The Manifest database itself is encrypted, its key is stored, wrapped with protection class 4, in the ManifestKey property ist. To keep the code simple, I no longer support the iOS 10.0 The properties table described above is now empty, and the "file" column is a bare plist. (A little endian uint32 containing the protection class, followed by the file's key AES-WRAPed by the key for that protection class.) iOS 10.1 This object has a ProtectionClass field that gives the files protection class (used for choosing an appropriate key from the keybag) and an EncryptionKey field containing an NSMutableData with the same format as the encryption key in the MBDB file. The decrypted data is a binary plist, specifically a key-valued archive of a MBFile object. The key is the first 16 bytes of sha1(password||salt), the initialization vector is the sequence of bytes 0, 1, 2. The file field is an encrypted with AES128-CBC. The fileID is the hash of domain + "-" + relativePath. The columns are fileID, domain, relativePath, flags, and file. The Files table contains a row for each file. The key passwordHash contains sha256(password||salt). The key salt contains the salt for the backup password. The Properties table contains a list of key/value pairs. And the actual files themselves are moved to subdirectories whose names are the first two characters of the filename. It stores the data in a sqlite3 database called Manifest.db, which contains two tables. IOS 10 is using a different format for the manifest. The apps command will list the installed apps.Ĭhanges to the database format in recent iOS releases: iOS 10 (deprecated) The dumpkeys command will dump the readable portions of the keychain to json. The restore command will restore the files in a domain into a directory tree. ![]() ![]() The ls command will list domains or files in a domain.
0 Comments
Leave a Reply. |