CN118101474A - Method and device for extracting backup data of third-party application program and related medium - Google Patents
Method and device for extracting backup data of third-party application program and related medium Download PDFInfo
- Publication number
- CN118101474A CN118101474A CN202410284348.1A CN202410284348A CN118101474A CN 118101474 A CN118101474 A CN 118101474A CN 202410284348 A CN202410284348 A CN 202410284348A CN 118101474 A CN118101474 A CN 118101474A
- Authority
- CN
- China
- Prior art keywords
- data
- request
- key
- icloud
- party application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 37
- 230000004044 response Effects 0.000 claims abstract description 89
- 238000004590 computer program Methods 0.000 claims description 11
- 238000011084 recovery Methods 0.000 claims description 9
- 101150069304 ASN1 gene Proteins 0.000 claims description 8
- 230000008859 change Effects 0.000 claims description 8
- 238000012545 processing Methods 0.000 claims description 6
- 238000000605 extraction Methods 0.000 abstract description 11
- 230000001360 synchronised effect Effects 0.000 description 11
- 230000008569 process Effects 0.000 description 7
- 238000010276 construction Methods 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 150000003839 salts Chemical class 0.000 description 3
- 230000006978 adaptation Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 238000013075 data extraction Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses a method, a device and a related medium for extracting backup data of a third party application program, wherein the method comprises the following steps: acquiring a hosting proxy key of an iCloud account, and sending a cloud disk suite tool application initialization request to an iCloud server; receiving response data, and analyzing to obtain a cloud disk database gateway address; sending a third-party application program list acquisition request to the iCloud server, receiving response data, and analyzing to obtain list abstract information containing a record identifier; sending a program directory list acquisition request to the iCloud server, receiving response data, and analyzing to obtain a program directory list and corresponding credential data; sending a program downloading certificate request to the iCloud server, receiving response data, and analyzing to obtain a file resource downloading address; and downloading the file resource, decrypting the file resource, and splicing the file resource with the list abstract information to obtain the backup data of the third-party application program. The invention can improve the extraction efficiency of the backup data of the third party application program on the iCloud and reduce the extraction complexity.
Description
Technical Field
The present invention relates to the field of computer software technologies, and in particular, to a method and an apparatus for extracting backup data of a third party application program, and a related medium.
Background
The iCloud is an online synchronous storage service and a cloud computing service provided by apple company, a user can store data such as music, photos, application data, files, contacts, calendars and the like in the iCloud, and the data can be synchronized on all devices supporting the iCloud in a wireless push mode without using a connecting wire to realize synchronization. The iCloud may also be used to store data from third party applications and synchronize it to the apple device terminal. iCloud is built into iOS (mobile operating system developed by apple Inc.), iPadOS (mobile-side operating system based on iOS), watchOS (watch operating system based on iOS system), tvOS (television operating system based on iOS), and macOS (computer operating system developed by apple Inc.), which can be accessed through limited Web interfaces and Windows applications. iCloud allows a user to make data backup settings on an iOS device running iOS 5 or higher. The backed up data may include photos and videos in camera film, device settings, application data, information (iMessage information, text and multimedia messages), ring tones, and visual voice mail, among others. iCloud backs up when the device locks and connects to Wi-Fi and power, and if any Apple device fails, then iCloud provides the functionality to restore all data as well as application data during the restore process only when the device is synchronized to iCloud and back up.
When the user uses the data of the third party application program on the iCloud, the user needs to log in the corresponding AppleID on the device supporting iCloud synchronization, and because of the security problem, the user needs to perform two-step verification when logging in the Apple ID, and after the verification, the data of the required third party application program can be synchronized on the Apple device. When a user needs to view the data of the iCloud, access can be made through a limited Web interface or the iCloud application, but this approach cannot get the data of the third party application on the iCloud. Therefore, how to quickly, conveniently and effectively enable the ibud user to download and view the data of the ibud backup third party application program on any device is a problem to be solved at present.
Disclosure of Invention
The embodiment of the invention provides a method, a device, computer equipment and a storage medium for extracting third-party application program backup data, aiming at improving the extraction efficiency of the third-party application program backup data on iCloud and reducing the extraction complexity of the third-party application program backup data on iCloud.
