Jump to content
Community Announcements, Giveaways & More!

How to Crack Apps on iOS 11

Kyle2100

By Kyle2100
Updated in Tutorials

8 posts in this topic

Recommended Posts

Kyle2100 Newbie

Kyle2100 2.2k
  •   iPhone 13 Pro Max 
  •   16.0
  • Donor
  •  

    • Updated
    Updated

    Required Items.

    • Jailbroken iDevice on iOS <=11.1.2
    • An sftp or on device file manager (Cyber Duck, FilzaJailed, Winscp, etc.)
    • Terminal Client
    • The latest version of bfinject: https://github.com/S...aga/sacmunCrack
    • To just sign apps use signer.sh - signer.sh

    Instructions

    [hide]1. If you are on Electra, reboot your device and re-jailbrake with the "Tweaks" option turned OFF. For LiberiOS, just run the jailbreak.IMG_0381.png

    1. Once jailbroken, create a new folder somewhere on your device called "bfinject" using one of the previously mentioned sftp or file managers. (I made my folder in /var/mobile/Documents/bfinject). You can do this with CyberDuck, or if you're using terminal, in your location type  
      mkdir bfinject
    2. Screen_Shot_2018_01_30_at_1_29_07_PM.png
    3. Download and move the bfinject.tar into the bfinject folder, wherever it is located on your iDevice.
    4. Screen_Shot_2018_01_30_at_1_30_25_PM.png                                                                  
    5. Using a Terminal client, ssh into your iDevice with 
      ssh root@ipaddress
       and log in with your password. alpine is the default password to log in, unless you have changed it which is highly recommended.
    6. cd into the bfinject folder. For me that command will be 
      cd /var/mobile/Documents/bfinject
    7. Run  
      tar xvf bfinject.tar

      to unpack the contents

    8.  Screen_Shot_2018_01_30_at_1_35_02_PM.png

    9. Now your bfinject folder should look like this, and if it is then you are ready for action.                                                                                                

    10. Screen_Shot_2018_01_30_at_8_38_41_PM.png

    11. Run the app that you want to crack, I will be using Reddit as an example

    12. Once your app is up an running, run 

      bash bfinject -P app.app -l dylibs/bfdecrypt.dylib 

      Screen_Shot_2018_01_30_at_9_13_58_PM.png

    13. The app should start being cracked now. First you will see a floating UIView with "Decrypted" printed, followed by this screen.IMG_0382.png

    14. Now you have two options. You can set up a server by pressing "Yes" or you can do it another way. I have tried using the netcat server way but it didn't work for me, so I will show you an alternative way. Run the command (Still on your iDevice) 

      find /var/mobile/Containers/Data/Application/ -name decrypted-app.ipa

      Screen_Shot_2018_01_30_at_8_59_26_PM.png

    15. As shown below, you will be presented the file location of the decrypted .ipa, and you can then transfer it from you iDevice on to your Mac/PC into your .ipa stash in preparation for Appsync to finally be published :). Make sure to delete the decrypted-app.ipa on your iDevice so that if you crack new apps you won't be confused by different cracked apps.

    16. Screen_Shot_2018_01_30_at_9_27_31_PM.png[\hide]

    pipyakas Newbie

    pipyakas 0
  •   5 

    • Posted
    Posted 
    iPad:/var/mobile/Documents/bfinject root# bash bfinject -P cytus2.app -l dylibs/bfdecrypt.dylib
[+] Electra detected.
[+] Injecting into '/var/containers/Bundle/Application/F46B2456-2283-4CB9-89D0-08E6274A750D/cytus2.app/cytus2'
[+] Getting Team ID from target application...
[+] WARNING: No Team ID found. Continuing regardless, but expect weird stuff to happen.
[+] Thinning dylib into non-fat arm64 image
[+] Signing injectable .dylib with Team ID  and platform entitlements...
[bfinject4realz] Calling task_for_pid() for PID 363.
[bfinject4realz] Calling thread_create() on PID 363
[bfinject4realz] Looking for ROP gadget... found at 0x181ff34e0
[bfinject4realz] Fake stack frame at 0x12e0b4000
[bfinject4realz] Calling _pthread_set_self() at 0x182233804...
[bfinject4realz] Returned from '_pthread_set_self'
[bfinject4realz] Calling dlopen() at 0x181ff3460...
[bfinject4realz] Returned from 'dlopen'
[bfinject4realz] ERROR: dlopen() failed to load the dylib.returned 0x0 (FAILURE)
[bfinject4realz] Calling dlerror() at 0x181ff32b0...
[bfinject4realz] Returned from 'dlerror'
9aee09f87eef7ea1ab6773cefa139390  -(483,0x1b2c0db80) malloc: *** mach_vm_map(size=6161072128) failed (error code=3)
*** error: can't allocate region
*** set a breakpoint in malloc_error_break to debug
[bfinject4realz] dlerror() returned: (null)
[*] Signing the executable with ldid
cp: missing destination file operand after '/var/mobile/Documents/Cracked/'
Try 'cp --help' for more information.
rm: missing operand
Try 'rm --help' for more information.
Attempting to unzip .ipa
unzip:  cannot find or open decrypted-app.ipa, decrypted-app.ipa.zip or decrypted-app.ipa.ZIP.
bfinject: line 127: cd: Payload: No such file or directory
Finna sign
bfinject: line 132: ldid: command not found
        zip warning: name not matched: Payload

zip error: Nothing to do! (try: zip -r .ipa . -i Payload)
rm: cannot remove 'Payload': No such file or directory
[*]Generated signed .ipa in /var/mobile/.ipa
rm: cannot remove 'decrypted-app.ipa': No such file or directory
[*] Signing completed successfully
[+] So long and thanks for all the fish.
iPad:/var/mobile/Documents/bfinject root#

    I tried using on cytus 2 and get this error
     

    Archived

    This topic is now archived and is closed to further replies.

    Go to topic listing
    ×
    ×
    • Create New...

    Important Information

    We would like to place cookies on your device to help make this website better. The website cannot give you the best user experience without cookies. You can accept or decline our cookies. You may also adjust your cookie settings. Privacy Policy - Guidelines