search

alexhulbert / Cryogen

Recover files from iCloud Backups and Bootlooped Apple Devices
GNU General Public License v2.0
59 stars 17 forks source link

Reverse Engineering iCloud #3

Open alexhulbert opened 10 years ago

alexhulbert commented 10 years ago

The part thats holding the iCloud part of this project back is reverse-engineering how Apple POSTs the getFiles url. In order to figure this out, this needs to be done to an A4 iDevice: EDIT: DONE!!! :D That was fucking hard...

  1. Create a new Apple ID. Don't use any personal information or passwords.
  2. Set up a fiddler debugging proxy with HTTPS decryption on and the iOS certificate plugin installed.
  3. Restore the device to factory settings using your new Apple ID
  4. Install an app or two and link the device to iCloud
  5. Connect to the proxy using the settings application on the iDevice
  6. Navigate to localhost:8080 (or whatever port you set your proxy to be) on the iDevice and install the SSL certificate
  7. Backup the device to iCloud
  8. Jailbreak the device and install OpenSSH
  9. SSH into your device and copy /private/var/Keychains/keychain-2.db to your computer
  10. Restore your device again (still using the new Apple ID) and activate it (note: DO NOT start the restore process)
  11. Boot the device into DFU mode and upload a recovery Ramdisk via msftguy's SSH-Ramdisk tool.
  12. Run mount.sh over SSH to mount your private partition to /mnt2.
  13. Copy the keychain-2.db on your computer to the device (it should be located somewhere under mnt1 or mnt2)
  14. Reboot your device and kick it out of recovery mode using TinyUmbrella
  15. Reconnect to the proxy by holding down the home button during setup and selecting wi-fi settings. You can change your proxy ip/port from there.
  16. You should see some activity on Fiddler. Proceed to restore from the backup you previously created by selecting "Restore from an iCloud backup"
  17. Once the restore is done, export the Fiddler activity to a file. You can later analyze this, etc.
PythEch commented 10 years ago

What happens if I use iBackupBot to selectively restore only Keychain backup? I think it eliminates the need of an A4 device. It invokes com.apple.mobilebackup2 but in the end only keychain-2.db is affected.

I'm going to update my 4S to 7.0.6 tomorrow, so I can try

alexhulbert commented 10 years ago

What happens if I use iBackupBot to selectively restore only Keychain backup?

You would need to restore your data during setup to get the keychain. The problem is that the thing I need to monitor comes before the device has been restored. Which means I need to inject the keychain before the setup process completes.

I'm going to update my 4S to 7.0.6 tomorrow, so I can try

The 4S is an A5 device. Thanks, though.

Literally 5 minutes after you posted this, my friend said that he had an old iPad 1! He didn't know it was an A4 device, so he never told me about it. The results should be posted here within a week!

PythEch commented 10 years ago

Thanks for the reply, oh and it's great! The development is faster than I expected. Let's hope I can finish the UNIX sockets part soon.

This is the most interesting part of your project no doubt. My brother said he wants to upgrade his iPhone 4. So I can be your first beta tester haha :) Can't promise though cause I can't predict when it will happen.

alexhulbert commented 10 years ago

Great! If you want, you can help. I think we'd all be ecstatic to have another person :). All the stuff is kept in Jurriaan/Ruby-iCloud Issue 1, but that's a gigantic issue thread, so I'll narrow it down for you. Everything you need to know is in this video. If you know Ruby, Ruby-iCloud might be worth checking out. Its being developed alongside Icew1nd. Ruby's closer to python in its syntax, too (right...?).

If you've got any questions, feel free to ask. Thanks again for all your help!

wasim786 commented 10 years ago

hello all, i had download the file using that URL and i also have getKeys; i got stuck in decryption. i am Using Objective C. Can any one help me in decryption.

vipinbeni commented 9 years ago

@wasim786 please tell me how can you download file using c pls help me .

alexhulbert commented 9 years ago

@vipinbeni Currently, the decryption is super close to done, but it's not 100%. Either way, if you'd like me to show you how everything works, hop on chat.alexhulbert.com. I guess I could explain it to you there. Although I must warn you, C++ and Objective-C are not my best languages. Actually, I can't do much of anything in Objective-C (and I absolutely hate it :P). So I'm not going to be able to spoon-feed the code to you.

vipinbeni commented 9 years ago

Thanks a lot for ur quick reply Sir I will wait till your project is complete and then i want to know how i build this project even in java and download file from icloud and decrypt them on windows pc