- #Reset encrypted data approve this iphone password
- #Reset encrypted data approve this iphone Pc
- #Reset encrypted data approve this iphone windows
Security researchers Jean-Baptiste Bédrune and Jean Sigwald presented how I'd appreciate any thoughts or techniques I might have missed. I've tried all sorts of permutations with the information I've put down above but got nowhere. All I'm after here is a means to extract data (photos, contacts, etc.) from encrypted iTunes backups as I can unencrypted ones. This isn't about hacking apart the iPhone or anything like that. Bypassing or disabling the backup encryption is another matter entirely, and is not what I'm looking to do. It's not, and to my knowledge it hasn't been done. There's a lot of misleading stuff out there suggesting getting data from encrypted backups is easy. Also, within each backup there are "AuthSignature" and "AuthData" values in the ist file, although these appear to be rotated as each file gets incrementally backed up, suggested they're not that useful as a key, unless something really quite involved is being done. The same file also appears to contain asymmetric keys "RootPrivateKey" and "HostPrivateKey" (my reading suggests these might be PKCS #7-enveloped). The "\programdata\apple\Lockdown\ist" contains a PList with "DeviceCertificate", "HostCertificate", and "RootCertificate", all of which appear to be valid X509 certs. The "\appdata\Roaming\Apple Computer\iTunes\itunesprefs.xml" contains a PList with a "Keychain" dict entry in it.
#Reset encrypted data approve this iphone windows
I've listed paths below from a Windows machine but it's much of a muchness whichever OS we use. One can restore an encrypted backup to a different device, which suggests all information relevant to the decryption is present in the backup and iTunes configuration, and that anything solely on the device is irrelevant and replacable in this context. Perhaps it's one of the keys hard-coded into iTunes, or into the devices themselves.Īlthough Apple's comment above suggests the key is present on the device's keychain, I think this isn't that important. The IV is another matter, and it could be a few things. ( AES and the iTunes encrypt/decrypt process is symmetric.)
#Reset encrypted data approve this iphone password
However, given the reference to the iPhone keychain, I wonder whether the "backup password" might not be used as a password on an X509 certificate or symmetric private key, and that the certificate or private key itself might be used as the key. One might assume that the key is a manipulation of the "backup password" that users are prompted to enter by iTunes and passed to " AppleMobileBackup.exe", padded in a fashion dictated by CBC. That's a pretty good clue, and there's some good info here on Stackoverflow on iPhone AES/Rijndael interoperability suggesting a keysize of 128 and CBC mode may be used.Īside from any other obfuscation, a key and initialisation vector (IV)/salt are required. The key is stored securely in the iPhone keychain."
Files are encrypted using AES128 with a 256-bit key. The Apple "iPhone OS Enterprise Deployment Guide" states that "Device backups can be stored in encrypted format by selecting the Encrypt iPhoneīackup option in the device summary pane of iTunes. (If you're able to help, I don't care which language you use. I have no problems reading these files otherwise, and have built some robust C# libraries for doing so. This is easy when they are unencrypted, but not when they are encrypted, whether or not the password is known.Īs such, I'm trying to figure out the encryption scheme used on mddata and mdinfo files when encrypted.
You should see a lock next to your device's name and the date and time that the backup was created.I've been asked by a number of unfortunate iPhone users to help them restore data from their iTunes backups.
#Reset encrypted data approve this iphone Pc
On a Mac with macOS Mojave 10.14 or earlier, or on a PC with iTunes, from the menu bar at the top of the iTunes window, choose Edit > Preferences, then click the Devices tab.