# How to use Frida on iOS 17 without Jailbreak ## Identifying the problem Basically, starting with iOS 17 or above, I can’t use ios-deploy because this tool depends on DeveloperDiskImage (DDI), which is used for debugging the app and other tasks. You can view the image below:

## How to solve it To use Frida on iOS 17 without jailbreak, you need: * A decrypted .ipa file * Xcode installed * Code signing and provisioning profile (Xcode will handle this for you; you only need to log in with your Apple ID and create a new project) In this example, I will use SecureStorev2. You can find the .ipa download for this app in the ‘Setup Lab’ section. First, you need to obtain your signing ID. For this, you can use: ``` security find-identity -p codesigning -v (native command - simpler option) OR applesign -L (Use npm to install this command.) ``` The code signature looks like this:

Next, we’ll insert the dylib. To install insert\_dylib, use the following commands ``` git clone https://github.com/Tyilo/insert_dylib cd insert_dylib xcodebuild cp build/Release/insert_dylib /usr/local/bin/insert_dylib ``` After installing insert\_dylib, we need to install objection: ``` pip3 install objection ``` We use this command to sign the app with the Frida Gadget dylib: ``` objection patchipa --source SecureStorev2.ipa --codesign-signature ```

Reminder: The code signing signature can be obtained using the commands mentioned above, but first, you need to have Xcode installed and create a project in Xcode. You can also find the provisioning profile in the project I created called ‘Hacking.’ Additionally, you can see the patched .ipa file named ‘SecureStorev2-frida-codesigned.ipa.’ Now we need to install the .app contained inside the .ipa. To do this, extract the .ipa using the following command: ``` unzip SecureStorev2-frida-codesigned.ipa cd Payload/ ```

Now we’ll install the .app: 1. Install the Xcode CLI tools using the following command: ``` xcode-select --install ``` 2. Connect your device to your computer and list the devices to get the device ID ``` xcrun xctrace list devices ```

In my case, my device ID starts with 0008030. 3. Install the .app: ``` xcrun devicectl device install app --device SecureStorev2.app/ ```

4. Start the process: ``` xcrun devicectl device process launch --start-stopped --device ```

5. Now the process is stuck on the screen:

6. Open Xcode, then go to Debug > Attach to Process and select the SecureStore process:

7. At the bottom of the screen, you can find the Frida server port:

8. Now we need to forward this port using [pymobiledevice3](https://github.com/doronz88/pymobiledevice3): ``` pymobiledevice3 usbmux forward 27042 27042 ``` >

In my case, I installed pymobiledevice3 as follows:
>
> 1. brew install pipx
> 2. pipx install pymobiledevice3
> 3. pipx ensurepath
> 4. export PATH="$HOME/.local/bin:$PATH"
> 5. source ~/.zshrc # or source ~/.bashrc
>

9. Now start objection: ``` objection -N -h 127.0.0.1 -p 27042 explore OR frida-ps -H 127.0.0.1:27042 ``` 10. Finish

Credits: --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://vida03.gitbook.io/redteam/mobile/ios-pentest/how-to-use-frida-on-ios-17-without-jailbreak.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.