Comments (18)
Good news! I've installed iOS10 (latest beta) and successfully retrieved backup. At least photos, viber and whatsapp data properly downloaded and readable. Cant believe Apple does not break things in iOS 10, may be they would with public release :)
from inflatabledonkey.
Seems like it was an issue with non-completed backup as you supposed. Today, I've got a yesterday's snapshot and that is fine. Could you please suggest if you could give me some suggestions regarding porting of your code into python? At least I need to evaluate complexity and time frame needed to complete that.
from inflatabledonkey.
Hi and thank you! Contrary to what some believe, I don't know that much about iOS. I still don't own an iPhone. I'm just going to wait until iOS 10 arrives before working with it. That is if I do indeed have the spare time to work with it.
That being said the iOS 8 -> 9 jump was huge due to the migration to CloudKit. Most of our coding here revolves around CloudKit. I'm not expecting such huge changes going in iOS 10. But no doubt Apple will break things for us again.
If you want to port the project to Python that would be brilliant. The reason I've been tidying up code, as opposed to piling on features is to try and make it easier for others to port. The last of the demons is the download engine which I'm re-coding, though it works well it's a horrible convoluted mess.
If you are interested in porting, let me know and I can make suggestions has to how you could approach it.
from inflatabledonkey.
I'm agree that clean up code is a good way to help with porting. If you interested, I could upgrade one of our devices to iOS 10 (it is already available for developers), create an iCloud backup and see what happened with retrieval attempt :)
from inflatabledonkey.
I've been testing all of the new updates against my personal device running iOS 10. It shouldn't be considered an extensive test. Everyone should be able to upgrade their devices to iOS 10 as part of the public beta test, if you'd like.
from inflatabledonkey.
Thank you Matthew for your note! Did you try to run InflatableDonkey against iOS10 iCloud backup?
from inflatabledonkey.
@ajlyakhov thank you for the update! Hopefully we won't see too much in the way of change for a public release.
from inflatabledonkey.
@horrorho could you please suggest if there are some method I could check why my latest snapshot does not appear in a list of snapshots? I'm looking at iOS10 updates and if they influence on InflatableDonkey ability to retrieve backups. After latest update, I see backups up to 6th of August when iOS10 latest update been installed.
from inflatabledonkey.
I don't have access to iOS 10 backups at present, so it might be difficult to assist if the problem isn't trivial to solve.
As a first step could you try this step from a previous issue. Be careful to filter out the reply as explained.
from inflatabledonkey.
Thank you for the feedback, I'm glad you got it figured.
As for the Python porting time frame and complexity, it's a difficult question to answer. I don't work in IT so I don't really have a concept of how quickly projects move along outside of my own personal experience. Excluding the Protobuf auto-generated classes, there are about 25k lines of code. Most of it in fairly small classes of a few hundred lines at most. As you would expect there is a fair amount of crypto and IO code.
The biggest issue is that a lot of the protocols are undocumented, they are my distilled interpretation of what the Apple binaries are doing. However it shouldn't be hard to pick up what's going on by examining the code.
You definitely want to fiddle with the logging configuration to dump out what's going on under the hood. For full trace logging and headers we can substitute in:
<logger name="com.github.horrorho.inflatabledonkey" level="trace" additivity="false">
<appender-ref ref="STDOUT" />
</logger>
<logger name="org.apache.http.headers" level="debug" additivity="false">
<appender-ref ref="STDOUT" />
</logger>
As to where to start? I'd strip out the frills and follow the code/ logging flow. So authentication, escrow keys and so forth. If it doesn't work, you can try again comparing your http client-server responses with what InflatableDonkey is telling you it's doing.
However, you MUST get the escrow SRP exchange working properly before you use it on live servers, otherwise you can potentially lock out the account. Hopefully you can find a nice Python library to get it done which will save you coding it as I have done.
I've had a few individuals express an interest in porting to Python. I have suggested they open a ticket asking if others would also be interested and possibly getting a group effort going. As of yet, nobody has done so.
from inflatabledonkey.
Thank you for intro. As I understood from your latest project update, you plan to put this project on hold. Could you please suggest if you'd be able to answer some questions as I still have a serious plans to port your work in some form into python? I'm thinking about some kind of library without any download threading implementation and other complexities but focus on decryption and filtering. That future library should be used to implement end-user tools.
from inflatabledonkey.
@ajlyakhov if I were to recode this project I would do things very differently. But as it is we have:
- Core CloudKit layer:
- Authentication.
- CloudKitty - Talks to CloudKit servers and returns various records. Based on protobuf.
