search

AloneMonkey / frida-ios-dump

pull decrypted ipa from jailbreak device
MIT License
3.43k stars 627 forks source link

Unable to run script on non-jailbroken device. #191

Open Kai2k opened 1 month ago

Kai2k commented 1 month ago

Hello.

I am trying to use this script on a non-jailbroken device, with a debuggable app (one built via Xcode). I've installed Frida-tools using the instruction found here. https://frida.re

I am able to run basic Frida commands successfully on my usb connected device. An example command is frida-ps -Uai.

After installing Gadget, I am also able to run a trace command on my running app such as: frida-trace -U <My app name> -i "*URL*".

So far however I've not been able to run the frida-dump script. I use a command like this: python3 ./dump.py 'My app name'. I receive an error:

Unable to connect to port 2222 on 127.0.0.1 or ::1

Looking at your docs, I think the issue is running ssh forwarding over USB - Run usbmuxd/iproxy SSH forwarding over USB (Default 2222 -> 22). e.g. iproxy 2222 22.

I try this command: iproxy 2222 22

I get - 

Creating listening port 2222 for device port 22
waiting for connection

I Googled it and stumbled upon this article - https://infosecwriteups.com/unlocking-potential-exploring-frida-objection-on-non-jailbroken-devices-without-application-ed0367a84f07

On this basis I installed the libimobiledevice library. I was successfully able to run the command idevicepair pair (after accepting the trust prompt on the device). This made no difference.

I ensure I have Xcode running and the device showing as connected in the devices and simulators panel.

The device is a non-jailbroken iPhone 12 running iOS 17. I have Xcode 15.0.1.

Can you please advise where I might be going wrong?

Thanks in advance.

Kai2k commented 1 month ago

I've done a little more research into this and I am starting to believe it may not be possible to run this script on a non-jailbroken device. The issue as mentioned earlier seems to be connecting to the device via USB over SSH. It seems on a jailbroken device, one would install openSSH or similar which I understand to be a package containing a server, which will respond to commands such as iproxy 2222 22 Packages such as openSSH can generally not be installed on an iOS device, unless it is jailbroken. I have read it is possible to run frida-ios-dump on a non jailbroken device in articles such as this one. If anyone can shed some light on this, I'd be very grateful.