image

Introduction

Few weeks ago, I needed to download an iOS IPA file to perform a static analysis of that app. But as you may expect, Apple makes it extremely hard to download App Store to a destination that is not an iPhone/iPad, and if they are downloaded to an iPhone/iPad 📱 it’s not easy to extract the file. Unless the device is rooted, you are probably out of luck. So I searched and searched and searched for a method and finally found one using an open source package tool named IPATool. A shoutout to Majd Alfhaily for the fantastic piece of software. The tool allows you to search and download apps, I recommend using a Non-Prod Apple account during the operation. I decided to write this blog to help save your time, let’s do it..✔️

Before We Start

  1. Make sure you have permission 📃, don’t use the tool unethically.
  2. Use a testing Apple ID just to be safe.
  3. If latest versions don’t work, refer to the next section and use the same versions that worked for me.

The Environment

This list shows the software versions that worked for me. Running packaged in Linux systems can be extremely tricky due to software dependency:

  1. Kali Linux 2022.3
  2. Kernel version Linux kali 5.19.0-kali2-amd64 #1 SMP PREEMPT_DYNAMIC Debian 5.19.11-1kali2 (2022-10-10) x86_64 GNU/Linux
  3. ipatool version 2.0.0

The Setup

  1. Download the latest iptool release from GitHub.
  2. Extract the binary.
  3. Make it executable using chmod +x FILE_NAME.

The Three Step Formula

Step 1 Login

First step is to login using your Apple ID

./ipatool-2.0.0-linux-amd64 auth login -e _EMAIL_ -p _PASSWORD_

image If it shows you success=true you are good to proceed. And if it shows you the name of someone else, something has went really wrong.

Step 2 Find The Package

I decided to download the Amazon Prime Video package. Below is the command, but as you can see output is NOT sexy. My goal is to extract the Bundle ID, but why stop there?

./ipatool-2.0.0-linux-amd64 search prime

image We have 5 results, let’s make the output pretty

./ipatool-2.0.0-linux-amd64 search prime --format json | jq .apps[].bundleID

image This is only showing the Bundle IDs, cool cool

If you are wondering how the JSON object looks like (without the magic) here you go

./ipatool-2.0.0-linux-amd64 search prime --format json | jq .

image And if you want to be more confident in the package selection, you can show the name as well as the Bundle ID

./ipatool-2.0.0-linux-amd64 search prime --format json | jq . | grep -i "bundle\|name"

image

Step 3 Download

Now it’s time to download, tried below command but it failed

./ipatool-2.0.0-linux-amd64 download -b com.amazon.aiv.AIVApp

The following one worked 🎯

./ipatool-2.0.0-linux-amd64 download -b com.amazon.aiv.AIVApp --purchase

image As you can see below the file EXISTS now image But wait, how did I figure out the --purchase thingy? Easy, the tool help is awesome that’s how image

Closing Notes

Well, that’s it. It is that simple, now go and do your magic. I really loved the tool and wanted to share the steps with you. Thank the developer in whatever way you find appropriate.

Until next time 🚀

Hosam Hittini