Tutorial How to Crack Apps on iOS 11

Kyle2100 · March 30, 2018

Required Items.

Jailbroken iDevice on iOS <=11.1.2
An sftp or on device file manager (Cyber Duck, FilzaJailed, Winscp, etc.)
Terminal Client
The latest version of bfinject: https://github.com/S...aga/sacmunCrack
To just sign apps use signer.sh - signer.sh

Instructions

[hide]1. If you are on Electra, reboot your device and re-jailbrake with the "Tweaks" option turned OFF. For LiberiOS, just run the jailbreak.

Once jailbroken, create a new folder somewhere on your device called "bfinject" using one of the previously mentioned sftp or file managers. (I made my folder in /var/mobile/Documents/bfinject). You can do this with CyberDuck, or if you're using terminal, in your location type
```
mkdir bfinject
```
Download and move the bfinject.tar into the bfinject folder, wherever it is located on your iDevice.
Using a Terminal client, ssh into your iDevice with
```
ssh root@ipaddress
```
and log in with your password. alpine is the default password to log in, unless you have changed it which is highly recommended.
cd into the bfinject folder. For me that command will be
```
cd /var/mobile/Documents/bfinject
```
Run
```
tar xvf bfinject.tar
```
to unpack the contents
Now your bfinject folder should look like this, and if it is then you are ready for action.
Run the app that you want to crack, I will be using Reddit as an example

Once your app is up an running, run

bash bfinject -P app.app -l dylibs/bfdecrypt.dylib

The app should start being cracked now. First you will see a floating UIView with "Decrypted" printed, followed by this screen.
Now you have two options. You can set up a server by pressing "Yes" or you can do it another way. I have tried using the netcat server way but it didn't work for me, so I will show you an alternative way. Run the command (Still on your iDevice)
```
find /var/mobile/Containers/Data/Application/ -name decrypted-app.ipa
```
As shown below, you will be presented the file location of the decrypted .ipa, and you can then transfer it from you iDevice on to your Mac/PC into your .ipa stash in preparation for Appsync to finally be published . Make sure to delete the decrypted-app.ipa on your iDevice so that if you crack new apps you won't be confused by different cracked apps.
[\hide]

pipyakas · March 31, 2018

iPad:/var/mobile/Documents/bfinject root# bash bfinject -P cytus2.app -l dylibs/bfdecrypt.dylib
[+] Electra detected.
[+] Injecting into '/var/containers/Bundle/Application/F46B2456-2283-4CB9-89D0-08E6274A750D/cytus2.app/cytus2'
[+] Getting Team ID from target application...
[+] WARNING: No Team ID found. Continuing regardless, but expect weird stuff to happen.
[+] Thinning dylib into non-fat arm64 image
[+] Signing injectable .dylib with Team ID  and platform entitlements...
[bfinject4realz] Calling task_for_pid() for PID 363.
[bfinject4realz] Calling thread_create() on PID 363
[bfinject4realz] Looking for ROP gadget... found at 0x181ff34e0
[bfinject4realz] Fake stack frame at 0x12e0b4000
[bfinject4realz] Calling _pthread_set_self() at 0x182233804...
[bfinject4realz] Returned from '_pthread_set_self'
[bfinject4realz] Calling dlopen() at 0x181ff3460...
[bfinject4realz] Returned from 'dlopen'
[bfinject4realz] ERROR: dlopen() failed to load the dylib.returned 0x0 (FAILURE)
[bfinject4realz] Calling dlerror() at 0x181ff32b0...
[bfinject4realz] Returned from 'dlerror'
9aee09f87eef7ea1ab6773cefa139390  -(483,0x1b2c0db80) malloc: *** mach_vm_map(size=6161072128) failed (error code=3)
*** error: can't allocate region
*** set a breakpoint in malloc_error_break to debug
[bfinject4realz] dlerror() returned: (null)
[*] Signing the executable with ldid
cp: missing destination file operand after '/var/mobile/Documents/Cracked/'
Try 'cp --help' for more information.
rm: missing operand
Try 'rm --help' for more information.
Attempting to unzip .ipa
unzip:  cannot find or open decrypted-app.ipa, decrypted-app.ipa.zip or decrypted-app.ipa.ZIP.
bfinject: line 127: cd: Payload: No such file or directory
Finna sign
bfinject: line 132: ldid: command not found
        zip warning: name not matched: Payload

zip error: Nothing to do! (try: zip -r .ipa . -i Payload)
rm: cannot remove 'Payload': No such file or directory
[*]Generated signed .ipa in /var/mobile/.ipa
rm: cannot remove 'decrypted-app.ipa': No such file or directory
[*] Signing completed successfully
[+] So long and thanks for all the fish.
iPad:/var/mobile/Documents/bfinject root#

I tried using on cytus 2 and get this error