jsharkey13/iphone_backup_decrypt

CBC padding error

Closed this issue · 1 comments

After executing the attempt of WhatsApp decrypting database method, I got the error message as described below:

Traceback (most recent call last):
File "", line 1, in
File "C:\Users\GM\Downloads\iphone_backup_decrypt-master\src\iphone_backup_decrypt\iphone_backup.py", line 272, in extract_file
decrypted_data = self.extract_file_as_bytes(relative_path, domain)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\GM\Downloads\iphone_backup_decrypt-master\src\iphone_backup_decrypt\iphone_backup.py", line 251, in extract_file_as_bytes
return self.decrypt_inner_file(file_id=file_id, file_bplist=file_bplist)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\GM\Downloads\iphone_backup_decrypt-master\src\iphone_backup_decrypt\iphone_backup.py", line 193, in decrypt_inner_file
return google_iphone_dataprotection.removePadding(decrypted_data)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\GM\Downloads\iphone_backup_decrypt-master\src\iphone_backup_decrypt\google_iphone_dataprotection.py", line 179, in removePadding
raise Exception('Invalid CBC padding')
Exception: Invalid CBC padding

Doing my troubleshooting research, I guess this error is related to the decryption process of whatsapp chatstorage.sqlite. I have successfully installed all dependencies except the fastpbkdf2, but as described in the readme file, it is optional to the code works.

I follow whatsapp development, and they have improved their encryption or security solutions yearly, unlike iTunes which doesn't change very often. Does this CBC padding error have a possible solution?

Also, can you please show a code example of how to decrypt Manifest.db?

Thank you for the interesting project!

A CBC padding error suggests that the file you're trying to decrypt isn't in the right format. This is unlikely to be to do with the decryption process, since the problem is with the encrypted file itself before this code touches it. Are you sure the backup is encrypted? If the backup is not encrypted, that could cause this error. Is it only one file that errors and others work, or do other files have the same issue?

The line numbers you have don't seem to match the latest from master; this error was quite common with a really old version of the library. Could you try again specifically with the latest version v0.8.0? If you see the same error, then another stack trace would be useful.

As for extracting the Manifest file, it's really simple:

from iphone_backup_decrypt import EncryptedBackup

backup = EncryptedBackup(..........)
backup.save_manifest_file("./output/Manifest.sqlite")