Decrypting .plist file that was encrypted on device? - ios

I am trying to diagnose a problem with an unsupported app. This app has encrypted it's .plist file (which hopefully contains the information that I need.) I have the file system of the device backed up and accessible but have not been able to gain access to this specific applications files. Does anyone have any tips on how I can try to go about this?
(Just to be clear, I do understand the difference between a binary and an xml .plist file. I suspect that this is a binary file that has been encrypted.)

If the file is truly encrypted, you will not decrypt is without finding the key.
Going off the assumption that the file is not actually encrypted, you should try to find what format and encoding it is. Do a hex dump of the file and look at the first few characters. Many file tropes have specific signatures there to identify their format and encoding.

Related

How to read itunes backup file (Manifest.db)

I'm trying to read and analysis iPhone backup files in Library/Application Support/MobileSync/Backup folder.
I use SQLite DB viewer to view the manifest.db:
Files TABLE structure
Files TABLE content
The filename is encrypted. And the file is blob type which I can't decide it's an image or text or documents.
How can I get the details of these backup? (Using Javascript would be best, or Swift).
The numbers and letters under fileID are the file names in the backup as in the folders with the manifest.db, and they correspond to the domain and relative path (duh). In iOS versions newer than 9.3.5, you can find the file itself in the folder named with the 1st 2 characters of the fileID. At the end of the relative path in the database it should have an extension. Use that as a hint to what program to use to open the file. Xcode for .plist etc. Ultimately it depends what you're looking for...
The blob in the blob column is a binary plist. You can parse it using a plist parser e.g. Property List Parsing
The blob appears to be base64 encoded, but I cannot figure out the type of the resulting binary blob. I've checked to see if it can be decrypted with openssl enc -aes-256-cbc -d decoded-string-as-binary-blob.datafile but I get back "bad magic." I've also tries all of the other AES encryption ciphers and block cipher modes, but no change. It could always be XOR'd with a value, but I haven't found an easy to test that theory.

Encrypt/Decrypt Plist

OK, so here's what I need :
I have a (rather big) binary .plist associated with my app, containing info that I wouldn't really like it if a user would access it and view the contents (as would normally happen with a regular un-encrypted plist file, binary-or-not).
I want to encrypt the .plist (using a pass)
Include the encrypted .plist in my app bundle
Decrypt the .plist at app launch
How would you go about it? Is there any built-in way to make it easier for me to achieve that?
P.S. I don't think it'll make much of a difference, but I'm interested in a working OSX solution, not an iOS one

how to know programmatically any file is encrypted or not ?- iPhone

I have a sqlite file(it may be either encrypted or non-encrypted) in Document Directory in an already created app, now in updated version i have to check it for decryption, if file is found encrypted then we will use it after decryption but it found non-encrypted then we will use it simply.
Is there any way to do it?
According to "The SQLite Database File Format",
every SQLite file starts with the bytes "SQLite format 3", followed by a nul termination.
Assuming that the encryption scrambles all bytes of the file, you can read the first 16
bytes and check if they match the above string.
But a simpler method is to just open the file with sqlite3_open() or one of the
related open calls. If that fails with the error code SQLITE_CORRUPT, you can assume
that the file was encrypted, so you decrypt it and open it again.
If you know what the encryption method is beforehand, you can try to find fingerprints of the method in order to detect if the file is encrypted or not. But there are encryption methods that are designed specifically to hide encryption into files that do not look encrypted.
This is the case of watermarking encryption embedded into images. You can open the images and they will look like any ordinary image file, but in fact there is encrypted information there.

A list of professionally-useful and safe file types?

I have a system where users can upload, well, anything really - and these files are available to other users.
I need to come up with a list of file types that are genuinely needed by professionals in different industries that are safe from hacking/viruses, etc.
.doc .docx .gif .jpg .jpeg .mpg .mpeg .mp3 .odt .odp .ods .pdf .ppt .pptx .tif .tiff .txt .xls .xlsx .wav
What other file types do you know of that are both useful and safe?
Clarification
Many of the comments and responses are asking for a clearer definition of 'safe from hacking/viruses' - I ask the question with precisely that level of detail because I don't have as sophisticated an understanding of file types and their risks as many of you do, and I would like guidance on 1) any file types that may keep my site more secure, and 2) if there are no 'safe' file types then any advice on how to move forward with a system that allows for flexible uploading and sharing of files.
If indeed any malicious file can be packaged as a seemingly-safe file, how can I protect my users?
No filetype is safe if the program you use to open it with is badly (or carelessly or evil-y) written.
You can't assume that all files with a given extension is safe from 'viruses'.
I can easily rename a malicious executable to .doc and 'hack' your system.
EDIT:
There is no (simple?) way to check whether a user-uploaded file is malicious or not.
The app that you're creating is no different than any other file sharing websites out there (Rapidshare, Megaupload, etc).
There is nothing stopping anyone to upload malicious files to those websites.
Safe files does not exists. The ordinary text file is safe? For example with content:
format c:
if some program can execute a content of the file... you get the idea.
So, here are not safe files - only restrictions to RUN code (programs). (And I understand if this answer does not like.) :)
For "useful" you'll need to ask your customers.
For safe, there's no such thing because a file extension is just a part of the file name that gives a suggestion of what type of file it is. It need not accurately represent the type, and is easily manipulated.
Rather than protecting based on file type. I would get a 3rd party to virus scan each file on upload. Reject those which are identified as positive.
The list is pretty endless! A quick search finds http://filext.com/alphalist.php?extstart=^A
Well you can include all data files and exlude all executable/script files.
One list of executable file extensions is here: http://pcsupport.about.com/od/tipstricks/a/execfileext.htm
you may look other sources to inprove coverage.
Edit: for second part of the question addressing sequrity-
It would be best to have bunch of anti malware software installed on the server to check each sumbission - they are designed for this specialized task, use them. Anyways no executable file is professionaly useful as long as people are not looking for crackware.

(rails) how to validate whether an uploaded .txt file is not, say, an image file?

I have a upload text file field, and with it I plan to save the file somewhere and then store the location of the file in a database. However, I want to make sure the file they uploaded is a .txt file, and not, say, an image file. I imagine this happens in the validation step. How does one validate such a thing? Also, how do you get the filename of the uploaded file? I could always just check if it said '.txt' but for future reference knowing how to validate without just the filename would be helpful.
Trying to validate the contents of a file based on the filename extension is opening the door for major hackerdom. It's trivial to change the extension and upload the file.
If you are on a Mac/Linux/Unix-based system the OS "file" command is the standard because it looks inside the file for key bytes that flag file types. http://en.wikipedia.org/wiki/File_(Unix) I'm not sure what's available for Windows, but this might help: Determine file type in Ruby
One way of doing it, the simple way really, would be to pass the file through an image loader, preferably one that handles multiple common formats, and see if it throws an error.
The other way is to manually check the file header for common image format headers. For example, .bmp files start with BM. Other formats have their own specific markings you can use.

Resources