In a first aspect, an embodiment of the present invention provides a method for extracting backup data of a third party application program, including:
acquiring a hosting proxy key of an iCloud account, and sending a cloud disc suite tool application initialization request to an iCloud server by using the hosting proxy key;
receiving first response data returned by the iCloud server, and analyzing the first response data to obtain a cloud disk database gateway address;
Sending a third-party application program list acquisition request to the iCloud server according to the cloud disk database gateway address, receiving second response data returned by the iCloud server, and analyzing the second response data to obtain list abstract information containing a record identifier;
sending a program catalog list acquisition request to an iCloud server, receiving third response data returned by the iCloud server, and analyzing the third response data to obtain a program catalog list and corresponding credential data;
sending a program downloading credential request to an iCloud server according to the program directory list and the corresponding credential data, receiving fourth response data returned by the iCloud server, and then resolving from the fourth response data to obtain a file resource downloading address;
and downloading according to the file resource downloading address to obtain a corresponding file resource, decrypting the file resource, and then splicing the decrypted result with the list abstract information to obtain backup data of the third-party application program.
In a second aspect, an embodiment of the present invention provides an apparatus for extracting backup data of a third party application, including:
the cloud disc suite tool application program initialization system comprises a key acquisition unit, a cloud disc suite tool application program initialization unit and a cloud disc suite server, wherein the key acquisition unit is used for acquiring a hosting proxy key of an iCloud account and sending a cloud disc suite tool application program initialization request to the iCloud server by utilizing the hosting proxy key;
the first analyzing unit is used for receiving first response data returned by the iCloud server and analyzing the first response data to obtain a cloud disk database gateway address;
The second analyzing unit is used for sending a third-party application program list acquisition request to the iCloud server according to the cloud disk database gateway address, receiving second response data returned by the iCloud server, and then analyzing the second response data to obtain list abstract information containing a record identifier;
The third analysis unit is used for sending a program directory list acquisition request to the iCloud server, receiving third response data returned by the iCloud server, and then analyzing the third response data to obtain a program directory list and corresponding credential data;
A fourth parsing unit, configured to send a program downloading credential request to an iboud server according to the program directory list and the corresponding credential data, receive fourth response data returned by the iboud server, and parse the fourth response data to obtain a file resource downloading address;
and the decryption splicing unit is used for downloading the file resources according to the file resource downloading addresses to obtain corresponding file resources, decrypting the file resources, and splicing the decrypted results with the list abstract information to obtain backup data of the third-party application program.
In a third aspect, an embodiment of the present invention provides a computer device, including a memory, a processor, and a computer program stored in the memory and capable of running on the processor, where the processor implements the method for extracting backup data of a third party application according to the first aspect when the processor executes the computer program.
In a fourth aspect, an embodiment of the present invention provides a computer readable storage medium, where a computer program is stored on the computer readable storage medium, where the computer program when executed by a processor implements a method for extracting backup data of a third party application according to the first aspect.
According to the embodiment of the invention, a hosting proxy key of an iCloud account is obtained by simulating a communication mode with an apple iCloud server, and a cloud disk suite tool application program initialization request is sent to the iCloud server to obtain a cloud disk database gateway address; sending a third-party application program list acquisition request to obtain a list abstract; sending a program directory list acquisition request to acquire a directory structure and corresponding credential data; sending a corresponding program downloading certificate request to obtain a downloading address and certificate data; and then downloading, decrypting, splicing and the like, and finally extracting to obtain iCloud third party application backup data. Therefore, the extraction efficiency of the backup data of the third-party application program on the iCloud can be improved, the extraction complexity of the backup data of the third-party application program on the iCloud is reduced, and the problems that the backup third-party application data on the iCloud cloud disk cannot be directly downloaded and checked, cannot be accessed on any platform (such as Windows and android) and the like in the existing scheme are solved, and the problems of limited scenes, low use efficiency and the like exist no matter in use of a user or in provision of the third-party service.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flow chart of a method for extracting backup data of a third party application according to an embodiment of the present invention;
Fig. 2 is a schematic sub-flowchart of a method for extracting backup data of a third party application according to an embodiment of the present invention;
FIG. 3 is a schematic block diagram of an apparatus for extracting backup data of a third party application according to an embodiment of the present invention;
Fig. 4 is a schematic block diagram of a third party application backup data extraction device according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
It should be understood that the terms "comprises" and "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It is also to be understood that the terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in this specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should be further understood that the term "and/or" as used in the present specification and the appended claims refers to any and all possible combinations of one or more of the associated listed items, and includes such combinations.
