blackteay/kobackupdec
1
0
Fork 0
mirror of https://github.com/RealityNet/kobackupdec.git synced 2025-04-05 19:41:38 +08:00
Code Issues Projects Releases Wiki Activity

version 2020test

Browse Source
This commit is contained in:
dfirfpi 2020-01-07 20:02:52 +01:00
parent 83c3a07ca9
commit 0277282052
No known key found for this signature in database
GPG Key ID: EC61291E5446B028
2 changed files with 525 additions and 226 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@ -5,6 +5,10 @@ _This script is introduced by the blog post at https://blog.digital-forensics.it
The `kobackupdec` is a Python3 script aimed to decrypt Huawei *HiSuite* or *KoBackup* (the Android app) backups. When decrypting and uncompressing the archives, it will re-organize the output folders structure trying to _mimic_ the typical Android one. The script will work both on Windows and Linux hosts, provided the PyCryptoDome dependency.
## Update 20100107
The script was rewritten to handle v9 and v10 kobackup backups structures.
## Usage
The script *assumes* that backups are encrypted with a user-provided password. Actually it does not support the HiSuite _self_ generated password, when the user does not provide its own.
@ -25,7 +29,7 @@ optional arguments:
```
- `password`, is the user provided password.
- `backup_path`, is the folder containing the Huawei backup, relative or absolute paths can be used. **Be careful** to provide the strictest path to data, because the script will start enumerating all files and folders starting from the provided path, parsing the file types it expects to find and copying out all the others. If by chance you wrongly provide *c:\\* as the backup path, well, expect to get a full volume copy in the destination folder (ignoring errors).
- `backup_path`, is the folder containing the Huawei backup, relative or absolute paths can be used.
- `dest_path`, is the folder to be created in the specified path, absolute or relative. It will complain if the provided folder already exists.
- `[-v]` (from `-v` to `-vvv`) verbosity level, written on *stderr*. It's suggested to use *-vvv* with a redirect to get a log of the process.

745
kobackupdec.py
View File

@ -4,9 +4,11 @@
# Huawei KoBackup backups decryptor.
#
# Version History
# - 2020test: rewritten to handle v9 and v10 backups
# - 20200107: merged pull by @lp4n6, fixed current version
# - 20191113: fixed double folder creation error
# - 20190729: first public release
# - 20190729: first public release
#
# Released under MIT License
#
@ -34,6 +36,7 @@
import argparse
import binascii
import enum
import io
import logging
import os
@ -49,7 +52,7 @@ from Crypto.Hash import HMAC
from Crypto.Protocol.KDF import PBKDF2
from Crypto.Util import Counter
VERSION = '20200107'
VERSION = '2020test'
# Disabling check on doc strings and naming convention.
# pylint: disable=C0111,C0103
@ -63,7 +66,9 @@ class DecryptMaterial:
self._name = None
self._encMsgV3 = None
self._iv = None
self._filepath = None
self._path = None
self._records_num = None
self._copy_file_path = None
@property
def type_name(self):
@ -80,6 +85,14 @@ class DecryptMaterial:
else:
logging.error('empty entry name!')
@property
def records_num(self):
return self._records_num
@records_num.setter
def records_num(self, value_string):
self._records_num = value_string
@property
def encMsgV3(self):
return self._encMsgV3
@ -102,14 +115,22 @@ class DecryptMaterial:
if len(self._iv) != 16:
logging.error('iv should be 16 bytes long!')
@property
def copy_file_path(self):
return self._copy_file_path
@copy_file_path.setter
def copy_file_path(self, value_string):
self._copy_file_path = value_string
@property
def path(self):
return self._filepath
return self._path
@path.setter
def path(self, value_string):
if value_string:
self._filepath = value_string
self._path = value_string
else:
logging.error('empty file path!')
