Added support for mbdb manifests #740
Conversation
Old iTunes backups dont seem to work at the moment as they use the Manifest.mbdb instead of the Manifest.db. Support has been added through a new seeker type to allow parsing old backups.
Added option to argeparse to allow users to access the seeker for Manifest.mbdb format iTunes backups
Old iphones store call history in call_history.db instead of the newer CallHistory.storedata. The schema is a little bit different, so a new sql query was also created.
Left a variable with the wrong name in the script.
|
Hello @Mori19, Thank you very much for adding the support for iTunes backups from older iOS versions. I have tested with many different backups (iOS 7.x, iOS 8.x). This works for some of them, but for a large number, I get the following error: The byte and the position both vary depending the manifest.mdbd parsed. Let me know if you need one of these stubborn manifest.mdbd files to investigate. Regards. |
|
Hi @Johann-PLW, I would appreciate some of the examples of non working mbdb files. Hopefully I should be able to get those sorted out once I've had a look through them. Cheers |
|
Hi @Mori19 Sorry for the late reply but you will find in the following zip a working and a non-working Manifest.mbdb of the same iPhone; Greetz |
The properties value is sometimes a binary value, which cannot decode into UTF-8. This value is never used in the program, and so was updated to be ignored.
|
Hi @Johann-PLW, No worries on that at all. I think I found the problem - some of the files have additional binary properties listed in the manifest.mbdb. As the only actual data used is the filename and domain, I have updated the parser to not attempt to decode the property, and instead ignore it. This resulted in no change to the functionality, but resolved the error message when I was looking at it. Please let me know if the issue still persists. Cheers |
|
Hi @Mori19, Thank you very much for your update. Cheers |
No longer decoding property name, encryption key, link target. These are not used, as only filename and domain name are required to determine the hashed filename.
|
Hi @Johann-PLW, Looks like it was the same issue as before, but in the encryption key field instead of the properties. I've stopped all decoding of non-essential fields, so this should be ok now. Cheers |
|
Everything works fine now. |
Old iTunes backups dont seem to work at the moment as they use the Manifest.mbdb instead of the Manifest.db. Support has been added through a new seeker type to allow parsing old backups.
Mostly from this discussion here: https://stackoverflow.com/questions/3085153/how-to-parse-the-manifest-mbdb-file-in-an-ios-4-0-itunes-backup
Changed to fit iLEAPP