Spelunking An iTunes Backup

June 12th, 2013 by Allister Banks

Say you’re excited about installing a particular beta of a particular mobile operating system, and are foolhardy enough to put it on a phone that was in use for business purposes. Let’s go even further, hypothetically, and say you had been using iCloud Backup, but made a backup with iTunes before upgrading… leaving about half a day gap, during which contacts were added. This is a phone that’s often used for testing and little else, so no accounts besides iCloud are configured and you don’t encrypt the backup because you don’t have passwords you want/need restored. After the beta upgrade completes, you restore the iCloud Backup, leaving out that one phone number that’s the direct line to a level two support group at a certain backup company. iTunes is just not fun to plug into, though, so let’s go spelunking in the backup it created.

First, I need to put the backup into a state I can interact with it in. For that I chose the product with the best domain name, http://supercrazyawesome.com, and its iOS Backup Extractor. I chose to put it all in tmp, so it gets dumped sooner rather than later, and found a promising database to sift through:

in tmp

Following basic sqlite3 commands I found on @tvsutton’s site, I saw a promising table, ABPersonFullTextSearch_content. Sure enough, the contact info I was missing was there and I could pull it out to restore just that one contact I’d created.

 I never use this theme

Tags: , , , , , , ,

Comments are closed.