User Tools

Site Tools


howto:iosmod

IOSMOD

Stay away from iTunes 12.7 - you won’t be able to upload IPA file from Mac/PC to iDevice. This option has been removed by Apple forcing you to redownload IPA directly from iDevice. Programs section is no longer available in iTunes and you can’t download IPA directly into your Mac. If you still want to download previous versions of any program stay with iTunes 12.6. If you want to upload IPA files using method described below use iTunes 12.6 or external tool like iMazing

Also note, from version 4.1.15 onward, the .dji_configs trick to force FCC mode no longer works, the file isnt parsed by the app. Work is ongoing by @czokie and @jezzab to bypass this. This can be looked at on this page IOS Tweaking with Frida & Objection

This page will explain how to go about modding iOS apps. It's work in progress, so please excuse the mess.

1. Get an IPA file

If you want to mod, you will need to get an IPA file to modify. This is available in iTunes. If you want an earlier package, this can be obtained using Charles Proxy (Mac users) or Fiddler (Windows users)or similar methods. Both methods use man-in-the-middle attack to sniff SSL traffic.

2. Decrypt the file

Currently you can't decrypt iOS apps without a device. The encryption keys are ultimately protected by an unknown key which is burned into the processor and cannot be extracted using software, That's why no “offline” decryption app has been made. You can decrypt iOS app if you have jailbroken device. If you don't have one please use links below with already decrypted DJI Go 4 app (thanks to @kilrah for the files and @cs2000 for the torrents).

3. Unpack the file

IPA files are ZIP files. If you're going to tweak, just unzip it to a directory.

master@k0:~# unzip djigo4.ipa
Archive:  djigo4.ipa
inflating: Payload/DJI GO 4.app/Info.plist
inflating: iTunesMetadata.plist
inflating: iTunesArtwork
inflating: Payload/DJI GO 4.app/DJI GO 4
inflating: Payload/DJI GO 4.app/Frameworks/BokehFramework.framework/BokehFramework
inflating: Payload/DJI GO 4.app/Frameworks/BokehFramework.framework/Info.plist
...
master@k0:~# ls -la 
total 578192
drwxr-xr-x  7 mbiernacki  staff        224  7 wrz 14:19 .
drwxr-xr-x  7 mbiernacki  staff        224  1 wrz 13:18 ..
drwxr-xr-x@ 3 mbiernacki  staff         96  7 wrz 14:19 Payload
-rw-r--r--@ 1 mbiernacki  staff  295964720  1 wrz 13:12 djigo4.ipa
-rwxr-xr-x@ 1 mbiernacki  staff      55282 29 sie 05:21 iTunesArtwork
-rw-r--r--@ 1 mbiernacki  staff       2873 29 sie 05:21 iTunesMetadata.plist

4. Mod the file

Some interesting stuff can be found inside the IPA (you can locate it after unzipping). Another nice place to look is your iDevice (after you install DJI Go app and run it at least once). We suggest using the iMazing tool to view these files (remember to tick 'Show hidden files and folders' in Preferences→Storage).

Inside the IPA there are several interesting files:

Payload/DJI\ GO\ 4.app/DJIPilotResources.bundle/plist/.DJI.configs

This is the default .DJI.configs file.

Replace default configuration with modified one (like force_boost), repack, resign IPA and make some tests.

Payload/DJI\ GO\ 4.app/DJIPilotResources.bundle/plist/ParamList.plist

This is the parameter list that can be modified with an iOS application. For example it contains this block:

                <key>g_config.flying_limit.max_height_0</key>
                <dict>
                        <key>paramIndex</key>
                        <integer>236</integer>
                        <key>type</key>
                        <integer>1</integer>
                        <key>length</key>
                        <integer>2</integer>
                        <key>getID</key>
                        <integer>241</integer>
                        <key>setID</key>
                        <integer>242</integer>
                        <key>isParam</key>
                        <integer>1</integer>
                        <key>min</key>
                        <integer>20</integer>
                        <key>max</key>
                        <integer>500</integer>
                        <key>default</key>
                        <integer>120</integer>
                </dict>

Replace max value, repack, resign IPA and check Max Height parameter within application.

Payload/DJI\ GO\ 4.app/*.nib

Each NIB file corresponds to a single view element and can be laid out in the Interface Builder, making it a visual tool as well. Note that the name “NIB” is derived from the file extension (previously .nib and now .xib, although the old pronunciation has persisted).

Build an NIB decoder and analyze contents of each file

Below you can find a very simple script the will patch the NIB file, so you will be able to use it with XCode.

#!/bin/bash
NIBFILENAME=${@%/}
read -d '' EMPTYPLIST <<"EOF"
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
	<dict>
	</dict>
</plist>
EOF
if [ -e "$NIBFILENAME" ]
then
	if [ -f "$NIBFILENAME" ]
	then
		mv "$NIBFILENAME" "$NIBFILENAME~"
		mkdir "$NIBFILENAME"
		mv "$NIBFILENAME~" "$NIBFILENAME/keyedobjects.nib"
	fi
	echo $EMPTYPLIST > "$NIBFILENAME/classes.nib"
	echo $EMPTYPLIST > "$NIBFILENAME/info.nib"
fi

5. Zip the file

Re-zip the file with your tweaks.

master@k0:~# zip -r djigo4.ipa *
adding: Payload/ (stored 0%)
adding: Payload/DJI GO 4.app/ (stored 0%)
adding: Payload/DJI GO 4.app/DJIHomePointExpandedView_iPhone5.nib (deflated 49%)
adding: Payload/DJI GO 4.app/DJILBRadioPIPSettingView_iPhone6+.nib (deflated 62%)
adding: Payload/DJI GO 4.app/DJIJoyStickSettingSegmentCell_iPhone5.nib (deflated 44%)
adding: Payload/DJI GO 4.app/DJICourceLockTipsView.nib (deflated 53%)
adding: Payload/DJI GO 4.app/_CodeSignature/ (stored 0%)
adding: Payload/DJI GO 4.app/_CodeSignature/CodeResources (deflated 74%)

6a. Resign and install your file (with Cydia)

Install your file with Cydia Impactor. Follow step below:

1. Make it sure you have already installed the latest version of iTunes on your Computer.

2. Download the latest version of Cydia Impactor. You can find it here:

Cydia Impactor Home

3. After installation check for updates (current version is 0.9.42 works well with IOS10 and IOS11)

4. Connect your device with the PC using the USB cable.

5. Now launch the Impactor.

6. Go to “Device” and select “Install Package…” option on Cydia Impactor.

7. The application will ask for Apple ID username and Apple ID password. Warning! If you enabled 2FA (2 factor authentication) you have to visit http://appleid.apple.com and generate one-time password. This generated password has to be entered instead your Apple ID password!

8. Please be patient and let Cydia Impactor perform different tasks to sign and install the IPA file.

9. Once you see the “Complete” message on it, wake up your iPhone and go to “Settings > General > Device Management”.

10. Open the just installed profile, and trust the developer.

Warning! If you are using the Apple ID registered with Apple’s Developer Program, you get the developer certificate which will remain valid for one year. In case you are using a non-developer ID, you get the certificate with 7 days validity only.

or you can watch it here:

6b. Resign and install your file (with Xcode)

If you don't trust external programs like Cydia Impactor and you have your own developer keys from Apple (I mean you pay $99 per year) you can use Xcode to sign IPA file and then upload it with iTunes.

To achieve it please clone the following repository:

Resign Xcode project

and follow the steps in the README.

howto/iosmod.txt · Last modified: 2017/11/18 22:19 by czokie