CrackBot2 is a bash script used to automate decryption of iOS apps.
NOTE: for research and reverse engineering purposes only. Do NOT use this for piracy.
- macOS (tested on Catalina 10.15.2)
- Jailbroken iOS device (tested on iPhone 6s, iOS 11 and 12)
./bot <iTunes URL>
- Set device language to English
- Connect the device to your computer and make sure to accept the trust dialog
- Install the following packages from Cydia:
- OpenSSH
- bfdecrypt from https://level3tjg.xyz/repo/
- plutil
- Open for iOS 11
- AutoTouch
- NoAppThinning from https://n3d1117.github.io
- Activator from https://rpetri.ch/repo
- Make sure you are logged in the App Store, preferably with US account
- Disable password requirement for free apps (Settings -> iTunes & App Store -> Password Settings -> Disable Require Password)
- In bfdecrypt settings, toggle one app on and off (this allows the creation of
com.level3tjg.bfdecrypt.plist
file in/var/mobile/Library/Preferences
)
- Install jq with
brew install jq
(requires Homebrew) - Install ios-deploy with
brew install ios-deploy
(requires Homebrew) - Connect your jailbroken device with USB
- Enable passwordless root login for your device:
ssh-keygen -t rsa -P '' -f ~/.ssh/YOUR_DEVICE_NAME
(NOTE: you may need to runssh-add ~/.ssh/YOUR_DEVICE_NAME
too)ssh-copy-id -i ~/.ssh/YOUR_DEVICE_NAME.pub root@YOUR_DEVICE_IP
(if needed, install ssh-copy-id withbrew install ssh-copy-id
)- You should now be able to connect to your device with
ssh root@YOUR_DEVICE_IP
without entering the password. - NOTE: I strongly recommend enabling SSH via USB so you can connect to your device as
ssh root@localhost -p 2222
- Download and install my fork of BishopFox's bfdecrypt:
cd ~/downloads/ curl -L -O "https://github.com/n3d1117/bfdecrypt/raw/master/bfdecrypt.dylib" scp bfdecrypt.dylib root@YOUR_DEVICE_IP:/Library/MobileSubstrate/DynamicLibraries/bfdecrypt.dylib
- SSH into your device (
ssh root@YOUR_DEVICE_IP
) and sign the dylib:ldid -S /Library/MobileSubstrate/DynamicLibraries/bfdecrypt.dylib killall backboardd
- Then create needed folders on device:
cd /var/mobile/Library/AutoTouch/Scripts && mkdir -p CrackBot2
- Clone this repo on your computer:
cd ~/downloads/ git clone https://github.com/n3d1117/CrackBot2.git
- Copy AutoTouch script to device:
cd ~/downloads/CrackBot2/AutoTouch scp -r appstoredownload.lua images root@YOUR_DEVICE_IP:/var/mobile/Library/AutoTouch/Scripts/CrackBot2
- On your device open AutoTouch, go to
appstoredownload.lua
, click (i) -> Playing settings -> Trigger with activator -> SelectHold status bar
. - Open
bot
file with a text editor and, if needed, editDEVICE_IP
andDEVICE_PORT
parameters with yours. - Done! You can now run the script from your computer:
cd ~/downloads/CrackBot2/ ./bot
NOTE: Only free apps (or paid ones previously bought) are supported at the moment.
- bfdecrypt: Utility to decrypt App Store apps on jailbroken iOS 11.x
- level3tjg for a preference-based bfdecrypt
- AutoTouch: Record, playback, simulate human touching/pressing, run Lua scripts.
- Activator: Centralized gestures, button and shortcut management for iOS
Licensed under GNU General Public License v3.0. See LICENSE file for further information.