blackteay/kobackupdec
1
0
Fork 0
mirror of https://github.com/RealityNet/kobackupdec.git synced 2025-10-11 19:15:27 +08:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: blackteay:master
Branches Tags
blackteay:master
blackteay:20200705
blackteay:20200611
blackteay:20200607
blackteay:20200406
blackteay:2020test
blackteay:20200107
..
compare: blackteay:20200107
Branches Tags
blackteay:master
blackteay:20200705
blackteay:20200611
blackteay:20200607
blackteay:20200406
blackteay:2020test
blackteay:20200107

No commits in common. "master" and "20200107" have entirely different histories.
master ... 20200107

4 changed files with 245 additions and 685 deletions
Show Stats Expand all files Collapse all files

26
.github/ISSUE_TEMPLATE/bug_report.md vendored
View File

@ -1,26 +0,0 @@
---
name: Bug report
about: Create a report to help us improve
title: ''
labels: ''
assignees: ''
---
**Describe the bug**
A clear and concise description of what the bug is.
**NOTE**
Please consider that some errors could be handled only by providing the info.xml file and the files related to the issue (e.g. a file that cannot be decrypted). If the files needed to understand the bug could contain personal data of any kind, DO NOT SEND THEM. Instead, provide samples that can be shared and with a limited size. Thanks.
**Required info (please complete the following information):**
- Huawei Kobackup version:
- Host: [Windows / Linux ]
- Kobackup script version:
- Kobackup output log (use -vvv)
**Additional context**
Add any other context about the problem here.
**Screenshots**
If applicable, add screenshots to help explain your problem.

16
README.md
View File

@ -3,11 +3,7 @@ Huawei backup decryptor
_This script is introduced by the blog post at https://blog.digital-forensics.it/2019/07/huawei-backup-decryptor.html._
The `kobackupdec` is a Python3 script aimed to decrypt Huawei *HiSuite* or *KoBackup* (the Android app) backups. When decrypting and uncompressing the archives, it will re-organize the output folders structure trying to _mimic_ the typical Android one. The script will work both on Windows and Linux hosts, provided the PyCryptoDome dependency. Starting from **20100107** the script was rewritten to handle v9 and v10 kobackup backups structures.
## _EOL_
On 1.1.2021 the script will get its _end of life_ status. It was needed two years ago to overcome issues for some Huawei devices' forensics acquisitions. Now commercial forensics solutions include the very same capabilities, and much more: there are no more reasons to maintain it. We've got messages from guys using this script to manage theirs backups: we do not recommend it, and we did not write it for this reason. Anyhow we're happy some of you did find it useful, and we thank you for the feedback. We shared it to the community, trying to give back something: if someone has any interest in maintaining it, please let us know so we can include a link to the project.
The `kobackupdec` is a Python3 script aimed to decrypt Huawei *HiSuite* or *KoBackup* (the Android app) backups. When decrypting and uncompressing the archives, it will re-organize the output folders structure trying to _mimic_ the typical Android one. The script will work both on Windows and Linux hosts, provided the PyCryptoDome dependency.
## Usage
@ -16,7 +12,7 @@ The script *assumes* that backups are encrypted with a user-provided password. A
```
usage: kobackupdec.py [-h] [-v] password backup_path dest_path
Huawei KoBackup decryptor version 20200611
Huawei KoBackup decryptor version 20190729
positional arguments:
password user password for the backup
@ -24,14 +20,12 @@ positional arguments:
dest_path decrypted backup folder
optional arguments:
-h, --help show this help message and exit
-e, --expandtar expand tar files
-w, --writable do not set RO pemission on decrypted data
-v, --verbose verbose level, -v to -vvv
-h, --help show this help message and exit
-v, --verbose verbose level, -v to -vvv
```
- `password`, is the user provided password.
- `backup_path`, is the folder containing the Huawei backup, relative or absolute paths can be used.
- `backup_path`, is the folder containing the Huawei backup, relative or absolute paths can be used. **Be careful** to provide the strictest path to data, because the script will start enumerating all files and folders starting from the provided path, parsing the file types it expects to find and copying out all the others. If by chance you wrongly provide *c:\\* as the backup path, well, expect to get a full volume copy in the destination folder (ignoring errors).
- `dest_path`, is the folder to be created in the specified path, absolute or relative. It will complain if the provided folder already exists.
- `[-v]` (from `-v` to `-vvv`) verbosity level, written on *stderr*. It's suggested to use *-vvv* with a redirect to get a log of the process.

871
kobackupdec.py Executable file → Normal file
View File

File diff suppressed because it is too large Load Diff

17
setup.py
View File

@ -1,17 +0,0 @@
# Setup file for compiling the python script with cx_Freeze (https://github.com/anthony-tuininga/cx_Freeze)
from cx_Freeze import setup, Executable
executables = [
Executable('kobackupdec.py')
]
setup(name='KoBackupDec',
# Change build number to the current one
version='20200607',
description='HiSuite / KoBackup Decryptor',
executables=executables
)
# Compile the python script to an executable with: python setup.py build
# Build an Windows installation Package with: python setup.py bdist_msi