The README states ipadecrypt decrypts iOS 26 apps. Based on my file-format research on the FairPlay SC_Info key files (https://github.com/vnc0/fairplay-scinfo), there is a class of binaries where this cannot work on a pre-26 device. While the issue is currently only noticeable in a handful of apps, I expect it to affect a wider range of apps in the near future.
Background
iOS 26 introduced new SC_Info key-file variants — .v4.supp (version byte 0x04) and .v5.supf (0x05) — alongside the legacy .supp (0x01) / .supf (0x03). For most apps both generations ship side by side, so a pre-26 kernel can still use the legacy pair.
For binaries that are iOS-26-only, Apple stops shipping the legacy pair: the .supp is absent and the .supf is truncated to 0 bytes, leaving only the new .v4.supp / .v5.supf.
Examples in the wild:
com.microsoft.rdc.ios 11.3.2 — main binary
com.gopro.GoPro 13.34.1 — ReelSteady.framework
Impact
The v4/v5 key formats are only understood by the FairPlay subsystem on iOS 26+. On a pre-26 kernel the key material these binaries need is not in a recognized format, and the legacy files such a kernel would understand are gone. Forcing page decryption therefore fails with mremap_encrypted() => -1. The rest of the app may decrypt fine; only the iOS-26-only binaries fail.
Proposed Solutions & Next Steps
Assuming this is a strict kernel-level constraint with no userspace workaround, a true fix will likely have to wait until an iOS 26 jailbreak exists. (That said, if my assumption is incorrect and there is an existing way to parse or feed these new structures to an older kernel, I would be highly interested in a hint!)
In the meantime, it would help to detect this case early rather than failing silently. Before attempting decryption, ipadecrypt could check whether the legacy .supp/.supf are present and non-empty. If not, abort with a clear message:
Error: <Binary> has no legacy SC_Info (iOS-26-only binary). Decryption on a pre-26 device is not possible.
Alternatively, a note in the README under known limitations would at least prevent confusion for users who hit this today.
The README states ipadecrypt decrypts iOS 26 apps. Based on my file-format research on the FairPlay
SC_Infokey files (https://github.com/vnc0/fairplay-scinfo), there is a class of binaries where this cannot work on a pre-26 device. While the issue is currently only noticeable in a handful of apps, I expect it to affect a wider range of apps in the near future.Background
iOS 26 introduced new
SC_Infokey-file variants —.v4.supp(version byte0x04) and.v5.supf(0x05) — alongside the legacy.supp(0x01) /.supf(0x03). For most apps both generations ship side by side, so a pre-26 kernel can still use the legacy pair.For binaries that are iOS-26-only, Apple stops shipping the legacy pair: the
.suppis absent and the.supfis truncated to 0 bytes, leaving only the new.v4.supp/.v5.supf.Examples in the wild:
com.microsoft.rdc.ios11.3.2 — main binarycom.gopro.GoPro13.34.1 —ReelSteady.frameworkImpact
The v4/v5 key formats are only understood by the FairPlay subsystem on iOS 26+. On a pre-26 kernel the key material these binaries need is not in a recognized format, and the legacy files such a kernel would understand are gone. Forcing page decryption therefore fails with
mremap_encrypted() => -1. The rest of the app may decrypt fine; only the iOS-26-only binaries fail.Proposed Solutions & Next Steps
Assuming this is a strict kernel-level constraint with no userspace workaround, a true fix will likely have to wait until an iOS 26 jailbreak exists. (That said, if my assumption is incorrect and there is an existing way to parse or feed these new structures to an older kernel, I would be highly interested in a hint!)
In the meantime, it would help to detect this case early rather than failing silently. Before attempting decryption, ipadecrypt could check whether the legacy
.supp/.supfare present and non-empty. If not, abort with a clear message:Alternatively, a note in the README under known limitations would at least prevent confusion for users who hit this today.