Skip to content
/ UFADE Public
forked from prosch88/UFADE

Extract files from Apple devices on Windows, Linux and MacOS. Mostly a wrapper for pymobiledevice3. Creates iTunes-style backups and "advanced logical backups"

License

Notifications You must be signed in to change notification settings

r-tx/UFADE

 
 

Repository files navigation

UFADE

Universal Forensic Apple Device Extractor

This is a python script written for my masters thesis in IT-Security and Forensics at the Wismar University.

It utilizes the awesome projects: pymobiledevice3 and iOSbackup to automate the acquisition of Apple mobile devices. Options can be selected via a dialog. The SSH access is realized via Paramiko.

The use of pythondialog is preventing the Windows compatibility for the command line version. Linux and MacOS should work.

There is a new version based on CustomTkinter. This one works on Windows. You can also load the Windows version from the release page.

Requires Python == 3.11.

More features may follow.


Installation

Clone the repo:

git clone https://github.com/prosch88/UFADE

To use the developer features you need to mount a DeveloperDisk image on the device. A submodule with images can be loaded while cloning:

git clone https://github.com/prosch88/UFADE --recurse-submodules

Install Dialog (and libasound2-dev on Debian):

Arch / Manjaro:

sudo pacman -S dialog

Debian / Ubuntu:

sudo apt-get install dialog libasound2-dev

CentOS / Red Hat:

sudo yum install dialog

MacOS:

brew install dialog

for the GUI-version on MacOS:

Install the requirements:

pip install -r requirements.txt 

Windows:

install Apple-Devices


Usage

Connect an Apple device (iPhone, iPad) to your workstation, unlock and pair the device. Start the script:

python ufade.py

or

python ufade_gui.py

Possibly the trust-message is shown on the device screen. Confirm with "trust". Now you should see the device information screen and will be prompted to choose a working directory. By default, the script is setting this to the directory from which it has been called.

In the main menu you have the options:

Save device information to text

Save device information and a list of user-installed apps to a textfile.

Backup Options

including:

Logical (iTunes-Style) Backup

Perform a backup as iTunes would do (with an option to bruteforce an unknown backup-password)

Logical+ Backup

Perform and decrypt an iTunes backup, gather AFC-media files, shared App folders and crash reports. Creates a TAR-archive.

Logical+ Backup (UFED-Style)

Creates an "advanced Logical Backup" as ZIP-archive with an UFD file to load in the Cellebrite Physical Analyzer©

Filesystem Backup (jailbroken)

Creates a full filesystem backup from an already jailbroken device.

Collect Unified Logs

Collects the AUL from the device and saves them as a logarchive.

Developer Options

Try to mount a suitable DeveloperDiskImage. Gives further options for screenshots and filesystem views.

Advanced Options

Gives options like network-sniffing and various Logging functions .


Like this tool?

ko-fi

Acknowledgements

This script utilizes the following projects:

pymobiledevice3 by doronz88

iOSbackup by avibrazil

pyiosbackup by matan1008

pythondialog by frougon

CustomTkinter by TomSchimansky

crossfiledialog by maikelwever

paramiko, pandas, pyarrow, playsound

About

Extract files from Apple devices on Windows, Linux and MacOS. Mostly a wrapper for pymobiledevice3. Creates iTunes-style backups and "advanced logical backups"

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%