The IV is another matter, and it could be a few things. ( AES and the iTunes encrypt/decrypt process is symmetric.) However, given the reference to the iPhone keychain, I wonder whether the "backup password" might not be used as a password on an X509 certificate or symmetric private key, and that the certificate or private key itself might be used as the key. One might assume that the key is a manipulation of the "backup password" that users are prompted to enter by iTunes and passed to " AppleMobileBackup.exe", padded in a fashion dictated by CBC.
That's a pretty good clue, and there's some good info here on Stackoverflow on iPhone AES/Rijndael interoperability suggesting a keysize of 128 and CBC mode may be used.Īside from any other obfuscation, a key and initialisation vector (IV)/salt are required. The key is stored securely in the iPhone keychain." Files are encrypted using AES128 with a 256-bit key. The Apple "iPhone OS Enterprise Deployment Guide" states that "Device backups can be stored in encrypted format by selecting the Encrypt iPhoneīackup option in the device summary pane of iTunes. (If you're able to help, I don't care which language you use.
I have no problems reading these files otherwise, and have built some robust C# libraries for doing so. This is easy when they are unencrypted, but not when they are encrypted, whether or not the password is known.Īs such, I'm trying to figure out the encryption scheme used on mddata and mdinfo files when encrypted.
I've been asked by a number of unfortunate iPhone users to help them restore data from their iTunes backups.
0 kommentar(er)
