Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

iCloud backup's is not downloaded #87

Open
Witcher987 opened this issue Jul 5, 2018 · 265 comments
Open

iCloud backup's is not downloaded #87

Witcher987 opened this issue Jul 5, 2018 · 265 comments
Assignees

Comments

@Witcher987
Copy link

Hello.
Today I wasn't able to download iCloud backup using InflatableDonkey. Does someone else faced similar issue recently?

@tapanshah1
Copy link

yes, i also facing this issue for ios 11 and its worked with ios 9.3.5

@gwerz
Copy link

gwerz commented Jul 7, 2018

Yes,Not work for iOS11. Maybe apple changed something.

@liwenjie0728
Copy link

anyone who know why?

@Aliasr
Copy link

Aliasr commented Jul 12, 2018

Seems that the recordRetrieveRequest operation is failing to retrieve the file assets. Manifests are still retrieved, but file requests are returning the error "Record not found".

Maybe Apple changed the manifest encryption or added a new ProtectionInfo field?

@jeanclaudevangogh
Copy link

Too bad this wonderfully invested piece of code is now going the the dumpster of history.
Allowing us to download our backups from Apple is in my view a critical principles and part of our basic civil rights.

Shame on Apple to deny our rights to access our own backup... our own content that they are making money from... as their are most likely standing behind brutally closing this project.

Anyhow, IMO The only way we can fix this issue is to gather up.
I'm sure there are a lot of people here that can contribute.
I'm totally into it and can contribute a lot myself but need other team members to join the effort and work together.

For starter,
Anyone got a trace level log of a working session before this issue? if yes, please generate a new trace level log and share both (the log before this issue and after).

Please join the effort and don't let the selfish 'bad guys' win and deny our basic rights!

"They say jump you say how high..."

@Blokh
Copy link

Blokh commented Jul 21, 2018

Greeting Guys,
I started to work on the gem in order to keep it alive.
anyone who would like to join me, Is more than welcome.
I am willing to lead a team for this community for success and I am more than sure that we'll be able to find the issue and fix it pretty soon.
Anyone who would like to join is welcome to mail me at danielblokhi@gmail.com
Hopefully we'll resolve this soon.

@netsutra
Copy link

netsutra commented Jul 22, 2018

Does not seem to work with 10.3 also, in my experience! It used to work till few days back.

@ronburgundy264
Copy link

@Poseidone Hey! Could you please leave here your contacts to discuss the solution

@oct-test
Copy link

Any progress on this issue?

@smander42241
Copy link

Anyone hear anything?

@oct-test
Copy link

@Blokh Any update so far?

@Blokh
Copy link

Blokh commented Aug 3, 2018

Oct-test no news so far. trying to reverse engineer a request from icloud for backup.
so far hasn't got anything

@eXqusic
Copy link

eXqusic commented Aug 12, 2018

Just letting you know that "Tenorshare UltData" is using a modified version of InflatableDonkey that works for ios 12! If you install it then look in the install location folder under iCloud, it has a copy of InflatableDonkey. I noticed that it also uses an extra file called iCloudLib.dll. So for now that can be used.

@smander42241
Copy link

When I try to run that version I'm getting AccessDeniedExceptions, you're saying to run Tenorshare instead of that jar?

@eXqusic
Copy link

eXqusic commented Aug 12, 2018

No you still run the jar.

@smander42241
Copy link

are there any different variables to pass in?

@eXqusic
Copy link

eXqusic commented Aug 12, 2018

Run it like you normally would or just use UltData and let it do it for you.

@smander42241
Copy link

yeah when I run it via java -jar InflatableDonkey.jar username pass, it throws an AccessDeniedException

@smander42241
Copy link

If I move it to another folder it runs, but doesn't download anything

@eXqusic
Copy link

eXqusic commented Aug 12, 2018

Try using DsPrsID/mmeAuthToken instead. I didnt directly run it with my email and pass. Use the program and then look through the logs it makes in either program files or appdata and it should say the command it used. Just remove the domain part at the end.