Referring to fig. 1, fig. 1 is a flowchart of a method for extracting backup data of a third party application program according to an embodiment of the present invention, which specifically includes: steps S101 to S106.
S101, acquiring a hosting proxy key of an iCloud account, and sending a cloud disc suite tool application program initialization request to an iCloud server by using the hosting proxy key;
S102, receiving first response data returned by the iCloud server, and analyzing the first response data to obtain a cloud disk database gateway address;
s103, sending a third-party application program list acquisition request to the iCloud server according to the cloud disk database gateway address, receiving second response data returned by the iCloud server, and analyzing the second response data to obtain list abstract information containing a record identifier;
S104, sending a program directory list acquisition request to the iCloud server, receiving third response data returned by the iCloud server, and analyzing the third response data to obtain a program directory list and corresponding credential data;
S105, sending a program downloading credential request to the iCloud server according to the program catalog list and the corresponding credential data, receiving fourth response data returned by the iCloud server, and then resolving the fourth response data to obtain a file resource downloading address;
s106, downloading according to the file resource downloading address to obtain a corresponding file resource, decrypting the file resource, and then splicing the decrypted result with the list abstract information to obtain backup data of the third party application program.
According to the embodiment, firstly, a hosting proxy key of an iCloud account is obtained by simulating a communication mode with an apple iCloud server, then a cloud disk suite tool application program initialization request is sent to the iCloud server to obtain a cloud disk database gateway address, then a third party application program list acquisition request is sent to obtain list abstract information, then a program directory list acquisition request is sent to obtain a directory structure and corresponding credential data, then a corresponding program downloading credential request is sent to obtain a file resource downloading address and credential data, file resources are obtained according to the file resource downloading address, and finally the downloaded file resources are decrypted and spliced to obtain iCloud third party application backup data.
According to the embodiment, the extraction efficiency of the backup data of the third-party application program on the iCloud can be improved through the process, the extraction complexity of the backup data of the third-party application program on the iCloud is reduced, the problems that the backup data of the third-party application program on the iCloud cloud disk cannot be directly downloaded and checked, and cannot be accessed on any platform (such as Windows and android) in the existing scheme are solved, and the problems that scenes are limited and the use efficiency is low no matter the user uses the backup data or the third-party service is provided are solved. By adopting the extraction method provided by the embodiment, the third party program or tool can rapidly and effectively download and view the data of the third party application program backed up on the iCloud cloud disk, and can download and view the backup data of the third party application program without using devices supporting iCloud synchronization, such as Windows computers, android mobile phones and the like.
In one embodiment, as shown in fig. 2, the step S101 includes: steps S201 to S207.
S201, constructing a managed agent request; wherein the hosted proxy request includes a first request header including user credentials and a first request body comprised of plist serialized data including command and tag fields;
s202, sending a hosting agent request to the iCloud server, and reading first data with a key value respBlob from data returned by the iCloud server;
S203, constructing a managed agent recovery request according to first data with key value respBlob;
S204, sending a managed agent recovery request to the iCloud server, and reading second data with a key value respBlob from the data returned by the iCloud server;
S205, analyzing the second data to obtain an IV value and encrypted data in the second data;
s206, performing decryption processing on the encrypted data by using an AES-CBC algorithm to obtain a corresponding decryption result, and then reading data with a key value Backup Bag Password from the decryption result;
S207, carrying out ASN1 analysis on the data with the key value Backup Bag Password, and taking an ASN1 analysis result as the managed proxy key.
In this embodiment, a managed proxy initialization request is first constructed, where the request specifically includes a request header and a request body, the request header includes a user credential, and the request body is composed of dictionary plist serialized data including command and label fields, where command is srp_init, and label is com. The network request to obtain the escrow proxy key is based on SRP-6a. After the request body and the request header are constructed, an HTTP POST request is simulated, and the HTTP POST request is connected and sent to a hosting proxy key server of the apple device to initialize the hosting proxy.
