# How to use Frida on iOS 17 without Jailbreak ## Identifying the problem Basically, starting with iOS 17 or above, I can’t use ios-deploy because this tool depends on DeveloperDiskImage (DDI), which is used for debugging the app and other tasks. You can view the image below:

## How to solve it To use Frida on iOS 17 without jailbreak, you need: * A decrypted .ipa file * Xcode installed * Code signing and provisioning profile (Xcode will handle this for you; you only need to log in with your Apple ID and create a new project) In this example, I will use SecureStorev2. You can find the .ipa download for this app in the ‘Setup Lab’ section. First, you need to obtain your signing ID. For this, you can use: ``` security find-identity -p codesigning -v (native command - simpler option) OR applesign -L (Use npm to install this command.) ``` The code signature looks like this:

Next, we’ll insert the dylib. To install insert\_dylib, use the following commands ``` git clone https://github.com/Tyilo/insert_dylib cd insert_dylib xcodebuild cp build/Release/insert_dylib /usr/local/bin/insert_dylib ``` After installing insert\_dylib, we need to install objection: ``` pip3 install objection ``` We use this command to sign the app with the Frida Gadget dylib: ``` objection patchipa --source SecureStorev2.ipa --codesign-signature ```

Reminder: The code signing signature can be obtained using the commands mentioned above, but first, you need to have Xcode installed and create a project in Xcode. You can also find the provisioning profile in the project I created called ‘Hacking.’ Additionally, you can see the patched .ipa file named ‘SecureStorev2-frida-codesigned.ipa.’ Now we need to install the .app contained inside the .ipa. To do this, extract the .ipa using the following command: ``` unzip SecureStorev2-frida-codesigned.ipa cd Payload/ ```

Now we’ll install the .app: 1. Install the Xcode CLI tools using the following command: ``` xcode-select --install ``` 2. Connect your device to your computer and list the devices to get the device ID ``` xcrun xctrace list devices ```

In my case, my device ID starts with 0008030. 3. Install the .app: ``` xcrun devicectl device install app --device SecureStorev2.app/ ```

4. Start the process: ``` xcrun devicectl device process launch --start-stopped --device ```

5. Now the process is stuck on the screen:

6. Open Xcode, then go to Debug > Attach to Process and select the SecureStore process:

7. At the bottom of the screen, you can find the Frida server port:

8. Now we need to forward this port using [pymobiledevice3](https://github.com/doronz88/pymobiledevice3): ``` pymobiledevice3 usbmux forward 27042 27042 ``` >

In my case, I installed pymobiledevice3 as follows:
>
> 1. brew install pipx
> 2. pipx install pymobiledevice3
> 3. pipx ensurepath
> 4. export PATH="$HOME/.local/bin:$PATH"
> 5. source ~/.zshrc # or source ~/.bashrc
>

9. Now start objection: ``` objection -N -h 127.0.0.1 -p 27042 explore OR frida-ps -H 127.0.0.1:27042 ``` 10. Finish

Credits: