blackteay/kobackupdec
1
0
Fork 0
mirror of https://github.com/RealityNet/kobackupdec.git synced 2026-06-06 17:58:11 +08:00
Code Issues Projects Releases Wiki Activity

Merge d4defd86ecd8dba997167f18910fa1437dfb95c0 into 1789684162556309694c57f022f9b4945ec1e9d0

Browse Source
This commit is contained in:
najeebulhussan 2026-05-10 12:01:45 +02:00 committed by GitHub
commit a9e821718f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
9 changed files with 1559 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
.gitignore vendored Normal file
View File

@ -0,0 +1,36 @@
# Byte-compiled / optimized / DLL files
__pycache__/
*.py[cod]
*$py.class
# Distribution / packaging
dist/
build/
*.egg-info/
*.egg
# Virtual environments
venv/
env/
.venv/
# IDE files
.vscode/
.idea/
*.swp
*.swo
*~
# OS files
.DS_Store
Thumbs.db
desktop.ini
# Logs
*.log
# App Config
config.json
# PyInstaller
*.spec

86
CHANGELOG.md Normal file
View File

@ -0,0 +1,86 @@
# Changelog
All notable changes to this project will be documented in this file.
## [GUI_v1.1] — 2026-05-08
### Added
- **Drag-and-Drop:** Added `tkinterdnd2` support allowing users to drag backup folders directly into the application.
- **Settings Persistence:** Created `config.json` integration to save and automatically load user preferences and selected directories across sessions.
- **Log Exporting:** Added an "Export Log" button to save the current terminal output to a text file for auditing.
- **Output Folder Quick Access:** Added an "Open Output" button that becomes clickable after a successful decryption to instantly view the extracted files.
---
## [GUI_v1.0] — 2026-05-08
### Added
- **Full GUI application** (`kobackupdec_gui.py`) with modern dark theme
- **Password verification** — validates password against backup before decryption starts
- **Selective folder decryption** — scan backup and choose specific folders (pictures, video, audios, etc.)
- **Pause / Resume** button to temporarily halt decryption
- **Stop** button to cancel decryption mid-process
- **Real-time log output** with color-coded levels (INFO=green, WARNING=yellow, ERROR=red, DEBUG=gray)
- **Responsive layout** — resizes from 600×500 to fullscreen with auto-reflowing folder checkboxes
- **Progress status** — shows current phase and folder being processed
- **Browse dialogs** for backup and destination folders
- **Show/hide password** toggle
- **Select All / Deselect All** for folder selection
- **Auto-scan** — folder list auto-populates when backup path is set
### Unchanged
- Core decryption engine (`kobackupdec.py`) — no modifications to original code
- CLI interface — fully preserved and backward-compatible
---
## [20200705] — 2020-07-05
### Fixed
- `decrypt_large_package` now correctly reads input in chunks
## [20200611] — 2020-06-11
### Added
- `--expandtar` option to control automatic TAR expansion
- `--writable` option to skip setting read-only permissions on decrypted files
- Large TAR files are managed in chunks but not expanded
## [20200607] — 2020-06-07
### Fixed
- Merged empty `CheckMsg` handling
- Updated `folder_to_media_type` mapping (by @realSnoopy)
## [20200406] — 2020-04-06
### Fixed
- Merged file and folder permissions fix (by @lp4n6)
## [20200405] — 2020-04-05
### Added
- Python minor version check with informative note (thanks @lp4n6)
## [2020test] — 2020
### Changed
- Complete rewrite to handle v9 and v10 KoBackup structures
## [20200107] — 2020-01-07
### Fixed
- Merged pull by @lp4n6, fixed current version handling
## [20191113] — 2019-11-13
### Fixed
- Double folder creation error
## [20190729] — 2019-07-29
### Added
- First public release
- Huawei KoBackup / HiSuite backup decryption
- Automatic output folder restructuring to mimic Android filesystem
- Support for APK, DB, TAR, and media file decryption

375
README.md
View File

@ -1,44 +1,179 @@
# kobackupdec <p align="center">
Huawei backup decryptor <h1 align="center">🔐 KoBackup Decryptor</h1>
