bagbak

Yet another frida based App decryptor. Requires jailbroken iOS device and frida.re

Only tested on iOS 14 (unc0ver) and iOS 16 (checkm8). Help wanted: Dopamine seems to have issues on process spawn but I don't have such device to debug.

demo

The name of this project doesn't have any meaning. I was just listening to that song while typing.

FAQ

Prerequisites

On device

With Cydia:

frida.re

Rootless:

If your are using rootless jailbreak, another project of mine fruity-frida might help. Use the run-frida-server to automatically download, deploy and run frida-server on your device.

On desktop

node.js. If you have issues on npm install, your node.js might be either too new or too old. Try to use nvm to install a compatible version or download the correct installer.
zip or 7z command is needed to create zip archive. On most of the distros, you don't need to install them manually.

Windows Compatibility

Filesystem of iOS differs from Windows. If you are running bagbak on Windows, some of the file attributes (e.g., executable bit) will be lost, thus the repacked ipa may not be able to reinstall on your phone. But it does not matter if you only indend to do static analysis.

Install

npm install -g bagbak

Usage

bagbak [bundle id or name]

Options:
  -l, --list             list apps
  -U, --usb              connect to USB device (default)
  -R, --remote           connect to remote frida-server
  -D, --device <uuid>    connect to device with the given ID
  -H, --host <host>      connect to remote frida-server on HOST
  -f, --force            override existing files
  -d, --debug            enable debug output
  -r, --raw              dump raw app bundle to directory (no ipa)
  -o, --output <output>  ipa filename or directory to dump to
  -h, --help             display help for command

Environments variables:

DEBUG=1 enable debug output for troubleshooting
DEBUG_SCP=1 debug SCP protocol
SSH_USERNAME username for iPhone SSH, default to root
SSH_PASSWORD password for iPhone SSH, default to alpine
SSH_PORT port for iPhone SSH. If not given, bagbak will scan port 22 (OpenSSH) and port 44 (Dropbear)

Example:

bagbak -l to list all apps
bagbak --raw Chrome to dump the app to current directory
bagbak com.google.chrome.ios to dump app to com.google.chrome.ios-[version].ipa

国内用户 frida 安装失败问题

使用国内镜像加速安装

想看更多中文技术分享？欢迎关注我的公众号

ChiChou / bagbak

readme