ios_backup_extractor 1.1.0

data/lib/ios_backup_extractor/raw_backup.rb

@@ -0,0 +1,183 @@
+module IosBackupExtractor
+  class RawBackup
+    include NauktisUtils::Logging
+    attr_reader :info_plist
+    INFO_PLIST = 'Info.plist'
+    MANIFEST_PLIST = 'Manifest.plist'
+
+    def initialize(backup_directory)
+      @backup_directory = NauktisUtils::FileBrowser.ensure_valid_directory(backup_directory)
+      @info_plist = InfoPlist.new(File.join(@backup_directory, INFO_PLIST))
+      @manifest_plist = IosBackupExtractor.plist_file_to_hash(File.join(@backup_directory, MANIFEST_PLIST))
+      raise 'This looks like a very old backup (iOS 3?)' unless @manifest_plist.has_key? 'BackupKeyBag'
+    end
+
+    ##
+    # Creates a tar archive of the backup without touching any files.
+
+    def archive_raw(destination, options = {})
+      load!(options)
+      destination_directory = NauktisUtils::FileBrowser.ensure_valid_directory(destination)
+      backup_name = NauktisUtils::FileBrowser.sanitize_name("#{@info_plist.last_backup_date.strftime('%Y_%m_%d')}_#{@info_plist.product_type}_iOS#{@info_plist.product_version}_#{@info_plist.serial_number}_raw")
+      parent_folder = @backup_directory
+      NauktisUtils::Archiver.new do
+        add(parent_folder)
+        destination(destination_directory)
+        name(File.basename(backup_name))
+      end
+    end
+
+    ##
+    # Extracts the backup to +destination_directory+.
+
+    def extract_to(destination_directory, options = {})
+      load!(options)
+      options = {name: 'full'}.merge(options)
+      destination_directory = NauktisUtils::FileBrowser.ensure_valid_directory(destination_directory)
+      backup_name = NauktisUtils::FileBrowser.sanitize_name("#{@info_plist.last_backup_date.strftime('%Y_%m_%d')}_#{@info_plist.product_type}_iOS#{@info_plist.product_version}_#{@info_plist.serial_number}_#{options[:name]}")
+      parent_directory = File.expand_path(File.join(destination_directory, backup_name))
+      raise "Backup destination already exists. #{parent_directory}" if File.exist? parent_directory
+      FileUtils.mkdir(parent_directory)
+      logger.info(self.class.name) { "Starting backup extraction in directory #{parent_directory}" }
+      copy_files(destination_directory, options)
+      add_files_with_extensions(destination_directory)
+      logger.info(self.class.name) { "Backup extraction finished. #{IosBackupExtractor.file_count(parent_directory)} files extracted." }
+      parent_directory
+    end
+
+    ##
+    # Creates a tar archive of the backup with files extracted.
+
+    def archive_to(destination_directory, options = {})
+      load!(options)
+      Dir.mktmpdir(nil, options[:temp_folder]) do |dir|
+        parent_folder = extract_to(dir, options)
+        logger.debug(self.class.name) { "Starting archiving of #{parent_folder}" }
+        NauktisUtils::Archiver.new do
+          add(parent_folder)
+          destination(destination_directory)
+          name(File.basename(parent_folder))
+          compress(:bzip2) if options[:compress]
+        end
+      end
+    end
+
+    ##
+    # Tells whether the backup is encrypted or not.
+
+    def is_encrypted?
+      @manifest_plist['IsEncrypted']
+    end
+
+    # Prints one line information about the backup
+    def to_s
+      @info_plist.to_s
+    end
+
+    private
+
+    ##
+    # Loads the backup.
+    # This operation is required before performing any action
+
+    def load!(options = {})
+      unless @loaded
+        logger.debug(self.class.name) { 'Loading backup' }
+        logger.info(self.class.name) { "Files in the original backup directory #{IosBackupExtractor.file_count(@backup_directory)}" }
+
+        if is_encrypted?
+          logger.info(self.class.name) { 'Encrypted backup' }
+          major, minor = info_plist.versions
+          @keybag = Keybag.create_with_backup_manifest(@manifest_plist, options.fetch(:password), major, minor)
+        end
+
+        @loaded = true
+      end
+    end
+
+    ##
+    # Returns true if the backup should include the file with +domain+ and +file_path+.
+    # This is useful for partial backups.
+
+    def should_include?(domain, file_path, options)
+      # Check filters
+      return false unless options[:domain_filter].nil? or domain =~ options[:domain_filter]
+      return false unless options[:file_path_filter].nil? or file_path =~ options[:file_path_filter]
+      return false unless options[:domain_except_filter].nil? or not (domain =~ options[:domain_except_filter])
+      return false unless options[:file_path_except_filter].nil? or not (file_path =~ options[:file_path_except_filter])
+      true
+    end
+
+    def copy_file_from_backup(backup_file, destination)
+      file_in, file_out = prepare_file_copy_from_backup(backup_file, destination)
+      FileUtils.cp(file_in, file_out)
+    end
+
+    def copy_enc_file_from_backup(backup_file, destination, key)
+      file_in, file_out = prepare_file_copy_from_backup(backup_file, destination)
+      cipher = OpenSSL::Cipher::AES256.new(:CBC)
+      cipher.decrypt
+      cipher.key = key
+      buf = ''
+      File.open(file_out, 'wb') do |outf|
+        File.open(file_in, 'rb') do |inf|
+          while inf.read(4096, buf)
+            outf << cipher.update(buf)
+          end
+          outf << cipher.final
+        end
+      end
+    end
+
+    def prepare_file_copy_from_backup(backup_file, destination)
+      # Prepare the source file
+      backup_file = File.join(@backup_directory, backup_file) unless backup_file.start_with?(@backup_directory)
+      backup_file = File.expand_path(backup_file)
+      raise "File #{backup_file} doesn't exist in your backup source" unless File.exists?(backup_file)
+
+      # Prepare destination
+      destination = File.expand_path(destination)
+
+      # TODO do that only if a flag is set.
+      if File.exists?(destination)
+        # Handle case sensitivity issues.
+        current = File.basename(destination)
+        existing = Dir.entries(File.dirname(destination))
+        if not existing.include?(current) and existing.any? { |e| e.downcase == current.downcase }
+          newdestination = ''
+          i = 0
+          loop do
+            i += 1
+            newdestination = File.join(File.dirname(destination), "#{current}_#{'cs' * i}")
+            break unless File.exists?(newdestination)
+          end
+          logger.warn(self.class.name) { "Case sensitivity issue with #{destination}. Using #{newdestination}" }
+          destination = newdestination
+        else
+          raise "File #{backup_file} already exists at #{destination}"
+        end
+      end
+
+      logger.debug(self.class.name) { "Copying #{backup_file} to #{destination}" }
+      FileUtils.mkdir_p(File.dirname(destination))
+
+      [backup_file, destination]
+    end
+
+    ##
+    # Adds all files with extension to the backup
+
+    def add_files_with_extensions(destination_directory)
+      Dir.entries(@backup_directory).each do |entry|
+        path = File.expand_path(File.join(@backup_directory, entry))
+        unless FileTest.directory? path
+          unless File.extname(path).empty?
+            logger.info(self.class.name) { "Keeping #{File.basename(path)} in the backup." }
+            FileUtils.cp(NauktisUtils::FileBrowser.ensure_valid_file(path), destination_directory)
+          end
+        end
+      end
+      raise "#{INFO_PLIST} was not added" unless File.exists?(File.join(destination_directory, INFO_PLIST))
+    end
+  end
+end

