Document how to decrypt and extract files from backups #104
Comments
|
Documentation won't help you much. You need a decrypter tool which could probably be built from seedvault's kotlin sources. However, I would consider such a tool a separate project. |
|
Also before someone undertakes this separate project: Consider the value of being able to decrypt backups off-device. What is encrypted are essentially binary blobs that the system extracts or gets from the apps. You will need further specialized tools to extract something meaningful from them and once you have that, you have an app specific data structure that again might require another specialized tool to get to the information you need. |
|
Wait this backup utility has absolutely no access to plain files from the application directories then? |
|
It interfaces with the AOSP backup API which essentially sends a byte stream for us to store. |
|
@SebiderSushi for that reason and the separate project one, I am inclined to close this ticket. WDYT? |
|
I feel like this could still be nice to have, just to verify the backup even. Since we do use the same basic format as 'adb backup', there could already be some existing tool to parse the decrypted data. We are also talking about backing up external storage, and if that's encrypted by the same mechanism decryption of that could be useful too. One could take the existing code here and put it into a small java/kotlin program, that way might be the fastest. Alternatively, if somebody does an alternate implementation, that could be good to have in general as well just to verify our crypto code (and catch any implementation / language bugs for example) I'd be inclined to just keep this open. |
@grote Anyhow i'd leave it up to you to decide whether this should better be tracked elsewhere. |
|
It looks like full backup data is just a tar file with the directory structure of the app's data dirs that were included in backup. I haven't verified this with a PoC, just got this impression from reading code. |
|
I have written a simple python script to decrypt the SeedVault backups. You can find it at seedvault_backup_parser. It currently does not decompress the tar archives of full app backups. I have mainly used it to modify the KV backups to import lots of wifi passwords. |
|
Awesome @tlambertz, great work! So the only thing left here is to add a link to that project in the README. |
|
For others who end up on this page (since it's highest ranked on google). The python tool tlambertz/seedvault_backup_parser#14 (comment) There is the golang based project https://github.com/jackwilsdon/seedvault-extractor which unfortunately misses the "storage" type, but works for the apps that are being backed up. |
I've updated seedvault_backup_parser (see this PR) to now support decrypting V1 backups. It also supports copying APKs and decrypting the storage files. Encryption shouldn't be hard to add. |
|
Relevant here: For some research I wrote a small class that is able to plaintext save an existing backup to normal files on the phone storage: grote@95f062e#diff-b4ee7d18e13c7b9851f48b655459dd8b1f815561b92eb414a5519ee004faa7ccR25 It depends on other classes in Seedvault, but all could be extracted into a standalone utility. In the future I might move related classes into a seedvault-core module which would make this easier without having to vendorize Seedvault classes. |
In some cases it can be necessary to access information from a backup, but restoring the backup to a device and using its corresponding app to access the information is not viable.
For example, a specific information might only be stored inside a backup because it has never been required outside of the context of the application or added just recently. At some point, the device storing the app & original copy of the information breaks and the data becomes inaccessible. Repairing the device or getting a new one to restore the backup and access the information again is either not possible/desired or the information is urgently needed and has to be acquired as soon as possible.
In such a case, a knowledgeable user could use a PC or other capable device to decrypt an existing backup and extract relevant files to manually recover the required piece of information.
The text was updated successfully, but these errors were encountered: