Best IT Recipes

How to decrypt encrypted backup of Apple iPhone iPhone?

Several unfortunate iPhone users have asked for help recovering data from their iTunes backups. This is easy when they are unencrypted, but not when they are encrypted, regardless of whether the password is known.

As such, I am trying to figure out the encryption scheme used in the mddata and mdinfo files when encrypted. I have no problem reading these files otherwise, and built-in C # libraries have been created for this. (If you are able to help, I don’t care what language you use. This is the principle that I am here!)

The iPhone OS OS Deployment Guide for Apple states that “Device backups can be stored in an encrypted format by selecting Encrypt iPhone Backup in the iTunes device’s dashboard. Files are encrypted using AES128 with a 256-bit key. The key is stored securely in the iPhone keychain. "

This is a good hint, and there is some useful information about the interaction of Aack / Rijndael on AES / Rijndael , suggesting the use of keys 128 and CBC.

In addition to any other obfuscation, a key and an initializing vector (IV) / salt are needed.

We can assume that the key is to manipulate the "backup password", to which the user is prompted to enter iTunes and transfer " AppleMobileBackup.exe ", supplemented by a mod dictated by CBC. However, given the link to the iPhone keychain, I wonder if the “backup password” can not be used as the password for the X509 certificate or the symmetric private key, and the key itself or the private key can be used as the key. ( AES and iTunes encryption / decryption process is symmetrical.)

IV is another matter, and it can be several things. Perhaps this is one of the keys hardcoded in iTunes or in the devices themselves .

Although Apple's comment above suggests that the key is present in the keychains of the device, I think this is not so important. You can restore an encrypted backup to another device, which assumes that all information related to the decryption is present in the backup and iTunes configurations, and that nothing exclusively on the device matters and is replaced in this context. So where could the key be?

I have listed the paths below from a Windows machine, but this is most of what we use.

"\ appdata \ Roaming \ Apple Computer \ iTunes \ itunesprefs.xml" contains a PList with the entry "Keychain" dict. "\ Programdata \ apple \ Lockdown \ 09037027da8f4bdefdea97d706703ca034c88bab.plist" contains a PList with "DeviceCertificate", "HostCertificate" and "RootCertificate", all of which seem to be valid X509 certificates. The same file also contains the asymmetric keys "RootPrivateKey" and "HostPrivateKey" (my reading suggests that it could be a PKCS # 7 shell). In addition, each backup has the AuthSignature and AuthData values ​​in the Manifest.plist file, although they seem rotary because each file receives a phased backup, it is suggested that they are not so useful as a key, if only - it really is all done.

There are many misleading things that suggest getting data from encrypted backups. This is not so, and as far as I know, this has not been done. Bypassing or disabling backup encryption is a completely different matter, and I do not want to do this.

It's not about hacking an iPhone or something like that. All I’ll do here is a tool to extract data (photos, contacts, etc.) from encrypted iTunes backups, since I can use them without encryption. I tried all kinds of permutations with the information that I put above, but did not get anywhere else. I would appreciate any thoughts or methods that I might have missed.

+81
iphone encryption backup itunes
Sep 30 '09 at 14:07
source share
4 answers

Security researchers Jean-Baptiste Bedrun and Jean Sigwald talked about how to do this at Hack-in-the-the-the Amsterdam 2011 . Apple has since released

IOS security white paper with more details on keys and algorithms, as well as Charlie Miller et al. have released the iOS Hacker Guide , which covers some of the land in how-to style. When iOS 10 came out, there were changes to the backup format that Apple did not publish at first, but people redesigned the format changes . Encrypted backups are great

The great thing about encrypted iPhone backups is that they contain WiFi passwords that are not in plain, unencrypted backups. As discussed in

An iOS security white paper , encrypted backups are considered more “secure”, so Apple believes that more sensitive information can be included in them. Important warning: obviously, decrypting the backup of your iOS devices removes its encryption To protect your privacy and security,

you should run these scripts only on a computer with full disk encryption. While a Security Expert can write software that protects keys in memory, for example using functions such as VirtualLock() and SecureZeroMemory() among other things, these Python Scripts will store your encryption keys and passwords in strings to be a Python garbage collector. This means that your secret keys and passwords will live in RAM for some time, from where they will go to your swap file and to your disk, where the enemy can recover them. This completely eliminates the need for an encrypted backup. How to decrypt backups: theoretically

iOS Security Whitepaper

explains the fundamental concepts of individual files, protection classes, keys of protection classes and key packages better than I can. If you are not already familiar with them, take a few minutes to read the relevant parts. Now you know that each file in iOS is encrypted with its own random encryption key for each file, belongs to the protection class, and for each file encryption keys are stored in the file system metadata, the protection class key. For decryption:

