search

BishopFox / bfinject

Dylib injection for iOS 11.0 - 11.1.2 with LiberiOS and Electra jailbreaks
Apache License 2.0
620 stars 151 forks source link

Decrypt without launching app #28

Open subdiox opened 6 years ago

subdiox commented 6 years ago

Issue

bfinject needs the app to be launched successfully, because it searches process name using ps. Some applications I want to decrypt doesn't launch in jailbroken environment, so I need to decrypt them without launching it (or before launching process finishes).

Suggestion

Is it impossible to decrypt AppStore apps without launching it? The decrypting program called Clutch could do it (even though it doesn't seem to support iOS11).

Example

I could not test/decrypt/cycript com.aniplex.kirarafantasia app on AppStore [Link]. It has a jailbreak detection function when launching, and it kills itself quickly and bfinject cannot detect the app. Please refer to the following log:

root# bash bfinject -P com.aniplex.kirarafantasia -L test
[!] "com.aniplex.kirarafantasia" was not uniquely found, please check your criteria.
CokePokes commented 6 years ago

You could try running "killall -SIGSTOP APPNAME" when app is launched and run bfinject. Not sure if it works though. Be quick or else watchdog will kill the app if not done quickly enough. Worth a shot.