Then receiving the response data and deserializing the plist data, reading the data with key value respBlob, and resolving the salt value and the temporary key from the data. The plist data is the response data of the request, the plist format is determined by the apple server, and the salt value is the salt value in the SRP-6a protocol algorithm.
The managed proxy recovery request then continues to be built, again containing a request header and a request body, where the request body additionally adds blob-valued data and sets the data as a plist dictionary of temporary keys. After a request body and a request head of the managed proxy recovery request are constructed, an HTTP POST request is simulated, connected and sent to a managed proxy key server to carry out managed proxy recovery.
Then receiving response data and deserializing plist data, reading data with key value respBlob, and analyzing IV value and encrypted data from the data; and decrypting the secret data by an AES-CBC algorithm, wherein the decryption key is the SRP-6a key. After the decryption is successful, reading data with key value Backup Bag Password from the plist serialization data obtained by the decryption, and analyzing ASN1 (abstract syntax mark) to obtain a corresponding managed proxy key.
In an embodiment, the step S101 further includes:
Constructing a cloud disk suite tool application program initialization request; the cloud disk suite tool application initialization request comprises a second request header and a second request body, wherein the second request header comprises a user credential, and the second request body comprises a binding ID and a container ID;
And simulating an HTTP POST request, and sending the cloud disk suite tool application initialization request to an iCloud server.
In this embodiment, a cloud disk suite tool application initialization request is first constructed, which also includes a request header and a request body, where the request header needs to include a user credential, and the request body needs to include a binding ID and a container ID, which are "com.apple.clouddocs.container-metadata and com.apple.cloudocs, respectively. After the request body and the request head are constructed, an HTTP POST request is simulated, and the HTTP POST request is connected and sent to the iCloud server to perform an application program initialization request
Further, response data returned by the iCloud server is received, and the response data is read into a character string in consideration of the HTML format, so that a required cloud disk database gateway address can be conveniently obtained through analysis.
In one embodiment, the step S103 includes:
Constructing a third-party application program list acquisition request, and sending the third-party application program list acquisition request to an iCloud server;
receiving second response data returned by the iCloud server, and reading the second response data as a character string;
and extracting record retrieval change response data from the character string, and extracting list abstract information containing record identifiers from the record retrieval change response data.
In this embodiment, a third party application list acquisition request is first constructed, where the request includes a request header and a request body, where the request header needs to include a user ID and a user credential, and the request body is mainly composed of synchronous application information, device information, and a request synchronization identifier, and the request body is in a protobuf structure. After the request body and the request head are constructed, an HTTP POST request is simulated, and an application program initialization request is carried out through the acquired cloud disk database gateway address.
Response data regarding the third party application list acquisition request is received while being read into the character string in consideration of the response data being subjected to protobuf serialization processing, and thus, it is necessary to deserialize it. Then, a deserialization protobuf operation is carried out to obtain a record retrieval change response, and list abstract information containing record identifiers is extracted from the record retrieval change response.
In an embodiment, the method for extracting backup data of the third party application program further includes:
and sending a third-party application space acquisition request to the iCloud server, receiving fifth response data returned by the iCloud server, and analyzing the fifth response data to obtain space protection information containing a record identifier.
Further, the method for extracting the backup data of the third party application program further comprises the following steps:
decrypting the space protection information to obtain a package key, a target key and binary data in the space protection information;
Extracting a private key from the managed proxy key by utilizing the target key;
combining the wrapping key and the private key into a derivative key through an rfc6637 algorithm;
and based on an AES-GCM algorithm, decrypting the binary data by using the derivative key to obtain a third-party application space key list.
In this embodiment, a third party application space acquisition request is first constructed, where the request includes a request header and a request body, the request header includes a user ID and a user credential, and the request body mainly includes synchronous application information, device information, a request synchronous download initialization identifier, and a protobuf structure with a space type. After the request body and the request head are constructed, an HTTP POST request is simulated, and a third party application program space retrieval request is carried out through the acquired cloud disk database gateway address.
And receiving response data about the third-party application program space acquisition request, reading the response data into the character string, and then performing deserialization protobuf operation to obtain space retrieval response data, wherein space abstract information can be extracted from the space retrieval response data, and further, the space abstract information is analyzed to obtain space protection information.