@ -118,14 +139,29 @@ class DecryptMaterial:
return True
return False
def dump(self):
dump = 'NAME: {}, TYPE: {}, '.format(self._name, self._type_name)
if self._path:
dump += 'PATH: {}, '.format(self._path)
if self._copy_file_path:
dump += 'COPY_FILEPATH: {}, '.format(self._copy_file_path)
if self._records_num:
dump += 'RECORDS_NUM: {}'.format(self._records_num)
# Not reported: self._encMsgV3, self._iv
dump += '\n'
return dump
# --- Decryptor ---------------------------------------------------------------
class Decryptor:
'''It provides algo and key derivations to decrypt files.'''
count = 5000
dklen = 32
def __init__(self, password):
'''Initialize the object by setting a password.'''
self._upwd = password
self._good = False
self._e_perbackupkey = None
@ -139,6 +175,10 @@ class Decryptor:
def good(self):
return self._good
@property
def password(self):
return self._upwd
@property
def e_perbackupkey(self):
return self._e_perbackupkey
@ -275,23 +315,200 @@ class Decryptor:
self._bkey_sha256, mode=AES.MODE_CTR, counter=counter_obj)
return decryptor.decrypt(data)
# --- info.xml ----------------------------------------------------------------
# --- DecryptInfo -------------------------------------------------------------
class DecryptInfo:
'''It provides the information and keys to decrypt files.'''
class info_type(enum.Enum):
FILE = 1
MEDIA = 2
MULTIMEDIA = 3
SYSTEM_DATA = 4
SYSTEM_DATA_FOLDER = 5
def __init__(self):
self._decryptor = None
self._file_info = {}
self._media_info = {}
self._multimedia_file = {}
self._system_data_info = {}
self._system_data_folder_info = {}
def search_decrypt_material(self, key):
assert key
decrypt_material = None
if key in self._file_info:
decrypt_material = self._file_info[key]
elif key in self._media_info:
decrypt_material = self._media_info[key]
elif key in self._multimedia_file:
decrypt_material = self._multimedia_file[key]
elif key in self._system_data_info:
decrypt_material = self._system_data_info[key]
elif key in self._system_data_folder_info:
decrypt_material = self._system_data_folder_info[key]
else:
pass
return decrypt_material
def get_decrypt_material(self, key, di_type, search=False):
assert key
assert isinstance(di_type, DecryptInfo.info_type)
decrypt_material = None
logging.debug('searching key [%s] of %s', key, di_type)
if di_type is DecryptInfo.info_type.FILE:
if key in self._file_info:
decrypt_material = self._file_info[key]
elif di_type is DecryptInfo.info_type.MEDIA:
if key in self._media_info:
decrypt_material = self._media_info[key]
elif di_type is DecryptInfo.info_type.MULTIMEDIA:
if key in self._multimedia_file:
decrypt_material = self._multimedia_file[key]
elif di_type is DecryptInfo.info_type.SYSTEM_DATA:
if key in self._system_data_info:
decrypt_material = self._system_data_info[key]
elif di_type is DecryptInfo.info_type.SYSTEM_DATA_FOLDER:
if key in self._system_data_folder_info:
decrypt_material = self._system_data_folder_info[key]
else:
logging.critical('Unknown decrypt info type %s', di_type)
return None
if decrypt_material is None:
if search is True:
logging.debug('unable to get [%s], trying on all types', key)
decrypt_material = self.search_decrypt_material(key)
if decrypt_material is None:
logging.debug('unable to get [%s] in decrypt material!', key)
else:
logging.debug('decrypt info [%s] found', key)
return decrypt_material
@property
def decryptor(self):
return self._decryptor
@decryptor.setter
def decryptor(self, new_decryptor):
assert new_decryptor
new_decryptor.crypto_init()
if not new_decryptor.good:
logging.warning('Setting a new decryptor which is not working!')
self._decryptor = new_decryptor
@property
def has_media(self):
'''Checks if media categories decryption info is provided.'''
return bool(self._media_info)
def add_file_info(self, decrypt_material):
'''Add the decryption material for a BackupFileModuleInfo entry to the
proper internal object.
'''
assert decrypt_material.type_name == 'BackupFileModuleInfo'
if decrypt_material.name in self._file_info:
logging.error('Duplicate file info, cannot insert %s',
decrypt_material.name)
return
self._file_info[decrypt_material.name] = decrypt_material
def add_media_info(self, decrypt_material):
'''Add the decryption material for a BackupFileModuleInfo_Media
entry to the proper internal object.
'''
assert decrypt_material.type_name == 'BackupFileModuleInfo_Media'
if decrypt_material.name in self._file_info:
logging.error('Duplicate media info, cannot insert %s',
decrypt_material.name)
return
self._media_info[decrypt_material.name] = decrypt_material
def add_multimedia_file(self, decrypt_material):
'''Add the decryption material for a multimedia file
entry to the proper internal object.
'''
assert decrypt_material.type_name == 'Multimedia'
if decrypt_material.path in self._multimedia_file:
logging.error('Duplicate multimedia file path, cannot insert %s',
decrypt_material.path)
return
# Note path is used for the key, not name.
self._multimedia_file[decrypt_material.path] = decrypt_material
def add_system_data_info(self, decrypt_material):
'''Add the decryption material for a BackupFileModuleInfo_SystemData
entry to the proper internal object. It handles the scenario where
the entry is related to folders, double copying the material.
'''
assert decrypt_material.type_name == 'BackupFileModuleInfo_SystemData'
name = decrypt_material.name
if name in self._system_data_info:
logging.error('Duplicated system data info, cannot insert %s',
decrypt_material.name)
return
self._system_data_info[decrypt_material.name] = decrypt_material
copyfilepath = decrypt_material.copy_file_path
if copyfilepath and copyfilepath.startswith('/'):
if copyfilepath in self._system_data_folder_info:
logging.error('Duplicated system data folder info, cannot '
'insert %s', copyfilepath)
else:
self._system_data_folder_info[copyfilepath] = decrypt_material
def dump(self):
dump = 'DecryptInfo dump ---\n'
dump += 'password:{}, '.format(self._decryptor.password)
dump += 'good:{}, '.format(self._decryptor.good)
dump += 'has media:{}, '.format(self.has_media)
dump += 'file info:{}, '.format(len(self._file_info))
dump += 'media info:{}, '.format(len(self._media_info))
dump += 'multimedia file:{}, '.format(len(self._multimedia_file))
dump += 'system data info:{}, '.format(len(self._system_data_info))
dump += 'system folder data info:{}\n'.format(len(
self._system_data_folder_info))
dump += 'DUMPING FILE INFO ITEMS\n'
for _, ev in self._file_info.items():
dump += ev.dump()
dump += 'DUMPING MEDIA INFO ITEMS\n'
for _, ev in self._media_info.items():
dump += ev.dump()
dump += 'DUMPING MULTIMEDIA FILE ITEMS\n'
for _, ev in self._multimedia_file.items():
dump += ev.dump()
dump += 'DUMPING SYSTEM DATA INFO ITEMS\n'
for _, ev in self._system_data_info.items():
dump += ev.dump()
dump += 'DUMPING SYSTEM DATA FOLDER INFO ITEMS\n'
for _, ev in self._system_data_folder_info.items():
dump += ev.dump()
return dump
# --- xml_get_column_value ----------------------------------------------------
def xml_get_column_value(xml_node):
'''Helper to get xml 'column' value.'''
child = xml_node.firstChild
if child.tagName != 'value':
logging.warning('xml_get_column_value: entry has no values!')
return None
column_value = None
try:
if child.tagName == 'value':
if child.hasAttribute('String'):
column_value = str(child.getAttribute('String'))
elif child.hasAttribute('Integer'):
column_value = int(child.getAttribute('Integer'))
elif child.hasAttribute('Null'):
column_value = None
else:
logging.warning('xml column value: unknown value attribute.')
else:
logging.warning('xml_get_column_value: entry has no values!')
except:
logging.warning('*exception*, xml_get_column_value, child: %s', child)
if child.hasAttribute('Null'):
return None
if child.hasAttribute('String'):
return str(child.getAttribute('String'))
if child.hasAttribute('Integer'):
return int(child.getAttribute('Integer'))
return column_value
logging.warning('xml_get_column_value: unknown value attribute.')
