wire-ios_legacy icon indicating copy to clipboard operation
wire-ios_legacy copied to clipboard

Published 20 hours ago • verified publisher icon wireapp

Nature of iOS backup file

Open makew0rld opened this issue 4 years ago • 5 comments

  • [x] I checked the existing issues, and the issue was not reported before.

This is a question, and not a bug.

I have transferred a Wire backup from an iOS device to a Linux laptop, so I now have the encrypted 36M .ios_wbu file. I was going to look through the code to figure this out, but I'd also like to ask here. What is the nature of the encryption on this file? I know the password of course, but I don't know the way it was encrypted, so I can't decrypt it with GPG or a similar tool.

I understand that I will not be able to use this backup on other platforms, but I still would like to be able to decrypt my conversations and store them. I'd appreciate if any Wire developers could take the time to explain the iOS encryption process, and the type of file that is used before encrypting.

Thanks!

makew0rld avatar Jul 02 '20 22:07 makew0rld

Stale issue message

github-actions[bot] avatar Oct 06 '21 09:10 github-actions[bot]

Bump? I don't want this to go stale.

makew0rld avatar Oct 06 '21 16:10 makew0rld

Hey @makeworld-the-better-one , backup is encrypted with the password that you are entering when it's created. It's using ChaCha20Poly1305 encryption implemented here Encrption is called here

Unfortunately, as you very well mentioned, the backup file is not platform-independent. However, with enough tinkering, I believe you must be able to extract some messages from it. Inside the encrypted payload you will find an sqlite database usually managed by Apple CoreData framework that has a relatively clear strucutre. Hope this helps!

mikeger avatar Jan 06 '22 21:01 mikeger

Thanks for replying! Looks like I'd have to write some custom software to extract this unfortunately. Also wondering, how is the passphrase stretched into a ChaCha20 key?

makew0rld avatar Jan 07 '22 00:01 makew0rld

@makeworld-the-better-one it's right here: the key is created by hashing the passphrase with the user account ID

mikeger avatar Jan 07 '22 10:01 mikeger

Looks like I'd have to write some custom software to extract this unfortunately.

Hey, have you by any chance written this piece of software? Would be nice if there were a backup option for these backups :) Thanks!

eugenesvk avatar Oct 08 '22 11:10 eugenesvk

@eugenesvk nope, unfortunately I never got around to doing this. If I ever did I would post information here.

makew0rld avatar Oct 08 '22 16:10 makew0rld