Open GoogleCodeExporter opened 9 years ago
can you apply this patch, rerun the script and post the output ? it should help
understand the error. thanks.
Original comment by jean.sig...@gmail.com
on 30 Mar 2013 at 10:56
Attachments:
here is the output after applying the patch:
Product Type : iPhone1,2
Product Version : 3.0.1
iTunes Version : 8.2.1
Extract backup to ../.._extract ? (y/n)
y
Backup is encrypted
Enter backup password :
No BackupKeyBag in manifest, assuming iOS 3.x backup
Passphrase seems OK
Library/LockBackground.jpg
// many files deciphering ...
Documents/UserSettings.plist
00000000 | 3C 3F 78 6D 6C 20 76 65 72 73 69 6F 6E 3D 22 31 | <?xml version="1
992
00000000 | 5F 44 9B BB 21 E1 47 B5 9F 11 0C BC 2E 39 45 F2 | _D..!.G......9E.
Traceback (most recent call last):
File "backup_tool.py", line 78, in <module>
main()
File "backup_tool.py", line 75, in main
extract_backup(backup_path, output_path)
File "backup_tool.py", line 34, in extract_backup
decrypt_backup3(backup_path, output_path, password)
File "/home/julien/Téléchargements/iphone_recover/iphone-dataprotection/python_scripts/backups/backup3.py", line 63, in decrypt_backup3
filedata = decrypt_blob(filedata, auth_key)
File "/home/julien/Téléchargements/iphone_recover/iphone-dataprotection/python_scripts/backups/backup3.py", line 26, in decrypt_blob
return AESdecryptCBC(blob[68:], blob_key, iv, padding=True)
File "/home/julien/Téléchargements/iphone_recover/iphone-dataprotection/python_scripts/crypto/aes.py", line 22, in AESdecryptCBC
return removePadding(16, data)
File "/home/julien/Téléchargements/iphone_recover/iphone-dataprotection/python_scripts/crypto/aes.py", line 12, in removePadding
raise Exception('invalid padding')
Exception: invalid padding
Original comment by david.is...@gmail.com
on 30 Mar 2013 at 6:36
ok, here is another patch to get additionnal info, then i should be able to fix
the issue correctly (dont forget to replace hexdump(s[-16:]) by
hexdump(s[-32:]) in aes.py). thanks.
Original comment by jean.sig...@gmail.com
on 31 Mar 2013 at 12:44
Attachments:
Hi, here is the output after applying the new patch:
Product Type : iPhone1,2
Product Version : 3.0.1
iTunes Version : 8.2.1
Extract backup to ../.._extract ? (y/n)
y
Backup is encrypted
Enter backup password :
No BackupKeyBag in manifest, assuming iOS 3.x backup
Passphrase seems OK
Library/LockBackground.jpg
// many files deciphering ...
Documents/UserSettings.plist
{'Domain': 'AppDomain-com.azurgate.secouchermoinsbete',
'Greylist': False,
'Path': 'Documents/UserSettings.plist',
'Version': '3.0'}
{'AuthVersion': '1.0',
'IsEncrypted': True,
'Metadata': Data('\x00B\x01\x00\x9e\xd3si\x8c\xb2<\x88h\x81\x8b.R\x94\x1fh\xd5\x02\xfaz\x9d\x89\x10\x89\xaf\x86\xe3v~\xd9\x1et\xc9>\xc5\x18\xf0D\xcf\xfb\xac\xbc\'\xb1\xc2a\xce\xf7x\x01a\x9c\xdc\xa1K\xed\xacs\x9b\xd7\xc97\xef\xe8[S\x88:~\xa4=IN\x17\x0b<\x19\x166t\xc0\x19|\x99\xc4\xcf\x0f\x9d\xfbM<\xddB\xb3\x8bg\x16\x8e \xbe\\\xf0"\xcd\xe10\x17|@\x0b\xafcA4\xf9\xc3)\x15\xcc\x93\xfb\xe0JD]b\x9d6z\x93\xf1R\xf1\x0bP\x9b\xe8[\xb2\xc6h\x1a\xc6\xfc\x03\xf27\xcbL\xf7\x98O@\x94\x1b\x9eE\xd46k"\x80e{\x94\xa8\tC\xce\xfd\xdb\xf7\xaf.<\\jf\xcb\xe6\xa4/\xed\xc6\x8f\x9aP\xd7_\xd8P\xe5\xa6\xef\xf1\\\xf6\xc9N\xdek\'\xd9\xf8f0\xa7qk\xae}EI\x1b\x8c\xf2\xb3B\xbd`^\x1a\x13\xe1\x056Db\xb0\x0c\xa5k\x88@\x9b\xaf\xe3k\xc4\xfa'),
'StorageVersion': '1.0',
'Version': '3.0'}
00000000 | 3C 3F 78 6D 6C 20 76 65 72 73 69 6F 6E 3D 22 31 | <?xml version="1
992
00000000 | F7 9C 79 03 99 DB 61 6B 6A 8E 38 7A 1E 3B 92 AD | ..y...akj.8z.;..