return None
# --- parse_backup_files_type_info --------------------------------------------
def parse_backup_files_type_info(decryptor, xml_entry):
for entry in xml_entry.getElementsByTagName('column'):
@ -304,10 +521,8 @@ def parse_backup_files_type_info(decryptor, xml_entry):
decryptor.type_attch = xml_get_column_value(entry)
elif name == 'checkMsg':
decryptor.checkMsg = xml_get_column_value(entry)
return decryptor
def ignore_entry(xml_entry):
logging.debug('ignoring entry %s', xml_entry.getAttribute('table'))
# --- parse_backup_file_module_info -------------------------------------------
def parse_backup_file_module_info(xml_entry):
decm = DecryptMaterial(xml_entry.getAttribute('table'))
@ -315,27 +530,26 @@ def parse_backup_file_module_info(xml_entry):
tag_name = entry.getAttribute('name')
if tag_name == 'encMsgV3':
decm.encMsgV3 = xml_get_column_value(entry)
elif tag_name == 'checkMsgV3':
#TBR: reverse this double sized checkMsgV3.
pass
elif tag_name == 'name':
decm.name = xml_get_column_value(entry)
elif tag_name == 'copyFilePath':
decm.copy_file_path = xml_get_column_value(entry)
elif tag_name == 'checkMsgV3':
# [TBR][TODO] Reverse this double sized checkMsgV3.
pass
if decm.do_check() is False:
decm = None
logging.warning('Decryption material checks failed for %s, type %s',
decm.name, decm.type_name)
return decm
info_xml_callbacks = {
'HeaderInfo' : ignore_entry,
'BackupFilePhoneInfo' : ignore_entry,
'BackupFileVersionInfo' : ignore_entry,
'BackupFileModuleInfo' : parse_backup_file_module_info,
'BackupFileModuleInfo_Contact' : parse_backup_file_module_info,
'BackupFileModuleInfo_Media' : parse_backup_file_module_info,
'BackupFileModuleInfo_SystemData' : parse_backup_file_module_info
}
# --- parse_info_xml ----------------------------------------------------------
def parse_info_xml(filepath, decryptor, decrypt_material_dict):
def parse_info_xml(filepath, password):
'''Parses the info.xml backup file.
Creates and returns a DecryptInfo object.
'''
logging.info('Parsing file %s', filepath.absolute())
info_dom = None
with filepath.open('r', encoding='utf-8') as info_xml:
info_dom = xml.dom.minidom.parse(info_xml)
@ -343,48 +557,65 @@ def parse_info_xml(filepath, decryptor, decrypt_material_dict):
if info_dom.firstChild.tagName != 'info.xml':
logging.error('First tag should be \'info.xml\', not %s',
info_dom.firstChild.tagName)
return None, None
return None
parent = filepath.parent
dec_info = DecryptInfo()
for entry in info_dom.getElementsByTagName('row'):
title = entry.getAttribute('table')
if title == 'BackupFilesTypeInfo':
decryptor = parse_backup_files_type_info(decryptor, entry)
if title == 'BackupFileModuleInfo':
dec_info.add_file_info(parse_backup_file_module_info(entry))
elif title == 'BackupFileModuleInfo_SystemData':
dec_info.add_system_data_info(parse_backup_file_module_info(entry))
elif title == 'BackupFileModuleInfo_Media':
dec_info.add_media_info(parse_backup_file_module_info(entry))
elif title == 'BackupFilesTypeInfo':
logging.debug('Parsing BackupFilesTypeInfo')
decryptor = Decryptor(password)
parse_backup_files_type_info(decryptor, entry)
dec_info.decryptor = decryptor
elif title == 'BackupFileModuleInfo_Contact':
logging.debug('Ignoring BackupFileModuleInfo_Contact entry')
elif title == 'HeaderInfo':
logging.debug('Ignoring HeaderInfo entry.')
elif title == 'BackupFilePhoneInfo':
logging.debug('Ignoring BackupFilePhoneInfo entry')
elif title == 'BackupFileVersionInfo':
logging.debug('Ignoring BackupFileVersionInfo entry')
else:
if title in info_xml_callbacks:
dec_material = info_xml_callbacks[title](entry)
if dec_material:
dkey = parent.joinpath(dec_material.name)
decrypt_material_dict[dkey] = dec_material
else:
logging.warning('Unknown entry in info.xml: %s', title)
logging.warning('Unknown entry in info.xml: %s', title)
return decryptor, decrypt_material_dict
return dec_info
def parse_xml(filepath, decrypt_material_dict):
# --- parse_generic_xml -------------------------------------------------------
def parse_generic_xml(xml_file_path, decrypt_info):
'''Parses a generic XML file, which contain single media (video, documents,
pictures, etc.) decryption material.
