I'm trying to read and analysis iPhone backup files in Library/Application Support/MobileSync/Backup folder.
I use SQLite DB viewer to view the manifest.db:
Files TABLE structure
Files TABLE content
The filename is encrypted. And the file is blob type which I can't decide it's an image or text or documents.
How can I get the details of these backup? (Using Javascript would be best, or Swift).
The numbers and letters under fileID are the file names in the backup as in the folders with the manifest.db, and they correspond to the domain and relative path (duh). In iOS versions newer than 9.3.5, you can find the file itself in the folder named with the 1st 2 characters of the fileID. At the end of the relative path in the database it should have an extension. Use that as a hint to what program to use to open the file. Xcode for .plist etc. Ultimately it depends what you're looking for...
The blob in the blob column is a binary plist. You can parse it using a plist parser e.g. Property List Parsing
The blob appears to be base64 encoded, but I cannot figure out the type of the resulting binary blob. I've checked to see if it can be decrypted with openssl enc -aes-256-cbc -d decoded-string-as-binary-blob.datafile but I get back "bad magic." I've also tries all of the other AES encryption ciphers and block cipher modes, but no change. It could always be XOR'd with a value, but I haven't found an easy to test that theory.
Related
I am trying to open a .pkpass file (or merely the contained pass.json file) in an app I am developing, however, while I didn't have issues with 3 passes I tried, the 4th seems to have some kind of weird encoding and/or binary data within the JSON.
When I open the JSON file using e.g. less in the shell, I'll get this:
And while we can see mostly garbage, there is readable characters mixed into it. When I open it using XCode, this is what I get:
This leads me to believe its a character encoding issue. But I am not too good in text encoding, so I don't know how I can find out the correct encoding in order to be able to properly read this file with my app. file is giving me:
$ file -I pass.json
pass.json: application/octet-stream; charset=binary
I tried opening the file with BBedit over and over again with different encodings, none would open it in a readable format.
What kind of format is this, or how can I find out, so I can implement the correct method of opening/parsing this file?
I feel you're encondind the file pass.json charset as a binary, and this file must be a charset for text like this:
pass.json: application/json; charset=us-ascii
Check your how you are generating the package of .pkpass file because maybe you are zip or compress every file inside the package instead package all the required files.
Could you post more about code of how you are generating the .pkpass file?
I am hosting a small fileserver, where users can upload documents from all around the world.
Due to problems in encoding (see otherquestion), I am asking myself if I should disallow users to upload (and on the other hand download) files not supported by CP1252 charset?
or otherwise; is it senseful to allow users upload documents with arabian or chinese letters in their filenames?
PS: they download the same file some time later (and it should have the same filename as uploaded)
You should be storing the files on disk using a randomly generated name, or let the file name be based on a hash of the file contents (good for deduplicating storage as well). You can save the original file name as meta data in a database together with all other meta data about the file (who uploaded it and things like that). Then you serve the file again using a PHP script which sets the original file name from the database in an HTTP header. This way you:
don't need to worry about file name sanitisation or duplication
file system encoding issues
storage duplication (if using a hash)
I am trying to diagnose a problem with an unsupported app. This app has encrypted it's .plist file (which hopefully contains the information that I need.) I have the file system of the device backed up and accessible but have not been able to gain access to this specific applications files. Does anyone have any tips on how I can try to go about this?
(Just to be clear, I do understand the difference between a binary and an xml .plist file. I suspect that this is a binary file that has been encrypted.)
If the file is truly encrypted, you will not decrypt is without finding the key.
Going off the assumption that the file is not actually encrypted, you should try to find what format and encoding it is. Do a hex dump of the file and look at the first few characters. Many file tropes have specific signatures there to identify their format and encoding.
I have a sqlite file(it may be either encrypted or non-encrypted) in Document Directory in an already created app, now in updated version i have to check it for decryption, if file is found encrypted then we will use it after decryption but it found non-encrypted then we will use it simply.
Is there any way to do it?
According to "The SQLite Database File Format",
every SQLite file starts with the bytes "SQLite format 3", followed by a nul termination.
Assuming that the encryption scrambles all bytes of the file, you can read the first 16
bytes and check if they match the above string.
But a simpler method is to just open the file with sqlite3_open() or one of the
related open calls. If that fails with the error code SQLITE_CORRUPT, you can assume
that the file was encrypted, so you decrypt it and open it again.
If you know what the encryption method is beforehand, you can try to find fingerprints of the method in order to detect if the file is encrypted or not. But there are encryption methods that are designed specifically to hide encryption into files that do not look encrypted.
This is the case of watermarking encryption embedded into images. You can open the images and they will look like any ordinary image file, but in fact there is encrypted information there.
I have a upload text file field, and with it I plan to save the file somewhere and then store the location of the file in a database. However, I want to make sure the file they uploaded is a .txt file, and not, say, an image file. I imagine this happens in the validation step. How does one validate such a thing? Also, how do you get the filename of the uploaded file? I could always just check if it said '.txt' but for future reference knowing how to validate without just the filename would be helpful.
Trying to validate the contents of a file based on the filename extension is opening the door for major hackerdom. It's trivial to change the extension and upload the file.
If you are on a Mac/Linux/Unix-based system the OS "file" command is the standard because it looks inside the file for key bytes that flag file types. http://en.wikipedia.org/wiki/File_(Unix) I'm not sure what's available for Windows, but this might help: Determine file type in Ruby
One way of doing it, the simple way really, would be to pass the file through an image loader, preferably one that handles multiple common formats, and see if it throws an error.
The other way is to manually check the file header for common image format headers. For example, .bmp files start with BM. Other formats have their own specific markings you can use.