有没有办法查看内部并修改adb备份创建的文件? -- backup 领域 和 adb 领域 android 相关 的问题

Is there a way to look inside and modify an adb backup created file?


简体版||繁體版
43
vote

问题

中文

我创建了我的Galaxy Nexus的备份,其中 adb backup 。生成的文件名为backup.db,它是某种方式加密。

我想恢复备份,但它在恢复 com.android.providers.contacts 时停止。我使用 adb logcat ,了解正在发生的事情,并发现 com.android.acore 在还原过程中崩溃。

我想访问备份中的数据并删除联系人数据库以将所有内容恢复到手机。是否有任何其他方法从备份中恢复数据?

english

I created a backup of my Galaxy Nexus with adb backup. The resulting file is named backup.db and it's somehow encrypted.

I wanted to restore the backup, but it stops when it comes to restoring com.android.providers.contacts. I used adb logcat to find out what's going on and found out that com.android.acore crashes during the restore process.

I'd like to gain access to the data in the backup and remove the contacts database to restore everything back to my phone. Are there any other ways restoring the data from the backup?

     
 
 

回答列表

57
 
vote

我开始工作了。我到目前为止发布了我的结果,这是一个原因的"社区维基" 答案:首先,如果其他人想加入,那么有一个谈话的地方;其次,如果我从这个项目中拉开了,那么别人就会有暗示开始工作。

主机上的备份逻辑完全包含在 https:// github.com/android/platform_system_core/blob/master/adb/commandline.cpp ,在命名为 backup 中的函数中。该功能是非常简单:它验证了命令行选项,将命令发送到手机上的adb守护程序,并将手机的输出写入文件。甚至没有错误检查:例如,如果您在手机上拒绝备份, adb 只写了一个空文件。

在手机上,备份逻辑在 service_to_fd() 中启动 https://github.com/android/platform_system_core/blob/master/adb/services.cpp 。该函数标识来自主机的命令是 "backup" ,并将unparsed命令传递给 /system/bin/bu ,它是 trivial shell脚本启动 com.android.commands.bu.Backup 作为新的Android应用程序进程的主类。调用 ServiceManager.getService("backup") 以将备份服务作为 abcdefghijklmn10 ,并调用 adb uninstall com.google.android.apps.maps 1 ,将其传递它仍然未使用的文件描述符(非常间接)连接到主机上的 adb uninstall com.google.android.apps.maps 2 文件。

控制传递到 adb uninstall com.google.android.apps.maps 3 在 com.android.server.backup.backupmanagerservice ,弹出GUI要求用户确认/拒绝备份。当用户这样做时, adb uninstall com.google.android.apps.maps 4 (相同的文件)被调用。如果用户批准请求,则 adb uninstall com.google.android.apps.maps 5 据备份是加密的,并将消息传递给 adb uninstall com.google.android.apps.maps 6 (相同的文件)。 adb uninstall com.google.android.apps.maps 7 然后实例化和踢掉 adb uninstall com.google.android.apps.maps 8 (相同的文件,行4004 as写入时间)

我们最终开始生成输出,在 adb uninstall com.google.android.apps.maps 9 中,行4151 和 line 4330 。

首先, restore0 写入标题,由4或9个ASCII行组成:

  1. restore1
  2. 备份格式版本:当前 restore2
  3. restore3 如果备份是未压缩的或 restore4 如果它
  4. 加密方法:目前 restore5 restore6
  5. (如果加密),在十六进制中编码的"用户密码盐" ,所有帽子
  6. (如果加密),则在十六进制中编码的"主密钥校验盐" ,所有帽子
  7. (如果加密),"使用的pbkdf2轮数" 作为十进制数:当前 restore7
  8. (如果加密),在十六进制中编码的"用户键的IV" ,所有帽子
  9. (如果加密),在十六进制中编码的"Master IV +键Blob,由用户键加密" ,所有帽子

