happyst4r / iphone-dataprotection

Automatically exported from code.google.com/p/iphone-dataprotection
0 stars 0 forks source link

read_file() in backup4.py is reporting "Incorrect padding for file" because record.size is bogus. #116

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Restore "Library/Calendar/Calendar.sqlitedb" from HomeDomain in an encrypted 
backup.

What is the expected output? What do you see instead?

I see:

    WARNING: Incorrect padding for file Library/Calendar/Calendar.sqlitedb

And the restored file is correctly decrypted, but truncated. 

Expected output is a non-truncated file.

This also occurs with the Library/SMS/sms.db file.

The phone is running iOS 6.1.4.

What version of the product are you using? On what operating system?
OS X version :
XCode version :
Tools revision : e51ae39e7f5b+ tip

Please provide any additional information below.

The encrypted file is valid with a padding of 16.  The issue is that the code 
in backup4.py is relying on the "record.size" instead of just checking for 
PKCS5 padding.  It appears that record.size can be incorrect in some cases, 
probably an apple bug.

This recurs after wiping the backup directory and backing up again. (I did not 
reboot the phone.)

If I change the code just do standard PKCS5 padding removal, it works, and I 
get a valid file.  For testing, I used the following code:

diff -r e51ae39e7f5b python_scripts/backups/backup4.py
--- a/python_scripts/backups/backup4.py Sun May 26 13:13:10 2013 +0200
+++ b/python_scripts/backups/backup4.py Wed Aug 14 19:34:51 2013 -0700
@@ -160,7 +160,14 @@
             file_data = AESdecryptCBC(file_data, key)
             padding = file_data[record.size:]
             if len(padding) > 16 or padding != chr(len(padding)) * len(padding):
-                warn("Incorrect padding for file %s" % record.path)
+                warn("Incorrect padding for file %s %d %d" % (record.path, 
len(file_data),record.size))
+                c = file_data[-1]
+                i = ord(c)
+                if i < 17 and file_data.endswith(c*i):
+                  warn("But good padding of %d anyway" % i)
+                  file_data = file_data[:-i]
+
+                return file_data
             file_data = file_data[:record.size]
         return file_data

And got:

WARNING: Incorrect padding for file Library/Calendar/Calendar.sqlitedb 9441296 
9424896
WARNING: But good padding of 16 anyway
WARNING: Incorrect padding for file Library/SMS/sms.db 1019920 1015808
WARNING: But good padding of 16 anyway

Original issue reported on code.google.com by dunhamst...@gmail.com on 15 Aug 2013 at 2:41

GoogleCodeExporter commented 9 years ago
This issue was updated by revision 4222556965e9.

Original comment by jean.sig...@gmail.com on 18 Aug 2013 at 11:18

GoogleCodeExporter commented 9 years ago
Thanks a lot for the great report and patch, just pushed it to the repo.

Original comment by jean.sig...@gmail.com on 18 Aug 2013 at 11:19