'''
xml_dom = None
with filepath.open('r', encoding='utf-8') as xml_file:
logging.info('parsing xml file %s', xml_file_path.name)
with xml_file_path.open('r', encoding='utf-8') as xml_file:
xml_dom = xml.dom.minidom.parse(xml_file)
logging.debug('parsing xml file %s', filepath.name)
parent = filepath.parent.joinpath(filepath.stem)
if xml_dom.firstChild.tagName != 'Multimedia':
logging.error('First tag should be \'Multimedia\', not %s',
xml_dom.firstChild.tagName)
return
for entry in xml_dom.getElementsByTagName('File'):
path = entry.getElementsByTagName('Path')[0].firstChild.data
iv = entry.getElementsByTagName('Iv')[0].firstChild.data
if path and iv:
dec_material = DecryptMaterial(filepath.stem)
# XML files use Windows style path separator, backslash.
if os.name != 'nt':
path = path.replace('\\', '/')
dec_material.path = path
dec_material.iv = iv
dkey = parent.joinpath(path.lstrip('/').lstrip('\\'))
decrypt_material_dict[dkey] = dec_material
return decrypt_material_dict
decrypt_material = DecryptMaterial('Multimedia')
decrypt_material.path = path.lstrip('\\').lstrip('/')
decrypt_material.iv = iv
decrypt_info.add_multimedia_file(decrypt_material)
else:
logging.warning('No path and/or iv for %s!', entry)
# --- tar_extract_win ---------------------------------------------------------
@ -394,192 +625,256 @@ def tar_extract_win(tar_obj, dest_dir):
for member in tar_obj.getmembers():
if member.isdir():
new_dir = dest_dir.joinpath(member.path.translate(table))
new_dir.mkdir(exist_ok=True)
new_dir.mkdir(parents=True, exist_ok=True)
else:
dest_file = dest_dir.joinpath(member.path.translate(table))
try:
with open(dest_file, "wb") as fout:
fout.write(tarfile.ExFileObject(tar_obj, member).read())
except FileNotFoundError:
logging.error('unable to extract %s', dest_file)
logging.warning('unable to extract %s', dest_file)
# --- decrypt_entry -----------------------------------------------------------
def decrypt_entry(decrypt_info, entry, type_info, search=False):
cleartext = None
skey = entry.stem
decrypt_material = decrypt_info.get_decrypt_material(skey, type_info,
search)
if decrypt_material:
cleartext = decrypt_info.decryptor.decrypt_package(
decrypt_material, entry.read_bytes())
else:
logging.warning('entry %s has no decrypt material!', skey)
return cleartext
# --- decrypt_files_in_root ---------------------------------------------------
def decrypt_files_in_root(decrypt_info, path_in, path_out):
data_apk_dir = path_out.absolute().joinpath('data/app')
data_app_dir = path_out.absolute().joinpath('data/data')
#data_app_dir.mkdir(parents=True, exist_ok=True)
data_unk_dir = path_out.absolute().joinpath('unknown')
for entry in path_in.glob('*'):
if entry.is_dir():
continue
cleartext = None
extension = entry.suffix.lower()