<p align="center">
<strong>Decrypt Huawei HiSuite &amp; KoBackup encrypted backups</strong><br>
CLI + Modern GUI &bull; Selective Folder Decryption &bull; Drag & Drop &bull; Password Verification
</p>
<p align="center">
<a href="#-installation"><img src="https://img.shields.io/badge/python-3.7%2B-blue?logo=python&logoColor=white" alt="Python 3.7+"></a>
<a href="LICENSE"><img src="https://img.shields.io/badge/license-MIT-green" alt="MIT License"></a>
<a href="#-changelog"><img src="https://img.shields.io/badge/version-GUI_v1.2-purple" alt="Version"></a>
</p>
<p align="center">
<h3>⬇️ <a href="https://github.com/najeebulhussan/kobackupdec-master/releases/latest">Download the Standalone Windows Executable (.exe)</a> ⬇️</h3>
</p>
</p>
_This script is introduced by the blog post at https://blog.digital-forensics.it/2019/07/huawei-backup-decryptor.html._ ---
The `kobackupdec` is a Python3 script aimed to decrypt Huawei *HiSuite* or *KoBackup* (the Android app) backups. When decrypting and uncompressing the archives, it will re-organize the output folders structure trying to _mimic_ the typical Android one. The script will work both on Windows and Linux hosts, provided the PyCryptoDome dependency. Starting from **20100107** the script was rewritten to handle v9 and v10 kobackup backups structures. <p align="center">
<img src="screenshots/gui_main.png" alt="KoBackup Decryptor GUI" width="700">
<br>
<em>Modern dark-themed GUI with selective folder decryption, pause/stop controls, and real-time log output</em>
</p>
## _EOL_ ---
On 1.1.2021 the script will get its _end of life_ status. It was needed two years ago to overcome issues for some Huawei devices' forensics acquisitions. Now commercial forensics solutions include the very same capabilities, and much more: there are no more reasons to maintain it. We've got messages from guys using this script to manage theirs backups: we do not recommend it, and we did not write it for this reason. Anyhow we're happy some of you did find it useful, and we thank you for the feedback. We shared it to the community, trying to give back something: if someone has any interest in maintaining it, please let us know so we can include a link to the project. ## 📖 Overview
## Usage **KoBackup Decryptor** (`kobackupdec`) is a Python 3 tool for decrypting Huawei *HiSuite* and *KoBackup* (Android app) encrypted backups. It supports both **v9** and **v10** backup structures.
The script *assumes* that backups are encrypted with a user-provided password. Actually it does not support the HiSuite _self_ generated password, when the user does not provide its own. When decrypting, it automatically:
- Reorganizes the output folder structure to mimic a typical Android filesystem
- Extracts and expands TAR archives (optional)
- Handles large files in chunks for memory efficiency
### ✨ What's New — GUI Edition
This fork adds a **full-featured graphical interface** built with tkinter, bringing the power of `kobackupdec` to users who prefer a visual workflow.
| Feature | CLI | GUI |
|---|:---:|:---:|
| Decrypt full backups | ✅ | ✅ |
| Password verification before decrypt | — | ✅ |
| **Selective folder decryption** | — | ✅ |
| **Drag and Drop support** | — | ✅ |
| **Settings persistence** | — | ✅ |
| Pause / Resume / Stop controls | — | ✅ |
| Export decryption logs | — | ✅ |
| Open Output folder button | — | ✅ |
| Real-time color-coded log output | — | ✅ |
| Progress tracking with status updates | — | ✅ |
| Responsive dark-themed interface | — | ✅ |
---
## 🚀 Installation
### Prerequisites
- **Python 3.7** or later
- **pip** (Python package manager)
### Steps
```bash
# 1. Clone the repository
git clone https://github.com/YOUR_USERNAME/kobackupdec.git
cd kobackupdec
# 2. Install dependencies
pip install -r requirements.txt
```
### 📦 Building a Standalone Executable (.exe)
You can compile the GUI into a portable `.exe` file that requires zero setup (no Python installation needed):
