{"id":17063567,"url":"https://github.com/alonemonkey/dumpdecrypted","last_synced_at":"2025-04-13T04:15:44.318Z","repository":{"id":86244988,"uuid":"66463078","full_name":"AloneMonkey/dumpdecrypted","owner":"AloneMonkey","description":"Dumps decrypted mach-o files from encrypted applications、framework or app extensions.","archived":false,"fork":false,"pushed_at":"2017-12-25T04:31:17.000Z","size":112,"stargazers_count":283,"open_issues_count":3,"forks_count":79,"subscribers_count":10,"default_branch":"master","last_synced_at":"2025-04-13T04:15:36.632Z","etag":null,"topics":["decrypt","dumpdecrypted","encrypt","ios"],"latest_commit_sha":null,"homepage":"","language":"Objective-C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/AloneMonkey.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-08-24T12:43:14.000Z","updated_at":"2025-03-27T22:59:33.000Z","dependencies_parsed_at":"2023-03-13T09:15:53.130Z","dependency_job_id":null,"html_url":"https://github.com/AloneMonkey/dumpdecrypted","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AloneMonkey%2Fdumpdecrypted","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AloneMonkey%2Fdumpdecrypted/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AloneMonkey%2Fdumpdecrypted/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AloneMonkey%2Fdumpdecrypted/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/AloneMonkey","download_url":"https://codeload.github.com/AloneMonkey/dumpdecrypted/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248661719,"owners_count":21141451,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["decrypt","dumpdecrypted","encrypt","ios"],"created_at":"2024-10-14T10:52:26.511Z","updated_at":"2025-04-13T04:15:44.267Z","avatar_url":"https://github.com/AloneMonkey.png","language":"Objective-C","readme":"It is recommended to use [frida-ios-dump](https://github.com/AloneMonkey/frida-ios-dump) instead!\n\nDumps decrypted mach-o files from encrypted `applications`、`framework` or `app extensions`.    \n\n### You should install [MonkeyDev](https://github.com/AloneMonkey/MonkeyDev) first \n\n\n# Usage\n\n1) open `dumpdecrypted.xcodeproj` edit `dumpdecrypted.plist`   \n\n```\n{\n\tFilter = {\n\t\tBundles = (\"target.bundle.id\");\n\t};\n}\n```\n\n2) Set Build Settings\n\n* MonkeyDevDeviceIP      \n* MonkeyDevDevicePort\n\n3) launch application or app extension\n\n```\nmach-o decryption dumper\nDISCLAIMER: This tool is only meant for security research purposes, not for application crackers.\n[+] detected 32bit ARM binary in memory.\n[+] offset to cryptid found: @0x1ba08(from 0x1b000) = a08\n[+] Found encrypted data at address 00004000 of length 573440 bytes - type 1.\n[+] Opening /private/var/mobile/Containers/Bundle/Application/A9622900-FC0A-4D64-AC2E-AC9B69773A22/xxx.app/PlugIns/xxx.appex/xxx for reading.\n[+] Reading header\n[+] Detecting header type\n[+] Executable is a FAT image - searching for right architecture\n[+] Correct arch is at offset 16384 in the file\n[+] Opening /var/mobile/Containers/Data/PluginKitPlugin/D5C1CB12-DB5B-4C53-9191-B23142841035/Documents/xxx.decrypted for writing.\n[+] Copying the not encrypted start of the file\n[+] Dumping the decrypted data into the file\n[+] Copying the not encrypted remainder of the file\n[+] Setting the LC_ENCRYPTION_INFO-\u003ecryptid to 0 at offset 4a08\n[+] Closing original file\n[+] Closing dump file\n```\n\n# Check And Thin\n$ otool -l xxx.decrypted | grep crypt \n\n```\nxxx.decrypted (architecture armv7):\n     cryptoff 16384\n    cryptsize 10960896\n      cryptid 0\nxxx.decrypted (architecture arm64):\n     cryptoff 16384\n    cryptsize 12124160\n      cryptid 1\n```\n\nThin:\n\n```  \n$ lipo -thin armv7 xxx.decrypted -output xxx_armv7.decrypted  \n$ lipo -thin armv64 xxx.decrypted -output xxx_arm64.decrypted\n```\n\n\n# Author\n\n[Dumpdecrypted](https://github.com/stefanesser/dumpdecrypted) was orignally developed by [stefanesser](https://github.com/stefanesser). \nLearn from [conradev](https://github.com/conradev/dumpdecrypted)\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falonemonkey%2Fdumpdecrypted","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Falonemonkey%2Fdumpdecrypted","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falonemonkey%2Fdumpdecrypted/lists"}