initial code for dumping imessages in a reasonable format

2014-02-09 00:30:49 +01:00
parent c0021efb13
commit 9dd7628f04
157 changed files with 24178 additions and 0 deletions
--- a/dump-imessages/iphone-dataprotection/python_scripts/util/bruteforce.py
+++ b/dump-imessages/iphone-dataprotection/python_scripts/util/bruteforce.py
@@ -0,0 +1,71 @@
+from keystore.keybag import Keybag
+from keystore.effaceable import EffaceableLockers
+from util.ramdiskclient import RamdiskToolClient
+import plistlib
+
+COMPLEXITY={
+            0: "4 digits",
+            1: "n digits",
+            2: "n alphanum"
+            }
+
+def checkPasscodeComplexity(data_volume):
+    pl = data_volume.readFile("/mobile/Library/ConfigurationProfiles/UserSettings.plist", returnString=True)
+    if not pl:
+        print "Failed to read UserSettings.plist, assuming simple passcode"
+        return 0
+    pl = plistlib.readPlistFromString(pl)
+    #print "passcodeKeyboardComplexity :", pl["restrictedValue"]["passcodeKeyboardComplexity"]
+    value =  pl["restrictedValue"]["passcodeKeyboardComplexity"]["value"]
+    print "passcodeKeyboardComplexity %d => %s" % (value, COMPLEXITY.get(value)) 
+    return pl["restrictedValue"]["passcodeKeyboardComplexity"]["value"]
+
+def loadKeybagFromVolume(volume, device_infos):
+    systembag = volume.readFile("/keybags/systembag.kb", returnString=True)
+    if not systembag or not systembag.startswith("bplist"):
+        print "FAIL: could not read /keybags/systembag.kb from data partition"
+        return False
+    lockers = EffaceableLockers(device_infos["lockers"].data)
+    bag1key = lockers.get("BAG1")[-32:]
+    keybag = Keybag.createWithSystemkbfile(systembag, bag1key, device_infos.get("key835", "").decode("hex"))
+    keybag.setDKey(device_infos)
+    if device_infos.has_key("passcodeKey"):
+        keybag.unlockWithPasscodeKey(device_infos.get("passcodeKey").decode("hex"))
+    return keybag
+
+def bruteforcePasscode(device_infos, data_volume):
+    if device_infos.has_key("passcode"):
+        print "Passcode already found, no bruteforce required"
+        return False
+    kb = data_volume.keybag
+    if not kb:
+        return False
+    
+    rd = RamdiskToolClient.get()
+    if rd.device_infos.udid != device_infos.udid:
+        print "Wrong device connected"
+        return
+    
+    print "Passcode comlexity (from OpaqueStuff) : %s" % COMPLEXITY.get(kb.passcodeComplexity)
+    print "Enter passcode or leave blank for bruteforce:"
+    z = raw_input()
+    bf = rd.getPasscodeKey(kb.KeyBagKeys, z)
+    if kb.unlockWithPasscodeKey(bf.get("passcodeKey").decode("hex")):
+        print "Passcode \"%s\" OK" % z
+    else:
+        if z != "":
+            print "Wrong passcode, trying to bruteforce !"
+        if kb.passcodeComplexity != 0:
+            print "Complex passcode used, not bruteforcing"
+            return False
+
+        bf = rd.bruteforceKeyBag(kb.KeyBagKeys)
+        if bf and kb.unlockWithPasscodeKey(bf.get("passcodeKey").decode("hex")):
+            print "Bruteforce successful, passcode : %s" % bf["passcode"]
+            print "Passcode key : %s" % bf.get("passcodeKey")
+    if kb.unlocked:
+        device_infos.update(bf)
+        device_infos["classKeys"] = kb.getClearClassKeysDict()
+        device_infos["KeyBagKeys"] = plistlib.Data(kb.KeyBagKeys)
+        return True
+    return False