data/lib/ios_backup_extractor/raw_backup10.rb

@@ -0,0 +1,85 @@
+module IosBackupExtractor
+  class RawBackup10 < RawBackup
+    MANIFEST_DB = 'Manifest.db'
+
+    private
+
+    def load!(options = {})
+      super(options)
+
+      # Grab a copy of the Manifest database
+      manifest_dir = Dir.mktmpdir
+      major, minor = info_plist.versions
+      if is_encrypted? and major >= 10 and minor >= 2
+        protection_class = @manifest_plist['ManifestKey'][0..3].unpack('V')[0]
+        key = @keybag.unwrap_key_for_class(protection_class, @manifest_plist['ManifestKey'][4..-1])
+        copy_enc_file_from_backup(MANIFEST_DB, File.join(manifest_dir, MANIFEST_DB), key)
+      else
+        copy_file_from_backup(MANIFEST_DB, File.join(manifest_dir, MANIFEST_DB))
+      end
+
+      @manifest = SQLite3::Database.new(File.join(manifest_dir, MANIFEST_DB))
+    end
+
+    # Copy a file from the backup to destination
+    def copy_files(destination_directory, options = {})
+      destination_directory = NauktisUtils::FileBrowser.ensure_valid_directory(destination_directory)
+
+      logger.info(self.class.name) do
+        count = @manifest.execute('SELECT COUNT(fileID) FROM Files WHERE flags == 1')
+        "Files in the Manifest: #{count[0][0]}"
+      end
+
+      @manifest.execute('SELECT * FROM Files') do |row|
+        f = {
+            file_id: row[0],
+            domain: row[1],
+            file_path: row[2]
+        }
+        flag = row[3]
+
+        # Check filters
+        next unless should_include?(f[:domain], f[:file_path], options)
+
+        backup_file = File.expand_path(File.join(@backup_directory, f[:file_id][0..1], f[:file_id]))
+
+        # Folders
+        if flag == 2
+          if File.exists?(backup_file)
+            raise "Directories should not exist in the original backup... #{f[:file_id]}"
+          else
+            next
+          end
+        end
+
+        # Symlink
+        if flag == 4
+          if File.exists?(backup_file)
+            raise "Symlinks should not exist in the original backup... #{f[:file_id]}"
+          else
+            next
+          end
+        end
+
+        if flag == 16
+          if File.exists?(backup_file)
+            raise "Flag 16 should not exist in the original backup... #{f[:file_id]}"
+          else
+            next
+          end
+        end
+
+        destination = File.expand_path(File.join(destination_directory, f[:domain], f[:file_path]))
+        data = CFPropertyList.native_types(CFPropertyList::List.new(data: row[4]).value)
+
+        file_properties = data['$objects'][1]
+        if not file_properties['EncryptionKey'].nil? and not @keybag.nil?
+          key = @keybag.unwrap_key_for_class(file_properties['ProtectionClass'], data['$objects'][file_properties['EncryptionKey']]['NS.data'][4..-1])
+          copy_enc_file_from_backup(backup_file, destination, key)
+        else
+          copy_file_from_backup(backup_file, destination)
+        end
+      end
+    end
+  end
+end

