SmartCloud783 / iphone-dataprotection

Automatically exported from code.google.com/p/iphone-dataprotection
0 stars 0 forks source link

iOS 3 backup_tool: Exception: invalid padding #102

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
Thank you Jean for your great job. thanks to this software I could decipher my 
encrypted iphone backup and recover the addressbook I had lost 3 years ago!!

Anyway, there is still a bug, the backup deciphers correctly but an "invalid 
padding" exception happens after deciphering.

Product Type : iPhone1,2
Product Version : 3.0.1
iTunes Version : 8.2.1
Extract backup to ../../output3 ? (y/n)
y
Backup is encrypted
Enter backup password : 
No BackupKeyBag in manifest, assuming iOS 3.x backup
Passphrase seems OK
Library/LockBackground.jpg
// (... many files deciphering ...)
Documents/UserSettings.plist
Traceback (most recent call last):
  File "backup_tool.py", line 78, in <module>
    main()
  File "backup_tool.py", line 75, in main
    extract_backup(backup_path, output_path)
  File "backup_tool.py", line 34, in extract_backup
    decrypt_backup3(backup_path, output_path, password)
  File "/home/julien/Téléchargements/iphone_recover/iphone-dataprotection/python_scripts/backups/backup3.py", line 63, in decrypt_backup3
    filedata = decrypt_blob(filedata, auth_key)
  File "/home/julien/Téléchargements/iphone_recover/iphone-dataprotection/python_scripts/backups/backup3.py", line 26, in decrypt_blob
    return AESdecryptCBC(blob[68:], blob_key, iv, padding=True)
  File "/home/julien/Téléchargements/iphone_recover/iphone-dataprotection/python_scripts/crypto/aes.py", line 18, in AESdecryptCBC
    return removePadding(16, data)
  File "/home/julien/Téléchargements/iphone_recover/iphone-dataprotection/python_scripts/crypto/aes.py", line 8, in removePadding
    raise Exception('invalid padding')
Exception: invalid padding

#hg id
d67884c68fec tip

(following issue id 100)

Original issue reported on code.google.com by david.is...@gmail.com on 25 Mar 2013 at 3:57

GoogleCodeExporter commented 8 years ago
can you apply this patch, rerun the script and post the output ? it should help 
understand the error. thanks.

Original comment by jean.sig...@gmail.com on 30 Mar 2013 at 10:56

Attachments:

GoogleCodeExporter commented 8 years ago
here is the output after applying the patch:

Product Type : iPhone1,2
Product Version : 3.0.1
iTunes Version : 8.2.1
Extract backup to ../.._extract ? (y/n)
y
Backup is encrypted
Enter backup password : 
No BackupKeyBag in manifest, assuming iOS 3.x backup
Passphrase seems OK
Library/LockBackground.jpg
// many files deciphering ...
Documents/UserSettings.plist
00000000 | 3C 3F 78 6D 6C 20 76 65 72 73 69 6F 6E 3D 22 31 | <?xml version="1
992
00000000 | 5F 44 9B BB 21 E1 47 B5 9F 11 0C BC 2E 39 45 F2 | _D..!.G......9E.
Traceback (most recent call last):
  File "backup_tool.py", line 78, in <module>
    main()
  File "backup_tool.py", line 75, in main
    extract_backup(backup_path, output_path)
  File "backup_tool.py", line 34, in extract_backup
    decrypt_backup3(backup_path, output_path, password)
  File "/home/julien/Téléchargements/iphone_recover/iphone-dataprotection/python_scripts/backups/backup3.py", line 63, in decrypt_backup3
    filedata = decrypt_blob(filedata, auth_key)
  File "/home/julien/Téléchargements/iphone_recover/iphone-dataprotection/python_scripts/backups/backup3.py", line 26, in decrypt_blob
    return AESdecryptCBC(blob[68:], blob_key, iv, padding=True)
  File "/home/julien/Téléchargements/iphone_recover/iphone-dataprotection/python_scripts/crypto/aes.py", line 22, in AESdecryptCBC
    return removePadding(16, data)
  File "/home/julien/Téléchargements/iphone_recover/iphone-dataprotection/python_scripts/crypto/aes.py", line 12, in removePadding
    raise Exception('invalid padding')
Exception: invalid padding

Original comment by david.is...@gmail.com on 30 Mar 2013 at 6:36

GoogleCodeExporter commented 8 years ago
ok, here is another patch to get additionnal info, then i should be able to fix 
the issue correctly (dont forget to replace hexdump(s[-16:]) by 
hexdump(s[-32:]) in aes.py). thanks.

Original comment by jean.sig...@gmail.com on 31 Mar 2013 at 12:44

Attachments:

GoogleCodeExporter commented 8 years ago
Hi, here is the output after applying the new patch:

