Decrypt and extract files from an iOS13+ encrypted local backup.
Project description
iphone-backup-decrypt
Decrypt an encrypted, local (i.e. non-iCloud), iPhone backup created from iOS13 or newer. This code is mainly a wrapper for this StackOverflow answer, itself based on the iphone-dataprotection code.
Install
Requires Python 3.8 or higher.
The code requires a cryptographic library providing the Crypto name.
Use pycryptodome (but note that this clashes with pycrypto, if that is already installed).
The backup decryption keys are protected using 10 million rounds of PBKDF2 with SHA256, then 10 thousand further iterations of PBKDF2 with SHA-1.
To speed up decryption, fastpbkdf2 is desirable; otherwise the code will fall back to using standard library functions.
The fallback is much slower, but does not require the complicated build and install of fastpbkdf2.
Install via pip:
pip install iphone_backup_decrypt
# Optionally:
pip install fastpbkdf2
Usage
This code decrypts the backup using the passphrase chosen when encrypted backups were enabled in iTunes.
The relativePath of the file(s) to be decrypted also needs to be known.
Very common files, like those for the call history or text message databases, can be found in the RelativePath class: e.g. use RelativePath.CALL_HISTORY instead of the full Library/CallHistoryDB/CallHistory.storedata.
If the relative path is not known, you can manually open the Manifest.db SQLite database and explore the Files table to find those of interest.
After creating the class, use the EncryptedBackup.save_manifest_file(...) method to store a decrypted version.
A minimal example to decrypt and extract some files might look like:
from iphone_backup_decrypt import EncryptedBackup, RelativePath, RelativePathsLike
passphrase = "..." # Or load passphrase more securely from stdin, or a file, etc.
backup_path = "%AppData%\\Apple Computer\\MobileSync\\Backup\\[device-specific-hash]"
backup = EncryptedBackup(backup_directory=backup_path, passphrase=passphrase)
# Extract the call history SQLite database:
backup.extract_file(relative_path=RelativePath.CALL_HISTORY,
output_filename="./output/call_history.sqlite")
# Extract all photos from the camera roll:
backup.extract_files(relative_paths_like=RelativePathsLike.CAMERA_ROLL,
output_folder="./output/camera_roll")
# Extract WhatsApp SQLite database and attachments:
backup.extract_file(relative_path=RelativePath.WHATSAPP_MESSAGES,
output_filename="./output/whatsapp.sqlite")
backup.extract_files(relative_paths_like=RelativePathsLike.WHATSAPP_ATTACHMENTS,
output_folder="./output/whatsapp")
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file iphone_backup_decrypt-0.3.1.tar.gz.
File metadata
- Download URL: iphone_backup_decrypt-0.3.1.tar.gz
- Upload date:
- Size: 11.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.11.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
98534c1f79243f3a25e04cac2ffcb2f7762184a392e91867beca495fb48f223a
|
|
| MD5 |
fc8cb9d32f1b5559b1aefddc7d93fe90
|
|
| BLAKE2b-256 |
a87a83b2c8646f75eb431153ffdfa9c013ec4905d1531a1da73f3764d217938d
|
File details
Details for the file iphone_backup_decrypt-0.3.1-py3-none-any.whl.
File metadata
- Download URL: iphone_backup_decrypt-0.3.1-py3-none-any.whl
- Upload date:
- Size: 11.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.11.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
cb442575a7cb8a033f27c2bcf01f38fe4ff2769f22079e6167d05053f85a78be
|
|
| MD5 |
a7a84996c7b779a7105ab7625afd5a5a
|
|
| BLAKE2b-256 |
74ec9684bef42100366c03d6e63932870b2084036cbad170c76c4a2b9ac0324b
|
