Extracting an IPA from a JB iDevice for Pentest
This method works as of 5th Oct 2021 (note: for this method to work properly the app should run on JB devices) 1. Install IPA using testflight/app store 2. use https://github.com/ChiChou/bagbak to dump the encrypted IPA. 3. Zip the dumped Payload folder, rename it appropriately. 4. If you try to install using ideviceinstaller it will give an error: [...] Install: VerifyingApplication (40%)ERROR: Install failed. Got error "ApplicationVerificationFailed" with code 0xe8008019: Failed to verify code signature of /var/installd/Library/Caches/com.apple.mobile.installd.staging/temp.pJCcfd/extracted/Payload/xxx.app : 0xe8008019 (The application does not have a valid signature.) 5. Try sideloadly https://pangu8.com/sideloadly/ , resign it and voila! the app can be distributed.