实际备份数据如下(取决于压缩和加密) restore8 backup0 ,或 backup1

todo :写上生成tar输出的代码路径 - 只要条目处于正确的顺序,您就可以简单地使用焦油(见下文)。

tar归档格式

应用程序数据存储在app /目录下,以_manifest文件,f /,数据库中的a /,app文件中的apk(如果请求)在sp / sp /。如果请求外部存储备份(使用-shared选项),还将存在包含外部存储文件的存档中的共享/目录。

  backup2  

加密详细信息

  1. AES 256密钥使用10000次PBKDF2从备份加密密码导出,随机生成的512位盐。
  2. AES 256主键随机生成
  3. 通过使用10000轮PBKDF2运行Master键生成主键"校验和" ,其中包含新的随机生成的512位盐。
  4. 生成随机备份加密IV。
  5. iv,master键和校验和通过派生的键连接和加密。结果blob在标题中保存为十六进制字符串。
  6. 使用主键加密实际备份数据,并附在文件的末尾。

样本包/解压缩代码实现(生成/使用)tar归档: https://github.com/nelenkov/android-backup-extractor

这里有一些更多详细信息: http://nelenkov.blogspot.com / 2012/06/unpacking-android-backups.html

perl脚本用于包装/打开包装和修复损坏的档案:

http://forum.xda-developers.com/showthread。 php?p = 27840175#post27840175

 

I started working on this. I'm posting my results so far here as a "community wiki" answer for two reasons: first, if someone else wants to join in, there's a place to talk; second, if I get pulled away from this project, there'll be hints for someone else to start working.

xc2xa0

The backup logic on the host is entirely contained within https://github.com/android/platform_system_core/blob/master/adb/commandline.cpp, in the function named backup. The function is very simple: it validates the command line options, sends the command mostly as-is to the adb daemon on the phone, and writes the phone's output to the file. There isn't even error-checking: if, for example, you refuse the backup on the phone, adb just writes out an empty file.

On the phone, the backup logic starts in service_to_fd() in https://github.com/android/platform_system_core/blob/master/adb/services.cpp. The function identifies that the command from the host is "backup", and passes the unparsed command to /system/bin/bu, which is a trivial shell script to launch com.android.commands.bu.Backup as the main-class of a new Android app process. That calls ServiceManager.getService("backup") to get the backup service as an IBackupManager, and calls IBackupManager.fullBackup(), passing it the still-unused file descriptor (very indirectly) connected to the backup.ab file on the host.

Control passes to fullBackup() in com.android.server.backup.BackupManagerService, which pops up the GUI asking the user to confirm/reject the backup. When the user do so, acknowledgeFullBackupOrRestore() (same file) is called. If the user approved the request, acknowledgeFullBackupOrRestore() figures out if the backup is encrypted, and passes a message to BackupHandler (same file.) BackupHandler then instantiates and kicks off a PerformAdbBackupTask (same file, line 4004 as of time of writing)

We finally start generating output there, in PerformAdbBackupTask.run(), between line 4151 and line 4330.

First, run() writes a header, which consists of either 4 or 9 ASCII lines:

  1. "ANDROID BACKUP"
  2. the backup format version: currently "4"
  3. either "0" if the backup is uncompressed or "1" if it is
  4. the encryption method: currently either "none" or "AES-256"
  5. (if encrypted), the "user password salt" encoded in hex, all caps
  6. (if encrypted), the "master key checksum salt" encoded in hex, all caps
  7. (if encrypted), the "number of PBKDF2 rounds used" as a decimal number: currently "10000"
  8. (if encrypted), the "IV of the user key" encoded in hex, all caps
  9. (if encrypted), the "master IV + key blob, encrypted by the user key" encoded in hex, all caps

The actual backup data follows, either as (depending on compression and encryption) tar, deflate(tar), encrypt(tar), or encrypt(deflate(tar)).

xc2xa0

TODO: write up the code path that generates the tar output -- you can simply use tar as long as entries are in the proper order (see below).

Tar archive format

App data is stored under the app/ directory, starting with a _manifest file, the APK (if requested) in a/, app files in f/, databases in db/ and shared preferences in sp/. If you requested external storage backup (using the -shared option), there will also be a shared/ directory in the archive containing external storage files.

