Skip to content

Latest commit

 

History

History
141 lines (97 loc) · 4.23 KB

README.md

File metadata and controls

141 lines (97 loc) · 4.23 KB

UFADE

Universal Forensic Apple Device Extractor

This is a python script written for my masters thesis in IT-Security and Forensics at the Wismar University.

It utilizes the awesome projects: pymobiledevice3 and iOSbackup to automate the acquisition of Apple mobile devices. Options can be selected via a dialog. The SSH access is realized via Paramiko.

The use of pythondialog is preventing the Windows compatibility for the command line version. Linux and MacOS should work.

There is a new version based on CustomTkinter. This one works on Windows. You can also load the Windows version from the release page.

Requires Python == 3.11.

More features may follow.


Installation

Clone the repo:

git clone https://github.com/prosch88/UFADE

To use the developer features you need to mount a DeveloperDisk image on the device. A submodule with images can be loaded while cloning:

git clone https://github.com/prosch88/UFADE --recurse-submodules

Install Dialog (and libasound2-dev on Debian):

Arch / Manjaro:

sudo pacman -S dialog

Debian / Ubuntu:

sudo apt-get install dialog libasound2-dev

CentOS / Red Hat:

sudo yum install dialog

MacOS:

brew install dialog

for the GUI-version on MacOS:

Install the requirements:

pip install -r requirements.txt 

Windows:

install Apple-Devices


Usage

Connect an Apple device (iPhone, iPad) to your workstation, unlock and pair the device. Start the script:

python ufade.py

or

python ufade_gui.py

Possibly the trust-message is shown on the device screen. Confirm with "trust". Now you should see the device information screen and will be prompted to choose a working directory. By default, the script is setting this to the directory from which it has been called.

In the main menu you have the options:

Save device information to text

Save device information and a list of user-installed apps to a textfile.

Backup Options

including:

Logical (iTunes-Style) Backup

Perform a backup as iTunes would do (with an option to bruteforce an unknown backup-password)

Logical+ Backup

Perform and decrypt an iTunes backup, gather AFC-media files, shared App folders and crash reports. Creates a TAR-archive.

Logical+ Backup (UFED-Style)

Creates an "advanced Logical Backup" as ZIP-archive with an UFD file to load in the Cellebrite Physical Analyzer©

Filesystem Backup (jailbroken)

Creates a full filesystem backup from an already jailbroken device.

Collect Unified Logs

Collects the AUL from the device and saves them as a logarchive.

Developer Options

Try to mount a suitable DeveloperDiskImage. Gives further options for screenshots and filesystem views.

Advanced Options

Gives options like network-sniffing and various Logging functions .


Like this tool?

ko-fi

Acknowledgements

This script utilizes the following projects:

pymobiledevice3 by doronz88

iOSbackup by avibrazil

pyiosbackup by matan1008

pythondialog by frougon

CustomTkinter by TomSchimansky

crossfiledialog by maikelwever

paramiko, pandas, pyarrow, playsound