data/lib/ios_backup_extractor/raw_backup4.rb

@@ -0,0 +1,52 @@
+module IosBackupExtractor
+  class RawBackup4 < RawBackup
+    MANIFEST_MBDB = 'Manifest.mbdb'
+
+    private
+
+    def load!(options = {})
+      super(options)
+      @mbdb = MBDB.new(File.join(@backup_directory, MANIFEST_MBDB))
+    end
+
+    # Copy a file from the backup to destination
+    def copy_files(destination_directory, options = {})
+      destination_directory = NauktisUtils::FileBrowser.ensure_valid_directory(destination_directory)
+
+      @mbdb.files.each do |f|
+        if f[:type] == '-'
+          # Check filters
+          continue unless should_include?(f[:domain], f[:file_path], options)
+
+          destination = File.expand_path(File.join(destination_directory, f[:domain], f[:file_path]))
+          raise "File #{destination} already exists" if File.exists?(destination)
+
+          source = File.expand_path(File.join(@backup_directory, f[:file_id]))
+          raise "File #{source} doesn't exist in your backup source" unless File.exists?(source)
+
+          logger.debug(self.class.name) { "Extracting #{destination}" }
+          FileUtils.mkdir_p(File.dirname(destination))
+
+          if not f[:encryption_key].nil? and not @keybag.nil?
+            key = @keybag.unwrap_key_for_class(f[:protection_class], f[:encryption_key][4..-1])
+
+            cipher = OpenSSL::Cipher::AES256.new(:CBC)
+            cipher.decrypt
+            cipher.key = key
+            buf = ''
+            File.open(destination, 'wb') do |outf|
+              File.open(source, 'rb') do |inf|
+                while inf.read(4096, buf)
+                  outf << cipher.update(buf)
+                end
+                outf << cipher.final
+              end
+            end
+          else
+            FileUtils.cp(source, destination)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/ios_backup_extractor/version.rb

@@ -0,0 +1,3 @@
+module IosBackupExtractor
+  VERSION = '1.1.0'
+end

metadata

@@ -0,0 +1,176 @@
+--- !ruby/object:Gem::Specification
+name: ios_backup_extractor
+version: !ruby/object:Gem::Version
+  version: 1.1.0
+platform: ruby
+authors:
+- Nauktis
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2017-01-27 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: nauktis_utils
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: aes_key_wrap
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: CFPropertyList
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Ruby script to extract iOS backups.
+email:
+- nauktis@users.noreply.github.com
+executables:
+- ios
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
+- Gemfile
+- LICENSE.md
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- exe/ios
+- ios_backup_extractor.gemspec
+- lib/ios_backup_extractor.rb
+- lib/ios_backup_extractor/backup_retriever.rb
+- lib/ios_backup_extractor/info_plist.rb
+- lib/ios_backup_extractor/keybag.rb
+- lib/ios_backup_extractor/mbdb.rb
+- lib/ios_backup_extractor/raw_backup.rb
+- lib/ios_backup_extractor/raw_backup10.rb
+- lib/ios_backup_extractor/raw_backup4.rb
+- lib/ios_backup_extractor/version.rb
+homepage: https://github.com/Nauktis/ios_backup_extractor
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.1
+signing_key: 
+specification_version: 4
+summary: Ruby script to extract iOS backups.
+test_files: []