1. Install PyInstaller: `pip install pyinstaller Pillow`
2. Run the build script: `python build.py`
3. The standalone application will be generated at `dist/KoBackupDecryptor.exe`.
### Dependencies
| Package | Purpose |
|---|---|
| `pycryptodome` | AES / PBKDF2 / HMAC cryptographic operations |
| `tkinterdnd2` | Drag and drop functionality for the GUI |
| `tkinter` | GUI framework (bundled with Python on most platforms) |
> **Note:** On some Linux distributions, tkinter may need to be installed separately:
> ```bash
> # Ubuntu / Debian
> sudo apt-get install python3-tk
>
> # Fedora
> sudo dnf install python3-tkinter
> ```
---
## 🖥️ Usage
### GUI Mode (Recommended)
Launch the graphical interface:
```bash
python kobackupdec_gui.py
```
#### GUI Workflow
1. **Enter Password** — Type your backup password (toggle visibility with 👁)
2. **Select Backup Folder** — Drag and drop your Huawei backup directory right into the application, or click **Browse**
3. **Select Destination** — Choose where to save decrypted files (pick a parent, name the output folder)
4. **Configure Options** — Toggle TAR expansion, writable permissions, and log verbosity
5. **Select Folders** — After setting the backup path, check/uncheck individual folders (pictures, video, audios, etc.) to decrypt only what you need
6. **Start Decryption** — Click **🔓 Start Decryption**
7. **Open Output** — When finished, click **📂 Open Output** to view your files immediately
#### GUI Controls
| Button | Function |
|---|---|
| 🔓 **Start Decryption** | Verifies password first, then begins decryption |
| ⏸ **Pause / ▶ Resume** | Temporarily halt and resume the process |
| ⏹ **Stop** | Cancel the decryption (partially decrypted files are kept) |
| 📂 **Open Output** | Opens destination folder in Windows Explorer (enabled after success) |
| **Export Log** | Save decryption logs to a text file for auditing |
| **Select All / Deselect All** | Quickly toggle all folder checkboxes |
| **🔍 Scan** | Re-scan backup directory for available folders |
| **Clear Log** | Clear the log output panel |
#### GUI Features
- **🔑 Password Verification** — Validates the password against `info.xml` before starting decryption. Wrong passwords are caught instantly.
- **📂 Selective Folder Decryption** — Only decrypt what you need (e.g., just pictures and contacts, skip video and apps).
- **💾 Settings Persistence** — The app remembers your selected folders and checkboxes across launches via `config.json`.
- **🖱️ Drag and Drop** — Seamlessly drop backup folders into the app instead of browsing manually.
- **📊 Real-Time Progress & Logs** — Status bar shows current phase. Export logs anytime.
- **🎨 Dark Theme** — Modern, responsive dark interface with color-coded log levels (green=info, yellow=warning, red=error).
- **📐 Responsive Layout** — Resizes gracefully from 600×500 to fullscreen. Folder checkboxes reflow automatically.
---
### CLI Mode
For scripting and automation, the original command-line interface is fully preserved:
``` ```
usage: kobackupdec.py [-h] [-v] password backup_path dest_path usage: kobackupdec.py [-h] [-e] [-w] [-v] password backup_path dest_path
Huawei KoBackup decryptor version 20200611 Huawei KoBackup decryptor version 20200705
positional arguments: positional arguments:
password user password for the backup password user password for the backup
backup_path backup folder backup_path backup folder
dest_path decrypted backup folder dest_path decrypted backup folder
optional arguments: optional arguments:
-h, --help show this help message and exit -h, --help show this help message and exit
-e, --expandtar expand tar files -e, --expandtar expand tar files
-w, --writable do not set RO pemission on decrypted data -w, --writable do not set RO permission on decrypted data
-v, --verbose verbose level, -v to -vvv -v, --verbose verbose level, -v to -vvv
``` ```
- `password`, is the user provided password. #### CLI Example
- `backup_path`, is the folder containing the Huawei backup, relative or absolute paths can be used.
- `dest_path`, is the folder to be created in the specified path, absolute or relative. It will complain if the provided folder already exists.
- `[-v]` (from `-v` to `-vvv`) verbosity level, written on *stderr*. It's suggested to use *-vvv* with a redirect to get a log of the process.
### Example ```bash
python kobackupdec.py -vvv 123456 "Z:\HUAWEI P30 Pro_2019-06-28 22.56.31" Z:\HiSuiteBackup
```
<details>
<summary>📋 Click to see example output</summary>
``` ```
Z:\> py -3 kobackupdec.py -vvv 123456 "Z:\HUAWEI P30 Pro_2019-06-28 22.56.31" Z:\HiSuiteBackup
INFO:root:getting files and folder from Z:\HUAWEI P30 Pro_2019-06-28 22.56.31 INFO:root:getting files and folder from Z:\HUAWEI P30 Pro_2019-06-28 22.56.31
INFO:root:parsing XML files... INFO:root:parsing XML files...