# XML files in the 'root' were already managed.
if extension == '.xml':
continue
logging.info('working on %s', entry.name)
if extension == '.apk':
dest_file = data_apk_dir.joinpath(entry.name + '-1')
dest_file.mkdir(parents=True, exist_ok=True)
dest_file = dest_file.joinpath('base.apk')
dest_file.write_bytes(entry.read_bytes())
elif extension == '.db':
cleartext = decrypt_entry(decrypt_info, entry,
DecryptInfo.info_type.SYSTEM_DATA,
search=True)
if cleartext:
dest_file = data_app_dir.joinpath(entry.name)
dest_file.parent.mkdir(parents=True, exist_ok=True)
dest_file.write_bytes(cleartext)
else:
logging.warning('unable to decrypt entry %s', entry.name)
elif extension == '.tar':
cleartext = decrypt_entry(decrypt_info, entry,
DecryptInfo.info_type.FILE)
if cleartext:
with tarfile.open(fileobj=io.BytesIO(cleartext)) as tar_data:
if os.name == 'nt':
tar_extract_win(tar_data, data_app_dir)
else:
tar_data.extractall(path=data_app_dir)
else:
logging.warning('unable to decrypt entry %s', entry.name)
else:
logging.warning('entry %s unmanged, copying it', entry.name)
dest_file = data_unk_dir.joinpath(entry.name)
dest_file.parent.mkdir(parents=True, exist_ok=True)
dest_file.write_bytes(entry.read_bytes())
# --- decrypt_files_in_folder -------------------------------------------------
def decrypt_files_in_folder(decrypt_info, folder, path_out):
folder_to_media_type = {'movies': 'video', 'pictures': 'photo'}
media_out_dir = path_out.absolute().joinpath('storage')
media_unk_dir = path_out.absolute().joinpath('unknown')
for entry in folder.glob('**/*'):
if entry.is_dir():
continue
logging.info('working on [%s]', entry.name)
extension = entry.suffix.lower()
cleartext = None
if extension == '.enc':
skey = str(entry.relative_to(folder).with_suffix(''))
decrypt_material = decrypt_info.get_decrypt_material(
skey, DecryptInfo.info_type.MULTIMEDIA)
if decrypt_material:
cleartext = decrypt_info.decryptor.decrypt_file(
decrypt_material, entry.read_bytes())
if cleartext and decrypt_material:
tmp_path = decrypt_material.path.lstrip('/').lstrip('\\')
dest_file = path_out.joinpath(tmp_path)
dest_file.parent.mkdir(parents=True, exist_ok=True)
dest_file.write_bytes(cleartext)
continue
decrypt_material = decrypt_info.get_decrypt_material(
folder.name, DecryptInfo.info_type.MEDIA)
if not decrypt_material:
# Some folders share a common type even if with different names.
if folder.name in folder_to_media_type:
decrypt_material = decrypt_info.get_decrypt_material(
folder_to_media_type[folder.name],
DecryptInfo.info_type.MEDIA)
if decrypt_material:
cleartext = decrypt_info.decryptor.decrypt_package(
decrypt_material, entry.read_bytes())
if cleartext:
dest_file = media_out_dir.joinpath(entry.relative_to(folder))
dest_file.parent.mkdir(parents=True, exist_ok=True)
dest_file.write_bytes(cleartext)
continue
skey = '/' + str(entry.relative_to(folder).parent)
decrypt_material = decrypt_info.get_decrypt_material(
skey, DecryptInfo.info_type.SYSTEM_DATA_FOLDER)
if decrypt_material:
cleartext = decrypt_info.decryptor.decrypt_package(
decrypt_material, entry.read_bytes())
if cleartext:
dest_file = media_out_dir.joinpath(entry.relative_to(folder))
dest_file.parent.mkdir(parents=True, exist_ok=True)
if entry.suffix.lower() == '.tar':
with tarfile.open(fileobj=io.BytesIO(cleartext)) as tdata:
if os.name == 'nt':
tar_extract_win(tdata, dest_file.parent)
else:
tdata.extractall(path=dest_file.parent)
