johncoates / flexdecrypt Goto Github PK

Hello! Is it possible to use it on M1 Mac? It will be much easier to do it right on Mac

Provisioning profile "123" doesn't include the com.apple.diagnosticd.diagnostic,
com.apple.frontboard.debugapplications,
com.apple.multitasking.termination,
com.apple.private.cs.debugger,
com.apple.private.security.no-sandbox,
com.apple.private.skip-library-validation,
com.apple.springboard.launchapplications,
dynamic-codesigning,
platform-application,
and task_for_pid-allow entitlements and doesn't match the entitlements file's values for the com.apple.developer.team-identifier and application-identifier entitlements.

What exactly can OR should be done with the Flexdecrypt binary in releases? Do help. Thanks.

Hi，I have tried several Apps(>10)，and found about half of them succeeded and half of them stuck at
decryptedData.append(pointer, count: fileSize).

Terminal output is

Mapped __TEXT to 13b26c000 - bytes: 6704000
Mapped __DATA to 141970000 - bytes: 1840000
Mapped __RODATA to 14326c000 - bytes: fd0000
Mapped __LINKEDIT to 14423c000 - bytes: b98f10
Allowing invalid codesigned memory
Remapping __TEXT to encrypted backing
Reading decrypted file
Bytes: 9aacf10
Reading 6704000 bytes at 13b26c000

And stuck at this.

When trying to decrypt app receive the following error:

flexdecrypt xxxxx.app

Error: Error Domain=NSCocoaErrorDomain Code=257 "The file “xxxxx” couldn’t be opened because you don’t have permission
 to view it." UserInfo={NSFilePath=/private/var/containers/Bundle/Application/EA93A460-2474-44C2-ADA3-
49C573F069F8/xxxxx.app, NSUnderlyingError=0x1020069e0 {Error Domain=NSPOSIXErrorDomain Code=13 "Permission 
denied"}}

Hello, I am trying to decrypt a very old Dolry Music app and found your tool which looked promising as it is the only tool I can find that promises to do static decryption. I tried using following command but am getting an error:

iPad:/tmp/Payload/Dolry Music.app root# flexdecrypt file Dolry\ Music  --verbose
Identifying best slice for /private/var/tmp/Payload/Dolry Music.app/Dolry Music
Decrypting slice
Found encryption info
Spawning /private/var/tmp/Payload/Dolry Music.app/Dolry Music
Error: message("Spawn failed with result #86: #2: No such file or directory")

This might be related to the fact that I cannot launch the binary as the binary itself is too old:

-sh: ./Dolry Music: Bad CPU type in executable

file Dolry\ Music
Dolry Music: Mach-O universal binary with 2 architectures: [arm_v7:Mach-O executable arm_v7] [arm_v7s:Mach-O executable arm_v7s]
Dolry Music (for architecture armv7):	Mach-O executable arm_v7
Dolry Music (for architecture armv7s):	Mach-O executable arm_v7s

I downloaded latest version today from github releases, flexdecrypt --version shows 1.0.0.

Is there a way for me to force static decryption? The device I'm trying to run this on is iPad Air.

Reports are that flexdecrypt doesn't work with Odyssey / Procursus. Please thumbs up this post if this is something that interests you. I'll gauge interest in this way.

2023-02-08 10:51:47.159905+0800 flexdecrypt[42188:939552] ExtensionLoader 1f6762f: Not loading DumpDecrypter.plist: Invalid filter plist (Bundles is not an array or is empty)
2023-02-08 10:51:47.160188+0800 flexdecrypt[42188:939552] ExtensionLoader 1f6762f: Not loading crackerxihook.plist: Invalid filter plist (Bundles is not an array or is empty)
Error: The file “HTTPBot” couldn’t be opened because there is no such file.

iOS 13.5 + unc0ver 5.3.1

Happy to provide more info if needed

Error

flexdecrypt file Gridrunner
2021-09-12 23:48:19.333 flexdecrypt[3889:45266] thread_get_state error: 0x4 (os/kern) invalid argument
Error: message("Failed to find executable address")

Notes

• rasticrac also fails

*** Rasticrac v3.3.6 ***
Locating 'Gridrunner'
Found 'Gridrunner': Gridrunner [Llamasoft]
Trying to do main executable...
Info: MonsterX02 (9 - 11 - 0)
Error: RastDecrypted ERR#137 (11on64)
NOTE: iDevice is '1033' and executable is '43'

• Clutch also fails

Clutch -d uk.co.llamasoft.gridrunner
2021-09-12 23:51:29.548 Clutch[3891:45590] command: Dump specified bundleID into .ipa file
Zipping Gridrunner.app
Swapping architectures..
Error: Failed to find address of header!

Error: Failed to dump <Gridrunner> with arch armv7

2021-09-12 23:51:30.490 Clutch[3891:45608] failed operation :(
2021-09-12 23:51:30.491 Clutch[3891:45608] application <NSOperationQueue: 0x1003502f0>{name = 'NSOperationQueue 0x1003502f0'}
Swapping architectures..
Error: Failed to find address of header!