- PCS - Handles the decryption of CloudKit records. It starts off with a key bag we unlock with an SRP exchange. This key bag is then used to decrypt records, which may be nested within zones that have additional encrypted keys. I've tried to document the various methods used along with links to RFCs. It's crypto heavy but just be glad you didn't have to sit there and reverse engineer it from binaries like I did.
This core can be used to power various tools. InflatableDonkey uses it to retrieve iCloud backups (PCS_BACKUP). I also have a hacked version of InflatableDonkey that uses this core to retrieve cloud photos (HYPERION).
Other services are:
PCS_MASTERKEY(1), // MasterKey
BLADERUNNER(2), // iCloudDrive
HYPERION(3), // Photos
LIVERPOOL(4), // CloudKit
PCS_ESCROW(5), // Escrow
PCS_FDE(6), // FDE
PIANOMOVER(7), // Maildrop
PCS_BACKUP(8), // Backup
PCS_NOTES(9), // Notes
PCS_IMESSAGE(10), // iMessage
FELDSPAR(11), // News
- iCloud backup (PCS_BACKUP) retrieval layer
- Query for devices, snapshots and assets.
- Authorize and download assets. Files are created from encrypted chunks which are stored on third party servers. This returns us a list of urls to get these chunks from and how to decrypt/ piece those chunks together. The process is similar to iOS 8 but with improved encryption mechanics.
- Data Protection. Files may be encrypted. To decrypt them we need retrieve, unlock and then use another key bag. Files are encrypted using AES-CBC or AES-XTS, see Disk_encryption_theory.
- iCloud photos (HYPERION) retrieval layer (unpublished hacked InflatableDonkey).
- Create a sync and retrieve a list of photos assets.
- Authorize and download assets. No additional decryption is required.
I was considering pulling out the core layer and forming a separate project. As a side note, I've seen some naughty third party recovery tools VMProtect hacked Apple binaries instead of writing their own core layer. I guess they were thinking no one would notice...
There is a lot going on and I could easily write a little book on this with lots of unpublished/ secret information. Maybe I should do that.
from inflatabledonkey.
@ajlyakhov 'I'm thinking about some kind of library without any download threading implementation and other complexities but focus on decryption and filtering. That future library should be used to implement end-user tools.'
To clarify further. I would consider writing a core layer as described above first. Then you can provide additional tool layers on top of that.
The easiest approach would be to drive Windows Apple dlls directly as other third party tools are doing, but this would obviously tie you into the Windows platform. I do have a C++ tool that does this that I created as part of my research process to spy on client server calls, manage debugging with OllyDbg, etc. It can download iOS 9 backups, minus Data Protection which I never implemented. However, I been reluctant to acknowledge its existence or to provide specific details.
from inflatabledonkey.
If you write core layer that would be awesome and really speed up dev process. I'd prefer never ever stick to windows OS. All my development run on Linux based systems. But I agree that it is interesting idea to reuse Apple binaries to simplify adoption to Apple updates. We could experiment with vine for that.
from inflatabledonkey.
@ajlyakhov To clarify, the core layer code is already present in InflatableDonkey. It doesn't need to be written. I was considering pulling it out as a separate project so it could be reused. However it's a time issue and I'm not actually sure anyone would know what to do with it.
from inflatabledonkey.
Honorable sir @horrorho, could you please publish the "unpublished hacked InflatableDonkey"?
from inflatabledonkey.
@SmoothAF I have a number of private tools that I don't have plans to release. However if you have an open source project that requires assistance then I may be able to help.
from inflatabledonkey.
Stale issue. Closing.
from inflatabledonkey.
Related Issues (20)
- ios 13 support HOT 2
- SSLHandshakeException - decode error
- IOS 12 2fa Backup not download HOT 5
- icloud Ask questions HOT 4
- Question
- Downloading backup not working for IOS 12.4.5 HOT 2
- Zone Retrieve Request Fails HOT 7
- How to do iCloud Reverse engineering?
- Remove logback.xml from shipped jar
- Man
- Message files are missing from iCloud backup HOT 5
- Maintaining InflatableDonkey For Future HOT 5
- 2FA for iCloud Backup HOT 2
- New Patch not working , not able to download backup HOT 1
- Can I hire you? HOT 1
- com.apple.facetime.bag.plist
- How to recreate protobuffer files? HOT 3
- Out of memory for large backup HOT 5
- Providing support for iOS 12 devices HOT 3
- Misdirected Request [Server: AppleHttpServer/70a91026 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from inflatabledonkey.