# Double copy here the tar and the extracted one, no overwrite.
if dest_file.exists():
new_name = str(folder.name) + '_' + str(dest_file.name)
dest_file = dest_file.parent.joinpath(new_name)
dest_file.parent.mkdir(parents=True, exist_ok=True)
dest_file.write_bytes(cleartext)
continue
if cleartext is None:
logging.warning('decrypting [%s] failed, copying it', entry.name)
dest_file = media_unk_dir.joinpath(entry.name)
dest_file.parent.mkdir(parents=True, exist_ok=True)
dest_file.write_bytes(entry.read_bytes())
# --- decrypt_backup ----------------------------------------------------------
def decrypt_backup(password, path_in, path_out):
decrypt_info = parse_info_xml(path_in.joinpath('info.xml'), password)
if not decrypt_info:
logging.critical('failed to parse info.xml')
return
if not decrypt_info.decryptor.good:
logging.critical('Decryptor checks failed. Unable to decrypt')
return
xml_files = path_in.glob('*.xml')
for entry in xml_files:
if entry.name != 'info.xml':
parse_generic_xml(entry, decrypt_info)
logging.debug(decrypt_info.dump())
decrypt_files_in_root(decrypt_info, path_in, path_out)
for entry in path_in.glob('*'):
if entry.is_dir():
decrypt_files_in_folder(decrypt_info, entry, path_out)
# --- decrypt_media -----------------------------------------------------------
def decrypt_media(password, path_in, path_out):
# [TODO][TBR] Should parse media.db sqlite.
decrypt_info = None
subfolder = None
for entry in path_in.glob('**/info.xml'):
decrypt_info = parse_info_xml(entry, password)
subfolder = entry.parent
if decrypt_info is None or subfolder is None:
logging.error('unable to find or parse info.xml in media folder!')
return
if not decrypt_info.decryptor.good:
logging.critical('Decryptor checks failed. Unable to decrypt')
return
logging.debug(decrypt_info.dump())
for entry in subfolder.glob('*'):
if entry.is_dir():
decrypt_files_in_folder(decrypt_info, entry, path_out)
# --- main --------------------------------------------------------------------
def main(password, backup_path_in, dest_path_out):
xml_files = []
apk_files = []
tar_files = []
enc_files = []
db_files = []
unk_files = []
folders = []
logging.info('searching backup in [%s]', backup_path_in)
logging.info('getting files and folder from %s', backup_path_in)
backup_all_files = backup_path_in.glob('**/*')
for entry in backup_all_files:
if entry.is_dir():
folders.append(entry.absolute())
continue
extension = entry.suffix.lower()
if extension == '.xml':
xml_files.append(entry.absolute())
elif extension == '.apk':
apk_files.append(entry.absolute())
elif extension == '.tar':
tar_files.append(entry.absolute())
elif extension == '.db':
db_files.append(entry.absolute())
elif extension == '.enc':
enc_files.append(entry.absolute())
files_folder = None
if backup_path_in.joinpath('info.xml').exists():
files_folder = backup_path_in
else:
if backup_path_in.joinpath('backupFiles1').is_dir():
files_folder = backup_path_in.joinpath('backupFiles1')
info_xml = next(files_folder.glob('**/info.xml'), None)
if info_xml:
files_folder = info_xml.parent
else:
logging.error('Unable to find info.xml in backupFiles1!')
return
else:
unk_files.append(entry.absolute())
logging.error('No backup1 folder nor info.xml file found!')
return
decrypt_material_dict = {}
decryptor = Decryptor(password)
if files_folder:
logging.info('got info.xml, going to decrypt backup files')
decrypt_backup(password, files_folder, dest_path_out)
logging.info('parsing XML files...')
for entry in xml_files:
logging.info('parsing xml %s', entry.name)
if entry.name.lower() == 'info.xml':
decryptor, decrypt_material_dict = parse_info_xml(
entry, decryptor, decrypt_material_dict)
else:
decrypt_material_dict = parse_xml(
entry, decrypt_material_dict)
media_folder = None
if backup_path_in.joinpath('media').is_dir():
logging.info('got media folder, going to decrypt media files')
media_folder = backup_path_in.joinpath('media')
else:
logging.info('No media folder found.')
decryptor.crypto_init()
if decryptor.good is False:
logging.critical('decryption key is not good...')
return
if media_folder:
decrypt_media(password, media_folder, dest_path_out)
logging.info('copying apk to destination...')
