Extracting IPA from iPhone

Most of us are aware that apk files are used in android, likewise ipa files are used in iOS devices. Both at core are just zip files having different structure. Basic structure of an ipa file can be seen below:

Structure of a .ipa file

Unlike android, iOS runs applications inside separate containers. Hence, in order to get the desired application first we need to find its container id.

Path where these containers can be located is below:

/var/containers/Bundle/Application

Step 1: SSH into the iPhone

ssh root@<ip_address_of_iphone>

Step 2: Move to “/var/containers/Bundle/Application” directory

List of all containers

Step 3: Find container id of the target application. This is difficult to find out the id so either we can use grep command to find the target id or we can navigate through Filza to get the target id. Once we get the id, we move inside.

Container id of target application

Step 4: Here, we need to create a “Payload” directory which will be storing the app files.

Copied app directory to Payload folder

Step 5: Now, we need to zip the folder up and create an ipa file out of it.

Created ipa file

"-r" is used to make it recursive, so it copies all files and directories inside Payload directory.

Step 6: At last, we need to add “iTunesMetadata.plist” to same zip file and it will be done.

Added iTunesMetadata.plist to ipa file

"-u" is used to update same zip file with new files.

Step 7: Finally, download the ipa file using Filza or SCP.

IPA file will be created at the path given in the step 5.

Happy Hacking !!!