dumpdecrypted: A C repository from tyilo

*******UPDATED TO WORK WITH NEW VERSIONS OF XCODE (SANBOXED VERSIONS), IOS 6 SDK by MPOW AND ADDED A BASH SCRIPT *******
-------------------------------------------
I have added a bash script at the original version to make easier the decrypting and the dumping. 
USAGE:
decrypt [FILE] -> decrypt
decrypt -dump [FILE] -> decrypt and dump
decrypt -app [name of the bundle] -> Find the path of the app and then ask what to do (dump or decrypt).
--------------------------------------------

that can be useful for decrypt App binaries that are encrypted, for example to Class-Dump it and make tweak!

Dumps decrypted iPhone Applications to a file - better solution than those GDB scripts for non working GDB versions
(C) Copyright 2011 Stefan Esser


Compile:

First adjust the Makefile if you have a different iOS SDK installed.

And then just: make


Usage:

iPod:~ root# DYLD_INSERT_LIBRARIES=dumpdecrypted.dylib /var/mobile/Applications/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/Scan.app/Scan
mach-o decryption dumper

DISCLAIMER: This tool is only meant for security research purposes, not for application crackers.

[+] Found encrypted data at address 00002000 of length 1826816 bytes - type 1.
[+] Opening /private/var/mobile/Applications/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/Scan.app/Scan for reading.
[+] Reading header
[+] Detecting header type
[+] Executable is a FAT image - searching for right architecture
[+] Correct arch is at offset 2408224 in the file
[+] Opening Scan.decrypted for writing.
[-] Failed opening. Most probably a sandbox issue. Trying something different.
[+] Opening /private/var/mobile/Applications/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/tmp/Scan.decrypted for writing.
[+] Copying the not encrypted start of the file
[+] Dumping the decrypted data into the file
[+] Copying the not encrypted remainder of the file
[+] Closing original file
[+] Closing dump file
tyilo/dumpdecrypted