Decode the key bag stored in the BackupKeyBag Manifest.plist entry. A general overview of this structure is given in

official document

  1. . The iPhone Wiki describes a binary format: a 4-byte field like a string, a 4-byte field a length field with direct byte order, and then the value itself. The important values ​​are PBKDF2 ITER and SALT , double DPSL protective salt and the number of DPIC iterations, and then for each CLS protection, wrapped WPKY key. Using the backup password, get the 32-byte key using the correct PBKDF2 salt and the number of iterations. First, use SHA256 round with DPSL and DPIC , then use SHA1 round with ITER and SALT .

    Expand each wrapped key according to

  2. RFC 3394

    . Decrypt the manifest database by pulling the 4-byte security class and longer key from ManifestKey into Manifest.plist , and expand it. You now have a SQLite database with all the file metadata. For each file you are interested in, obtain the encryption by classes for each file, the key and code of the protection class by looking at the Files.file database column for the binary list containing EncryptionKey and ProtectionClass entries. Remove the initial four-byte length tag from EncryptionKey before use.

  3. Then get the final decryption key by expanding it with the class. The key that was deployed with the backup password. Then decrypt the file using AES in CBC mode with a zero IV.

  4. How to decrypt backups: in practice

    First you need some library dependencies. If you are running on a Mac using Python 2.7 or 3.7 installed in homebrew, you can install the dependencies with:

 CFLAGS="-I$(brew --prefix)/opt/openssl/include" \ LDFLAGS="-L$(brew --prefix)/opt/openssl/lib" \ pip install biplist fastpbkdf2 pycrypto

In the executable form of the source code, here's how to decrypt a single settings file from an encrypted iPhone backup:

