Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid
 
PerlMonks  

Cryptic file names in iPhone backup

by marek1703 (Acolyte)
on Feb 17, 2015 at 11:12 UTC ( #1116968=perlquestion: print w/replies, xml ) Need Help??
marek1703 has asked for the wisdom of the Perl Monks concerning the following question:

Hello all!

I have a vague question: I would like to open the sqlite database of the "Notes" in my iPhone backup which resides in:

~/Library/Application\ Support/MobileSync/Backup/d20a42b067903627674edeefca2f466fc041a231/

Are those cryptic filenames translatable human readable filenames from hex to something like file names?

Thank you for your help - and best greetings from Munich

marek

Replies are listed 'Best First'.
Re: Cryptic file names in iPhone backup
by bitingduck (Chaplain) on Feb 17, 2015 at 16:07 UTC

    This is really more of an iOS question than a Perl question, but you can use Perl to sort of figure them out.

    A little bit of searching indicates that the filenames are all SHA1 hashes of their "domain" and full file path separated by a dash, so that you can use Digest::SHA1 to do something like

    my $data= $domain."-".$path; $digest = sha1($data);
    and then compare $digest to filenames to see if you get the same thing. Since hashes are one-way functions (i.e. you can't run the algorithm backward to get the input information) you have to brute force it by guessing and hashing or use some google-fu to sort out details of the naming.

    There's a little more information here: http://resources.infosecinstitute.com/ios-5-backups-part-1/, but some more time spent searching will probably find you what you need.

      Thank you roboticus and biting duck

      This is a great help. I will look into your suggestions tomorrow!

      marek

Re: Cryptic file names in iPhone backup
by roboticus (Chancellor) on Feb 17, 2015 at 15:46 UTC

    marek1703:

    It *is* human readable, just a bit cryptic. I don't know the details of what the case is here (I don't do anything with iPhones), but I'd bet it's a system-generated filename to ensure that it's a unique filename. You wouldn't want different applications mixing their data together, as it would make applications difficult to uninstall. If I was building an app for a phone, I'd ensure that each database was for a specific user and application combination. Then I could easily delete users or applications from the system without having to know any internal details of the database.

    ...roboticus

    When your only tool is a hammer, all problems look like your thumb.

      Thank you roboticus!

      I thought these file names are simply hex codes which need to be translated to decimal code. I tried with pack or with sprintf with no avail. So I have to wade with the sqlitebrowser through 601files (=result of the shell command ls -1U | wc -l) just to find the right one, which contains the notes?

        marek1703:

        That may be the case ... as I said, I don't know the details.

        But you can frequently make the computer do most of the wading for you, something like:

        my %db_tables; my @db_list = `ls -1U`; for my $db_name (@db_list) { eval { my $DB = DBI->connect("dbi:SQLite:dbname=$db_name"); my $ST = $DB->table_info(undef, undef, 'TABLE'); while (my $hr = $ST->fetchrow_hashref) { $db_tables{$hr->{TABLE_NAME}}{$db_name}=0; } }; if ($@) { print "Skipping $db_name (Not a database? '$@'\n"; } } for my $tbl (sort keys %db_tables) { print "TABLE: $tbl\nDBs: ", join(", ", @{$db_tables{$tbl}}), "\n\n" +; }

        This script should be close to something that will search all the databases you found and list the tables to help you narrow it down.

        Having said that, if you have 600+ databases, then my guess may have been horribly incorrect. Perhaps the application stores each note in its down database (yuck!) or maybe (based on the path name) each database is a list of changes on the iPhone that need to be synched with other devices or ...? It may be more profitable to ask on an apple developer forum about these databases.

        ...roboticus

        When your only tool is a hammer, all problems look like your thumb.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://1116968]
Approved by ww
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others surveying the Monastery: (7)
As of 2019-02-19 20:41 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    I use postfix dereferencing ...









    Results (105 votes). Check out past polls.

    Notices?
    • (Sep 10, 2018 at 22:53 UTC) Welcome new users!