It should be noted that the space protection information is an ASN1 structure, so that the package key, the target key and the binary data can be obtained by analyzing the space protection information. Then, a private key can be obtained by combining the target key and the managed proxy key, then the wrapping key and the private key are combined into a derivative key through the rfc6637 algorithm, and binary data are decrypted through the derivative key through the AES-GCM algorithm, wherein the binary data comprise a check value, an IV value, a TAG value and encrypted data. And obtaining a key list of the third-party application program space after decryption is completed, wherein the key list comprises decryption key data and a key signature value which are needed in the subsequent decryption operation process, and the signature value is used for finding a corresponding key.
In another embodiment, the step S104 includes:
Firstly, a program catalog list acquisition request is constructed, wherein the program catalog list acquisition request comprises a request head and a request body, the request head comprises a user ID and a user certificate, and the request body mainly comprises synchronous application information, equipment information, a request synchronous downloading identifier and a protobuf structure with catalog attributes. After the request body and the request head are constructed, an HTTP POST request is simulated, and a third party application program directory structure retrieval request is carried out through the acquired cloud disk database gateway address.
And receiving response data about the program directory list acquisition request, reading the response data into the character string, and then performing deserialization protobuf operation to obtain list abstract information containing a record identifier, wherein the list abstract information can represent a file type if the list abstract information contains a document Content identifier, or can represent a directory type if the list abstract information contains a document Content identifier. When representing the file type, the file type is analyzed to obtain the data such as the protection data, the file size, the file time, the file encryption name, the file downloading attribute and the like, and the file downloading attribute can be used as the credential data.
In yet another embodiment, the step S105 includes:
similarly, a program downloading credential request is firstly constructed, and the request comprises a request header and a request body, wherein the request header comprises a user ID and a user credential, and the request body mainly comprises a protobuf structure formed by synchronous application information, equipment information, a request synchronous downloading identifier and a file downloading attribute. After the request body and the request head are constructed, an HTTP POST request is simulated, and a third party application program downloading credential request is carried out through the acquired cloud disk database gateway address.
Receiving response data about a program downloading certificate request, reading the response data into a character string, and then obtaining a file resource list, wherein the list comprises file check sum storage host block list data; then, the storage host information, the file resource block information, the file signature information and the real file offset information can be obtained by analyzing the file checksum storage host block list data.
In one embodiment, the step S106 includes:
Processing the derivative key by utilizing KBKDF-HMAC algorithm based on the third party application space key list to obtain a master key;
Decrypting the encrypted data by using the master key to obtain a decryption key;
And decrypting the file resource by using the decryption key.
In this embodiment, a file resource downloading request is first constructed, where the request connection is formed by splicing the storage host information, and the request credential is a token in the file resource block information. And then downloading the file resource by a file resource downloading request to obtain the file resource.
When decrypting the file resource, firstly, using the derivative key, obtaining a master key through kbkdf-hmac algorithm, and then using the master key to decrypt the encrypted data through AES-ECB algorithm to obtain a decryption key; then decrypting the file encrypted name and the third party application directory structure by using the decryption key through an AES-GCM algorithm; and decrypting the downloaded file resources by using the decryption key through an AES-ECB algorithm.
And for the decrypted file resource, the file resource can be spliced into a real file by combining the directory structure of the third-party application program and the real file offset information, and finally the whole downloading process is completed to obtain the backup data of the third-party application program.
Fig. 3 is a schematic block diagram of an apparatus 300 for extracting backup data of a third party application according to an embodiment of the present invention, where the apparatus 300 includes:
A key obtaining unit 301, configured to obtain a hosting proxy key of an iboud account, and send a cloud disc suite tool application initialization request to an iboud server by using the hosting proxy key;
the first parsing unit 302 is configured to receive first response data returned by the iboud server, and parse the first response data to obtain a cloud disk database gateway address;
A second parsing unit 303, configured to send a third party application list acquisition request to the iboud server according to a cloud disk database gateway address, receive second response data returned by the iboud server, and parse the second response data to obtain list summary information containing a record identifier;
A third parsing unit 304, configured to send a program directory list acquisition request to an iboud server, receive third response data returned by the iboud server, and parse the third response data to obtain a program directory list and corresponding credential data;
A fourth parsing unit 305, configured to send a program downloading credential request to the iboud server according to the program directory list and the corresponding credential data, receive fourth response data returned by the iboud server, and then parse the fourth response data to obtain a file resource downloading address;
And the decryption splicing unit 306 is configured to download the corresponding file resource according to the file resource download address, decrypt the file resource, and splice the decrypted result with the list summary information to obtain backup data of the third party application program.
