Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/NyaMisty/fouldecrypt
A lightweight and simpling iOS binary decryptor
https://github.com/NyaMisty/fouldecrypt
Last synced: 28 days ago
JSON representation
A lightweight and simpling iOS binary decryptor
- Host: GitHub
- URL: https://github.com/NyaMisty/fouldecrypt
- Owner: NyaMisty
- Created: 2021-05-11T07:32:07.000Z (over 3 years ago)
- Default Branch: master
- Last Pushed: 2024-01-29T10:20:52.000Z (11 months ago)
- Last Synced: 2024-08-04T01:15:59.559Z (4 months ago)
- Language: Objective-C
- Size: 2.04 MB
- Stars: 274
- Watchers: 13
- Forks: 41
- Open Issues: 7
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-ios-security - FoulDecrypt - A lightweight and simpling iOS binary decryptor, supports iOS 13.5 and later. (Tweaks / Reverse Engineering Tweaks)
- awesome-hacking-lists - NyaMisty/fouldecrypt - A lightweight and simpling iOS binary decryptor (Objective-C)
README
# FoulDecrypt
It's also available in my Cydia repo: http://repo.misty.moe. FoulDecrypt supports iOS 13.5 and later, and has been tested on iOS 14.2, 14.3 and 13.5 (both arm64 and arm64e).
Note: for unsupported versions, it has chances to panic the device, beware ;)
## Why FoulDecrypt
### 1. Fully static
Thanks to FlexDecrypt and FoulPlay we know there's a mremap_encrypted syscall, although AAPL already released full source code for this syscall now.
However, neither of them can actually get mremap_encrypted to work. That's because mremap_encrypted cannot accept non-aligned address, making it useless for most iOS 14 apps.
I managed to fix with kernel read/writing, so now we can achieve clutch's armv7+arm64 multi-arch decryption again in 2021!
### 2. Simplicity
FlexDecrypt's source code is pretty FAT, bundling the whole swift runtime to just achieve a simple mremap_encrypted.
And at the same time, foulplay independently found the same approach, and implemented it in a much more simple way.
I recompiled the foulplay for iOS, and a wrapper `flexdecrypt2` for flexdecrypt.
## How to use
Install the correct version:
- `fouldecrypt-TFP0` for < iOS 14
- `fouldecrypt-LIBKRW` if you are running Unc0ver
- `fouldecrypt-LIBKERNRW` if you are running TaurineRun `fouldecrypt` on an encrypted binary.
## About `foulwrapper`
`foulwrapper` will find all Mach-Os in a specific application and decrypt them using `fouldecrypt`:
`usage: foulwrapper (application name or bundle identifier)`
## Credits
@meme: foulplay
@JohnCoates: flexdecrypt