data_apk_dir = dest_path_out.absolute().joinpath('data/app')
data_apk_dir.mkdir(parents=True)
done_list = []
for entry in apk_files:
logging.info('working on %s', entry.name)
dest_file = data_apk_dir.joinpath(entry.name + '-1')
dest_file.mkdir(exist_ok=True)
dest_file = dest_file.joinpath('base.apk')
dest_file.write_bytes(entry.read_bytes())
done_list.append(entry)
for entry in done_list:
apk_files.remove(entry)
logging.info('decrypting and un-tar-ing packages to destination...')
data_app_dir = dest_path_out.absolute().joinpath('data/data')
data_app_dir.mkdir(parents=True)
done_list = []
for entry in tar_files:
logging.info('working on %s', entry.name)
cleartext = None
skey = entry.absolute().with_suffix('')
if skey in decrypt_material_dict:
done_list.append(entry)
cleartext = decryptor.decrypt_package(
decrypt_material_dict[skey], entry.read_bytes())
else:
logging.warning('entry %s has no decrypt material!', skey)
if cleartext:
with tarfile.open(fileobj=io.BytesIO(cleartext)) as tar_data:
if os.name == 'nt':
tar_extract_win(tar_data, data_app_dir)
else:
tar_data.extractall(path=data_app_dir)
for entry in done_list:
tar_files.remove(entry)
logging.info('decrypting database files to destination...')
data_app_dir = dest_path_out.absolute().joinpath('db')
data_app_dir.mkdir(parents=True)
done_list = []
for entry in db_files:
logging.info('working on %s', entry.name)
cleartext = None
skey = entry.absolute().with_suffix('')
if skey in decrypt_material_dict:
done_list.append(entry)
cleartext = decryptor.decrypt_package(
decrypt_material_dict[skey], entry.read_bytes())
else:
logging.warning('entry %s has no decrypt material!', skey)
if cleartext:
dest_file = data_app_dir.joinpath(entry.name)
dest_file.write_bytes(cleartext)
for entry in done_list:
db_files.remove(entry)
logging.info('decrypting multimedia files to destination...')
done_list = []
for entry in enc_files:
cleartext = None
dec_material = None
skey = entry.absolute().with_suffix('')
if skey in decrypt_material_dict:
done_list.append(entry)
dec_material = decrypt_material_dict[skey]
cleartext = decryptor.decrypt_file(
dec_material, entry.read_bytes())
else:
logging.warning('entry %s has no decrypt material!', skey)
if cleartext and dec_material:
dest_file = dest_path_out.absolute()
tmp_path = dec_material.path.lstrip('/').lstrip('\\')
dest_file = dest_file.joinpath(tmp_path)
dest_dir = dest_file.parent
dest_dir.mkdir(parents=True, exist_ok=True)
dest_file.write_bytes(cleartext)
for entry in done_list:
enc_files.remove(entry)
logging.info('copying unmanaged files to destination...')
data_unk_dir = dest_path_out.absolute().joinpath('misc')
data_unk_dir.mkdir(parents=True)
done_list = []
for entry in unk_files:
common_path = os.path.commonpath([
entry.absolute(), backup_path_in.absolute()])
relative_path = str(entry.absolute()).replace(common_path, '')
relative_path = relative_path.lstrip('/').lstrip('\\')
dest_file = data_unk_dir.joinpath(relative_path)
dest_file.parent.mkdir(parents=True, exist_ok=True)
dest_file.write_bytes(entry.read_bytes())
done_list.append(entry)
for entry in done_list:
unk_files.remove(entry)
all_dest_files = dest_path_out.glob('**/*')
for entry in all_dest_files:
logging.info('setting all decrypted files to read-only')
for entry in dest_path_out.glob('**/*'):
os.chmod(entry, 0o444)
for entry in apk_files:
logging.warning('APK file not handled: %s', entry.name)
for entry in tar_files:
logging.warning('TAR file not handled: %s', entry.name)
for entry in db_files:
logging.warning('DB file not handled: %s', entry.name)
for entry in enc_files:
logging.warning('ENC file not handled: %s', entry.name)
for entry in unk_files:
logging.warning('UNK file not handled: %s', entry.name)
# --- entry point and parameters checks ---------------------------------------
if __name__ == '__main__':