 #!/usr/bin/env python3.7 # coding: UTF-8 from __future__ import print_function from __future__ import division import argparse import getpass import os.path import pprint import random import shutil import sqlite3 import string import struct import tempfile from binascii import hexlify import Crypto.Cipher.AES # https://www.dlitz.net/software/pycrypto/ import biplist import fastpbkdf2 from biplist import InvalidPlistException def main(): ## Parse options parser = argparse.ArgumentParser() parser.add_argument('--backup-directory', dest='backup_directory', default='testdata/encrypted') parser.add_argument('--password-pipe', dest='password_pipe', help="""\ Keeps password from being visible in system process list. Typical use: --password-pipe=<(echo -n foo) """) parser.add_argument('--no-anonymize-output', dest='anonymize', action='store_false') args = parser.parse_args() global ANONYMIZE_OUTPUT ANONYMIZE_OUTPUT = args.anonymize if ANONYMIZE_OUTPUT: print('Warning: All output keys are FAKE to protect your privacy') manifest_file = os.path.join(args.backup_directory, 'Manifest.plist') with open(manifest_file, 'rb') as infile: manifest_plist = biplist.readPlist(infile) keybag = Keybag(manifest_plist['BackupKeyBag']) # the actual keys are unknown, but the wrapped keys are known keybag.printClassKeys() if args.password_pipe: password = readpipe(args.password_pipe) if password.endswith(b'\n'): password = password[:-1] else: password = getpass.getpass('Backup password: ').encode('utf-8') ## Unlock keybag with password if not keybag.unlockWithPasscode(password): raise Exception('Could not unlock keybag; bad password?') # now the keys are known too keybag.printClassKeys() ## Decrypt metadata DB manifest_key = manifest_plist['ManifestKey'][4:] with open(os.path.join(args.backup_directory, 'Manifest.db'), 'rb') as db: encrypted_db = db.read() manifest_class = struct.unpack('<l', manifest_plist['ManifestKey'][:4])[0] key = keybag.unwrapKeyForClass(manifest_class, manifest_key) decrypted_data = AESdecryptCBC(encrypted_db, key) temp_dir = tempfile.mkdtemp() try: # Does anyone know how to get Pythons SQLite module to open some # bytes in memory as a database? db_filename = os.path.join(temp_dir, 'db.sqlite3') with open(db_filename, 'wb') as db_file: db_file.write(decrypted_data) conn = sqlite3.connect(db_filename) conn.row_factory = sqlite3.Row c = conn.cursor() # c.execute("select * from Files limit 1"); # r = c.fetchone() c.execute(""" SELECT fileID, domain, relativePath, file FROM Files WHERE relativePath LIKE 'Media/PhotoData/MISC/DCIM_APPLE.plist' ORDER BY domain, relativePath""") results = c.fetchall() finally: shutil.rmtree(temp_dir) for item in results: fileID, domain, relativePath, file_bplist = item plist = biplist.readPlistFromString(file_bplist) file_data = plist['$objects'][plist['$top']['root'].integer] size = file_data['Size'] protection_class = file_data['ProtectionClass'] encryption_key = plist['$objects'][ file_data['EncryptionKey'].integer]['NS.data'][4:] backup_filename = os.path.join(args.backup_directory, fileID[:2], fileID) with open(backup_filename, 'rb') as infile: data = infile.read() key = keybag.unwrapKeyForClass(protection_class, encryption_key) # truncate to actual length, as encryption may introduce padding decrypted_data = AESdecryptCBC(data, key)[:size] print('== decrypted data:') print(wrap(decrypted_data)) print() print('== pretty-printed plist') pprint.pprint(biplist.readPlistFromString(decrypted_data)) ## # this section is mostly copied from parts of iphone-dataprotection # http://code.google.com/p/iphone-dataprotection/ CLASSKEY_TAGS = [b"CLAS",b"WRAP",b"WPKY", b"KTYP", b"PBKY"] #UUID KEYBAG_TYPES = ["System", "Backup", "Escrow", "OTA (icloud)"] KEY_TYPES = ["AES", "Curve25519"] PROTECTION_CLASSES={ 1:"NSFileProtectionComplete", 2:"NSFileProtectionCompleteUnlessOpen", 3:"NSFileProtectionCompleteUntilFirstUserAuthentication", 4:"NSFileProtectionNone", 5:"NSFileProtectionRecovery?", 6: "kSecAttrAccessibleWhenUnlocked", 7: "kSecAttrAccessibleAfterFirstUnlock", 8: "kSecAttrAccessibleAlways", 9: "kSecAttrAccessibleWhenUnlockedThisDeviceOnly", 10: "kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly", 11: "kSecAttrAccessibleAlwaysThisDeviceOnly" } WRAP_DEVICE = 1 WRAP_PASSCODE = 2 class Keybag(object): def __init__(self, data): self.type = None self.uuid = None self.wrap = None self.deviceKey = None self.attrs = {} self.classKeys = {} self.KeyBagKeys = None #DATASIGN blob self.parseBinaryBlob(data) def parseBinaryBlob(self, data): currentClassKey = None for tag, data in loopTLVBlocks(data): if len(data) == 4: data = struct.unpack(">L", data)[0] if tag == b"TYPE": self.type = data if self.type > 3: print("FAIL: keybag type > 3 : %d" % self.type) elif tag == b"UUID" and self.uuid is None: self.uuid = data elif tag == b"WRAP" and self.wrap is None: self.wrap = data elif tag == b"UUID": if currentClassKey: self.classKeys[currentClassKey[b"CLAS"]] = currentClassKey currentClassKey = {b"UUID": data} elif tag in CLASSKEY_TAGS: currentClassKey[tag] = data else: self.attrs[tag] = data if currentClassKey: self.classKeys[currentClassKey[b"CLAS"]] = currentClassKey def unlockWithPasscode(self, passcode): passcode1 = fastpbkdf2.pbkdf2_hmac('sha256', passcode, self.attrs[b"DPSL"], self.attrs[b"DPIC"], 32) passcode_key = fastpbkdf2.pbkdf2_hmac('sha1', passcode1, self.attrs[b"SALT"], self.attrs[b"ITER"], 32) print('== Passcode key') print(anonymize(hexlify(passcode_key))) for classkey in self.classKeys.values(): if b"WPKY" not in classkey: continue k = classkey[b"WPKY"] if classkey[b"WRAP"] & WRAP_PASSCODE: k = AESUnwrap(passcode_key, classkey[b"WPKY"]) if not k: return False classkey[b"KEY"] = k return True def unwrapKeyForClass(self, protection_class, persistent_key): ck = self.classKeys[protection_class][b"KEY"] if len(persistent_key) != 0x28: raise Exception("Invalid key length") return AESUnwrap(ck, persistent_key) def printClassKeys(self): print("== Keybag") print("Keybag type: %s keybag (%d)" % (KEYBAG_TYPES[self.type], self.type)) print("Keybag version: %d" % self.attrs[b"VERS"]) print("Keybag UUID: %s" % anonymize(hexlify(self.uuid))) print("-"*209) print("".join(["Class".ljust(53), "WRAP".ljust(5), "Type".ljust(11), "Key".ljust(65), "WPKY".ljust(65), "Public key"])) print("-"*208) for k, ck in self.classKeys.items(): if k == 6:print("") print("".join( [PROTECTION_CLASSES.get(k).ljust(53), str(ck.get(b"WRAP","")).ljust(5), KEY_TYPES[ck.get(b"KTYP",0)].ljust(11), anonymize(hexlify(ck.get(b"KEY", b""))).ljust(65), anonymize(hexlify(ck.get(b"WPKY", b""))).ljust(65), ])) print() def loopTLVBlocks(blob): i = 0 while i + 8 <= len(blob): tag = blob[i:i+4] length = struct.unpack(">L",blob[i+4:i+8])[0] data = blob[i+8:i+8+length] yield (tag,data) i += 8 + length def unpack64bit(s): return struct.unpack(">Q",s)[0] def pack64bit(s): return struct.pack(">Q",s) def AESUnwrap(kek, wrapped): C = [] for i in range(len(wrapped)//8): C.append(unpack64bit(wrapped[i*8:i*8+8])) n = len(C) - 1 R = [0] * (n+1) A = C[0] for i in range(1,n+1): R[i] = C[i] for j in reversed(range(0,6)): for i in reversed(range(1,n+1)): todec = pack64bit(A ^ (n*j+i)) todec += pack64bit(R[i]) B = Crypto.Cipher.AES.new(kek).decrypt(todec) A = unpack64bit(B[:8]) R[i] = unpack64bit(B[8:]) if A != 0xa6a6a6a6a6a6a6a6: return None res = b"".join(map(pack64bit, R[1:])) return res ZEROIV = "\x00"*16 def AESdecryptCBC(data, key, iv=ZEROIV, padding=False): if len(data) % 16: print("AESdecryptCBC: data length not /16, truncating") data = data[0:(len(data)/16) * 16] data = Crypto.Cipher.AES.new(key, Crypto.Cipher.AES.MODE_CBC, iv).decrypt(data) if padding: return removePadding(16, data) return data ## # here are some utility functions, one making sure I dont leak my # secret keys when posting the output on Stack Exchange anon_random = random.Random(0) memo = {} def anonymize(s): if type(s) == str: s = s.encode('utf-8') global anon_random, memo if ANONYMIZE_OUTPUT: if s in memo: return memo[s] possible_alphabets = [ string.digits, string.digits + 'abcdef', string.ascii_letters, "".join(chr(x) for x in range(0, 256)), ] for a in possible_alphabets: if all((chr(c) if type(c) == int else c) in a for c in s): alphabet = a break ret = "".join([anon_random.choice(alphabet) for i in range(len(s))]) memo[s] = ret return ret else: return s def wrap(s, width=78): "Return a width-wrapped repr(s)-like string without breaking on \s" s = repr(s) quote = s[0] s = s[1:-1] ret = [] while len(s): i = s.rfind('\\', 0, width) if i <= width - 4: # "\x??" is four characters i = width ret.append(s[:i]) s = s[i:] return '\n'.join("%s%s%s" % (quote, line ,quote) for line in ret) def readpipe(path): if stat.S_ISFIFO(os.stat(path).st_mode): with open(path, 'rb') as pipe: return pipe.read() else: raise Exception("Not a pipe: {!r}".format(path)) if __name__ == '__main__': main()