INFO:root:parsing xml audio.xml INFO:root:parsing xml audio.xml
@ -51,8 +186,6 @@ DEBUG:root:ignoring entry BackupFilePhoneInfo
DEBUG:root:ignoring entry BackupFileVersionInfo DEBUG:root:ignoring entry BackupFileVersionInfo
INFO:root:parsing xml picture.xml INFO:root:parsing xml picture.xml
DEBUG:root:parsing xml file picture.xml DEBUG:root:parsing xml file picture.xml
INFO:root:parsing xml soundrecorder.xml
DEBUG:root:parsing xml file soundrecorder.xml
INFO:root:parsing xml video.xml INFO:root:parsing xml video.xml
DEBUG:root:parsing xml file video.xml DEBUG:root:parsing xml file video.xml
DEBUG:root:crypto_init: using version 3. DEBUG:root:crypto_init: using version 3.
@ -60,45 +193,165 @@ DEBUG:root:SHA256(BKEY)[16] = b'8d969eef6ecad3c29a3a629280e686cf'
... ...
``` ```
The **output** folder structure will be similar to the following one: *data/data* applications will be exploded in their proper paths, and the APKs will be *restored* too (not icons, actually). Note that the **db** folder will contain the *special* databases as created by the Huawei backups. </details>
---
## 📁 Output Structure
The decrypted output folder mimics a standard Android filesystem:
``` ```
HiSuiteBackup DecryptedBackup/
|-- data ├── data/
| |-- app │ ├── app/ # APK files
| | |-- de.sec.mobile.apk-1 │ │ ├── com.example.app.apk-1/
| | | [...] │ │ └── org.telegram.messenger.apk-1/
| | `-- org.telegram.messenger.apk-1 │ └── data/ # App data (TAR contents)
| `-- data │ ├── com.example.app/
| |-- de.sec.mobile │ └── org.telegram.messenger/
| | [...] ├── db/ # System databases
| `-- org.telegram.messenger │ ├── calendar.db
|-- db │ ├── calllog.db
| |-- HWlanucher.db │ ├── contact.db
| |-- Memo.db │ ├── sms.db
| |-- alarm.db │ └── ...
| |-- calendar.db ├── storage/ # Media files
| |-- calllog.db │ ├── DCIM/
| |-- camera.db │ ├── Download/
| |-- clock.db │ ├── Pictures/
| |-- contact.db │ ├── WhatsApp/
| |-- harassment.db │ └── ...
| |-- phoneManager.db └── unknown/ # Unrecognized files (copied as-is)
| |-- setting.db
| |-- sms.db
| |-- soundrecorder.db
| |-- systemUI.db
| |-- weather.db
| `-- wifiConfig.db
`-- storage
|-- DCIM
|-- Download
|-- Huawei
|-- MagazineUnlock
|-- Notifications
|-- Pictures
|-- WhatsApp
|-- mp3
|-- parallel_intl
`-- s8-wallpapers-9011.PNG
``` ```
---
## 📋 Requirements
| Requirement | Minimum Version |
|---|---|
| Python | 3.7 |
| pycryptodome | Any recent |
| Operating System | Windows, Linux, macOS |
---
## ⚙️ Building Executables
You can compile the scripts into standalone executables using **cx_Freeze**:
```bash
# Build executable
python setup.py build
# Build Windows MSI installer
python setup.py bdist_msi
```
---
## 🗂️ Project Structure
```
kobackupdec/
├── kobackupdec.py # Core decryption engine (CLI)
├── kobackupdec_gui.py # GUI application (tkinter)
├── requirements.txt # Python dependencies
├── setup.py # cx_Freeze build config
├── LICENSE # MIT License
├── README.md # This file
├── CHANGELOG.md # Version history
└── .github/
└── ISSUE_TEMPLATE/ # GitHub issue templates
```
---
## 📝 Changelog
See [CHANGELOG.md](CHANGELOG.md) for the full version history.
### Highlights
- **GUI Edition** — Full graphical interface with selective decryption, pause/stop, and password verification
- **20200705** — Fixed `decrypt_large_package` to read input chunks
- **20200611** — Added `expandtar` and `writable` options
- **20200607** — Merged empty CheckMsg handling
- **2020test** — Rewritten for v9 and v10 backups
- **20190729** — First public release
---
## ❓ FAQ
<details>
<summary><strong>What backup formats are supported?</strong></summary>
Both **v9** and **v10** Huawei KoBackup / HiSuite backup structures. The tool looks for `info.xml` either at the root or inside `backupFiles1/`.
</details>
<details>
<summary><strong>Does it support HiSuite auto-generated passwords?</strong></summary>
No. The tool only supports backups encrypted with a **user-provided password**. HiSuite's self-generated password is not supported.
</details>
<details>
<summary><strong>I get "No module named 'Crypto'" error</strong></summary>
Install `pycryptodome`:
```bash
pip install pycryptodome
```
If you have both `pycrypto` and `pycryptodome`, uninstall the old one first:
```bash
pip uninstall pycrypto
pip install pycryptodome
```
</details>
<details>
<summary><strong>I get "Wrong password" — is my password incorrect?</strong></summary>
The tool validates your password against the backup's `checkMsg` field. If the password is wrong, decryption will not proceed. Double-check the password you used when creating the backup in HiSuite/KoBackup.
</details>
<details>
<summary><strong>Can I decrypt only specific folders (e.g., just photos)?</strong></summary>
**Yes!** In GUI mode, after selecting the backup folder, click **🔍 Scan** to list all available folders. Then uncheck everything you don't need and only the selected folders will be decrypted.
</details>
<details>
<summary><strong>Does the GUI modify the original backup files?</strong></summary>
No. The original backup is only read, never modified. Decrypted files are written to the destination folder you specify.
</details>
---
## 🤝 Contributing
Contributions are welcome! Please:
1. Fork the repository
2. Create a feature branch (`git checkout -b feature/my-feature`)
3. Commit your changes (`git commit -m "Add my feature"`)
4. Push to the branch (`git push origin feature/my-feature`)
5. Open a Pull Request
---
## 📄 License
This project is licensed under the **MIT License** — see the [LICENSE](LICENSE) file for details.
**Original Author:** Francesco "dfirfpi" Picasso, Reality Net System Solutions
**GUI Extension:** Community contribution
---
## ⚠️ Disclaimer
This tool is intended for **legitimate use only** — decrypting your own backups or backups you are authorized to access. The authors are not responsible for any misuse.

BIN
app.ico Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 56 KiB

23
build.py Normal file
View File

@ -0,0 +1,23 @@
import PyInstaller.__main__
import tkinterdnd2
import os
import shutil
def build():
tkdnd_path = os.path.join(os.path.dirname(tkinterdnd2.__file__), 'tkdnd')
# Ensure dist and build dirs are clean
if os.path.exists('dist'): shutil.rmtree('dist')
if os.path.exists('build'): shutil.rmtree('build')
PyInstaller.__main__.run([
'kobackupdec_gui.py',
'--name=KoBackupDecryptor',
'--onefile',
'--windowed',
'--icon=app.ico',
f'--add-data={tkdnd_path};tkinterdnd2/tkdnd'
])
if __name__ == '__main__':
build()

19
create_icon.py Normal file
View File

@ -0,0 +1,19 @@
import sys
from PIL import Image
def create_ico(input_path, output_path):
img = Image.open(input_path)
# Crop to square if necessary
width, height = img.size
if width != height:
min_dim = min(width, height)
left = (width - min_dim) / 2
top = (height - min_dim) / 2
right = (width + min_dim) / 2
bottom = (height + min_dim) / 2
img = img.crop((left, top, right, bottom))
img.save(output_path, format="ICO", sizes=[(256, 256), (128, 128), (64, 64), (32, 32), (16, 16)])
if __name__ == "__main__":
create_ico(sys.argv[1], sys.argv[2])

0
kobackupdec.py Executable file → Normal file
View File

1081
kobackupdec_gui.py Normal file
View File

File diff suppressed because it is too large Load Diff

BIN
screenshots/gui_main.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 83 KiB