{"id":50221392,"url":"https://github.com/fi5t/idump","last_synced_at":"2026-05-26T12:01:36.855Z","repository":{"id":356024923,"uuid":"1230215286","full_name":"Fi5t/iDump","owner":"Fi5t","description":"Decrypt and dump iOS app binaries to an IPA file via USB and SSH/SFTP","archived":false,"fork":false,"pushed_at":"2026-05-26T10:03:57.000Z","size":1261,"stargazers_count":6,"open_issues_count":0,"forks_count":1,"subscribers_count":0,"default_branch":"develop","last_synced_at":"2026-05-26T12:00:17.007Z","etag":null,"topics":["frida","ios","reverse-engineering"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Fi5t.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-05-05T19:38:31.000Z","updated_at":"2026-05-26T10:02:48.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/Fi5t/iDump","commit_stats":null,"previous_names":["fi5t/idump"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/Fi5t/iDump","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Fi5t%2FiDump","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Fi5t%2FiDump/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Fi5t%2FiDump/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Fi5t%2FiDump/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Fi5t","download_url":"https://codeload.github.com/Fi5t/iDump/tar.gz/refs/heads/develop","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Fi5t%2FiDump/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33519201,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T03:12:49.672Z","status":"ssl_error","status_checked_at":"2026-05-26T03:12:47.976Z","response_time":63,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["frida","ios","reverse-engineering"],"created_at":"2026-05-26T12:01:05.035Z","updated_at":"2026-05-26T12:01:36.827Z","avatar_url":"https://github.com/Fi5t.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003cimg src=\"assets/logo.png\" alt=\"iDump\" width=\"500\"\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003cstrong\u003eDecrypt and dump iOS app binaries to an IPA file\u003c/strong\u003e\n\u003c/p\u003e\n\n---\n\n## Background\n\n`idump` started as a rethink of [frida-ios-dump](https://github.com/AloneMonkey/frida-ios-dump) — the well-known Python tool that has been a go-to for iOS binary decryption for years. Unfortunately, `frida-ios-dump` no longer works with Frida 17+ and appears unmaintained. Rather than patch a Python script, the Frida agent was migrated and updated to work with modern Frida, then wrapped in a new host tool that eliminates the old setup friction: Python, pip dependencies, and a pre-configured SSH connection just to dump a single app.\n\nThe main goal of `idump` is **autonomy**: a single, self-contained binary that embeds the Frida agent script and works out of the box. No Python, no pip, no manually downloaded scripts. Just copy the binary to your PATH and run it.\n\nBuilt in Go with [frida-go](https://github.com/frida/frida-go), `idump` takes advantage of modern tooling while staying close to the same core technique — inject a Frida agent, patch `cryptid` in `LC_ENCRYPTION_INFO`, pull the decrypted Mach-O segments, and reassemble a valid IPA.\n\n---\n\n## Installation\n\n### Pre-built binaries\n\nDownload the latest release for your platform from the [Releases](https://github.com/Fi5t/idump/releases) page, then copy the binary to your PATH:\n\n```bash\n# macOS (Apple Silicon)\ncurl -L https://github.com/Fi5t/idump/releases/latest/download/idump-darwin-arm64 -o idump\nchmod +x idump\ncp idump /usr/local/bin/\n```\n\n### Build from source\n\n**Prerequisites:** Go 1.21+, Frida CLI (`pip install frida-tools`), `curl`, `tar`\n\n```bash\ngit clone https://github.com/Fi5t/idump.git\ncd idump\nmake devkit   # downloads frida-core-devkit matching your installed frida version\nmake build    # produces ./idump\ncp idump /usr/local/bin/\n```\n\n---\n\n## Usage\n\n`idump` connects to a USB-attached iOS device via Frida. The device must have `frida-server` running (or use a Frida gadget).\n\n### List installed apps\n\n```bash\nidump -l\n```\n\n### Dump an app (USB mode)\n\nFile contents are transferred through Frida messages directly — no SSH required.\n\n```bash\nidump com.example.App               # by bundle ID\nidump \"My App\"                      # by display name\nidump -o output.ipa com.example.App # custom output filename\n```\n\n### Dump an app (SSH/SFTP mode)\n\nThe Frida agent writes `.fid` files to the device; `idump` then retrieves them over SFTP and assembles the IPA. Useful when USB transfer is slow or unreliable for large apps.\n\n```bash\nidump remote com.example.App                        # defaults: root@localhost:2222, password alpine\nidump remote -H 192.168.1.10 -p 22 com.example.App # custom host/port\nidump remote -K ~/.ssh/id_rsa com.example.App       # SSH key authentication\nidump remote -u mobile -P password com.example.App  # custom credentials\n```\n\n### Dump multiple apps\n\nPass multiple targets at once, or use `--dump-all` to dump every app on the device. Both USB and SSH/SFTP modes support batch dumping.\n\n```bash\n# Dump a specific set of apps\nidump com.example.App1 com.example.App2 com.example.App3\n\n# Dump all installed apps into ./ipa-out/\nidump --dump-all -d ./ipa-out\n\n# Dump all non-Apple apps (skip com.apple.* identifiers)\nidump --dump-all --skip-system -d ./ipa-out\n\n# Dump only apps whose bundle ID contains a substring\nidump --dump-all --filter com.mycompany. -d ./ipa-out\n\n# Same flags work in SSH/SFTP mode\nidump remote com.example.App1 com.example.App2 -d ./ipa-out\nidump remote --dump-all --skip-system -d ./ipa-out\n```\n\nWhen dumping more than one app, `idump` prints a progress prefix (`[1/3] com.example.App`) before each target and a summary table when all are done:\n\n```\n  #  Name              Status    File / Note\n  ────────────────────────────────────────────────────────\n  1  My App            ✓         My App.ipa (42.1 MB)\n  2  Another App       ✓         Another App.ipa (18.7 MB)\n  3  Hardened App      ✗ failed  session detached: process-terminated\n  ────────────────────────────────────────────────────────\n  3 processed · 2 succeeded · 1 failed\n```\n\nFailed apps can be retried individually, optionally with `--dodge` or `--dodge=advanced`.\n\n\u003e **Note:** `--output` / `-o` is for single-app use only and cannot be combined with multiple targets or `--dump-all`. Use `--output-dir` / `-d` to control the destination directory for batch dumps.\n\n### Bypass anti-Frida protection\n\nSome apps detect Frida and crash before the dump script can run. Use spawn-gating to inject a bypass before the app starts:\n\n```bash\n# Basic bypass (hooks libc symbols: ptrace, sysctl, connect, stat, getenv, ...)\nidump --dodge com.example.App\n\n# Advanced bypass for hardened apps that issue raw syscalls, walk environ[],\n# scan VM memory for Frida byte-signatures, and audit libc symbols for hooks.\n# Hooks libsystem_kernel.dylib thunks (__sysctl, __connect, __stat, task_info,\n# thread_info, vm_region_recurse_64) and the libc syscall multiplexer instead.\nidump --dodge=advanced com.example.App\n\n# Custom bypass script — provide your own hooks (.js or .ts)\nidump --early bypass.js com.example.App\nidump --early bypass.ts com.example.App   # compiled on the fly via frida.Compiler\n\n# Same flags work in SSH/SFTP mode\nidump remote --dodge com.example.App\nidump remote --dodge=advanced com.example.App\n```\n\n`--dodge` and `--early` are mutually exclusive.\n\n### Flags\n\n**USB mode (`idump`):**\n\n| Flag | Short | Default | Description |\n|------|-------|---------|-------------|\n| `--list` | `-l` | — | List installed apps |\n| `--output` | `-o` | app display name | Output IPA filename (single-app only; cannot be used with multiple targets or `--dump-all`) |\n| `--output-dir` | `-d` | `.` | Directory to save IPA files (batch-friendly) |\n| `--dump-all` | `-a` | — | Dump all installed apps |\n| `--skip-system` | — | — | Skip `com.apple.*` apps (use with `--dump-all`) |\n| `--filter` | — | — | Include only apps whose bundle ID contains this string (use with `--dump-all`) |\n| `--dodge` | — | — | Basic bypass: hooks libc symbols via spawn-gating |\n| `--dodge=advanced` | — | — | Advanced bypass for hardened apps (raw syscall hooks, environ scrub, VM scan) |\n| `--early` | — | — | Path to custom bypass script (`.js` or `.ts`); mutually exclusive with `--dodge` |\n\n**SSH/SFTP mode (`idump remote`):**\n\n| Flag | Short | Default | Description |\n|------|-------|---------|-------------|\n| `--output` | `-o` | app display name | Output IPA filename (single-app only; cannot be used with multiple targets or `--dump-all`) |\n| `--output-dir` | `-d` | `.` | Directory to save IPA files (batch-friendly) |\n| `--dump-all` | `-a` | — | Dump all installed apps |\n| `--skip-system` | — | — | Skip `com.apple.*` apps (use with `--dump-all`) |\n| `--filter` | — | — | Include only apps whose bundle ID contains this string (use with `--dump-all`) |\n| `--host` | `-H` | `localhost` | SSH hostname |\n| `--port` | `-p` | `2222` | SSH port |\n| `--user` | `-u` | `root` | SSH username |\n| `--password` | `-P` | `alpine` | SSH password |\n| `--key` | `-K` | — | SSH private key file |\n| `--dodge` | — | — | Basic bypass: hooks libc symbols via spawn-gating |\n| `--dodge=advanced` | — | — | Advanced bypass for hardened apps (raw syscall hooks, environ scrub, VM scan) |\n| `--early` | — | — | Path to custom bypass script (`.js` or `.ts`); mutually exclusive with `--dodge` |\n\n---\n\n## Troubleshooting\n\n### App crashes immediately when dumping\n\n**Root cause:** Some apps crash when Frida spawns the process. Frida's default spawn-gating holds the process suspended while injecting the agent, and certain apps (or their runtime initialisation) do not survive this sequence — even before any app code has run.\n\n**Solution:** Launch the app manually from the device UI, then run `idump` while it is in the foreground. `idump` checks whether the target is already running; if so, it skips the spawn and attaches directly to the live process:\n\n```bash\n# 1. Open the app on the device\n# 2. Keep it in the foreground\nidump com.example.App\n```\n\n\u003e **Tip:** If `--dodge` or `--dodge=advanced` is also set and the app is already running, the bypass script is still injected — but as a live injection rather than at spawn, so detection hooks that fired before attachment will not be neutralised.\n\n### Attach hangs or times out when the app is in the background\n\n**Root cause:** iOS suspends backgrounded processes. Frida cannot attach to a suspended process and will block indefinitely.\n\n**Solution:** Bring the app to the foreground before running `idump`. If the app is backgrounded, `idump` will time out after 10 seconds and print:\n\n```\n✗  attach timed out — app may be in the background; bring it to the foreground and retry\n```\n\n---\n\n## Development\n\n### Prerequisites\n\n- Go 1.21+\n- Frida CLI (`pip install frida-tools`) — the devkit version is pinned to match it\n- `curl`, `tar` (for downloading the devkit)\n\n### 1. Get frida-go\n\n`frida-go` uses CGO to wrap Frida's C library. Add it to the module:\n\n```bash\ngo get github.com/frida/frida-go/frida@latest\n```\n\n### 2. Download the Frida Core devkit\n\nThe build requires `libfrida-core.a` and `frida-core.h`. The script auto-detects the Frida version from the system `frida` binary:\n\n```bash\nmake devkit\n```\n\nTo pin a specific version instead:\n\n```bash\nmake devkit FRIDA_VERSION=17.x.y\n```\n\nThis downloads and extracts the devkit to `build/frida-devkit/`.\n\n### 3. Build\n\n```bash\nmake build   # produces ./idump\n```\n\n### 4. Test\n\n```bash\nmake test    # go test ./...\n```\n\n### Updating the Frida agents\n\nThe TypeScript agents are pre-compiled and embedded directly into the binary. When you edit `agent/dump.ts`, `agent/bypass.ts`, or `agent/bypass_advanced.ts`, recompile and commit:\n\n```bash\nmake generate-ts                                                              # requires devkit (step 2)\ngit add internal/dump.js internal/bypass.js internal/bypass_advanced.js\ngit commit\n```\n\nTo compile a single agent manually:\n\n```bash\ngo run tools/compilets/main.go agent/bypass.ts internal/bypass.js\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffi5t%2Fidump","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffi5t%2Fidump","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffi5t%2Fidump/lists"}