Open irworks opened 2 years ago
CC: https://github.com/LinusHenze/Fugu14/issues/200 Place the files in libFugu14Krw.zip according to the path.
Thank you for your help! This resolved the libFugu14Krw.dylib
loading issue, unfortunately the mremap_encrypted: Operation not permitted
persists and the binary remains encrypted.
Thank you for your help! This resolved the
libFugu14Krw.dylib
loading issue, unfortunately themremap_encrypted: Operation not permitted
persists and the binary remains encrypted.
This is how you fix it:
first, run the path of the app’s binary path alone in terminal (you’re gonna get a Trace: BPT Trap
error, which is expected), then run fouldecrypt normally on the binary, it should decrypt it after that because you’ve forced the app to map itself by executing it directly.
so rehash, say I want to decrypt Discord:
$ /var/containers/Bundle/Application/5C4DC9B2-9056-4717-935E-71CB3C74E9DC/Discord.app/Discord
it should return Abort Trap: 6
or whatever. Then run:
$ fouldecrypt /var/containers/Bundle/Application/5C4DC9B2-9056-4717-935E-71CB3C74E9DC/Discord.app/Discord
Unless it’s a special case, the app should decrypt fine now, this also works on plugins.
Hi @dlevi309 , how about the dylib decryption? dylib can't be executed and if I directly run fouldecrypt, I will get mremap_encrypted: Operation not permitted
again.
Hi @dlevi309 , how about the dylib decryption? dylib can't be executed and if I directly run fouldecrypt, I will get
mremap_encrypted: Operation not permitted
again.
I’ve run into this too. The issue is that on iOS 14, an execute bit set is needed to decrypt dylib / frameworks, this is my own goofy solution:
Let’s pretend that the path of the dylib you’re trying to decrypt is Argo.app/Frameworks/Something.framework/Something
chmod +x
on Argo.app/Frameworks/Something.framework/Something
Argo.app/Frameworks/Something.framework/Something
from the command line (this will obviously fail with a message like abort trap
, but it’s enough to load the dylib into memory)decrypt Argo.app/Frameworks/Something.framework/Something
This isn’t a sure fire for everything, but I’ve noticed that it works most of the time
@dlevi309 thanks for the reply.
in step 2, I still got cannot execute binary file: Exec format error
, seems step 1 didn't work for me.
iPhone-7:~/workspace root# chmod +x ./tmp/Payload/xxx.app/Frameworks/yyy.framework/yyy
iPhone-7:~/workspace root# ./tmp/Payload/xxx.app/Frameworks/yyy.framework/yyy
-sh: ./tmp/Payload/xxx.app/Frameworks/yyy.framework/yyy: cannot execute binary file: Exec format error
@0x5e no prob, and the app can’t be in a ./tmp environment, chmod +x
has to be performed on the original binary within the installed app’s bundle directory. Although, even after doing all the steps correctly, you may still get that cannot execute binary file: Exec format error
, and that’s usually an indication that it won’t work on that particular binary. Framework / dylibs sometime definitely work, but can also fail. If you wanna test an example of this that works almost 100% of the time, you can run the steps on app plugins that fail to decrypt (because they may be built for a newer iOS version, etc.)
@dlevi309 I just unzip the ipa to somewhere else, but I keep the app bundle structure, did you mean the app has to be installed to /var/containers/Bundle/Application/xxxxxxxxxxx
by some tools before decrypt the dynamic frameworks?
And I miss the step3 log before, after Exec format error
, I still got mremap_encrypted: Operation not permitted
. So maybe the binary I tested didn't work for this solution?
@dlevi309 omg i love you ty, and ty nyamisty
Hi there! While trying out fouldecrypt on iOS 14.5 using the AltStore -> Fugu14 -> unc0ver Jailbreak on an iPhone XR I wasn't able to get fouldecrypt running successfully. Here's the log output of one attempt:
Especially the part mentioning mentioning
/usr/lib/libkrw/libFugu14Krw.dylib
gave me the impression, that the issue may be related to the specific Fugu14 exploit method?