In one embodiment, as shown in fig. 4, the key obtaining unit 301 includes:
a first construction unit 401, configured to construct a managed proxy request; wherein the hosted proxy request includes a first request header including user credentials and a first request body comprised of plist serialized data including command and tag fields;
a first sending unit 402, configured to send a hosting proxy request to the iboud server, and read first data with a key value respBlob from data returned by the iboud server;
a second construction unit 403, configured to construct a managed proxy recovery request according to the first data with the key value respBlob;
A second sending unit 404, configured to send a managed proxy recovery request to the iboud server, and read second data with a key value respBlob from data returned by the iboud server;
a data parsing unit 405, configured to parse the second data to obtain an IV value and encrypted data in the second data;
A first decryption unit 406, configured to decrypt the encrypted data by using an AES-CBC algorithm to obtain a corresponding decryption result, and then read data with a key value Backup Bag Password from the decryption result;
the key setting unit 407 is configured to perform ASN1 analysis on data with a key value Backup Bag Password, and use the result of ASN1 analysis as the managed proxy key.
In an embodiment, the key obtaining unit 301 further includes:
The third construction unit is used for constructing a cloud disc suite tool application initialization request; the cloud disk suite tool application initialization request comprises a second request header and a second request body, wherein the second request header comprises a user credential, and the second request body comprises a binding ID and a container ID;
and the third sending unit is used for simulating an HTTP POST request and sending the cloud disc suite tool application program initialization request to the iCloud server.
In an embodiment, the second parsing unit 303 includes:
a fourth construction unit, configured to construct a third party application program list acquisition request, and send the third party application program list acquisition request to an iboud server;
The character string reading unit is used for receiving second response data returned by the iCloud server and reading the second response data into a character string;
And the information extraction unit is used for extracting record retrieval change response data from the character string and extracting list abstract information containing record identifiers from the record retrieval change response data.
In one embodiment, the extracting device 300 of the third party application backup data further includes:
And the fifth analyzing unit is used for sending a third-party application program space acquisition request to the iCloud server, receiving fifth response data returned by the iCloud server, and analyzing the fifth response data to obtain space protection information containing the record identifier.
In one embodiment, the extracting device 300 of the third party application backup data further includes:
the information decryption unit is used for decrypting the space protection information to obtain a package key, a target key and binary data in the space protection information;
The private key extraction unit is used for extracting the private key from the managed proxy key by utilizing the target key;
A key combination unit, configured to combine the wrapping key and the private key into a derivative key through an rfc6637 algorithm;
and the list acquisition unit is used for decrypting the binary data by utilizing the derivative key based on an AES-GCM algorithm to obtain a third-party application program space key list.
In one embodiment, the decryption concatenation unit 306 includes:
The key processing unit is used for processing the derivative key by utilizing KBKDF-HMAC algorithm based on the third party application space key list to obtain a master key;
the second decryption unit is used for decrypting the encrypted data by using the master key to obtain a decryption key;
And the third decryption unit is used for decrypting the file resource by using the decryption key.
Since the embodiments of the apparatus portion and the embodiments of the method portion correspond to each other, the embodiments of the apparatus portion are referred to the description of the embodiments of the method portion, and are not repeated herein.
The embodiment of the present invention also provides a computer readable storage medium having a computer program stored thereon, which when executed can implement the steps provided in the above embodiment. The storage medium may include: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RandomAccess Memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The embodiment of the invention also provides a computer device, which can comprise a memory and a processor, wherein the memory stores a computer program, and the processor can realize the steps provided by the embodiment when calling the computer program in the memory. Of course, the computer device may also include various network interfaces, power supplies, and the like.
In the description, each embodiment is described in a progressive manner, and each embodiment is mainly described by the differences from other embodiments, so that the same similar parts among the embodiments are mutually referred. For the system disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant points refer to the description of the method section. It should be noted that it will be apparent to those skilled in the art that various modifications and adaptations of the application can be made without departing from the principles of the application and these modifications and adaptations are intended to be within the scope of the application as defined in the following claims.
