Skip to content

prosch88/UFADE

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

81 Commits

ufade_developer @ f79d069

ufade_developer @ f79d069

 
 

.gitmodules

.gitmodules

 
 

README.md

README.md

 
 

bu_pw.txt

bu_pw.txt

 
 

requirements.txt

requirements.txt

 
 

ufade.py

ufade.py

 
 

Repository files navigation

UFADE

Universal Forensic Apple Device Extractor

This is a python script written for my masters thesis in IT-Security and Forensics at the Wismar University.

It utitilizes the awesome projects: pymobiledevice3 and iOSbackup to automate the acquisition of Apple mobile devices. Options can be selected via a dialog. The SSH access is realized via Paramiko.

The use of pythondialog is preventig the Windows compatibility atm. Linux and MacOS should work.

Requires Python >= 3.11.

More features may follow.


Installation

Clone the repo:

git clone https://github.com/prosch88/UFADE

To use the developer features you need to mount a DeveloperDisk image on the device. A submodule with images can be loaded while cloning:

git clone https://github.com/prosch88/UFADE --recurse-submodules

Install Dialog (and libasound2-dev on Debian):

Arch / Manjaro:

sudo pacman -S dialog

Debian / Ubuntu:

sudo apt-get install dialog libasound2-dev

CentOS / Red Hat:

sudo yum install dialog

MacOS:

brew install dialog

Install the requirements:

pip install -r requirements.txt

Usage

Connect an Apple device (iPhone, iPad) to your workstation, unlock and pair the device. Start the script:

python ufade.py

Possibly the trust-message is shown on the device screen. Confirm with "trust". Now you should see the device information screen and will be prompted to choose a working directory. By default, the script is setting this to the directory from which it has been called.

In the main menu you have the options:

Save device information to text

Save device information and a list of user-installed apps to a textfile.

Backup Options

including:

Logical (iTunes-Style) Backup

Perform a backup as iTunes would do (with an option to bruteforce an unknown backup-password)

Logical+ Backup

Perform and decrypt an iTunes backup, gather AFC-media files, shared App folders and crash reports. Creates a TAR-archive.

Logical+ Backup (UFED-Style)

Creates an "advanced Logical Backup" as ZIP-archive with an UFD file to load in the Cellebrite Physical Analyzer©

Filesystem Backup (jailbroken)

Creates a full filesystem backup from an already jailbroken device.

Collect Unified Logs

Collects the AUL from the device and saves them as a logarchive.

Developer Options

Try to mount a suitable DeveloperDiskImage. Gives further options for screenshots and filesystem views.


Like this tool?

ko-fi

About

Extract files from iOS devices on Linux and MacOS. Mostly a wrapper for pymobiledevice3. Creates iTunes-style backups and "advanced logical backups"

Resources

Readme
Activity

Stars

40 stars

Watchers

6 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages