forked from jfarley248/iTunes_Backup_Reader
-
Notifications
You must be signed in to change notification settings - Fork 0
/
encryptedDbParser.py
166 lines (135 loc) · 6.18 KB
/
encryptedDbParser.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
'''
Copyright (c) 2019 Jack Farley
This file is part of iTunesBackupAnalyzer
Usage or distribution of this software/code is subject to the
terms of the GNU GENERAL PUBLIC LICENSE.
manifestDbParser.py
------------
'''
from __future__ import unicode_literals
from __future__ import print_function
import os
import helpers.deserializer as deserializer
from biplist import *
import logging
import plistlib
import datetime
import io
import os
import re
import errno
import sqlite3
from pathlib_revised import Path2
from shutil import copyfile
def getFileInfo(plist_blob):
'''Read the NSKeyedArchive plist, deserialize it and return file metadata as a dictionary'''
info = {}
try:
f = io.BytesIO(plist_blob)
info = deserializer.process_nsa_plist("", f)
ea = info.get('ExtendedAttributes', None)
if ea:
#INVESTIGATE THIS MORE
if type(ea) is bytes:
pass
else:
ea = ea['NS.data']
info['ExtendedAttributes'] = ea #str(biplist.readPlistFromString(ea))
except Exception as ex:
logging.exception("Failed to parse file metadata from db, exception was: " + str(ex))
return info
def ReadUnixTime(unix_time): # Unix timestamp is time epoch beginning 1970/1/1
'''Returns datetime object, or None upon error'''
if unix_time not in ( 0, None, ''):
try:
if isinstance(unix_time, str):
unix_time = float(unix_time)
return datetime.datetime(1970, 1, 1) + datetime.timedelta(seconds=unix_time)
except (ValueError, OverflowError, TypeError) as ex:
logging.error("ReadUnixTime() Failed to convert timestamp from value " + str(unix_time) + " Error was: " + str(ex))
return None
def createFolder(folderPath, logger):
if not os.path.exists(folderPath):
try:
fixedFolderPath = Path2(folderPath)
Path2(fixedFolderPath).makedirs()
except Exception as ex:
logger.exception("Could not make root directory: " + folderPath + "\nError was: " + str(ex))
def OpenDb(inputPath, logger):
try:
conn = sqlite3.connect(inputPath)
logger.debug ("Opened database: " + inputPath + " successfully")
return conn
except Exception as ex:
logger.exception ("Failed to open database: " + inputPath + " Exception was: " + str(ex))
return None
def WriteMetaDataToDb(file_meta_list, outputDir, logger):
outputFileInfoDb = os.path.join(outputDir, "File_Metadata.db")
conn2 = OpenDb(outputFileInfoDb, logger)
createMetaQuery = "CREATE TABLE IF NOT EXISTS Metadata (RelativePath TEXT, LastModified DATE, " \
"LastStatusChange DATE, Birth DATE, " \
"Size INTEGER, InodeNumber INTEGER, Flags INTEGER, UserID INTEGER, GroupID INTEGER, " \
"Mode INTEGER, ProtectionClass INTEGER, ExtendedAttributes BLOB)"
try:
conn2.execute(createMetaQuery)
except sqlite3.Error:
logger.exception("Failed to execute query: " + createMetaQuery)
try:
conn2.executemany('''INSERT INTO Metadata(RelativePath, LastModified, LastStatusChange, Birth,
Size, InodeNumber, Flags, UserID, GroupID,
Mode, ProtectionClass, ExtendedAttributes) VALUES (?,?,?,?,?,?,?,?,?,?,?,?)''',
file_meta_list)
except sqlite3.Error:
logger.exception("Error filling Metadata table.")
conn2.commit()
conn2.close()
def readEncManiDb(manifestPath, sourceDir, outputDir, decrypt_object, decrypt_only, logger):
'''Creates Root folder for recreated file structure'''
root = outputDir
createFolder(root, logger)
'''Copy Decrypted manifest db to decrypted backup'''
if decrypt_only:
dest_manifest = os.path.join(outputDir, "BACKUP", "Manifest.db")
copyfile(decrypt_object.decrypted_manifest_db, dest_manifest)
conn = OpenDb(manifestPath, logger)
c = conn.cursor()
query = '''SELECT fileId, domain, relativePath, flags, file FROM files'''
try:
logger.debug("Trying to execute query: " + query + " against database " + manifestPath)
c.execute(query)
logger.debug("Successfully executed query: " + query + " against database " + manifestPath)
except Exception as ex:
logger.exception("Could not execute query: " + query + " against database " + manifestPath
+ " Exception was: " + str(ex))
file_meta_list = []
for fileListing in c:
fileId = fileListing[0]
domain = fileListing[1]
relativePath = fileListing[2]
fType = fileListing[3]
info = getFileInfo(fileListing[4])
ea = info.get('ExtendedAttributes', None)
if ea:
ea = bytes(ea)
file_meta_list.append([ (domain + "/" + relativePath) if relativePath else domain,
ReadUnixTime(info.get('LastModified', None)),
ReadUnixTime(info.get('LastStatusChange', None)), ReadUnixTime(info.get('Birth', None)),
info.get('Size', None), info.get('InodeNumber', None), info.get('Flags', None),
info.get('UserID', None), info.get('UserID', None),
info.get('Mode', None), info.get('ProtectionClass', None), ea
])
if len(file_meta_list) > 50000:
WriteMetaDataToDb(file_meta_list, outputDir, logger)
file_meta_list = []
try:
# Potential area to extract to decrypted backup instead of recreated structure
if fType == 1:
if decrypt_only:
file_path = os.path.join(outputDir, "BACKUP", fileId[0:2], fileId)
else:
file_path = os.path.join(outputDir, "Recreated_Structure", relativePath)
decrypt_object.decryptor_object.extract_file(relative_path=relativePath, output_filename=file_path)
except Exception as ex:
logger.exception("Recreation failed for file {}/{}".format(domain, relativePath))
if len(file_meta_list):
WriteMetaDataToDb(file_meta_list, outputDir, logger)