We will first study how to decrypt unsigned applications, which means decrypting applications that are not downloaded from App Store. Let's decrypt the apps provided with the book. These apps are not signed by Apple. In Chapter 2, Setting up Lab for iOS App Pentesting you have already installed class-dump-z, which is used for dumping code of iOS applications.
Follow the given steps to decrypt an unsigned iOS application:
Navigate to the directory where the
iGoat
application is installed and then use class-dump-z to decrypt theiGoat
binary:Once you use class-dump-z, you can view the application's source code in plain text as depicted in the following screenshot: