-
Notifications
You must be signed in to change notification settings - Fork 52
Reverse Engineering
Rich Infante edited this page Apr 19, 2018
·
3 revisions
This toolkit now contains a feature which is helpful for reverse engineering iOS backups (for iOS 10+). Included within the manifest report is a feature which allows extraction of all of the files in the backup.
This snippet will export all of the files in the backup. The top-level folders that are exported correspond to the individual app domains that are included in the backup.
# v4+
ibackuptool -b $UDID -r 'backup.files' --extract EXPORTED/
# old versions
ibackuptool -b $UDID -r manifest --extract EXPORTED/From that point, you should be able to interact with the raw files in the backup using their usual tools. For many of the dataases in the backups, the sqlite3 tool will often read and interact with them.