[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN102750495A - System for cracking and restoring iPhone encrypted backup files - Google Patents

System for cracking and restoring iPhone encrypted backup files Download PDF

Info

Publication number
CN102750495A
CN102750495A CN2012101874051A CN201210187405A CN102750495A CN 102750495 A CN102750495 A CN 102750495A CN 2012101874051 A CN2012101874051 A CN 2012101874051A CN 201210187405 A CN201210187405 A CN 201210187405A CN 102750495 A CN102750495 A CN 102750495A
Authority
CN
China
Prior art keywords
module
file
backup file
cracking
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN2012101874051A
Other languages
Chinese (zh)
Inventor
金星
曹雪芬
孙波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Ruian Technology Co Ltd
Original Assignee
Beijing Ruian Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Ruian Technology Co Ltd filed Critical Beijing Ruian Technology Co Ltd
Priority to CN2012101874051A priority Critical patent/CN102750495A/en
Publication of CN102750495A publication Critical patent/CN102750495A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention provides a system for cracking and restoring iPhone encrypted backup files. The system comprises a graphical user interface (GUI) module, a password cracking module, a backup file restoring module and a keychain checking module. The GUI module is used for interactive operation between a user and a device; the password cracking module is connected with the GUI module and used for cracking encrypted files to obtain cracking passwords; the backup file restoring module receives the cracking passwords to restore encrypted backup files; and the keychain checking module receives the cracking passwords to check data stored in the keychain. According to the system for cracking and restoring encrypted backup files, the iPhone encrypted backup files are restored directly through the encrypted passwords, so that data in the iPhone are obtained, and the inside of existing mobile phone forensic systems can be integrated, and evidence obtaining and case detecting of office departments are facilitated.

Description

Cracking and restoring system of iPhone mobile phone cipher backup file
Technical field
The invention belongs to mobile device information security and forensic technologies field; Relate to a kind of file decryption and restoring system; Relate in particular to a kind of system that iPhone mobile phone cipher backup file is cracked and reduces; Can remedy the deficiency of existing mobile phone forensic technologies, be convenient to public office department and collect evidence and cracking of cases.
Background technology
At present, along with the development that strides greatly of the domestic and international communication technology, mobile devices such as mobile phone are constantly weeded out the old and bring forth the new, and kind is more and more, function from strength to strength, people are also more and more stronger to the dependence of these mobile devices.Wherein mobile phone is the most outstanding for this, becomes a kind of personal data management equipment gradually.But mobile phone is when the life of giving people brings convenience, and the case that relates to cellphone information is also in continuous increase.For the personnel in charge of the case, the data in suspect's mobile phone provide important case clue probably, therefore, have produced the equipment and the system of many mobile phone evidence obtainings.
But the appearance of iPhone smart mobile phone because it can back up encryption to the data in the mobile phone, makes present mobile phone evidence obtaining equipment can't extract the data in the iPhone mobile phone normally.The backup file of iPhone mobile phone is encrypted through using iTunes software on computers, and the backup file after the encryption can be kept in the computer according to unique path.In case the iPhone mobile phone has carried out the encrypted backup operation, the mobile phone evidence-obtaining system can't extract the data in the mobile phone, and reason is that the form of file is modified to encryption format, and the mobile phone evidence-obtaining system can't be handled and resolve file.
Summary of the invention
The objective of the invention is to the problem that exists in the above-mentioned existing mobile phone forensic technologies; A kind of cracking and restoring system to iPhone mobile phone cipher backup file is provided; Directly reduce iPhone mobile phone cipher backup file through decryption; Thereby the data in the acquisition mobile phone are to remedy the deficiency of existing mobile phone forensic technologies.
For achieving the above object, the present invention adopts following technical scheme:
Cracking and restoring system of a kind of iPhone mobile phone cipher backup file comprises GUI module, password cracking module, reduction backup file module and checks the keychain module;
Said GUI module is a graphic user interface, is used for the interactive operation of user and equipment;
The said GUI module of said password cracking module relation is used for encrypt file is cracked, and obtains decryption;
Said reduction backup file module receives said decryption from the password cracking module, and the encrypted backup file is reduced and exports according to the original route of going back of user preset;
The said keychain of checking module receives said decryption from the password cracking module, checks the data that leave among the keychain, and feeds back to said GUI module.
Further, comprise through the user of said GUI module realization and the interactive operation of equipment:
The storage path of encrypted backup file is provided for said password cracking module; The original route of going back of encrypted backup file is set; Reception is from the data of said password cracking module, said reduction backup file module and the said keychain of checking module and show.
Further, said password cracking module is utilized Brute Force technology, and the encrypt file of iPhone mobile phone is cracked.
Further; Said reduction backup file module is carried out SHA1 to the raw filename in the manifest.mbdb file in the backup file folder and is calculated; The filename after the calculating and the filename of encryption format are compared; After finding the file of coupling, the filename of encryption format is revised as raw filename.
Further; Said password cracking module adopts the Brute Force method to crack, and detailed process is: a record that will crack in the dictionary is designated as Passcode, and this Passcode obtains Passcode key through the PBKDF2 decipherment algorithm; Passcode key and class key ciphertext obtain the plaintext of class key through AES Unwrap decipherment algorithm; In AES Unwrap decrypting process, carry out integrity checking, if check that successfully then said Passcode is decryption.
Further; Said reduction backup file module cracks file content through following method: at first will obtain Passcode key through the PBKDF2 decipherment algorithm by the password Passcode that the password cracking module obtains; Obtain class key through AES Unwrap decipherment algorithm again, the AES key ciphertext in AES Unwrap decipherment algorithm deciphering manifest.mbdb file obtains AES key expressly again; Expressly obtain the original contents of file at last through AES key.
Further, the data among the said Keychain comprise: password, private key, digital certificates and encryption notes.
The objective of the invention is to the problem that exists in the above-mentioned existing mobile phone forensic technologies; A kind of cracking and restoring system to iPhone mobile phone cipher backup file is provided; Directly reduce iPhone mobile phone cipher backup file through decryption, thereby obtain the data in the mobile phone, it is inner to be integrated in existing mobile phone evidence-obtaining system; As a subsystem, be convenient to public office department and collect evidence and cracking of cases.
Description of drawings
Fig. 1 cracks and the composition structural representation of restoring system for the iPhone mobile phone cipher backup file of the embodiment of the invention.
The workflow diagram of Fig. 2 in the embodiment of the invention iPhone mobile phone cipher backup file being cracked and reduces.
Fig. 3 is the principle of work synoptic diagram of reduction backup file module among Fig. 1.
Embodiment
Through specific embodiment and conjunction with figs., the present invention is done detailed explanation below.
The backup file of iPhone mobile phone is encrypted through using iTunes software on computers, and the backup file after the encryption can be kept in the computer according to unique path.In case the iPhone mobile phone has carried out the encrypted backup operation, the mobile phone evidence-obtaining system can't extract the data in the mobile phone, and reason is that the form of file is modified to encryption format, and the mobile phone evidence-obtaining system can't be handled and resolve file.
