Page 1 of 1

MobileDevice, ONLY copy .app directory contents to computer

PostPosted: Tue Sep 12, 2017 3:45 am
by LOLgrep
TLDR: Is it possible to transfer the contents of an iOS app (.app/**) directory in a JAILED iOS ( iOS version > 8.3) device connected to a computer via MobileDevice framework or similar?

Alright, hellbent on trying to accomplish the following: I want to be able to grab Enterprise/Testflight builds of my apps on my jailed device, resign then with a dev certificate, add my always favorite, get-task-allow entitlement to the resigned debug build and then stick it back on to my jailed phone. My end goal is that if there's a bug or something reported by some high up, fancy person at my work, I can resign it, attach to it, and debug that particular app without having to hunt for the correct commit, building it w/ a dev cert on my device and trying to reproduce the issue.

To accomplish this, I've done a bit of digging into the internals of the MobileDevice framework as well as researched the many implementations that delved into the MobileDevice framework:
and of course, J's ... eConsole.c[/list]

I can easily resign an application to the preferred dev certificate, no problems there. Using the AMDevice.* family of APIs in the MobileDevice framework, I can easily install an app onto the device.

However, I am just completely struggling at finding any way to grab the contents of an app (.app) onto my computer from a jailed iOS device. Let me be absolutely clear on this part: I don't care about the Documents, Caches, Library, etc directory, I just care about all the contents inside the .app directory.

I've looked into the AMDevice.* API family. Some of them look interesting but seem to be orchestrated to get content from the computer to the iOS device instead of the other way around (i.e. AMDeviceCopyFile)

I've looked into the .*Backup.* APIs in MobileDevice. No luck there.

I've explored how iFunBox, iExplorer (and the underlying logic ifuse from libimobiledevice) should work, but have noticed that they just report that 8.3 doesn't play nice with loading sandboxed apps off the device (unless given the proper entitlement). Even when trying on a jailbroken device, they only give me the Library,Documents/Caches directory, which I could care less about (via
Code: Select all
ifuse --container /path/to/mount

So getting a little burnt out and need a little inspiration on code to explroe

Ok, finally to questions:
[list=]Can I grab applications off a jailed iOS 10 device using the MobileDevice framework?
If yes, what lockdown launched service is responsible for this? I've explored but wondering if it's the file_relay or something that flew under my radar....
Is there any repo or code out there that can successfully grab an app dir's contents that you can tell me about that works for iOS 10 jailed?

Even if you don't know the answers, just pointing me to a new framework or API in MobileDevice that flew under my radar, I'd love to hear it. I plan on going after the AFC.* APIs in MobileDevice to see if I can accomplish this. If I fail to find something, I'll delve into the USBMux.* APIs.

Cheers. grateful for reading and any replies you've got.


Re: MobileDevice, ONLY copy .app directory contents to compu

PostPosted: Wed Sep 13, 2017 5:01 am
by backendbilly
it used to be possible to retrieve apps from the device by passing the Archive command using libimobiledevice and more specifically when using ideviceinstaller tool but APPL removed this command in 9.x. See ... /issues/36. So libimobiledevice seems out of the picture for you here.

You probably already know this but I'll mention it anyways. You can use iTunes to retrieve "synced" apps from the device and grab an IPA out of them:

1- Launch iTunes
2- Under Library menu, click on [Apps].
3- iTunes will display all installed app
4- Right-click on one of those apps
5- Then click “Show in Finder” option


Re: MobileDevice, ONLY copy .app directory contents to compu

PostPosted: Thu Sep 21, 2017 2:13 pm
by LOLgrep
You're the man, Billy. Appreciate the help.

It's weird. Some of the things that people say you can't do (i.e. grab the Library/Cache/tmp), you actually can, provided you've got the appropriate certificates/provisioning profiles (Don't know if is facilitating that...)

Anyways, I am going to go take a deep dive as a can and see what is and isn't possible w/ MobileDevice, iOS11, and Apple Configurator 2 (now that iTunes 12.7 is hiding IPAs). I'll circle back in a month or so and update this post to any amusing stuff I find.