v1.1.2-nightly-9836a4d

Full Changelog: v1.1.1...v1.1.2-nightly-9836a4d

v1.1.1

Full Changelog: v1.1.0...v1.1.1

v1.1.0

Bypass anti-Frida protection

Apps that actively detect Frida can now be dumped using spawn-gating: the process is held suspended after spawn, the bypass script is injected while no app code has run yet, and only then the process resumed — so all hooks are in place before any detection logic fires.

Three modes are available:
--dodge — Basic tier, suitable for apps with weak detection. Hooks libc symbols: ptrace, sysctl, connect, stat, getenv, pthread_getname_np, _dyld_get_image_name, and task_get_exception_ports.

idump --dodge com.example.App

--dodge=advanced — Advanced tier for hardened apps that issue raw syscalls, walk environ[] directly, scan VM memory for Frida byte-signatures, or audit libc hooks. Instead of hooking libc, it hooks libsystem_kernel.dylib thunks (__sysctl, __connect, __stat, task_info, thread_info, vm_region_recurse_64) and the libc syscall multiplexer. Pre-resume it also scrubs DYLD_INSERT_LIBRARIES from environ[] and clears Mach exception ports.

  idump --dodge=advanced com.example.App

--early <path> — Bring your own bypass. Accepts a raw .js file or a .ts file compiled on the fly via frida.Compiler.

  idump --early bypass.ts com.example.App

All three flags work in both USB and SSH/SFTP modes. --dodge and --early are mutually exclusive.

Batch dumping

Multiple apps can now be dumped in a single invocation. Both USB and SSH/SFTP modes support all batch flags.

Pass explicit bundle IDs as positional arguments, or let idump enumerate the device itself:

  # Explicit list
  idump com.example.App1 com.example.App2 com.example.App3

  # Every installed app
  idump --dump-all -d ./ipa-out

  # All non-Apple apps
  idump --dump-all --skip-system -d ./ipa-out

  # Only apps whose bundle ID contains a substring
  idump --dump-all --filter com.mycompany. -d ./ipa-out

During the run each target is prefixed with its position ([1/3] com.example.App). When all targets finish, a summary table is printed:

    #  Name              Status    File / Note
    ────────────────────────────────────────────────────────
    1  My App            ✓         My App.ipa (42.1 MB)
    2  Another App       ✓         Another App.ipa (18.7 MB)
    3  Hardened App      ✗ failed  session detached: process-terminated
    ────────────────────────────────────────────────────────
    3 processed · 2 succeeded · 1 failed

Failed apps can be retried individually, optionally adding --dodge or --dodge=advanced if the app has anti-Frida protection.

--output / -o names the IPA for single-app dumps only. For batch use --output-dir / -d to control the destination directory.

v1.0.0

Public release