End-to-end FairPlay decrypter for App Store apps.
Give it a bundle ID, get a decrypted .ipa. And yes - it happily decrypts iOS 26 apps.
You don't have to run an encrypted iOS app to decrypt it. After posix_spawn with POSIX_SPAWN_START_SUSPENDED, grab a task_for_pid port, and mach_vm_read the __TEXT segment. The kernel's fault handler runs FairPlay's decrypter on the target's behalf and hands back plaintext. So we kind of simplified the problem of decrypting .ipa to bare minimum. It's my braindead way of calling mremap_encrypted without mremap_encrypted.
- macOS, Linux, or Windows - anything that can SSH into the device
- Go 1.25+ for building from source (prebuilt binaries are on the releases page)
- Jailbroken iPhone reachable over the network
All installable through Sileo:
| Package | Purpose |
|---|---|
| OpenSSH | SSH server - ipadecrypt drives the device over SSH |
| AppSync Unified | Bypasses installd's signature check (add repo https://lukezgd.github.io/repo) |
| appinst | Installs modified IPAs on the device |
| zip | Packages the decrypted IPA on-device |
Tested on iOS 16.7.11 / palera1n rootless / iPhone 8 Plus. iOS 14 through 17 on A10βA14 devices are expected to work.
Download a prebuilt binary from the releases page.
Using go install:
go install github.com/londek/ipadecrypt/cmd/ipadecrypt@latestFrom source (refer to BUILDING.md for detailed instructions):
git clone https://github.com/londek/ipadecrypt
cd ipadecrypt
go build ./cmd/ipadecryptipadecrypt bootstrapA four-step interactive wizard:
- App Store sign-in - prompts for Apple ID; handles 2FA. Credentials stay local in
~/.ipadecrypt/config.json. - Device connect - SSH host / user / password; probes iOS version + arch.
- Prerequisites - verifies AppSync,
appinst, andzipare installed. - Helper install - uploads a small embedded helper binary.
ipadecrypt decrypt <bundle-id|app-store-id|app-store-url|path-to-local-ipa>If you want to run everything from your phone, this repository now includes a Telegram bot entrypoint at cmd/tgbot.
- Works directly from Telegram on iOS (
/decrypt,/versions,/status) - Keeps Apple session + cookies on persistent disk (
/data/.ipadecrypt) - Avoids ephemeral CI runners for interactive 2FA/session-based workflows
On the jailbroken device:
cloudflared tunnel --url tcp://localhost:22Use the generated hostname as DEVICE_HOST in your bot runtime environment (Railway/Render/etc.).
To make it persistent on reboot, run cloudflared via a LaunchDaemon (for example /Library/LaunchDaemons/com.cloudflare.tunnel.plist).
This repo includes:
Dockerfile(builds and runscmd/tgbot)railway.toml
Required Railway env vars:
TELEGRAM_TOKENALLOWED_USER_IDS(comma-separated Telegram numeric IDs)APPLE_EMAILAPPLE_PASSWORDAPPLE_ACCOUNT_JSONDEVICE_HOSTDEVICE_USERDEVICE_PASSWORDDEVICE_PORT(optional, default22)IPADECRYPT_ROOT_DIR(optional, default/data/.ipadecrypt)IPADECRYPT_OUTPUT_DIR(optional)
Also mount persistent storage to /data in Railway.
Use a Background Worker on Render (not a Web Service), because tgbot is a long-running process and does not expose an HTTP server.
Recommended Render settings:
- Service type: Background Worker
- Environment: Docker
- Dockerfile path:
./Dockerfile - Docker context: repository root
- Start Command: leave empty (Docker
CMDalready runs/usr/local/bin/tgbot), or set explicitly to/usr/local/bin/tgbot - Auto-Deploy: On (optional but recommended)
Persistent storage on Render:
- Attach a Persistent Disk
- Mount path:
/data - Keep
IPADECRYPT_ROOT_DIR=/data/.ipadecrypt
Required Render environment variables:
TELEGRAM_TOKENALLOWED_USER_IDS(comma-separated Telegram numeric IDs)
Apple/device configuration env vars (set these in Render as well):
APPLE_EMAILAPPLE_PASSWORDAPPLE_ACCOUNT_JSONDEVICE_HOSTDEVICE_USERDEVICE_PASSWORDDEVICE_PORT(optional, default22)IPADECRYPT_ROOT_DIR(optional, default/data/.ipadecrypt)IPADECRYPT_OUTPUT_DIR(optional, default/data/.ipadecrypt/bot-output)
Render workflow clarification:
- This is not a Render Cron Job workflow.
- Deploy it as a continuously running Background Worker.
- Use Render Auto-Deploy from your selected Git branch (or manual deploy when needed).
If Railway/Render pricing is a concern, Cloudflare is still useful in this stack β but not as a direct runtime for cmd/tgbot.
Current tgbot requires capabilities that Cloudflare Workers do not provide as a drop-in host:
- long-running process model (bot polling loop),
- local/persistent filesystem usage for cache and output,
- SSH/SCP-based device operations.
So the supported Cloudflare usage in this repo is:
- keep using Cloudflare Tunnel for secure device SSH exposure,
- run
tgboton a Docker-capable worker/VM with persistent disk, - point
DEVICE_HOSTto your Cloudflare Tunnel hostname.
If Cloudflare introduces a fully compatible long-running container worker model you want to target, we can add first-class runtime support in code/config next.
/decrypt com.instagram.Instagram
/decrypt https://apps.apple.com/us/app/instagram/id389801252
/versions com.instagram.Instagram
/status
MIT.
- majd/ipatool - the Apple Configurator impersonation the App Store client is based on.
- 34306/TrollDecryptJB -
task_for_pid+mach_vm_readfrom a suspended spawn, entitlement set. - akemin-dayo/AppSync - installd signature-bypass tweak +
appinst. - JohnCoates/flexdecrypt - the pre-iOS-16 approach that stopped working and prompted the pivot.
This project was developed with the assistance of AI tools. While I can't guarantee the accuracy of all AI-generated content, I have overviewed creation process and then reviewed, tested the code to ensure it meets the project's requirements.