Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Encrypted backup detected as not encrypted #10

Open
omhmega opened this issue Dec 6, 2020 · 3 comments
Open

Encrypted backup detected as not encrypted #10

omhmega opened this issue Dec 6, 2020 · 3 comments

Comments

@omhmega
Copy link

omhmega commented Dec 6, 2020

The script successfully decrypts the keybag and manifest, however it then detects the backup as not encrypted and simply copies files over without decrypting them. See the log
iOS 13.4.1, iTunes 12.6.3 encrypted backup

... cut ...
12-04 20:03 root DEBUG Found magic name in SINF
12-04 20:03 root DEBUG Found user's name from SINF: XXXXXXXX
12-04 20:03 root DEBUG Data being interpreted for FRPD is of type: <class 'bytes'>
12-04 20:03 root DEBUG Found magic bytes in iTunes Prefs FRPD... Finding Usernames and Desktop names now
12-04 20:03 root DEBUG Starting output to F:\2\Device_YYYYY_Output.db
12-04 20:03 root DEBUG Opened database: F:\2\Device_YYYYY_Output.db successfully
12-04 20:03 root DEBUG Finished output to F:\2\Device_YYYYY_Output.db
12-04 20:03 root DEBUG User chose to recreate folders. Starting process now
12-04 20:03 root DEBUG Set the output of the decrypted Manifest.db to: F:\2\Decrypted_Manifest.db
12-04 20:03 root INFO Starting decryption of the Manifest.db
12-04 20:03 root DEBUG Reading and unlocking keybag
12-04 20:03 root DEBUG Opening encrypted Manifest.db
12-04 20:03 root INFO Successfully decrypted Manifest.db!
12-04 20:03 root INFO Backup is not encrypted
12-04 20:03 root DEBUG Trying to create directory: F:\2\Device_YYYYY_Folders
12-04 20:03 root DEBUG Successfully created directory: F:\2\Device_YYYYY_Folders
12-04 20:03 root DEBUG Modern Manifest.db found
12-04 20:03 root DEBUG Opened database: F:\2\Decrypted_Manifest.db successfully
12-04 20:03 root DEBUG Trying to execute query: SELECT fileId, domain, relativePath, flags, file FROM files against database F:\2\Decrypted_Manifest.db
12-04 20:03 root DEBUG Successfully executed query: SELECT fileId, domain, relativePath, flags, file FROM files against database F:\2\Decrypted_Manifest.db
12-04 20:03 root DEBUG Trying to recreate directory: AppDomain-com.xcstudio.LUT-Master\ from source file: 8d5f2deb0dd752c21a2ca1b81527b81891df1a87
12-04 20:03 root DEBUG Successfully recreated directory: AppDomain-com.xcstudio.LUT-Master\ from source file: 8d5f2deb0dd752c21a2ca1b81527b81891df1a87
... cut ...

@omhmega
Copy link
Author

omhmega commented Dec 8, 2020

I think I found the problem. I downloaded iTunes_Backup_Reader 4.0 in June and the files are dated 21/May/2020. That's the zip file that is still found here: https://github.com/jfarley248/iTunes_Backup_Reader/releases and that's the Python version I've been using. However, if you download iTunes_Backup_Reader 4.0 from the main page the files are dated 22/09/2020 and there is one extra file encryptedDbParser.py.
This now works, it decrypts the files, but it fails while creating directories (domains).

@jfarley248
Copy link
Owner

Could you give me some more details on how it's failing to create directories?

@jfarley248
Copy link
Owner

Also, just fixed so that the current version of the .py code is now a binary in the releases section

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants