search

JohnAGonzalez / iphone-dataprotection

Automatically exported from code.google.com/p/iphone-dataprotection
0 stars 0 forks source link

emf_decrypter fails to decrypt entire raw image #15

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1. create dd image of phone
2. generate device keys and store in same folder as dd image
3. ./emf_decrypter dd_image

What is the expected output? 
Not Sure.

What do you see instead?

Decrypting VolcanicPercolatorDaySpa.resrc
Decrypting VolcanicPercolatorDaySpa.scene
Decrypting main_l.png
Decrypting main_r.png
Decrypting miniPipeBg.png
Decrypting mixer.png
Decrypting pipe.png
Decrypting prettyFlower.png
Decrypting weed.png
Decrypting WaterLock.level
Decrypting WaterLock.resrc
Decrypting WaterLock.scene
Decrypting fakewater.png
Decrypting main.png
Decrypting mombb.png
Decrypting pipe.png
Decrypting WeatherVane.level
Decrypting WeatherVane.resrc
Decrypting WeatherVane.scene
Decrypting bg.png
Decrypting main.png
Decrypting vaneMain.png
BTree inconsistent!

What version of the product are you using? 
latest svn

On what operating system?
OSX 10.6.7

Please provide any additional information below.

emf_decrypter decrypted roughly 1000 files then halted with error 
"BTree inconsistent!"

Original issue reported on code.google.com by bl...@freenode-windows.org on 5 Jul 2011 at 2:23

GoogleCodeExporter commented 8 years ago 
Yes indeed there is a bug in the b-tree code, other people reported this issue 
as well. Could you run the attached python script on the disk image that causes 
the crash and send me the output file (xattr.bin) ? The script extracts the 
extended attributes file and does not reveals anything about the files 
contents. Thanks.

Original comment by jean.sig...@gmail.com on 7 Jul 2011 at 6:43

Attachments:

GoogleCodeExporter commented 8 years ago 
Attached is the generated file "xattr.bin". Hope this helps.

Thanks

Original comment by bl...@freenode-windows.org on 8 Jul 2011 at 1:28

GoogleCodeExporter commented 8 years ago 
Forgot to attach file.

Original comment by bl...@freenode-windows.org on 8 Jul 2011 at 1:30

Attachments:

GoogleCodeExporter commented 8 years ago 
Could you also apply the following patch, recompile and post the output of 
./emf_decrypter dd_image before the error ? Thanks a lot.

Original comment by jean.sig...@gmail.com on 9 Jul 2011 at 9:47

Attachments:

GoogleCodeExporter commented 8 years ago 
This time it didn't error out in same spot.

getAttribute VolcanicPercolatorDaySpa.level fileID=512137
getAttribute VolcanicPercolatorDaySpa.resrc fileID=512138
getAttribute VolcanicPercolatorDaySpa.scene fileID=512139
getAttribute main_l.png fileID=512131
getAttribute main_r.png fileID=512132
getAttribute miniPipeBg.png fileID=512133
getAttribute mixer.png fileID=512134
getAttribute pipe.png fileID=512135
getAttribute prettyFlower.png fileID=512136
getAttribute weed.png fileID=512140
getAttribute WaterLock.level fileID=512146
getAttribute WaterLock.resrc fileID=512147
getAttribute WaterLock.scene fileID=512148
getAttribute fakewater.png fileID=512142
getAttribute main.png fileID=512143
getAttribute mombb.png fileID=512144
getAttribute pipe.png fileID=512145
getAttribute WeatherVane.level fileID=512153
getAttribute WeatherVane.resrc fileID=512154
getAttribute WeatherVane.scene fileID=512155
getAttribute bg.png fileID=512150
getAttribute main.png fileID=512151
getAttribute vaneMain.png fileID=512152
getAttribute Whistler.level fileID=512160
getAttribute Whistler.resrc fileID=512161
getAttribute Whistler.scene fileID=512162
getAttribute pipe.png fileID=512157
getAttribute platform.png fileID=512158
getAttribute upper.png fileID=512159
getAttribute YouHaveToExplodeTheHead.level fileID=512220
getAttribute YouHaveToExplodeTheHead.resrc fileID=512221
getAttribute YouHaveToExplodeTheHead.scene fileID=512222
getAttribute b1.png fileID=512214
getAttribute b2.png fileID=512215

The process is still running so I'll let you know if it fails in another spot. 
Hope this helps.

Original comment by bl...@freenode-windows.org on 10 Jul 2011 at 12:32

GoogleCodeExporter commented 8 years ago 
I edited emf_decrypter.c and uncommented the write back to image line which 
caused it to crash in same spot with the following error:

getAttribute WeatherVane.level fileID=512153
Decrypting WeatherVane.level
getAttribute WeatherVane.resrc fileID=512154
Decrypting WeatherVane.resrc
getAttribute WeatherVane.scene fileID=512155
Decrypting WeatherVane.scene
getAttribute bg.png fileID=512150
Decrypting bg.png
getAttribute main.png fileID=512151
Decrypting main.png
getAttribute vaneMain.png fileID=512152
Decrypting vaneMain.png
emf_decrypter(402) malloc: *** error for object 0x100539f30: incorrect checksum 
for freed object - object was probably modified after being freed.
*** set a breakpoint in malloc_error_break to debug
Abort trap

Original comment by bl...@freenode-windows.org on 10 Jul 2011 at 12:26

GoogleCodeExporter commented 8 years ago 
Ok, can you try changing this line in emf_decrypter.c :
-if(READ(emf->volume->image, (extent->startBlock + i) * blockSize, blockSize, 
buffer), "READ")
+if(READ(emf->volume->image, (extent->startBlock + i) * blockSize, blockSize, 
buffer))

Not sure that will fix the issue but it's a bug (copy paste fail).
Also, could you try running emf_decrypter using 
DYLD_INSERT_LIBRARIES=/usr/lib/libgmalloc.dylib and run it in gdb to get a 
backtrace of the error ? Thanks.

Original comment by jean.sig...@gmail.com on 10 Jul 2011 at 1:32

GoogleCodeExporter commented 8 years ago 
This bug has not been fixed yet. You can use the python version of 
emf_decrypter instead (python_scripts/emf_decrypter.py).

Original comment by jean.sig...@gmail.com on 1 Oct 2011 at 3:46

GoogleCodeExporter commented 8 years ago 
Issue 26 has been merged into this issue.

Original comment by jean.sig...@gmail.com on 14 Oct 2011 at 12:50