Which then prints this output:

 Warning: All output keys are FAKE to protect your privacy == Keybag Keybag type: Backup keybag (1) Keybag version: 3 Keybag UUID: dc6486c479e84c94efce4bea7169ef7d ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Class WRAP Type Key WPKY Public key ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- NSFileProtectionComplete 2 AES 4c80b6da07d35d393fc7158e18b8d8f9979694329a71ceedee86b4cde9f97afec197ad3b13c5d12b NSFileProtectionCompleteUnlessOpen 2 AES 09e8a0a9965f00f213ce06143a52801f35bde2af0ad54972769845d480b5043f545fa9b66a0353a6 NSFileProtectionCompleteUntilFirstUserAuthentication 2 AES e966b6a0742878ce747cec3fa1bf6a53b0d811ad4f1d6147cd28a5d400a8ffe0bbabea5839025cb5 NSFileProtectionNone 2 AES 902f46847302816561e7df57b64beea6fa11b0068779a65f4c651dbe7a1630f323682ff26ae7e577 NSFileProtectionRecovery? 3 AES a3935fed024cd9bc11d0300d522af8e89accfbe389d7c69dca02841df46c0a24d0067dba2f696072 kSecAttrAccessibleWhenUnlocked 2 AES 09a1856c7e97a51a9c2ecedac8c3c7c7c10e7efa931decb64169ee61cb07a0efb115050fd1e33af1 kSecAttrAccessibleAfterFirstUnlock 2 AES 0509d215f2f574efa2f192efc53c460201168b26a175f066b5347fc48bc76c637e27a730b904ca82 kSecAttrAccessibleAlways 2 AES b7ac3c4f1e04896144ce90c4583e26489a86a6cc45a2b692a5767b5a04b0907e081daba009fdbb3c kSecAttrAccessibleWhenUnlockedThisDeviceOnly 3 AES 417526e67b82e7c6c633f9063120a299b84e57a8ffee97b34020a2caf6e751ec5750053833ab4d45 kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly 3 AES b0e17b0cf7111c6e716cd0272de5684834798431c1b34bab8d1a1b5aba3d38a3a42c859026f81ccc kSecAttrAccessibleAlwaysThisDeviceOnly 3 AES 9b3bdc59ae1d85703aa7f75d49bdc600bf57ba4a458b20a003a10f6e36525fb6648ba70e6602d8b2 == Passcode key ee34f5bb635830d698074b1e3e268059c590973b0f1138f1954a2a4e1069e612 == Keybag Keybag type: Backup keybag (1) Keybag version: 3 Keybag UUID: dc6486c479e84c94efce4bea7169ef7d ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Class WRAP Type Key WPKY Public key ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- NSFileProtectionComplete 2 AES 64e8fc94a7b670b0a9c4a385ff395fe9ba5ee5b0d9f5a5c9f0202ef7fdcb386f 4c80b6da07d35d393fc7158e18b8d8f9979694329a71ceedee86b4cde9f97afec197ad3b13c5d12b NSFileProtectionCompleteUnlessOpen 2 AES 22a218c9c446fbf88f3ccdc2ae95f869c308faaa7b3e4fe17b78cbf2eeaf4ec9 09e8a0a9965f00f213ce06143a52801f35bde2af0ad54972769845d480b5043f545fa9b66a0353a6 NSFileProtectionCompleteUntilFirstUserAuthentication 2 AES 1004c6ca6e07d2b507809503180edf5efc4a9640227ac0d08baf5918d34b44ef e966b6a0742878ce747cec3fa1bf6a53b0d811ad4f1d6147cd28a5d400a8ffe0bbabea5839025cb5 NSFileProtectionNone 2 AES 2e809a0cd1a73725a788d5d1657d8fd150b0e360460cb5d105eca9c60c365152 902f46847302816561e7df57b64beea6fa11b0068779a65f4c651dbe7a1630f323682ff26ae7e577 NSFileProtectionRecovery? 3 AES 9a078d710dcd4a1d5f70ea4062822ea3e9f7ea034233e7e290e06cf0d80c19ca a3935fed024cd9bc11d0300d522af8e89accfbe389d7c69dca02841df46c0a24d0067dba2f696072 kSecAttrAccessibleWhenUnlocked 2 AES 606e5328816af66736a69dfe5097305cf1e0b06d6eb92569f48e5acac3f294a4 09a1856c7e97a51a9c2ecedac8c3c7c7c10e7efa931decb64169ee61cb07a0efb115050fd1e33af1 kSecAttrAccessibleAfterFirstUnlock 2 AES 6a4b5292661bac882338d5ebb51fd6de585befb4ef5f8ffda209be8ba3af1b96 0509d215f2f574efa2f192efc53c460201168b26a175f066b5347fc48bc76c637e27a730b904ca82 kSecAttrAccessibleAlways 2 AES c0ed717947ce8d1de2dde893b6026e9ee1958771d7a7282dd2116f84312c2dd2 b7ac3c4f1e04896144ce90c4583e26489a86a6cc45a2b692a5767b5a04b0907e081daba009fdbb3c kSecAttrAccessibleWhenUnlockedThisDeviceOnly 3 AES 80d8c7be8d5103d437f8519356c3eb7e562c687a5e656cfd747532f71668ff99 417526e67b82e7c6c633f9063120a299b84e57a8ffee97b34020a2caf6e751ec5750053833ab4d45 kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly 3 AES a875a15e3ff901351c5306019e3b30ed123e6c66c949bdaa91fb4b9a69a3811e b0e17b0cf7111c6e716cd0272de5684834798431c1b34bab8d1a1b5aba3d38a3a42c859026f81ccc kSecAttrAccessibleAlwaysThisDeviceOnly 3 AES 1e7756695d337e0b06c764734a9ef8148af20dcc7a636ccfea8b2eb96a9e9373 9b3bdc59ae1d85703aa7f75d49bdc600bf57ba4a458b20a003a10f6e36525fb6648ba70e6602d8b2 == decrypted data: '<?xml version="1.0" encoding="UTF-8"?>\n<!DOCTYPE plist PUBLIC "-//Apple//DTD ' 'PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">\n<plist versi' 'on="1.0">\n<dict>\n\t<key>DCIMLastDirectoryNumber</key>\n\t<integer>100</integ' 'er>\n\t<key>DCIMLastFileNumber</key>\n\t<integer>3</integer>\n</dict>\n</plist' '>\n' == pretty-printed plist {'DCIMLastDirectoryNumber': 100, 'DCIMLastFileNumber': 3}

