End-to-end FairPlay decrypter for App Store apps.
Give it a bundle ID, get a decrypted .ipa. And yes - it happily decrypts iOS 26 apps.
You don't have to run an encrypted iOS app to decrypt it. After posix_spawn with POSIX_SPAWN_START_SUSPENDED, grab a task_for_pid port, and mach_vm_read the __TEXT segment. The kernel's fault handler runs FairPlay's decrypter on the target's behalf and hands back plaintext. So we kind of simplified the problem of decrypting .ipa to bare minimum. It's my braindead way of calling mremap_encrypted without mremap_encrypted.
- macOS, Linux, or Windows - anything that can SSH into the device
- Go 1.25+ for building from source (prebuilt binaries are on the releases page)
- Jailbroken iPhone reachable over the network
All installable through Sileo:
| Package | Purpose |
|---|---|
| OpenSSH | SSH server - ipadecrypt drives the device over SSH |
| AppSync Unified | Bypasses installd's signature check (add repo https://lukezgd.github.io/repo) |
| appinst | Installs modified IPAs on the device |
| zip | Packages the decrypted IPA on-device |
Tested on iOS 16.7.11 / palera1n rootless / iPhone 8 Plus. iOS 14 through 17 on A10βA14 devices are expected to work.
Download a prebuilt binary from the releases page.
Using go install:
go install github.com/londek/ipadecrypt/cmd/ipadecrypt@latestFrom source (refer to BUILDING.md for detailed instructions):
git clone https://github.com/londek/ipadecrypt
cd ipadecrypt
go build ./cmd/ipadecryptipadecrypt bootstrapA four-step interactive wizard:
- App Store sign-in - prompts for Apple ID; handles 2FA. Credentials stay local in
~/.ipadecrypt/config.json. - Device connect - SSH host / user / password; probes iOS version + arch.
- Prerequisites - verifies AppSync,
appinst, andzipare installed. - Helper install - uploads a small embedded helper binary.
ipadecrypt decrypt <bundle-id|app-store-id|path-to-local-ipa>MIT.
- majd/ipatool - the Apple Configurator impersonation the App Store client is based on.
- 34306/TrollDecryptJB -
task_for_pid+mach_vm_readfrom a suspended spawn, entitlement set. - akemin-dayo/AppSync - installd signature-bypass tweak +
appinst. - JohnCoates/flexdecrypt - the pre-iOS-16 approach that stopped working and prompted the pivot.
This project was developed with the assistance of AI tools. While I can't guarantee the accuracy of all AI-generated content, I have overviewed creation process and then reviewed, tested the code to ensure it meets the project's requirements.