Product Type : iPhone1,2
Product Version : 3.0.1
iTunes Version : 8.2.1
Extract backup to ../.._extract ? (y/n)
y
Backup is encrypted
Enter backup password : 
No BackupKeyBag in manifest, assuming iOS 3.x backup
Passphrase seems OK
Library/LockBackground.jpg
// many files deciphering ...
Documents/UserSettings.plist
{'Domain': 'AppDomain-com.azurgate.secouchermoinsbete',
 'Greylist': False,
 'Path': 'Documents/UserSettings.plist',
 'Version': '3.0'}
{'AuthVersion': '1.0',
 'IsEncrypted': True,
 'Metadata': Data('\x00B\x01\x00\x9e\xd3si\x8c\xb2<\x88h\x81\x8b.R\x94\x1fh\xd5\x02\xfaz\x9d\x89\x10\x89\xaf\x86\xe3v~\xd9\x1et\xc9>\xc5\x18\xf0D\xcf\xfb\xac\xbc\'\xb1\xc2a\xce\xf7x\x01a\x9c\xdc\xa1K\xed\xacs\x9b\xd7\xc97\xef\xe8[S\x88:~\xa4=IN\x17\x0b<\x19\x166t\xc0\x19|\x99\xc4\xcf\x0f\x9d\xfbM<\xddB\xb3\x8bg\x16\x8e \xbe\\\xf0"\xcd\xe10\x17|@\x0b\xafcA4\xf9\xc3)\x15\xcc\x93\xfb\xe0JD]b\x9d6z\x93\xf1R\xf1\x0bP\x9b\xe8[\xb2\xc6h\x1a\xc6\xfc\x03\xf27\xcbL\xf7\x98O@\x94\x1b\x9eE\xd46k"\x80e{\x94\xa8\tC\xce\xfd\xdb\xf7\xaf.<\\jf\xcb\xe6\xa4/\xed\xc6\x8f\x9aP\xd7_\xd8P\xe5\xa6\xef\xf1\\\xf6\xc9N\xdek\'\xd9\xf8f0\xa7qk\xae}EI\x1b\x8c\xf2\xb3B\xbd`^\x1a\x13\xe1\x056Db\xb0\x0c\xa5k\x88@\x9b\xaf\xe3k\xc4\xfa'),
 'StorageVersion': '1.0',
 'Version': '3.0'}
00000000 | 3C 3F 78 6D 6C 20 76 65 72 73 69 6F 6E 3D 22 31 | <?xml version="1
992
00000000 | F7 9C 79 03 99 DB 61 6B 6A 8E 38 7A 1E 3B 92 AD | ..y...akj.8z.;..
00000010 | 5F 44 9B BB 21 E1 47 B5 9F 11 0C BC 2E 39 45 F2 | _D..!.G......9E.
Traceback (most recent call last):
  File "backup_tool.py", line 78, in <module>
    main()
  File "backup_tool.py", line 75, in main
    extract_backup(backup_path, output_path)
  File "backup_tool.py", line 34, in extract_backup
    decrypt_backup3(backup_path, output_path, password)
  File "/home/julien/Téléchargements/iphone_recover/iphone-dataprotection/python_scripts/backups/backup3.py", line 67, in decrypt_backup3
    filedata = decrypt_blob(filedata, auth_key)
  File "/home/julien/Téléchargements/iphone_recover/iphone-dataprotection/python_scripts/backups/backup3.py", line 26, in decrypt_blob
    return AESdecryptCBC(blob[68:], blob_key, iv, padding=True)
  File "/home/julien/Téléchargements/iphone_recover/iphone-dataprotection/python_scripts/crypto/aes.py", line 22, in AESdecryptCBC
    return removePadding(16, data)
  File "/home/julien/Téléchargements/iphone_recover/iphone-dataprotection/python_scripts/crypto/aes.py", line 12, in removePadding
    raise Exception('invalid padding')
Exception: invalid padding

best regards ;-)

Original comment by david.is...@gmail.com on 31 Mar 2013 at 4:52

GoogleCodeExporter commented 8 years ago
ok, i don't have a good explanation, except the file might be corrupted ?
this third patch will ignore padding errors so the script should run through 
all the files without errors. if it does not contains personal information you 
can post the decrypted Documents/UserSettings.plist file here, but it looks 
like some part of it will be corrupted (starts with xml plist header but ends 
with seemingly random binary data).

Original comment by jean.sig...@gmail.com on 31 Mar 2013 at 9:19

Attachments:

GoogleCodeExporter commented 8 years ago
Hi, thanks for your work, all the files now decipher correctly :-)
Documents/UserSettings.plist is the only one with an "invalid padding" output.
And this is right, there is random binary data at the end of the file!

here is the output as it appears in vim:
_________
UserSettings.plist 
_________
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" 
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>conditionsUtilisation</key>
        <dict>
                <key>value</key>
                <string>unchecked</string>
        </dict>
        <key>connected</key>
        <dict>
                <key>value</key>
                <false/>
        </dict>
        <key>dbVersion</key>
        <dict>
                <key>value</key>
                <string>1.0</string>
        </dict>
        <key>email</key>
        <dict>
                <key>value</key>
                <string></string>
        </dict>
        <key>password</key>
        <dict>
                <key>value</key>
                <string></string>
        </dict>
        <key>passwordConnect</key>
        <dict>
                <key>value</key>
                <string></string>
        </dict>
        <key>pseudo</key>
        <dict>
                <key>value</key>
                <string></string>
        </dict>
        <key>pseudoConnect</key>
        <dict>
                <key>value</key>
                <string></string>
        </dict>
        <key>pseudoTemp</key>
        <dict>
                <key>value</key>
                <string></string>
        </dict>
        <key>userId</key>
        <dict>
                <key>value</key>
                <string></string>
        </÷<9c>y^C<99>Ûakj<8e>8z^^;<92>­_D<9b>»!áGµ<9f>^Q^L¼.9Eò
___________

Best regards

Original comment by david.is...@gmail.com on 31 Mar 2013 at 10:26