Additional loan

iphone data protection code

published by Bedrun and Sigwald, can decrypt the keychain from the backup, including funny things like saved Wi-Fi and site passwords:

 $ python iphone-dataprotection/python_scripts/keychain_tool.py ... -------------------------------------------------------------------------------------- | Passwords | -------------------------------------------------------------------------------------- |Service |Account |Data |Access group |Protection class| -------------------------------------------------------------------------------------- |AirPort |Eds Coffee Shop |<3FrenchRoast |apple |AfterFirstUnlock| ...
This code no longer works for backup from phones using the latest version of iOS, but there is

 $ python iphone-dataprotection/python_scripts/keychain_tool.py ... -------------------------------------------------------------------------------------- | Passwords | -------------------------------------------------------------------------------------- |Service |Account |Data |Access group |Protection class| -------------------------------------------------------------------------------------- |AirPort |Eds Coffee Shop |<3FrenchRoast |apple |AfterFirstUnlock| ...

golang ports that have been updated to allow access to the keychain .

+90
Dec 09
source share

Sorry, but it can be even more difficult, including pbkdf2 or even its variant. Listen to WWDC 2010 session No. 209, which mainly talks about security measures in iOS 4, but also briefly mentions separate encryption of backups and how they are related.

You can be sure that without knowing the password, you cannot decrypt it even with brute force.

Suppose you want to try to include people who KNOW the password to get their backup data.

I am afraid that there is no way to look at the actual code in iTunes to find out which algos are used.

Back in the days of Newton, I had to decrypt the data from the program, and I was able to call its decryption function directly (knowing the password, of course), without even requiring to cancel its algorithm. This is not easy, unfortunately.

I am sure that there are experienced people around who could reverse engineer this iTunes code - you just need to interest them.

In theory, Apple algos should be designed so that the data is still safe (i.e., virtually indestructible by brute force) to any attacker, knowing the exact encryption method. And at the WWDC 209 session, they figured out in some detail what they are doing to achieve this. Maybe you can get answers directly from Apple if you tell them your good intentions. In the end, even they should know that safety against obfuscation is not very effective. Try their security mailing list. Even if they don’t answer, maybe someone else silently on the list will answer with some help.

Good luck

+6
Sep 26 '10 at 18:09
source share

I haven’t tried, but Elcomsoft has released a product that they claim is capable of decrypting backups for forensic purposes. It may not be as cool as an engineering solution on its own, but it can be faster.

http://www.elcomsoft.com/eppb.html

+1
Sep 24 '10 at 13:21
source share

You should take a copy of the Erica Sadun mdhelper command-line utility ( OS X binary and source ). It supports listing and retrieving the contents of iPhone / iPod Touch backups, including address book and SMS databases, as well as other application metadata and settings.

-3
01 Oct '09 at 13:13
source share


More articles:


All Articles