Skip to content

qustodio/iphonebackuptools

 
 

Repository files navigation

iPhone backup tools

Build Status npm license

Qustodio changes

This is a fork of the original project by @richinfante. The modifications allows you to obtain information from an encrypted backup, but it has significant limitations. This module operates with internal state, so information can only be obtained from one device at a time. In other words, parallel operations can cause errors or unexpected behaviors.

How does this fork work?

It decrypts the manifest into a file named manifest-un and then, for each report query, it opens a database by reading the decrypted manifest to obtain the file ID and subsequently consults it with MySQLLite.

Support and type definitions for TypeScript are also added for the reports.

  • backups.list
  • messages.all
  • phone.calls
  • phone.address_book

Example:

/*
To allow the use of encrypted backups, 
it is essential to call the configure method before any calls to report.
*/
await bt.configure({
  base: BACKUP_PATH,
  id: DEVICE_ID,
  password: PASSWORD_BACKUP,
});

const [report, messages, calls, addressBook] = await Promise.all([
  bt.run('backups.list', {}),
  bt.run('messages.all', { backup: DEVICE_ID }),
  bt.run('phone.calls', { backup: DEVICE_ID }),
  bt.run('phone.address_book', { backup: DEVICE_ID }),
]);

console.log({ report, calls, addressBook, messages });

What is this?

Are you storing unencrypted iPhone backups on your personal computer? With very little effort, we can dump all the saved messages from the backup, as well as notes, photo locations, and other data.

Check out my recently updated post about my work on backups here: Reverse Engineering the iOS Backup

This tool is also still fairly experimental, so use at your own risk! Even though the tool opens the backup files as read-only, you should still make a copy of your backups before using this if they are important.

Currently works on macOS, not tested extensively on windows but should function properly. Please flag any issues!

Documentation

This readme is intended to be an overview of features. Please read the wiki for more up-to-date and in-depth examples, and examples of how to make and use reports.

iOS Support

iOS Support depends on the individual reporting types and which files are specifically present inside of the backup. When a report type is not supported, an error message is outputted to the terminal. Some reports, will output an error message if files that are required are not present in the backup.

Reports List

the full report list is available on the wiki

Installing (as a module)

npm i ibackuptool --save

You can then import the module to run reports and get javascript objects as results:

const bt = require('ibackuptool')

// Call the backups.list report.
bt.run('backups.list')
  .then(backups => {
    // Gives you a list of backups.
    console.log(backups)
  })

Installing (as a global command line tool)

Prerequisites: nodejs and npm. It's highly recommended using nvm to install node/npm, as it makes it easier to install globally.

# Install directly from NPM
npm i -g ibackuptool

If you do not have permission to install globally, you can try something like this to change your NPM prefix and add it into your $PATH.

CLI Quickstart

# List all the backups on the system
ibackuptool -l 

# I'm using "0c1bc52c50016933679b0980ccff3680e5831162" as a placeholder.
# The list of backups contains the different UDIDs in the first column.
UDID="0c1bc52c50016933679b0980ccff3680e5831162"

# Run ibackuptool --help to get a list of reports that are available
ibackuptool -b $UDID --report '$TYPE'

Terminal Permissions (macOS)

If you receive an error when trying to list backups, then it is possible Terminal does not have permission to access the folder where backups are stored. Read the error message for the location, otherwise try to just list the backups manually:

# List all backups manually (macOS)
ls "/Users/$(whoami)/Library/Application Support/MobileSync/Backup"

You will see ls: Operation not permitted and know that Terminal does not have permission. Fix by allowing Terminal in Full Disk Access under Security & Privacy. First, close Terminal, and then:

System Preferences -> Security & Privacy -> Privacy -> Full Disk Access -> + -> tick Terminal

Restart Terminal and try again.

Multiple-Reporting

You can also provide a comma separated list of reports to generate. Additionally, there is a special all report type which will run all available reports. This is best paired with the -o option for saving to disk and the -f option for selecting a format such as CSV, or JSON.

# Run all phone reports and wifi report.
ibackuptool -b $UDID --report 'phone.*,system.wifi'

# Report all possible
ibackuptool -b $UDID --report all

Reporting formats

iBackupTool now supports multiple kinds of data export, which can be selected using the -f flag.

  • table - Selected data columns in an ascii table
  • json - Selected data columns for display (same data as table)
  • csv - CSV file containing selected columns (same data as table)

Additionally, there are more comprehensive export functions that will export ALL the data collected, and keep original formatting and columns:

  • raw-csv - Full-data CSV export from each of the tables.
  • raw, raw-json - Full-data JSON export from each of the tables. This output can be quite large.

Joined Reports

Additionally, for the json and raw-json types, there's a --join-reports flag which will merge all of the data into a single JSON file, where the top level object has a key for each report type that is selected.

# Generate both wifi and calls reports, joined as JSON
ibackuptool -b $UDID -r systme.wifi,phone.calls -f json --join-reports

Output to disk

the -o <path> (--output <path>option specifies a folder to export reports to. If the directory does not exist, it will be created. For joined JSON reports, a single json file is exported instead of multiple files in a directory.

# Export wifi, calls, voicemail as CSV files to disk in a folder named "exported/"
ibackuptool -b $UDID --report system.wifi,phone.calls,phone.voicemail -f csv -o exported

Extracting files

the --extract <path> parameter paired with the backup.files report will extract all files in a backup.

To limit which files are extracted, pass one or more filters via --filter <filter>. Each filter must match for the file to be included.

Regular expression filters can be passed by --regex-filter <filter>.

# Export all JPEG photos onto "~/Desktop/Photos"
ibackuptool -b $UDID -r backup.files --extract ~/Desktop/Photos --filter DCIM --regex-filter '\.(jpg|JPG|jpeg|JPEG)$'

Running Tests

first, install tap

next, run npm test.

Important!

You should make a backup of the backups you look at using this tool, even though they are opened as read-only, you should still do that do you don't accidentally do something to lose data.

Contributing

See Contributing.md

TODO

See Roadmap

Legal

Copyright © 2017-2019 Richard Infante.

Available under the MIT License.

DISCLAIMER: This tool enables the extraction of personal information from iPhone backups located on a computer drive. The tool is for testing purposes and should ONLY be used on iPhone backups where the owner's consent has been given. Do not use this tool for illegal purposes, ever.

The project contributors and Richard Infante will not be held responsible in the event any criminal charges be brought against any individuals misusing this tool and/or the information contained within, to break the law.