bepaald
commented
6 months ago Hi!
I'm sorry to say it looks very much like the file contains random data (which is not uncommon for files recovered in such a way).
The backup file starts with 4 bytes representing the size of the first frame (the HeaderFrame). This frame is not encrypted (it contains data needed for decryption of all following frames (together with the passphrase)). Therefor, the size of that first frame is, in practice, pretty much constant: 0x00 0x00 0x00 0x38 (56 bytes in decimal, older backups will have a 54 byte header). Just enough for the data needed to decrypt the rest of the file. Your backup seems to start with 0x5A 0x8C 0xFB 0x36, indicating a HeaderFrame of 1519188790 bytes (1.4GB) which cannot be true.
I'd say the chance of recovery is close to zero. The only way something can be read from the file will be if those first 4 bytes are the only incorrect bytes in the file, in which case just changing them to 0x00 0x00 0x00 0x38 is all that's needed. Otherwise, because the decryption data is not valid, no recovery is possible: it amounts to the same thing as having lost the passphrase.
Sorry for the bad news. Your best bet is an older backup assuming you have one. Possibly in combination with data from a linked Desktop client if you have it (which this tool could probably import).
edit I'll close this, as I don't think there is anything actionable, but if you have any questions or remarks let me know! Thanks!
A few days ago I was updating the rom on my phone, I made a Signal backup on the external SD. I uninstalled Signal for some reason and after wiping, I wanted to import the backup but it was gone? I turned off the phone, plugged it into my pc and was able to find the backup with testdisk, which I promptly saved to my pc. But I coudln't import it, I had to resort to the last backup I had saved on my pc 3 months ago.
Now I stumbled across this tool and tried the import, which gives this error
*** Starting log: *** signalbackup-tools (signalbackup-tools_win.exe) source version 20240415.203124 (Win) [Error]: failed to retrieve HeaderFrame, length was 1519188790 bytes [Error]: Failed to open backupAny idea whether it's recoverable?