Comments (17)
Ok. I've figured it out, well mostly. It's an issue with XTS-AES encryption that is tied to the type of device used to create the backup, not to iOS 9.3 per se. I'm currently finishing off XTS-AES code and I'll start testing over the next day or two. I still need to figure out the detection routines for when to use the conventional AES-CBC decryption or the XTS decryption.
from inflatabledonkey.
Thank you for your feedback.
I'm aware of the broken file issue with certain domains and I have been working on it. I reversed the file checksum algorithms earlier today and I'm half way through coding them. This should tell us if our file decryption is faulty or if applications are using their own additional encryption. If it's the latter then it's currently outside the scope of this project.
I'll report back once I have more information.
As for the the WhatsApp file issue, it's a trivial matter to find, cut/ copy and paste them into a single folder using Windows Explorer search box. It's just as simple on most Linux distros. There's no need to work through individual folders.
from inflatabledonkey.
Ok, it's a decryption issue which I'll need to look into. Certain protection classes are not being decrypted properly.
from inflatabledonkey.
Thanks. I'm on OS X - what practice would you recommend to move the files?
from inflatabledonkey.
I don't have any OSX or iOS devices, so I'll leave it up to others to suggest the best approach.
Either way the core of this concept tool is to retrieve backups, not to manipulate backups post retrieval.
from inflatabledonkey.
Ok! I spent all night on this and I've pushed a new build. My current retrieval has no WhatsApp file corruption issues whereas it did on previous builds.
As for the cause, I managed to break the protection class key bag/ file decryption code somehow. Obviously I have no idea what I'm doing at times.
If you would kindly try out the new build and let me know if the issues persists. Thank you.
from inflatabledonkey.
@horrorho just tried it, still unreadable. can upload a random unreadable file from the bunch if that helps?
from inflatabledonkey.
Which iOS version are you using?
Are you able to view files in the media or other domains?
I don't think the random files will help. There is another checksum that I've not reversed yet, which should give us a post protection class decryption status. I'll try and work on that as it may give us additional clues.
I may have imagined it, but I vaguely remember newer versions of WhatsApp using disk encryption hence why I'm interested to know if you can view files in other domains.
from inflatabledonkey.
Yes I can. In addition to the one mentioned above I also have iPhone6,2 N53AP. It decrypts all files correctly and everything is viewable.
iOS is 9.3
Theoretically speaking (i'm no crypto expert), wouldn't the encrypted file help to test out various decryption methods locally?
from inflatabledonkey.
Unfortunately no. Without the decryption key it will appear as random data. To brute force the key would take time magnitudes longer than the age of the universe.
Though I suspect it's an additional security layer that WhatsApp have introduced I will endeavour to reverse the aforementioned other checksum. I have a checksum for data prior to protection class decryption, but not for data post decryption. There is still the chance that the decryption algorithms are buggy.
Again thank you for the feedback. I'll continue to work on this issue.
from inflatabledonkey.
Hi,
Great work! I too (iOS 9.3) can not open any media files excluding CameraRollDomain. Currently on the newest build.
Thank you for all your hard work.
from inflatabledonkey.
@colincowie10 Thank you for the feedback. It appears that the protection class decryption has issues with certain backups. The reason for this is unclear to me at the moment but I am looking into it as a priority.
from inflatabledonkey.
Thank you!
from inflatabledonkey.
Ok! I've spend some time on the issue and it appears iOS 9.3 has additional steps for data protection class decryption. So whilst the current code is not obviously buggy, it is incomplete.
This additional encryption layer doesn't typically appear in the CameraRollDomain but features prominently in other domains such as AppDomain-net.whatsapp.WhatsApp. So iOS 9.3 camera rolls files will decrypt but WhatsApp ones will not.
This involves more reversing work for me, which I can't stand. There is an additional issue that might be very tricky to solve, but I'll expand on this later if does indeed become problematic.
from inflatabledonkey.
Gotcha, keep up the hard work! Much appreciated.
from inflatabledonkey.
Would you mind pushing a new branch with the changes so far if you get chance, I'd like to see how it fits together.
from inflatabledonkey.
Sorry for the wait! I've pushed the new code. Please refer to the main page for caveats.
from inflatabledonkey.
Related Issues (20)
- ios 13 support HOT 2
- SSLHandshakeException - decode error
- IOS 12 2fa Backup not download HOT 5
- icloud Ask questions HOT 4
- Question
- Downloading backup not working for IOS 12.4.5 HOT 2
- Zone Retrieve Request Fails HOT 7
- How to do iCloud Reverse engineering?
- Remove logback.xml from shipped jar
- iCloud backup's is not downloaded HOT 265
- Message files are missing from iCloud backup HOT 5
- Maintaining InflatableDonkey For Future HOT 5
- 2FA for iCloud Backup HOT 2
- New Patch not working , not able to download backup HOT 1
- Can I hire you? HOT 1
- com.apple.facetime.bag.plist
- How to recreate protobuffer files? HOT 3
- Out of memory for large backup HOT 5
- Providing support for iOS 12 devices HOT 3
- Misdirected Request [Server: AppleHttpServer/70a91026 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from inflatabledonkey.