject directory. Here's how to setup bfinject this way.
  • This script was only tested on devices jailbroken with LiberiOS and Electra, but it might work with other jailbreaks.

Usage

ios_ssh.py -l <port> [-p <password>] -a <app_name> [-c|-b] [-i]
  -l [--lport]: Local SSH port forwarding (has to be an Int)
  -p [--password]: (optional) Device's root password (default is `alpine`)
  -a [--app]: iOS Application name
  -c : Use Clutch to decrypt
  -b : Use BFInject to decrypt (default)
  -i : Opens a SSH connection with the device and gives an interactive shell, ignoring the decryption task

Examples

  • This will decrypt the Instagram app and transfer it from your device to your ~/Desktop:

    • python ios_ssh.py --lport 2222 -p s3cr37 --app "Instagram"
  • This will give you an interactive shell to communicate with your device over USB:

    • python ios_ssh.py --lport 2222 -p s3cr37 -i

GitHub