It should also be noted that in this specification, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
Claims (10)
1. The method for extracting the backup data of the third-party application program is characterized by comprising the following steps of:
acquiring a hosting proxy key of an iCloud account, and sending a cloud disc suite tool application initialization request to an iCloud server by using the hosting proxy key;
receiving first response data returned by the iCloud server, and analyzing the first response data to obtain a cloud disk database gateway address;
Sending a third-party application program list acquisition request to the iCloud server according to the cloud disk database gateway address, receiving second response data returned by the iCloud server, and analyzing the second response data to obtain list abstract information containing a record identifier;
sending a program catalog list acquisition request to an iCloud server, receiving third response data returned by the iCloud server, and analyzing the third response data to obtain a program catalog list and corresponding credential data;
sending a program downloading credential request to an iCloud server according to the program directory list and the corresponding credential data, receiving fourth response data returned by the iCloud server, and then resolving from the fourth response data to obtain a file resource downloading address;
and downloading according to the file resource downloading address to obtain a corresponding file resource, decrypting the file resource, and then splicing the decrypted result with the list abstract information to obtain backup data of the third-party application program.
2. The method for extracting backup data of a third party application according to claim 1, wherein the obtaining the hosting proxy key of the iboud account includes:
Constructing a managed agent request; wherein the hosted proxy request includes a first request header including user credentials and a first request body comprised of plist serialized data including command and tag fields;
sending a hosting agent request to the iCloud server, and reading first data with a key value respBlob from the data returned by the iCloud server;
Constructing a managed agent recovery request according to first data with key value respBlob;
Sending a managed proxy recovery request to the iCloud server, and reading second data with a key value respBlob from the data returned by the iCloud server;
Analyzing the second data to obtain an IV value and encrypted data in the second data;
Decrypting the encrypted data by using an AES-CBC algorithm to obtain a corresponding decryption result, and then reading data with key value Backup Bag Password from the decryption result;
And carrying out ASN1 analysis on the data with the key value Backup Bag Password, and taking an ASN1 analysis result as the managed proxy key.
3. The method for extracting backup data of a third party application according to claim 1, wherein the sending a cloud disk suite tool application initialization request to an iboud server by using the hosting proxy key comprises:
Constructing a cloud disk suite tool application program initialization request; the cloud disk suite tool application initialization request comprises a second request header and a second request body, wherein the second request header comprises a user credential, and the second request body comprises a binding ID and a container ID;
And simulating an HTTP POST request, and sending the cloud disk suite tool application initialization request to an iCloud server.
4. The method for extracting backup data of a third party application program according to claim 1, wherein the sending a third party application program list acquisition request to an iboud server according to a cloud disk database gateway address, receiving second response data returned by the iboud server, and then parsing the second response data to obtain list summary information containing a record identifier, includes:
Constructing a third-party application program list acquisition request, and sending the third-party application program list acquisition request to an iCloud server;
receiving second response data returned by the iCloud server, and reading the second response data as a character string;
and extracting record retrieval change response data from the character string, and extracting list abstract information containing record identifiers from the record retrieval change response data.
5. The method for extracting backup data of a third party application according to claim 1, further comprising:
and sending a third-party application space acquisition request to the iCloud server, receiving fifth response data returned by the iCloud server, and analyzing the fifth response data to obtain space protection information containing a record identifier.
6. The method for extracting backup data from a third party application of claim 5, further comprising:
decrypting the space protection information to obtain a package key, a target key and binary data in the space protection information;
Extracting a private key from the managed proxy key by utilizing the target key;
combining the wrapping key and the private key into a derivative key through an rfc6637 algorithm;
and based on an AES-GCM algorithm, decrypting the binary data by using the derivative key to obtain a third-party application space key list.
7. The method of claim 6, wherein decrypting the file resource comprises:
Processing the derivative key by utilizing KBKDF-HMAC algorithm based on the third party application space key list to obtain a master key;
Decrypting the encrypted data by using the master key to obtain a decryption key;
And decrypting the file resource by using the decryption key.