00000010 | 5F 44 9B BB 21 E1 47 B5 9F 11 0C BC 2E 39 45 F2 | _D..!.G......9E.
Traceback (most recent call last):
File "backup_tool.py", line 78, in <module>
main()
File "backup_tool.py", line 75, in main
extract_backup(backup_path, output_path)
File "backup_tool.py", line 34, in extract_backup
decrypt_backup3(backup_path, output_path, password)
File "/home/julien/Téléchargements/iphone_recover/iphone-dataprotection/python_scripts/backups/backup3.py", line 67, in decrypt_backup3
filedata = decrypt_blob(filedata, auth_key)
File "/home/julien/Téléchargements/iphone_recover/iphone-dataprotection/python_scripts/backups/backup3.py", line 26, in decrypt_blob
return AESdecryptCBC(blob[68:], blob_key, iv, padding=True)
File "/home/julien/Téléchargements/iphone_recover/iphone-dataprotection/python_scripts/crypto/aes.py", line 22, in AESdecryptCBC
return removePadding(16, data)
File "/home/julien/Téléchargements/iphone_recover/iphone-dataprotection/python_scripts/crypto/aes.py", line 12, in removePadding
raise Exception('invalid padding')
Exception: invalid padding
best regards ;-)
Original comment by david.is...@gmail.com
on 31 Mar 2013 at 4:52
ok, i don't have a good explanation, except the file might be corrupted ?
this third patch will ignore padding errors so the script should run through
all the files without errors. if it does not contains personal information you
can post the decrypted Documents/UserSettings.plist file here, but it looks
like some part of it will be corrupted (starts with xml plist header but ends
with seemingly random binary data).
Original comment by jean.sig...@gmail.com
on 31 Mar 2013 at 9:19
Attachments:
Hi, thanks for your work, all the files now decipher correctly :-)
Documents/UserSettings.plist is the only one with an "invalid padding" output.
And this is right, there is random binary data at the end of the file!
here is the output as it appears in vim:
_________
UserSettings.plist
_________
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>conditionsUtilisation</key>
<dict>
<key>value</key>
<string>unchecked</string>
</dict>
<key>connected</key>
<dict>
<key>value</key>
<false/>
</dict>
<key>dbVersion</key>
<dict>
<key>value</key>
<string>1.0</string>
</dict>
<key>email</key>
<dict>
<key>value</key>
<string></string>
</dict>
<key>password</key>
<dict>
<key>value</key>
<string></string>
</dict>
<key>passwordConnect</key>
<dict>
<key>value</key>
<string></string>
</dict>
<key>pseudo</key>
<dict>
<key>value</key>
<string></string>
</dict>
<key>pseudoConnect</key>
<dict>
<key>value</key>
<string></string>
</dict>
<key>pseudoTemp</key>
<dict>
<key>value</key>
<string></string>
</dict>
<key>userId</key>
<dict>
<key>value</key>
<string></string>
</÷<9c>y^C<99>Ûakj<8e>8z^^;<92>_D<9b>»!áGµ<9f>^Q^L¼.9Eò
___________
Best regards
Original comment by david.is...@gmail.com
on 31 Mar 2013 at 10:26
Original issue reported on code.google.com by
david.is...@gmail.com
on 25 Mar 2013 at 3:57