Research on dandelion for directly downloading third-party IPA application distribution platform

Posted by prasadharischandra on Wed, 19 Jan 2022 02:44:33 +0100

At present, dandelion and fir are commonly used platforms based on third-party application distribution. After we submit them to the platform, we can download them by scanning the application QR code. For example, the dandelion platform is as follows:

So the above is a very common operation process. The problem is: how to download the IPA installation package directly on the computer, that is, install it directly without downloading the installation package through the mobile phone. We want to extract the IPA directly for research or sharing.

General mode:

1. Switch to the mobile device through the browser debugging mode, and then click Install to obtain the download link. The general link address is:

<a href="itms-services://? action=download-manifest&url= https://www.xxx.com/app/plist/xxx.plist >Download and install</a>

2. We download plist files, namely:

https://www.xxx.com/app/plist/xxx.plist

You can directly get the path of IPA installation package and download it, generally XXX Plist file format is:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>items</key>
    <array>
        <dict>
            <key>assets</key>
            <array>
                <dict>
                    <key>kind</key>
                    <string>software-package</string>
                    <key>url</key>
                    <string>https://www.xxx.com/7874ef31e63f3f3370dddd24e94cfc37.ipa?auth_key=1626230327-e25af869b8124a8bdac5c02eb506182b-0-64e533dd9a7ecd74227843406302e6e4&amp;response-content-disposition=attachment%3Bfilename%3D%E6%98%93%E6%95%99%E6%95%99%E5%AD%A6%E5%8A%A9%E6%89%8B_2.3.0.ipa</string>
                </dict>
                <dict>
                    <key>kind</key>
                    <string>full-size-image</string>
                    <key>needs-shine</key>
                    <false/>
                    <key>url</key>
                    <string>https://cdn-app-icon..com/c/f/f/9/b/cff9bdcd0fccc74fa7eb5fbd382f46c6?x-oss-process=image/resize,m_lfit,h_120,w_120/format,jpg</string>
                </dict>
                <dict>
                    <key>kind</key>
                    <string>display-image</string>
                    <key>needs-shine</key>
                    <false/>
                    <key>url</key>
                    <string>https://cdn-app-icon.xxxx.com/c/f/f/9/b/cff9bdcd0fccc74fa7eb5fbd382f46c6?x-oss-process=image/resize,m_lfit,h_120,w_120/format,jpg</string>
                </dict>
            </array>
            <key>metadata</key>
            <dict>
                <key>bundle-identifier</key>
                <string>com.xxx</string>
                <key>bundle-version</key>
                <string>2.3.0</string>
                <key>kind</key>
                <string>software</string>
                <key>subtitle</key>
                <string>xxxx</string>
                <key>title</key>
                <string>xxxx</string>
            </dict>
        </dict>
    </array>
</dict>
</plist>

The url under the software package is the IPA address, which can be downloaded directly. It is very simple, but we can't download it after obtaining the plist file of dandelion. Note that dandelion needs to be opened with Safari browser and switched to the develop ment - User Agent - Safari iPhone mode.

Click Install to open the following interface:

The visible plist file address is:

https%3A%2F%2Fwww.pgyer.com%2Fapp%2Fplist%2F0c3ab9242b3879832a39b797d6f0bd89%2Finstall%2F%2Fs.plist

After decoding through urlDecode: http://tool.chinaz.com/tools/urlencode.aspx

https://www.pgyer.com/app/plist/0c3ab9242b3879832a39b797d6f0bd89/install//s.plist

Download this file to get the interface:

So far, it seems that we can't get the download address of the specific IPA.