Fig. 1 cracks and the composition structural representation of restoring system for the iPhone mobile phone cipher backup file of present embodiment.As shown in the drawing, this system comprises: the GUI module is used for interactive operation between computer, user and the module; The password cracking module is used to obtain encrypted backup file password; Reduction backup file module is used to reduce source document; Check the keychain module, be used for showing the data of iPhone cell phone password management holder.In four modules, password cracking module, reduction backup file module and check related successively (connection) the GUI module of keychain module, in addition, reduction backup file module with check keychain module difference association (connection) password cracking module.
Fig. 2 is for using the workflow diagram that system shown in Figure 1 cracks and reduces iPhone mobile phone cipher backup file.Specify as follows:
1) after the entering system, the user selects the store path of backup file in computer through the GUI module.Can provide one to store the path.
2) operation password cracking module, system's active attack encrypt file cracks encrypt file.
This module is utilized the Brute Force technology, obtains the password of the encrypted backup file of iPhone mobile phone automatically fast.This module can only crack the encrypted backup file of iPhone mobile phone, can't crack the encrypt file of other mobile device, and is because this module has adopted the specially designed crack method of the present invention, specific as follows:
(RFC 2898 through PBKDF2 at first will to crack a record (being called Passcode) in the dictionary; Referring to www.ietf.org/rfc/rfc2898.txt) decipherment algorithm (required parameter is stored in the manifest.plist file of backup file) obtains Passcode key; (RFC 3394 through AES Unwrap for Passcode key and class key ciphertext (being stored in the manifest.plist file); Referring to www.ietf.org/rfc/rfc3394.txt) decipherment algorithm obtains the plaintext of class key; In AES Unwrap decrypting process; Carry out integrity checking, if check successfully (method of judging success or not sees www.ietf.org/rfc/rfc3394.txt for details), then said Passcode is final password.If inspection is unsuccessful, then next bar record is repeated aforesaid operations, until checking success and obtaining decryption.
The password cracking module can be given the GUI module with the password transmission that generates, directly to be shown to the user; Also give reduction backup file module on the other hand with password transmission.
3) reduction backup file module receives the password that is generated by the password cracking module, and the file of encryption format is reduced to original file layout and generates backup file according to specified path.
Can directly browse multimedia files such as picture in the mobile phone, video, audio frequency through this module.Also original route can be provided with through the GUI module.
Fig. 3 is the principle of work synoptic diagram of reduction backup file module in the said system.The prerequisite of reduction backup file is the initial password (password that promptly uses the password cracking module to obtain) that has obtained backup file, when reduction, make the operation of two aspects: to the modification of filename and cracking file content.
On the one hand; After the operation reduction backup file module; This module is carried out SHA1 to the raw filename in the manifest.mbdb file in the backup file folder automatically and is calculated (referring to www.ietf.org/rfc/rfc3174.txt); The filename after the calculating and the filename of encryption format are compared, find the file of coupling after, the filename of encryption format is revised as raw filename.On the other hand, the file of this module meeting active attack encryption format is deciphered the content of encryption format file, obtains the content of original.In conjunction with above-mentioned two aspects, the original that finally can regain one's integrity.
Wherein, to file content to crack process following:
(RFC 2898 through PBKDF2 for the password Passcode that at first the password cracking module is obtained; Referring to www.ietf.org/rfc/rfc2898.txt) decipherment algorithm obtains Passcode key; (RFC 3394 through AES Unwrap with Passcode Key again; Referring to www.ietf.org/rfc/rfc3394.txt) decipherment algorithm obtains class key (expressly); At last the AES key ciphertext of classkey in AES Unwrap (RFC 3394) decipherment algorithm deciphering manifest.mbdb file obtained the plaintext of AESkey, AES key is last key.
Content in the backup file is encrypted original contents exactly and is obtained ciphertext through AES key, need only the original contents that ciphertext can be obtained file through key A ES key deciphering during reduction.
What must explain is that cracking of file content is different with the password cracking of password cracking module.The password cracking of password cracking module is that the keying sequence in the dictionary is deciphered the keybag in the manifest.plist file in the backup file, if successful decryption has then been accomplished password cracking.This is different processes with the password cracking of above-mentioned file content.
4) after backup file generates, check that the keychain module can demonstrate the multiple private data among the password management system keychain of iPhone mobile phone, and feed back to the GUI module, be shown to the user.
Keychain is the password management system among the MAC OS of Apple.A key can comprise polytype data: password (comprising that website, SSH account, network are shared, wireless network, group mail, encryption disk image etc.), private key, digital certificates and encryption notes etc.Therefore preserved many accounts informations among the keychain, therefore be provided with and check that the keychain function obtains more mobile phone internal data to the user.
What check the realization of Keychain module is the parsing of keychain file.In the file recovery module; Keychain file (keychain-backup.plist) has been decrypted into normal file (but some data wherein remain superencipher) from encrypt file, and this module is exactly to parse the encrypting user private data of preserving in this document on this basis.
The reduction process of Keychain file is with reference to the file recovery module, and its resolving is specially: class key that the password cracking module obtains and the encryption AES key in the keychain-backup.plist file calculate the plaintext of AES key through AES Unwrap algorithm (rfc3394); Through the enciphered data among the AES key deciphering keychain-backup.plist, decipherment algorithm is AES CBC then.So just obtained Keychain.
Above embodiment is only in order to technical scheme of the present invention to be described but not limit it; Those of ordinary skill in the art can make amendment or is equal to replacement technical scheme of the present invention; And not breaking away from the spirit and the scope of technical scheme of the present invention, protection scope of the present invention should be as the criterion so that claim is said.

Claims (8)

1. cracking and restoring system of an iPhone mobile phone cipher backup file comprises GUI module, password cracking module, reduction backup file module and checks the keychain module;
Said GUI module is a graphic user interface, is used for the interactive operation of user and equipment;
The said GUI module of said password cracking module relation is used for the encrypted backup file is cracked, and obtains decryption;
Said reduction backup file module receives said decryption, and the encrypted backup file is reduced and exports according to the original route of going back of user preset;
The said keychain of checking module receives said decryption, checks the data that leave among the keychain, and feeds back to said GUI module.
2. the system of claim 1 is characterized in that, said GUI module is the storage path that said password cracking module provides the encrypted backup file.
3. the system of claim 1 is characterized in that, said GUI module is the original route of going back that said reduction backup file module provides the encrypted backup file.
4. the system of claim 1 is characterized in that, said GUI module receives from the data of said password cracking module, said reduction backup file module and the said keychain of checking module and shows.
5. the system of claim 1 is characterized in that, said password cracking module adopts the Brute Force method to crack, and detailed process is:
A record that cracks in the dictionary is designated as Passcode; This Passcode obtains Passcode key through the PBKDF2 decipherment algorithm; Passcode key and class key ciphertext obtain the plaintext of class key through AES Unwrap decipherment algorithm; In the AESUnwrap decrypting process, carry out integrity checking, if check that successfully then said Passcode is decryption.
6. the system of claim 1; It is characterized in that; Said reduction backup file module is carried out SHA1 to the raw filename in the manifest.mbdb file in the backup file folder and is calculated; The filename after the calculating and the filename of encryption format are compared, find the file of coupling after, the filename of encryption format is revised as raw filename.
7. the system of claim 1 is characterized in that, said reduction backup file module cracks file content through following method:
At first will obtain Passcode key through the PBKDF2 decipherment algorithm by the password Passcode that the password cracking module obtains; Obtain class key through AES Unwrap decipherment algorithm again, the AES key ciphertext in AES Unwrap decipherment algorithm deciphering manifest.mbdb file obtains AES key expressly again; Expressly obtain the original contents of file at last through AES key.
8. the system of claim 1 is characterized in that, the data among the said Keychain comprise: password, private key, digital certificates and encryption notes.
CN2012101874051A 2012-06-07 2012-06-07 System for cracking and restoring iPhone encrypted backup files Pending CN102750495A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2012101874051A CN102750495A (en) 2012-06-07 2012-06-07 System for cracking and restoring iPhone encrypted backup files

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2012101874051A CN102750495A (en) 2012-06-07 2012-06-07 System for cracking and restoring iPhone encrypted backup files

Publications (1)

Publication Number Publication Date
CN102750495A true CN102750495A (en) 2012-10-24

Family

ID=47030667

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2012101874051A Pending CN102750495A (en) 2012-06-07 2012-06-07 System for cracking and restoring iPhone encrypted backup files

Country Status (1)

Country Link
CN (1) CN102750495A (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104142830A (en) * 2014-08-11 2014-11-12 四川效率源信息安全技术有限责任公司 Method and device for extracting application data of smart phone by script plug-in technology
CN104869170A (en) * 2015-05-29 2015-08-26 四川效率源信息安全技术有限责任公司 Decryption method for encrypted data file of UC browser
CN105740390A (en) * 2016-01-27 2016-07-06 四川秘无痕信息安全技术有限责任公司 Plist format data reversal extraction method
WO2018090508A1 (en) * 2016-11-15 2018-05-24 平安科技(深圳)有限公司 Keychain-based data management method, terminal and device, and computer readable storage medium
CN109344633A (en) * 2018-09-28 2019-02-15 山东超越数控电子股份有限公司 A kind of software decryption method based on mixed logic processor platform
CN110543772A (en) * 2019-08-23 2019-12-06 厦门市美亚柏科信息股份有限公司 Offline decryption method and device
CN111737057A (en) * 2020-06-24 2020-10-02 深圳软牛科技有限公司 APFS file system data recovery method and device and electronic equipment
CN112241524A (en) * 2019-07-16 2021-01-19 深圳软牛科技有限公司 iOS device account password importing method and system
CN112306563A (en) * 2020-11-03 2021-02-02 深圳软牛科技有限公司 Method, device, equipment and storage medium for resetting IOS screen use time password

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1694394A (en) * 2005-04-14 2005-11-09 上海交通大学 Deciphering method for file password
CN1700180A (en) * 2005-04-14 2005-11-23 上海交通大学 Data file restoration and password cracking system
KR20100072034A (en) * 2007-09-18 2010-06-29 콸콤 인코포레이티드 Method and apparatus for creating a remotely activated secure backup service for mobile handsets
CN102088352A (en) * 2009-12-08 2011-06-08 北京大学 Data encryption transmission method and system for message-oriented middleware
CN102368850A (en) * 2011-10-13 2012-03-07 福州博远无线网络科技有限公司 Method for carrying out encryption and decryption on video file on mobile phone

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1694394A (en) * 2005-04-14 2005-11-09 上海交通大学 Deciphering method for file password
CN1700180A (en) * 2005-04-14 2005-11-23 上海交通大学 Data file restoration and password cracking system
KR20100072034A (en) * 2007-09-18 2010-06-29 콸콤 인코포레이티드 Method and apparatus for creating a remotely activated secure backup service for mobile handsets
CN102088352A (en) * 2009-12-08 2011-06-08 北京大学 Data encryption transmission method and system for message-oriented middleware
CN102368850A (en) * 2011-10-13 2012-03-07 福州博远无线网络科技有限公司 Method for carrying out encryption and decryption on video file on mobile phone

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104142830A (en) * 2014-08-11 2014-11-12 四川效率源信息安全技术有限责任公司 Method and device for extracting application data of smart phone by script plug-in technology
CN104142830B (en) * 2014-08-11 2017-06-06 四川效率源信息安全技术股份有限公司 The method and apparatus that smart mobile phone application data is extracted by script plug-in part technology
CN104869170A (en) * 2015-05-29 2015-08-26 四川效率源信息安全技术有限责任公司 Decryption method for encrypted data file of UC browser
CN104869170B (en) * 2015-05-29 2018-11-13 四川效率源信息安全技术股份有限公司 For the decryption method of UC browser data file encryptions
CN105740390A (en) * 2016-01-27 2016-07-06 四川秘无痕信息安全技术有限责任公司 Plist format data reversal extraction method
WO2018090508A1 (en) * 2016-11-15 2018-05-24 平安科技(深圳)有限公司 Keychain-based data management method, terminal and device, and computer readable storage medium
CN109344633A (en) * 2018-09-28 2019-02-15 山东超越数控电子股份有限公司 A kind of software decryption method based on mixed logic processor platform
CN112241524A (en) * 2019-07-16 2021-01-19 深圳软牛科技有限公司 iOS device account password importing method and system
CN110543772A (en) * 2019-08-23 2019-12-06 厦门市美亚柏科信息股份有限公司 Offline decryption method and device
CN111737057A (en) * 2020-06-24 2020-10-02 深圳软牛科技有限公司 APFS file system data recovery method and device and electronic equipment
CN111737057B (en) * 2020-06-24 2024-09-17 深圳软牛科技集团股份有限公司 APFS file system data recovery method and device and electronic equipment
CN112306563A (en) * 2020-11-03 2021-02-02 深圳软牛科技有限公司 Method, device, equipment and storage medium for resetting IOS screen use time password
CN112306563B (en) * 2020-11-03 2023-11-17 深圳软牛科技有限公司 Method, device, equipment and storage medium for resetting IOS screen using time password

Similar Documents

Publication Publication Date Title
CN102750495A (en) System for cracking and restoring iPhone encrypted backup files
CN110086612B (en) Block chain public and private key backup and lost recovery method and system
US8457308B2 (en) Communication system and method for protecting messages between two mobile phones
CN103023635B (en) A kind of method of information back-up and device
CN107086915B (en) Data transmission method, data sending end and data receiving end
US20120311327A1 (en) Data crypto method for data de-duplication and system thereof
GB2538052A (en) Encoder, decoder, encryption system, encryption key wallet and method
CN1773994A (en) Method for realizing data safety storing business
CN112055022A (en) High-efficiency and high-security network file transmission double encryption method
CN102340455A (en) Transmission method of E-mail encrypted by fingerprint data and receiving method thereof
CN106357678A (en) Cloud encryption storage method for intelligent terminal and intelligent terminal
CN102231181B (en) Computer system used for file encryption and file encryption method
CN103166757A (en) Method and system capable of dynamically protecting user private data
US9332405B2 (en) Short message backup method, mobile terminal, and server
CN101957894B (en) Conditional e-file authority controlling and managing system and method
CN101795315A (en) System and method for encrypting short messages by using mobile phone terminal
CN104601820A (en) Mobile terminal information protection method based on TF password card
CN111541652B (en) System for improving security of secret information keeping and transmission
JPH1020779A (en) Key changing method in open key cipher system
CN102053926A (en) Storage device and data security control method thereof
CN114257562B (en) Instant messaging method, device, electronic equipment and computer readable storage medium
CN102523563B (en) Multimedia messaging service (MMS) encrypting method based on identity-based cryptograph (IBC) technology
US20150046565A1 (en) System and method for archiving messages
CN102118311A (en) Data transmission method
CN102883039A (en) Method for encrypting multimedia private diary of mobile phone

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20121024