IPA File Extraction using Jailbroken iPhone

Static analysis is an important aspect of any MAPT activity. Tools like MobSF are helping pentesters performing automated static analysis. But to perform these scans we need an IPA file. In this short post, we will look at one such such method which provides sure shot way to extract IPA file out of an Jailbroken iPhone (or iPad for that matter).


a. MacOS (Don’t worry if you don’t have MacBook. I have wrote a detailed article on How to Create an almost perfect MacOS VM)
b. Jailbroken iPhone with Frida installed on it.
c. Frida-tools installed on MacOS


We will be using couple of free, open-source tools for this activity.

a. iproxy: This little utility helps connecting iPhone SSH over USB. This is not by default installed in MacOS.

iproxy not found error

You can install it via Homebrew by simply running following command:

brew install usbmuxd

iproxy installed via Homebrew

Note: If you don’t about Homebrew, it is an amazing package manager just like APT (Linux) or Chocolatey (Windows). You must explorer it.

You can verify successful install by running following command:

iproxy 2222 22

iproxy running successfully

b. AloneMonkey’s Frida-ios-dump: This is the utility which will allow us to extracted unencrypted iOS IPA files.


It’s installation is straight forward.

Pull it from Github, by running command:

git clone https://github.com/AloneMonkey/frida-ios-dump

Git Clone

Install the requirements mentioned requirements.txt file inside cloned directory. It doesn’t matter which Python 3.x or 2.x. It supports both.

sudo pip install -r requirements.txt --upgrade

Requirements installed

With this pre-requisites are met.

IPA Extraction

a. Connect iPhone to MacOS

b. Run frida-ps command in order to get “Display Name” of target app.

Getting Display Name of Target App

c. Run following command to download decrypted version of IPA.

python dump.py <display name>

It generally ask you to start app on iPhone before initiating dump, so make sure to run app on device.

On successful completion, IPA file get generated on same folder as frida-ios-dump folder.

Why this tedious way than iFunbox?

Now you may ask why follow this bit inconvenient way to extract IPA file. We can use iMazing or iFunbox as well, right? Well, most important reason to use this particular tools is because it gives out “unencrypted” IPA files. Which means these files are easy for static analysis. Not only that, these IPAs works fine when sideloaded on other iPhones as well as Corellium VMs too.

Hope this was useful!!! Will meet in next post :)




Tech, Money, Learning, Books, Things

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Agile is dead, long live… Agile!

Governance is always important

The big Change — Generation Z

How to Get the Best Assignment Help on C Sharp

🎨The vNFT airdrop starts now

Vivid Platform Updates: News SDKs, new APIs, and multi-user abilities

Serverless Interactive Slack Bot: Part One


Using AppArmor in Azure Kubernetes Service

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Shashank's Blog

Shashank's Blog

Tech, Money, Learning, Books, Things

More from Medium

EXIP Monthly Report | December, 2021

12 Awesome Application Security Tools for 2022

Github: A developer’s guide to understanding and creating projects

Implementing Numbered Standard IPv4 ACLs in Cisco Packet Tracer