Alexey Alter-Pesotskiy

1 minute read

Preview

Introduction

Here are three ways to download iOS apps from Apple App Store for your attention:

  1. Using Apple Configurator 2 (legal way)

    • Here you need to have an app on your phone

  2. Using ipatool (kinda legal way)

    • Here you need appleId credentials

  3. Using any iOS executable dumper (illegal way)

    • Here you have to be Jailbroken

Using Apple Configurator

  1. Download an app from App Store to your phone

  2. Open Apple Configurator 2 on your Mac and log into your Apple account

  3. Connect your phone to your Mac using a USB cable

  4. Into Apple Configurator 2 select your phone

  5. Then tap on the «Add» button in the top, then tap on Apps button

  6. Choose the app and tap on «Add» button

  7. Finally it could tell you an app already exists, but don’t worry — just be in a hurry to grab an .ipa using this path:

~/Library/Group\ Containers/K36BKF7T3D.group.com.apple.configurator/Library/Caches/Assets/TemporaryItems/MobileApps/

Using ipatool

  1. Install the tool

     brew tap majd/repo
 brew install ipatool

  2. Authenticate with the App Store

     ipatool auth login -e <appleId> -p <password>

  3. Download the app

     ipatool download -b <bundleId>

Demo

Using any iOS executable dumper

As I said for this method you will need a Jailbreak. It can be illegal and provoke side effects, so do it at your own risk. When writing this article I used Checkra1n and frida-ios-dump for this purpose.

On device:

  1. Make a Jailbreak

  2. Open Cydia app

  3. Add the source «https://build.frida.re»

  4. Search for Frida and install it

On computer:

  1. Install frida

     pip3 install frida-tools

  2. Install frida-ios-dump

     git clone https://github.com/AloneMonkey/frida-ios-dump.git
 cd frida-ios-dump
 pip3 install -r requirements.txt --upgrade

  3. Install usbmuxd

     brew install usbmuxd

  4. Connect to your phone using ssh

     iproxy 2222 44 & sleep 3
 ssh -p 2222 [email protected] # default password: alpine

  5. Open a new Terminal window and pull decrypted .ipa

     cd frida-ios-dump
 python3 dump.py "<your_bundle>" # default password: alpine

Conclusion

Downloading apps from Apple App Store is pretty hard process, but still possible as manually as automated.

Also you could to find an answer how to download an .apk from Android Play Store here.

Updated: