Just saw this on @everttjf blog, and according to the literature, iOS Hacking Guide, to dump the decrypted binary via LLDB is rather simple.
You just need a jailbreak device with debugserver
running on it, and the . That's all.cryptsize
, cryptoff
of that executable file. You may use otool
to retrieve the cryptsize
, cryptoff
![dumpdecrypted-lldb](/wp-content/uploads/2017/08/dumpdecrypted-lldb.png)
Let's take Ingress for example. connect to the debugserver
in LLDB
(lldb) platform select remote-ios (lldb) process connect connect://HOST:PORT (lldb) command script import /PATH/TO/THE/dumpdecrypted.py (lldb) dumpdecrypted -i Ingress -o /Users/Ingress_dumpdecrypted
If in doubt, please enter
(lldb) help dumpdecrypted
This LLDB script is on my GitHub, dumpdecrypted-lldb.