Error: Failed to dump <Gridrunner> with arch armv7s

2021-09-12 23:51:30.536 Clutch[3891:45608] failed operation :(
2021-09-12 23:51:30.536 Clutch[3891:45608] application <NSOperationQueue: 0x1003502f0>{name = 'NSOperationQueue 0x1003502f0'}
Error: Failed to dump <Gridrunner>

2021-09-12 23:51:30.536 Clutch[3891:45608] failed operation :(
2021-09-12 23:51:30.536 Clutch[3891:45608] application <NSOperationQueue: 0x1003502f0>{name = 'NSOperationQueue 0x1003502f0'}
FAILED: <Gridrunner bundleID: uk.co.llamasoft.gridrunner>
Finished dumping uk.co.llamasoft.gridrunner in 2.9 seconds

I know we move on to ARM64 but I still need it for some cases. Current flexecrypt only decrypt arm64 arch with binary contained armv7 and arm64

Hi, thank you for the project!

I am trying this for an IPA i received, but I am getting:

/Users/macbook/Dev/Projects/flexdecrypt/Source/Mach-O/MachOBinary.swift:45: Fatal error: Invalid Mach-O magic: 67324752

Any idea? Thanks.

The first error is :
iPhone:~/flex_decrypt root# ./flexdecrypt
dyld: Library not loaded: @rpath/libswiftCore.dylib
Referenced from: /private/var/root/flex_decrypt/./flexdecrypt
Reason: image not found
Abort trap: 6

That I cp flex.app/Framework/* to /usr/lib the other error appear :

dyld: Symbol not found: _$s17StringLiteralTypes013ExpressibleByaB0PTl
Referenced from: /usr/bin/flexdecrypt
Expected in: /usr/lib/libswiftCore.dylib
in /usr/bin/flexdecrypt
Abort trap: 6

how to deal with??

[URL=https://imageshack.com/i/posoyiUzp][IMG]https://imagizer.imageshack.com/v2/150x100q90/924/soyiUz.png[/IMG][/URL]

My device is IPhone 11 Pro iOS 13.5 on Odyssey Jailbreak. I’m trying to decrypt binary but it’s not successful . “Permission denied” A lot of the new games put the binary into Frameworks folder . Is there a solution to this problem?.... Thanks

Running iPhone 6S 13.5 on latest Checkra1n. I installed in device through packaged deb file.

I have the ipa file on device that I downloaded from App Store. When I run comment "flexdecrypt file.ipa" I get:

Fatal error: Invalid Mach-O magic: 67324752: file /Users/macbook/Dev/Projects/flexdecrypt/Source/Mach-O/MachoBinary.swift, line 45
Trace/BPT trap: 5

Identifying best slice for /private/var/tmp/v2.0.2/Payload/KINGDOM HEARTS Unchained x.app/KINGDOM HEARTS Unchained x
found slice for cputype
Decrypting slice
Found encryption info
Opening file descriptor
VM start: 100000000
Allocating f12430 bytes
Mapped 104ddc000 - 105cee430
Mapped 104ddc000 - 105a78000
Mapped 105a78000 - 105bbc000
Mapped 105bc8000 - 105cee430
Segments mapped, resuming verbosity.
Allocation address: 104ddc000
Slide: 4ddc000
Mapped __TEXT to 104ddc000 - bytes: c9c000
Mapped __DATA to 105a78000 - bytes: 144000
Mapped __LINKEDIT to 105bc8000 - bytes: 126430
Allowing invalid codesigned memory
Remapping __TEXT to encrypted backing
Reading decrypted file
Bytes: f06430
Reading c9c000 bytes at 104ddc000

i bought the app with my own account have the SC_Info files and logged in iTunes

I try to reinstall the deb package , but still un work .

iPhone:/usr/lib root# flexdecrypt

dyld: Library not loaded: @rpath/libswiftCore.dylib

Referenced from: /usr/bin/flexdecrypt

Reason: no suitable image found. Did find:

/usr/lib/libswift/stable/libswiftCore.dylib: file system sandbox blocked mmap() of '/usr/lib/libswift/stable/libswiftCore.dylib'

Abort trap: 6

I think if can include depend dylib to the deb , can fix the problem ?

That I download source code wana to compile it , but meet another problem .

Provisioning profile "iOS Team Provisioning Profile: *" doesn't include the com.apple.diagnosticd.diagnostic,

com.apple.frontboard.debugapplications,

com.apple.multitasking.termination,

com.apple.private.cs.debugger,

com.apple.private.security.no-sandbox,

com.apple.private.skip-library-validation,

com.apple.springboard.launchapplications,

dynamic-codesigning,

platform-application,

and task_for_pid-allow entitlements and doesn't match the entitlements file's values for the application-identifier and com.apple.developer.team-identifier entitlements.

When I click the automatically manager signing , will appear this problem in MacOs 11 && XCode 12 .