Decompile and Re-compile iOS app (.ipa file)

Question

As a part of college project, I have to showcase how I can get ios app from jailbroken devices and reverse-engineer it. In the first part of slide, I am showing how we can get the IPA file from jailbroken device, also can decrypt the iOS app (either through clutch2 or ipainstaller). I am showing how attacker can use class-dump-z and enumerate classnames and method names.

I am also trying to add a scenario, where I not only get the decrypted app from jailbroken iPhone but also can change few things in it. I am trying to change parameters in Info.plist file.

Below are the steps I performed:

Unzip the decrypted iOS app (.ipa file) into directory named unzipped_app

Go to Payload -> Appname.app -> Info.plist

Change app name

Question: Now, how do I recompile the unzipped_app directory back to .ipa file?

I came across this question Disassemble, edit and re-assembly iOS ipa apps but this is not providing solution to my question.

IPA files are simply renamed ZIP files. So what you call "recompiling" is just zipping the data. For the correct directory structure just see the original IPA file (can be downloaded using old iTunes versions). — Robert, Feb 13 '23 at 16:51
That worked like charm. Had to do some tweaks but thank you so much for this pointer. :) :) — node_analyser, Feb 14 '23 at 10:30
May be you should create an answer and describe the "teaks" you had to apply? — Robert, Feb 14 '23 at 11:04

score 1 · Accepted Answer · answered Feb 15 '23 at 14:04

With the help of Robert's comment, I explored that path and found a solution.

IPA file is basically a form of ZIP file and likewise we can unzip it easily.

macbook$:> unzip -d unzipped-dir appname.ipa

This will give us directory format as

unzipped-dir/Payload/appname.app/Info.plist [and other contents of ipa file along with app binary]

Once appropriate modifications are done in Info.plist, we can save the Info.plist file.

Now, transfer the Payload directory from macbook to jailbroken ios device.

macbook:$> scp -r Payload/ root@<iphone-ip>:/var/root

-- On Jailbroken Device --

Install AppSync from Cydia (add source-> http://cydia.akemi.ai).
Install Filza (should be available directly in Cydia search)

Open Filza app and go to /var/root. This is the location where we sent Payload directory via scp.

Long press Payload directory and click "Create ZIP" --> This will create Payload.zip

Long press the newly created ZIP file Payload.zip and rename it to new-app.ipa (or whatever you want to name it, but make sure to keep the extension as .ipa and not .zip anymore) --> This will create new-app.ipa in same directory ie /var/root/

Click on new-app.ipa and click on "Install" on top right corner.

Done. This will install the new ipa file.

Self signing or any other type of signing is not required as (up to my limited knowledge) AppSync disables the code signing checks on jailbroken device.

Writing self answer hoping that someone might get help from this. Thank you.

For installing an IPA I prefer ideviceinstaller from libimobiledevice tools. — Robert, Feb 18 '23 at 11:52

Decompile and Re-compile iOS app (.ipa file)

1 Answers1