Special mode:

1. Solve this problem with curl terminal command. Through research, it is known that agent parameters need to be added to the request, as follows:

--user-agent "com.apple.appstored/1.0 iOS/14.3 model/iPhone10,2 hwp/t8015 build/18C66 (6; dt:158) AMS/1"

2. The command to download this plist file is as follows:

curl --user-agent "com.apple.appstored/1.0 iOS/14.3 model/iPhone10,2 hwp/t8015 build/18C66 (6; dt:158) AMS/1" https://www.pgyer.com/app/plist/0c3ab9242b3879832a39b797d6f0bd89/install//s.plist -o pgy.plist

4. Open the downloaded plist file as follows:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>items</key>
    <array>
        <dict>
            <key>assets</key>
            <array>
                <dict>
                    <key>kind</key>
                    <string>software-package</string>
                    <key>url</key>
                    <string>https://oss.pgyer.com/9d6bfa2875d04273fcafa646d4715c7f.ipa?auth_key=1626245309-42ee54e8f5532f8d4ff14d3b5c4dec8c-0-53a53c8ecf489b455d72059394b97990&amp;response-content-disposition=attachment%3Bfilename%3D%E7%83%AD%E8%A1%80%E7%A5%9E%E9%80%94_1.0.ipa</string>
                </dict>
                <dict>
                    <key>kind</key>
                    <string>full-size-image</string>
                    <key>needs-shine</key>
                    <false/>
                    <key>url</key>
                    <string>https://cdn-app-icon.pgyer.com/8/7/c/2/d/87c2df7983ec05dce6c538d5d6346304?x-oss-process=image/resize,m_lfit,h_120,w_120/format,jpg</string>
                </dict>
                <dict>
                    <key>kind</key>
                    <string>display-image</string>
                    <key>needs-shine</key>
                    <false/>
                    <key>url</key>
                    <string>https://cdn-app-icon.pgyer.com/8/7/c/2/d/87c2df7983ec05dce6c538d5d6346304?x-oss-process=image/resize,m_lfit,h_120,w_120/format,jpg</string>
                </dict>
            </array>
            <key>metadata</key>
            <dict>
                <key>bundle-identifier</key>
                <string>com.yuetu.shentu.rexuest</string>
                <key>bundle-version</key>
                <string>1.0</string>
                <key>kind</key>
                <string>software</string>
                <key>subtitle</key>
                <string>Hot blooded path</string>
                <key>title</key>
                <string>Hot blooded path</string>
            </dict>
        </dict>
    </array>
</dict>
</plist>

5. Now you have the installation package address, and then you can download it directly. Use the following command:

wget "https://oss.pgyer.com/9d6bfa2875d04273fcafa646d4715c7f.ipa?auth_key=1626245309-42ee54e8f5532f8d4ff14d3b5c4dec8c-0-53a53c8ecf489b455d72059394b97990&amp;response-content-disposition=attachment%3Bfilename%3D%E7%83%AD%E8%A1%80%E7%A5%9E%E9%80%94_1.0.ipa"

So far, the special situation of dandelion has been solved.

In addition, if you want to obtain the ipa download address in one step, you can execute the following command:

curl --user-agent 'com.apple.appstored/1.0 iOS/14.3 model/iPhone10,2 hwp/t8015 build/18C66 (6; dt:158) AMS/1' https://www.pgyer.com/app/plist/0c3ab9242b3879832a39b797d6f0bd89/install//s.plist -s | grep "oss.pgyer.com" | sed 's#</string># #g' | sed 's#<string># #g' | awk '{print $1}'

Or save to a txt file. The command is as follows:

curl --user-agent 'com.apple.appstored/1.0 iOS/14.3 model/iPhone10,2 hwp/t8015 build/18C66 (6; dt:158) AMS/1' https://www.pgyer.com/app/plist/0c3ab9242b3879832a39b797d6f0bd89/install//s.plist -s | grep "oss.pgyer.com" | sed 's#</string># #g' | sed 's#<string># #g' | awk '{print $1}' > d.txt

 

Install IPA files

1. Download and install through ifumbox. Download address: http://dl.i-funbox.com/cn/

2. Install through Xcode. Download address: https://developer.apple.com/cn/xcode/resources/

3. Installation by windmill, download address: https://www.fengchetech.cn/

 

Note: the above contents are only for technical learning reference, and should not be used for illegal acts. Please operate the function process of the third-party platform according to regulations.

Topics: Information Security