Patching iOS app fail -

[exrme18]

Hello, I am trying to patch an IPA file downloaded from the iOS device (OS: 11.4.1). I have downloaded the Twitter IPA using iMAZING utility. Device is not a jailbreak version whereas while doing the same methodology on DVIA app I am getting no error.

objection patchipa --source "twitterios.ipa" --codesign-signature 267149B1235 Using latest Github gadget version: 12.2.14 Patcher will be using Gadget version: 12.2.14 No provision file specified, searching for one... Found provision file /Users/manish/Library/Developer/Xcode/DerivedData/pintest-hgqbgbpqjzjutvaabjtnfuuxugvu/Build/Products/Debug-iphoneos/pintest.app/embedded.mobileprovision expiring in 20:06:46.469745 Found provision file /Users/manish/Library/Developer/Xcode/DerivedData/pinObjC-bdwwrhsignwnltgxuvuklssdeunu/Build/Products/Debug-iphoneos/pinObjC.app/embedded.mobileprovision expiring in 1 day, 20:59:06.469745 Found provision file /Users/manish/Library/Developer/Xcode/DerivedData/pin-bwqcwshkifxogufwqfucronjcpml/Build/Products/Debug-iphoneos/pin.app/embedded.mobileprovision expiring in 17:33:26.469745 Found provision file /Users/manish/Library/Developer/Xcode/DerivedData/Test-evudrrcqfilsmpgwauaoczyqspzv/Build/Products/Debug-iphoneos/Test.app/embedded.mobileprovision expiring in 3:38:19.469745 Found a valid provisioning profile Working with app: Twitter.app Bundle identifier is: com.atebits.Tweetie2 Codesigning 25 .dylib's with signature XXXXXXXXXXXXXXXXXXXX Code signing: libswiftMapKit.dylib Code signing: libswiftPhotos.dylib Code signing: libswiftCoreImage.dylib Code signing: libswiftObjectiveC.dylib Code signing: libswiftCore.dylib Code signing: libswiftCoreGraphics.dylib Code signing: libswiftUIKit.dylib Code signing: libswiftMetal.dylib Code signing: libswiftCoreData.dylib Code signing: libswiftDispatch.dylib Code signing: libswiftos.dylib Code signing: libswiftCoreFoundation.dylib Code signing: FridaGadget.dylib Code signing: libswiftDarwin.dylib Code signing: libswiftContacts.dylib Code signing: libswiftQuartzCore.dylib Code signing: libswiftIntents.dylib Code signing: libswiftCoreAudio.dylib Code signing: libswiftAVFoundation.dylib Code signing: libswiftModelIO.dylib Code signing: libswiftFoundation.dylib Code signing: libswiftCoreMedia.dylib Code signing: libswiftCoreLocation.dylib Code signing: libswiftGLKit.dylib Code signing: libswiftsimd.dylib Creating new archive with patched contents... Codesigning patched IPA... { Error: not found: 7z at getNotFoundError (/usr/local/lib/node_modules/applesign/node_modules/which/which.js:13:12) at F (/usr/local/lib/node_modules/applesign/node_modules/which/which.js:68:19) at E (/usr/local/lib/node_modules/applesign/node_modules/which/which.js:80:29) at /usr/local/lib/node_modules/applesign/node_modules/which/which.js:89:16 at /usr/local/lib/node_modules/applesign/node_modules/isexe/index.js:42:5 at /usr/local/lib/node_modules/applesign/node_modules/isexe/mode.js:8:5 at FSReqWrap.oncomplete (fs.js:152:21) code: 'ENOENT' } Error: This IPA is encrypted at ApplesignSession.signAppDirectory (/usr/local/lib/node_modules/applesign/session.js:228:21) at unzip (/usr/local/lib/node_modules/applesign/session.js:175:12) at tools.unzip (/usr/local/lib/node_modules/applesign/session.js:877:11) at ChildProcess.child.on.code (/usr/local/lib/node_modules/applesign/tools.js:45:5) at ChildProcess.emit (events.js:182:13) at maybeClose (internal/child_process.js:961:16) at Socket.stream.socket.on (internal/child_process.js:380:11) at Socket.emit (events.js:182:13) at Pipe._handle.close (net.js:599:12) undefined

Copying final ipa from /var/folders/35/zwx7zqd15ls0hl28nl11r2f40000gn/T/twitterios-frida-codesigned.ipa to current directory... Traceback (most recent call last): File "/usr/local/bin/objection", line 11, in sys.exit(cli()) File "/usr/local/lib/python3.7/site-packages/click/core.py", line 764, in call return self.main(args, kwargs) File "/usr/local/lib/python3.7/site-packages/click/core.py", line 717, in main rv = self.invoke(ctx) File "/usr/local/lib/python3.7/site-packages/click/core.py", line 1137, in invoke return _process_result(sub_ctx.command.invoke(sub_ctx)) File "/usr/local/lib/python3.7/site-packages/click/core.py", line 956, in invoke return ctx.invoke(self.callback, ctx.params) File "/usr/local/lib/python3.7/site-packages/click/core.py", line 555, in invoke return callback(args, kwargs) File "/usr/local/lib/python3.7/site-packages/objection/console/cli.py", line 210, in patchipa patch_ios_ipa(locals()) File "/usr/local/lib/python3.7/site-packages/objection/commands/mobile_packages.py", line 75, in patch_ios_ipa os.path.join(os.path.abspath('.'), os.path.basename(patcher.get_patched_ipa_path()))) File "/usr/local/Cellar/python/3.7.0/Frameworks/Python.framework/Versions/3.7/lib/python3.7/shutil.py", line 120, in copyfile with open(src, 'rb') as fsrc: FileNotFoundError: [Errno 2] No such file or directory: '/var/folders/35/zwx7zqd15ls0hl28nl11r2f40000gn/T/twitterios-frida-codesigned.ipa' Cleaning up temp files... Failed to cleanup with error: [Errno 2] No such file or directory: '/var/folders/35/zwx7zqd15ls0hl28nl11r2f40000gn/T/twitterios-frida-codesigned.ipa' '

Can you please let me know what is causing an error?

Thanks

[R3zk0n]

I believe this due to the IPA being encrypted. This error message confirms it.

at FSReqWrap.oncomplete (fs.js:152:21) code: 'ENOENT' } Error: This IPA is encrypted

iOS Applications (the mach-o binary's) are encrypted and need to be decrypted by a tool like Clutch or such. This is so Frida can be injected into the application.

DVIA application is not encrypted. This why it works.

[exrme18]

@R3zk0n Thanks for pointing out the error. Since I do not have a Jailbreak iOS device. Is there a way to decrypt an iOS app on Macbook because whatever the resources I have found is explaining the steps on Jailbreak device. Any hint you can suggest.

Thanks

[leonjza]

Unfortunately only jailbroken devices can decrypt applications. It is possible to source other, possibly malicious versions from the internet, but keep in mind that these most probably have malware in them and should be used wit caution.

Normally, other than apps that are already in the app store, you would ask a developer for a build before they submit to the store where they get DRM applied.