8. An apparatus for extracting backup data of a third party application program, comprising:
the cloud disc suite tool application program initialization system comprises a key acquisition unit, a cloud disc suite tool application program initialization unit and a cloud disc suite server, wherein the key acquisition unit is used for acquiring a hosting proxy key of an iCloud account and sending a cloud disc suite tool application program initialization request to the iCloud server by utilizing the hosting proxy key;
the first analyzing unit is used for receiving first response data returned by the iCloud server and analyzing the first response data to obtain a cloud disk database gateway address;
The second analyzing unit is used for sending a third-party application program list acquisition request to the iCloud server according to the cloud disk database gateway address, receiving second response data returned by the iCloud server, and then analyzing the second response data to obtain list abstract information containing a record identifier;
The third analysis unit is used for sending a program directory list acquisition request to the iCloud server, receiving third response data returned by the iCloud server, and then analyzing the third response data to obtain a program directory list and corresponding credential data;
A fourth parsing unit, configured to send a program downloading credential request to an iboud server according to the program directory list and the corresponding credential data, receive fourth response data returned by the iboud server, and parse the fourth response data to obtain a file resource downloading address;
and the decryption splicing unit is used for downloading the file resources according to the file resource downloading addresses to obtain corresponding file resources, decrypting the file resources, and splicing the decrypted results with the list abstract information to obtain backup data of the third-party application program.
9. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing a method of extracting third party application backup data as claimed in any one of claims 1 to 7 when the computer program is executed.
10. A computer readable storage medium, wherein a computer program is stored on the computer readable storage medium, and when the computer program is executed by a processor, the method for extracting backup data of a third party application program according to any one of claims 1 to 7 is implemented.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410284348.1A CN118101474A (en) | 2024-03-13 | 2024-03-13 | Method and device for extracting backup data of third-party application program and related medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410284348.1A CN118101474A (en) | 2024-03-13 | 2024-03-13 | Method and device for extracting backup data of third-party application program and related medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN118101474A true CN118101474A (en) | 2024-05-28 |
Family
ID=91161459
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410284348.1A Pending CN118101474A (en) | 2024-03-13 | 2024-03-13 | Method and device for extracting backup data of third-party application program and related medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN118101474A (en) |
-
2024
- 2024-03-13 CN CN202410284348.1A patent/CN118101474A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Anglano et al. | Forensic analysis of telegram messenger on android smartphones | |
| CN108234539B (en) | File uploading, downloading and transmitting method and device | |
| US20140082376A1 (en) | System, Method and Apparatus for Securely Saving/Retrieving Data on a Data Storage | |
| CN109495874B (en) | Profile downloading method and device | |
| CN112632007B (en) | Log storage and extraction method, device, equipment and storage medium | |
| CN104486388A (en) | Accessing method and device of cloud storage file | |
| WO2016202000A1 (en) | Differential rollback upgrading method and apparatus | |
| Gregorio et al. | Forensic analysis of telegram messenger for windows phone | |
| CN108196851A (en) | Using dissemination method and device | |
| CN104011730A (en) | Security mechanism for external code | |
| CN113568643A (en) | Resource acquisition method and device, electronic equipment and computer readable medium | |
| CN112769801B (en) | Method, device, equipment and storage medium for extracting backup from cloud server | |
| CN113273163A (en) | File uploading method, file downloading method and file management device | |
| CN113987563A (en) | Data processing method, system, product, device and storage medium | |
| CN111339551B (en) | Data verification method and related device and equipment | |
| CN108418679B (en) | Method and device for processing secret key under multiple data centers and electronic equipment | |
| CN116015767A (en) | Data processing method, device, equipment and medium | |
| CN108133026B (en) | Multi-data processing method, system and storage medium | |
| CN114615031A (en) | File storage method and device, electronic equipment and storage medium | |
| CN111444542A (en) | Data processing method, device and storage medium for copyright file | |
| CN109687970B (en) | Mobile block chain full node and implementation method thereof | |
| CN111327680A (en) | Authentication data synchronization method, device, system, computer equipment and storage medium | |
| CN118101474A (en) | Method and device for extracting backup data of third-party application program and related medium | |
| CN116244764A (en) | Method and system for generating device unique ID of Android device | |
| CN110795388B (en) | Binary file processing method, system, equipment and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication |