Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/NyaMisty/fouldecrypt

A lightweight and simpling iOS binary decryptor
https://github.com/NyaMisty/fouldecrypt

Last synced: 28 days ago
JSON representation

A lightweight and simpling iOS binary decryptor

Awesome Lists containing this project

README

        

# FoulDecrypt

It's also available in my Cydia repo: http://repo.misty.moe. FoulDecrypt supports iOS 13.5 and later, and has been tested on iOS 14.2, 14.3 and 13.5 (both arm64 and arm64e).

Note: for unsupported versions, it has chances to panic the device, beware ;)

## Why FoulDecrypt

### 1. Fully static

Thanks to FlexDecrypt and FoulPlay we know there's a mremap_encrypted syscall, although AAPL already released full source code for this syscall now.

However, neither of them can actually get mremap_encrypted to work. That's because mremap_encrypted cannot accept non-aligned address, making it useless for most iOS 14 apps.

I managed to fix with kernel read/writing, so now we can achieve clutch's armv7+arm64 multi-arch decryption again in 2021!

### 2. Simplicity

FlexDecrypt's source code is pretty FAT, bundling the whole swift runtime to just achieve a simple mremap_encrypted.

And at the same time, foulplay independently found the same approach, and implemented it in a much more simple way.

I recompiled the foulplay for iOS, and a wrapper `flexdecrypt2` for flexdecrypt.

## How to use

Install the correct version:
- `fouldecrypt-TFP0` for < iOS 14
- `fouldecrypt-LIBKRW` if you are running Unc0ver
- `fouldecrypt-LIBKERNRW` if you are running Taurine

Run `fouldecrypt` on an encrypted binary.

## About `foulwrapper`

`foulwrapper` will find all Mach-Os in a specific application and decrypt them using `fouldecrypt`:

`usage: foulwrapper (application name or bundle identifier)`

## Credits
@meme: foulplay
@JohnCoates: flexdecrypt