@smander42241
Copy link

sweet got it thanks!

@Aliasr
Copy link

Aliasr commented Aug 13, 2018

I can't find the logs. Could you point us towards the file or tell us the command you used? Thanks.

@eXqusic
Copy link

eXqusic commented Aug 14, 2018

Its in AppData\Local\Temp\ts_download\log.txt. The command I exactly used was...
Make sure to cd into your Appdata file and run
Tenorshare\jre\jre1.8.0_131\bin\java.exe" -jar "C:\Program Files (x86)\Tenorshare UltData\iCloud\InflatableDonkey.jar" "DsPrsID/mmeAuthToken" -o "C:\Users\NAME\AppData\Local\Temp\ts_download"

@ronburgundy264
Copy link

Hi guys!
I got some progress on the issue but gonna need some help.
Please email me @ ronburgundy264@gmail.com if you want work together on it

@horrorho
Copy link
Owner

horrorho commented Aug 18, 2018

Patched. Please report any bugs.

I'll be around for another week or so after which I'll likely take an indefinite hiatus.

🌵

@horrorho horrorho self-assigned this Aug 18, 2018
@horrorho horrorho added the iOS11 label Aug 18, 2018
@eXqusic
Copy link

eXqusic commented Aug 18, 2018

Wow thank you Horrorho!

@horrorho
Copy link
Owner

Although it looks like an issue that required a large patch, it really isn't. The core of the patch involves using privileged QueryRetrieve instead of RecordRetrieve for manifest and key bag handling.

The majority of the patch bulk comes from the fact that I transplanted updated protobuf definitions from an undisclosed tool I maintain. This has had the knock on effect of altering numerous class calls. However, although not complete or the latest version, the updated protobuf definitions are definitely worth checking out for those wanting a closer peek under the hood.

🦁

@RobLinux
Copy link

PCSFPCopyDecryptedData is used in CreateWithExportedInternal which is used in many other PCS* methods.

Most probably the ford data is used like you say.

As for synchronizing with us, send me a mail to persitentlibrary@gmail.com with your Skype :)

@snak3y
Copy link

snak3y commented Dec 20, 2019

Pretty sure that PCSFP method is used for ProtectionZone stuff only. Time to move on to looking at something else.

@lisaikeha
Copy link

@RobLinux @snak3y
Have you ever met this problem? It was ok if set the clientInfo to iOS9.3.5, buf it fails if I set the clientInfo to iOS11.4.1
screenshot:
fd2

@RobLinux
Copy link

@RobLinux @snak3y
Have you ever met this problem? It was ok if set the clientInfo to iOS9.3.5, buf it fails if I set the clientInfo to iOS11.4.1
screenshot:
fd2

probably the headers in the past communication.

@RobLinux
Copy link

Pretty sure that PCSFP method is used for ProtectionZone stuff only. Time to move on to looking at something else.

Hey, yeah that's for sure :) Was it you that sent me an email (being paranoid here as many tried to add me and were not you hah)

@lisaikeha
Copy link

@RobLinux no, I set the same clientInfo to all requests.
I was passing "username:PET" to the Basic Authentication Header of /setup/get_accout_settings, did I do the same thing with you ?

@RobLinux
Copy link

just follow up the conversation, everything is explained here

@snak3y
Copy link

snak3y commented Dec 23, 2019

@RobLinux Yes, that's me. (Snak3y XO, that is). Don't have a lot of time with the holidays, but will try to work on this when I can.

Last thing I was looking at was those CSCryptor methods, which looked pretty interesting. Following from the method you were looking at, seems like you can only have V1 or V2 init methods. But the CSCryptor (it's V2, I think) looked like it was pulling fields out at offsets that would be incompatible with our Ford data.

@RobLinux
Copy link

I added you, I have something to show you if you get time.

@RobLinux
Copy link

@RobLinux
Copy link

https://github.com/lvchangye/iOS-Header/blob/master/akd/AKADIProxy.h
https://github.com/lvchangye/iOS-Header/blob/master/akd/AKClientAnisetteService.h

yes I already reverse engineered those binaries but are heavily encrypted. By the way we're onto something else than Anisette data having sorted that out.

@lisaikeha
Copy link

lisaikeha commented Dec 28, 2019

just follow up the conversation, everything is explained here

@RobLinux Hi, I have solved the problem I post previously, it's the Authorization Header issue in escrowproxyapis.
right now, I am facing another problem:
I can't use the mmeAuthToken get from "get_account_settings" in the flowing workflow like "/setup/ck/v1/ckAppInit" if I set clientInfo higher than iOS 11.2, it always fails with HTTP 401 status code. But when I set the clientInfo below than iOS 11.2, it works.
I think I was using the same routing as you do, but I could't figure out what's the problem maybe there was some details I haven't done. Could you please help me out or just send me an fiddler archieve for refrence?
Thanks lot!

@snak3y
Copy link

snak3y commented Jan 2, 2020

@RobLinux Sorry, had much less time than I thought over the holidays. I can spend some time later today on the decryption again. And I'll read that link you posted, thanks for sharing.

@Dadoum
Copy link

Dadoum commented Jan 2, 2020

just follow up the conversation, everything is explained here

@RobLinux Hi, I have solved the problem I post previously, it's the Authorization Header issue in escrowproxyapis.
right now, I am facing another problem:
I can't use the mmeAuthToken get from "get_account_settings" in the flowing workflow like "/setup/ck/v1/ckAppInit" if I set clientInfo higher than iOS 11.2, it always fails with HTTP 401 status code. But when I set the clientInfo below than iOS 11.2, it works.
I think I was using the same routing as you do, but I could't figure out what's the problem maybe there was some details I haven't done. Could you please help me out or just send me an fiddler archieve for refrence?
Thanks lot!

@lisaikeha
Do you have any email where we will be able to search ? I'm trying to create code snippet that permit to get M2 and token.

@RobLinux
Copy link

RobLinux commented Jan 3, 2020

just follow up the conversation, everything is explained here

@RobLinux Hi, I have solved the problem I post previously, it's the Authorization Header issue in escrowproxyapis.
right now, I am facing another problem:
I can't use the mmeAuthToken get from "get_account_settings" in the flowing workflow like "/setup/ck/v1/ckAppInit" if I set clientInfo higher than iOS 11.2, it always fails with HTTP 401 status code. But when I set the clientInfo below than iOS 11.2, it works.
I think I was using the same routing as you do, but I could't figure out what's the problem maybe there was some details I haven't done. Could you please help me out or just send me an fiddler archieve for refrence?
Thanks lot!

@lisaikeha
Do you have any email where we will be able to search ? I'm trying to create code snippet that permit to get M2 and token.

Hello @Dadoum, sorry I have not been able to answer you as I'm on holidays for now.
Regarding the M2 and the token there's only way for now I have been able to do it is to load the iCloud for windows DLLs and use some methods within it directly. Code extraction could be possible but the code is very obfuscated so it's very tough, I stopped after trying for a week.

@RobLinux
Copy link

@Dadoum wrote you back

@RobLinux
Copy link

They finally updated their security guide

https://support.apple.com/guide/security/cloudkit-sec3d52c0374/1/web/1 XTS is used

@snak3y
Copy link

snak3y commented Jan 17, 2020

@RobLinux Very interesting. I haven't had much time to work on this but will take a look. Thanks for sharing!

@ArnoldCell
Copy link

hey guys are you still on it?
maybe we can join forces

@snak3y
Copy link

snak3y commented Jan 21, 2020

@ArnoldCell When I have time, yes. I haven't got a device at the moment and we were at the point where one was needed to continue investigating. Not sure where the others are at right now... @RobLinux ?

@RobLinux
Copy link

I have a working piece of code with macOS methods. More to come very soon

@snak3y
Copy link

snak3y commented Jan 26, 2020

@RobLinux Looks like you're very close, amazing work. I really hope its not related to the device specifically, as that would be a headache.