$ tar tvf mybackup.tar -rw------- 1000/1000      1019 2012-06-04 16:44 apps/org.myapp/_manifest -rw-r--r-- 1000/1000   1412208 2012-06-02 23:53 apps/org.myapp/a/org.myapp-1.apk -rw-rw---- 10091/10091     231 2012-06-02 23:41 apps/org.myapp/f/share_history.xml -rw-rw---- 10091/10091       0 2012-06-02 23:41 apps/org.myapp/db/myapp.db-journal -rw-rw---- 10091/10091    5120 2012-06-02 23:41 apps/org.myapp/db/myapp.db -rw-rw---- 10091/10091    1110 2012-06-03 01:29 apps/org.myapp/sp/org.myapp_preferences.xml 

Encryption details

  1. An AES 256 key is derived from the backup encryption password using 10000 rounds of PBKDF2 with a randomly generated 512 bit salt.
  2. An AES 256 master key is randomly generated
  3. A master key 'checksum' is generated by running the master key through 10000 rounds of PBKDF2 with a new randomly generated 512 bit salt.
  4. A random backup encryption IV is generated.
  5. The IV, master key, and checksum are concatenated and encrypted with the key derived in 1. The resulting blob is saved in the header as a hex string.
  6. The actual backup data is encrypted with the master key and appended to end of the file.

Sample pack/unpack code implementation (produces/uses) tar archives: https://github.com/nelenkov/android-backup-extractor

Some more details here: http://nelenkov.blogspot.com/2012/06/unpacking-android-backups.html

Perl scripts for packing/unpacking and fixing broken archives:

http://forum.xda-developers.com/showthread.php?p=27840175#post27840175

 
 
         
         
15
 
vote
vote
最佳答案
 

文件未加密,除非您在创建备份时指定如此。然而,压缩(使用放气)。您可以通过查看Android源(COM / Android / Server / BackupManagManAgerService.java)代码来了解确切的格式,并且在技术上,应该能够从中提取特定数据。但是,IIRC,有一些文件完整性检查到位,所以如果您只删除了一堆数据,它可能不会起作用。不幸的是<代码> restore 命令似乎没有一个选项来恢复特定的app /包或排除包。

 

The file is not encrypted, unless your specify so when creating the backup. It is however compressed (using deflate). You can find out the exact format by looking at Android source (com/android/server/BackupManagerService.java) code, and, technically, should be able to extract specific data from it. However, IIRC, there are some file integrity checks in place, so it most probably won't work if you just delete a bunch of data from it. Unfortunately the restore command doesn't seem to have an option to restore a particular app/package only or exclude a package.

 
 
         
         
7
 
vote

从 Nikolay Elenkov 。但是,我应该补充说,有人已经开发了一个这样做的软件并在这里​​打包它: http:// sourceforge。网/项目/ adbextractor /

包包含Java和Perl工具。我自己在任何一天都更喜欢java,所以我提取了perl代码,确保它们是可执行的,安装了所需的perl库,并运行 backup3 对阵adb备份文件,它将它转换为没有任何问题的焦油或谷拓的tar文件。

我甚至在bash 3中形成了一个衬垫,允许我直接将adb备份做到zzipped tar文件:

  backup4  

希望它有所帮助。

 

Great and detailed answer from Nikolay Elenkov. However I should added that somebody already develop a software that do just that and package it here: http://sourceforge.net/projects/adbextractor/

The package contains both Java and Perl tool. I myself prefer Perl over Java any day, so I extracted the Perl codes, make sure they are executable, installed the required Perl library, and run the backupdecrypt.pl against an adb backup file, and it convert it into a tar or gzipped tar file without any issue.

I even formed a one liner in Bash 3 that allow me to do adb backup directly to gzipped tar file:

adb backup -f >(backupdecrypt.pl -D -z - backup.tgz) -all 

Hope it helps.

 
 
   
   
-4
 
vote

for浏览现有备份文件,请尝试 http://www.adb-backup.com 页面,没有"DD" ,"tar" ,...

数据未存储在此服务器上。我已经开发了这个在线服务,让您更轻松地查看备份而无需使用DD / Tar操作或安装其他软件。我是www.adb-backup.com

 

For explore existing backup file, try http://www.adb-backup.com page, it is simple without "dd", "tar", ...

Data is not stored on this server. I've developed this online service to make it easier to view backups without manipulating with dd / tar or installing additional software. I'm author www.adb-backup.com

 
 
       
       

相关问题

13  如何使用“adb pull”拉出较新的文件? (Android SDK实用程序)  ( How to pull only newer files with adb pull android sdk utility ) 
使用命令"adb pull / sdcard /" 我可以将我的Android手机内部内存的所有内容复制到我当前的本地目录(和"adb pull / mnt / extsdcard / extsdcard /" 与外部SD相同卡片)。但该命令总是复制一切,即使是我已经本地存储的文件也是如此。 是否有任何方法可以复制新...

7  如何使用adb更改“首选网络模式”而无需重新启动?  ( How to change preferred network mode using adb without reboot ) 
我正在尝试将手机的(cm 12,股票4.2,rooted)首选的网络模式从"gsm / wcdma" (0)更改为"WCDMA仅" (2),反之亦然(可以有其他模式也是)仅使用命令行。基于这个答案我可以使用命令将相关变化与 Settings.db 进行相关变化: adb shell su settings...

0  在Amazon 4K Fire TV Stick上启动循环  ( Boot looping on amazon 4k fire tv stick ) 
我正在使用我的亚马逊4k火电视。 昨天,我不得不将遥控器搭配在我们家中的另一个棍子(因为有人忘记自己的偏远),从那时起,棍子已经用橙色亚马逊字体启动了白色背景,称'火灾电视'。同样,我不确定如何在设备上安装Google Play可能也导致了技术难度,其中一些在网络上声称。 我已经联系过亚马逊,让我走到几个顾问,所...

3  我的nexus 4上的adb问题(未经授权的电话)  ( Problem with adb on my nexus 4 unauthorized phone ) 
在CMD中运行adb设备时,它表示我的手机未经授权。似乎它与RSA指纹提示有关。我不记得曾经得到这样的提示。是的,我在PTP模式下运行,并启用调试。我尝试过多个小时的互联网尝试: 启用/禁用调试模式反复 卸载并重新安装我的手机或adb 的驱动程序 adb-killserver 和 adb-startserver...

1  我用odin闪现回收力,为什么我的手机启动弓?  ( I flashed recoveries with odin why doesnt my phone boot bow ) 
三星S3 Android手机,没有植根,库存固件。 按时间顺序排列: 我打开了USB调试,虽然无法使用FastBoot。 我用odin来闪现多次恢复,但我不认为我成功了,我相信手机必须先扎根。我下载了一些reposties作为.tar.md5,但我也下载了.img,我试图将它变成了.gz - 在那个阶段我的手机仍然...

49  有没有办法让我以root身份运行adb shell而无需打字“su”?  ( Is there a way for me to run adb shell as root without typing in su ) 
有没有办法让我以root身份运行adb shell而无需键入 su ?我希望能够在没有进入shell的情况下获得root访问权限。 ...

3  adb shell命令可以测试mls / spc代码? [关闭]  ( Adb shell command that can test mls spc codes ) 
这个问题不太可能帮助任何未来的访客;它仅与小地理区域,特定时刻及时的特定时刻或非常狭窄的情况,这些情况通常不适用于互联网的全球观众。有关帮助提出这个问题更广泛适用,请访问帮助中心。 ...

3  可以在笔册(ofrooted)上使用“adb remount”?  ( Can adb remount be used on a stock phone unrooted ) 
是否可以使用 adb remount 使用标准固件,而无需根根设备?如果没有,是否有另一种方法可以强制系统制作/系统在没有根根的情况下写入? ...

0  强制使用Android平板电脑从PC连接到WiFi  ( Forcing an android tablet to connect to a wifi from pc ) 
遍之前,我有一个平板电脑(Coby Kyros Mid9742),当屏幕戒烟时(触摸屏的一半不识别触摸,在2个部分中分开)。 我试图通过HDMI电缆将平板电脑作为视频播放器用于投影仪,我的旧电话(Galaxy S,No Stuity)作为遥控器。我已经使用第三方应用程序效果了。 但主要问题是将平板电脑连接到WiFi使...

1  xiaomi m8se fastboot循环尝试安装twrp时  ( Xiaomi m8se fastboot loop when trying to install twrp ) 
在尝试安装TWRP时(Xiaomi Mi 8se的最新版本),我设法使用adb安装最新的twrp(Fastboot闪存恢复"C: Program Files(x86) minimal adb和fastboot twrp.img)。 但是,一旦我引导到TWRP,它不会将其设置为默认加载程序。 在擦除数据后,尝试在此处...




© 2022 it.wenda123.org All Rights Reserved. 问答之家 版权所有