I was unable to get an iPhone so I can't really debug as you're doing. If you've got it working with the macOS methods, I can likely help with translating them back into code if you need.

@Dadoum
Copy link

Dadoum commented Mar 14, 2020

It calls Apple libraries like their implementation.
But I succeed to get this .
I got them from Apple Music for Android. It have ARM64 and ARMv7 implementation for Anisette, and it seems to be human readable (or maybe not I do not know C a lot).

@Aliasr
Copy link

Aliasr commented May 12, 2020

Hi all. It seems InflatableDonkey finally stopped working completely a few days ago. Does anyone knows if it is a missing header or is it something more serious?

Did anyone managed to get it work with iOS 13?

Thanks all for the hard work to keep this project alive.

@frankenstain123
Copy link

Quick update, I am now able to reproduce the routes to gsa/startMachineProvisioning + gsa/finishMachineProvisioning using iCloud_main.dll calls (it is obfuscated code) to generate the .pb files.

This allows fully impersonating an iPhone from the GSA connection process and get the backups with a proper I-MD and I-MD-M

Moreover I can assure that the device ID is a pure UUID and is not needed to be in a special form.

Now i'll be back on backup research with you guys as I can access it again (because before I was logging in with iCloud For Windows anisette data which forbid me to get backups ;-) )

@RobLinux If I understood you correctly you generated adi files with valid anisette data, which can be used for further downloading backup.

I tried different combinations of input data for machineProvisioning, but all that I get – different errors and account ban from Apple.
Did you get any progress on your research? Were you able to download some backups on Windows?
Also, could you share info about how you get valid anisette data using iCloud_mail.dll, if it is possible?

@KJY5713
Copy link

KJY5713 commented Mar 10, 2022

just follow up the conversation, everything is explained here

@RobLinux Hi, I have solved the problem I post previously, it's the Authorization Header issue in escrowproxyapis. right now, I am facing another problem: I can't use the mmeAuthToken get from "get_account_settings" in the flowing workflow like "/setup/ck/v1/ckAppInit" if I set clientInfo higher than iOS 11.2, it always fails with HTTP 401 status code. But when I set the clientInfo below than iOS 11.2, it works. I think I was using the same routing as you do, but I could't figure out what's the problem maybe there was some details I haven't done. Could you please help me out or just send me an fiddler archieve for refrence? Thanks lot!

Could you give me a fiddler archieve for refrence?? In advance, Thakns lot!
Give me a reply with your email.

@Alkenso
Copy link

Alkenso commented Nov 16, 2023

For authorization, most of requests to iCloud now require i.e. AnisetteData (X-Apple-I-MD + X-Apple-I-MD-M)
That is hardware-dependent tokens that may be generated only on iOS/macOS device.

Adding that tokens allow requests to be authorized.
For more details on AnisetteData, check https://github.com/altstoreio/AltStore/blob/main/AltDaemon/AnisetteDataManager.swift

@Dadoum
Copy link

Dadoum commented Nov 16, 2023

For authorization, most of requests to iCloud now require i.e. AnisetteData (X-Apple-I-MD + X-Apple-I-MD-M) That is hardware-dependent tokens that may be generated only on iOS/macOS device.

It isn't. It's neither hardware dependent (old macs can generate it too) nor tied to Apple OSes (it's also used on Windows' iCloud, iTunes, and all their new Apple Microsoft Store apps, and it's also used on Android, in Apple Music and Apple TV, and supposedly in Shazam).

You can generate it easily on any x86_64, x86, armv7 or arm64 device with my project Provision. It internally uses the Android app to avoid reimplementing the obfuscated algorithm.

Adding that tokens allow requests to be authorized. For more details on AnisetteData, check https://github.com/altstoreio/AltStore/blob/main/AltDaemon/AnisetteDataManager.swift

It's used to identify device used on the endpoints, most notably for 2FA trust purposes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests