diff options
| -rw-r--r-- | docs/idevicebackup2.1 | 18 | ||||
| -rw-r--r-- | tools/idevicebackup2.c | 42 |
2 files changed, 53 insertions, 7 deletions
diff --git a/docs/idevicebackup2.1 b/docs/idevicebackup2.1 index ba5ef53..74d1c68 100644 --- a/docs/idevicebackup2.1 +++ b/docs/idevicebackup2.1 | |||
| @@ -62,7 +62,9 @@ remove items which are not being restored. | |||
| 62 | do not trigger re-installation of apps after restore. | 62 | do not trigger re-installation of apps after restore. |
| 63 | .TP | 63 | .TP |
| 64 | .B \t\-\-password PWD | 64 | .B \t\-\-password PWD |
| 65 | supply the password of the source backup. | 65 | supply the password for the encrypted source backup. If omitted, the password |
| 66 | will be requested in interactive mode (\f[B]\-i\f[]), or it can be passed using | ||
| 67 | the environment variable \f[B]BACKUP_PASSWORD\f[]. | ||
| 66 | .TP | 68 | .TP |
| 67 | .B info | 69 | .B info |
| 68 | show details about last completed backup of device. | 70 | show details about last completed backup of device. |
| @@ -74,13 +76,23 @@ list files of last completed backup in CSV format. | |||
| 74 | unpack a completed backup in DIRECTORY/_unback_/ | 76 | unpack a completed backup in DIRECTORY/_unback_/ |
| 75 | .TP | 77 | .TP |
| 76 | .B encryption on|off [PWD] | 78 | .B encryption on|off [PWD] |
| 77 | enable or disable backup encryption. | 79 | enable or disable backup encryption. The password will be requested in |
| 80 | interactive mode (\f[B]\-i\f[]) if omitted, or it can be passed using the | ||
| 81 | environment variable \f[B]BACKUP_PASSWORD\f[]. | ||
| 78 | .TP | 82 | .TP |
| 79 | .B changepw [OLD NEW] | 83 | .B changepw [OLD NEW] |
| 80 | change backup password on target device. | 84 | change backup password on target device. The passwords will be requested in |
| 85 | interactive mode (\f[B]\-i\f[]) if omitted, or they can be passed using the | ||
| 86 | environment variables \f[B]BACKUP_PASSWORD\f[] (old password) and | ||
| 87 | \f[B]BACKUP_PASSWORD_NEW\f[] (new password) respectively. | ||
| 81 | .TP | 88 | .TP |
| 82 | .B cloud on|off | 89 | .B cloud on|off |
| 83 | enable or disable cloud use (requires iCloud account). | 90 | enable or disable cloud use (requires iCloud account). |
| 91 | .SH SECURITY CONSIDERATIONS | ||
| 92 | Passing passwords on the command line is not advised, since it might reveal | ||
| 93 | the backup password to other users via process list or command line history. | ||
| 94 | Use interactive mode (\f[B]\-i\f[]) or pass them via environment variable(s) | ||
| 95 | as mentioned in the description of the respective commands above. | ||
| 84 | .SH AUTHORS | 96 | .SH AUTHORS |
| 85 | Martin Szulecki | 97 | Martin Szulecki |
| 86 | 98 | ||
diff --git a/tools/idevicebackup2.c b/tools/idevicebackup2.c index b024721..7cc0535 100644 --- a/tools/idevicebackup2.c +++ b/tools/idevicebackup2.c | |||
| @@ -2,7 +2,7 @@ | |||
| 2 | * idevicebackup2.c | 2 | * idevicebackup2.c |
| 3 | * Command line interface to use the device's backup and restore service | 3 | * Command line interface to use the device's backup and restore service |
| 4 | * | 4 | * |
| 5 | * Copyright (c) 2010-2019 Nikias Bassen, All Rights Reserved. | 5 | * Copyright (c) 2010-2022 Nikias Bassen, All Rights Reserved. |
| 6 | * Copyright (c) 2009-2010 Martin Szulecki, All Rights Reserved. | 6 | * Copyright (c) 2009-2010 Martin Szulecki, All Rights Reserved. |
| 7 | * | 7 | * |
| 8 | * This library is free software; you can redistribute it and/or | 8 | * This library is free software; you can redistribute it and/or |
| @@ -1433,16 +1433,18 @@ static void print_usage(int argc, char **argv) | |||
| 1433 | printf(" --settings\t\trestore device settings from the backup.\n"); | 1433 | printf(" --settings\t\trestore device settings from the backup.\n"); |
| 1434 | printf(" --remove\t\tremove items which are not being restored\n"); | 1434 | printf(" --remove\t\tremove items which are not being restored\n"); |
| 1435 | printf(" --skip-apps\t\tdo not trigger re-installation of apps after restore\n"); | 1435 | printf(" --skip-apps\t\tdo not trigger re-installation of apps after restore\n"); |
| 1436 | printf(" --password PWD\tsupply the password of the source backup\n"); | 1436 | printf(" --password PWD\tsupply the password for the encrypted source backup\n"); |
| 1437 | printf(" info\t\tshow details about last completed backup of device\n"); | 1437 | printf(" info\t\tshow details about last completed backup of device\n"); |
| 1438 | printf(" list\t\tlist files of last completed backup in CSV format\n"); | 1438 | printf(" list\t\tlist files of last completed backup in CSV format\n"); |
| 1439 | printf(" unback\tunpack a completed backup in DIRECTORY/_unback_/\n"); | 1439 | printf(" unback\tunpack a completed backup in DIRECTORY/_unback_/\n"); |
| 1440 | printf(" encryption on|off [PWD]\tenable or disable backup encryption\n"); | 1440 | printf(" encryption on|off [PWD]\tenable or disable backup encryption\n"); |
| 1441 | printf(" NOTE: password will be requested in interactive mode if omitted\n"); | ||
| 1442 | printf(" changepw [OLD NEW] change backup password on target device\n"); | 1441 | printf(" changepw [OLD NEW] change backup password on target device\n"); |
| 1443 | printf(" NOTE: passwords will be requested in interactive mode if omitted\n"); | ||
| 1444 | printf(" cloud on|off\tenable or disable cloud use (requires iCloud account)\n"); | 1442 | printf(" cloud on|off\tenable or disable cloud use (requires iCloud account)\n"); |
| 1445 | printf("\n"); | 1443 | printf("\n"); |
| 1444 | printf("NOTE: Passwords will be requested in interactive mode (-i) if omitted, or can\n"); | ||
| 1445 | printf("be passed via environment variable BACKUP_PASSWORD/BACKUP_PASSWORD_NEW.\n"); | ||
| 1446 | printf("See man page for further details.\n"); | ||
| 1447 | printf("\n"); | ||
| 1446 | printf("OPTIONS:\n"); | 1448 | printf("OPTIONS:\n"); |
| 1447 | printf(" -u, --udid UDID\ttarget specific device by UDID\n"); | 1449 | printf(" -u, --udid UDID\ttarget specific device by UDID\n"); |
| 1448 | printf(" -s, --source UDID\tuse backup data from device specified by UDID\n"); | 1450 | printf(" -s, --source UDID\tuse backup data from device specified by UDID\n"); |
| @@ -1717,6 +1719,20 @@ int main(int argc, char *argv[]) | |||
| 1717 | uint8_t is_encrypted = 0; | 1719 | uint8_t is_encrypted = 0; |
| 1718 | char *info_path = NULL; | 1720 | char *info_path = NULL; |
| 1719 | if (cmd == CMD_CHANGEPW) { | 1721 | if (cmd == CMD_CHANGEPW) { |
| 1722 | if (!interactive_mode) { | ||
| 1723 | if (!newpw) { | ||
| 1724 | newpw = getenv("BACKUP_PASSWORD_NEW"); | ||
| 1725 | if (newpw) { | ||
| 1726 | newpw = strdup(newpw); | ||
| 1727 | } | ||
| 1728 | } | ||
| 1729 | if (!backup_password) { | ||
| 1730 | backup_password = getenv("BACKUP_PASSWORD"); | ||
| 1731 | if (backup_password) { | ||
| 1732 | backup_password = strdup(backup_password); | ||
| 1733 | } | ||
| 1734 | } | ||
| 1735 | } | ||
| 1720 | if (!interactive_mode && !backup_password && !newpw) { | 1736 | if (!interactive_mode && !backup_password && !newpw) { |
| 1721 | idevice_free(device); | 1737 | idevice_free(device); |
| 1722 | printf("ERROR: Can't get password input in non-interactive mode. Either pass password(s) on the command line, or enable interactive mode with -i or --interactive.\n"); | 1738 | printf("ERROR: Can't get password input in non-interactive mode. Either pass password(s) on the command line, or enable interactive mode with -i or --interactive.\n"); |
| @@ -1758,6 +1774,12 @@ int main(int argc, char *argv[]) | |||
| 1758 | if (cmd != CMD_CLOUD && is_encrypted) { | 1774 | if (cmd != CMD_CLOUD && is_encrypted) { |
| 1759 | PRINT_VERBOSE(1, "This is an encrypted backup.\n"); | 1775 | PRINT_VERBOSE(1, "This is an encrypted backup.\n"); |
| 1760 | if (backup_password == NULL) { | 1776 | if (backup_password == NULL) { |
| 1777 | backup_password = getenv("BACKUP_PASSWORD"); | ||
| 1778 | if (backup_password) { | ||
| 1779 | backup_password = strdup(backup_password); | ||
| 1780 | } | ||
| 1781 | } | ||
| 1782 | if (backup_password == NULL) { | ||
| 1761 | if (interactive_mode) { | 1783 | if (interactive_mode) { |
| 1762 | backup_password = ask_for_password("Enter backup password", 0); | 1784 | backup_password = ask_for_password("Enter backup password", 0); |
| 1763 | } | 1785 | } |
| @@ -2113,6 +2135,12 @@ checkpoint: | |||
| 2113 | if (cmd_flags & CMD_FLAG_ENCRYPTION_ENABLE) { | 2135 | if (cmd_flags & CMD_FLAG_ENCRYPTION_ENABLE) { |
| 2114 | if (!willEncrypt) { | 2136 | if (!willEncrypt) { |
| 2115 | if (!newpw) { | 2137 | if (!newpw) { |
| 2138 | newpw = getenv("BACKUP_PASSWORD"); | ||
| 2139 | if (newpw) { | ||
| 2140 | newpw = strdup(newpw); | ||
| 2141 | } | ||
| 2142 | } | ||
| 2143 | if (!newpw) { | ||
| 2116 | newpw = ask_for_password("Enter new backup password", 1); | 2144 | newpw = ask_for_password("Enter new backup password", 1); |
| 2117 | } | 2145 | } |
| 2118 | if (!newpw) { | 2146 | if (!newpw) { |
| @@ -2129,6 +2157,12 @@ checkpoint: | |||
| 2129 | } else if (cmd_flags & CMD_FLAG_ENCRYPTION_DISABLE) { | 2157 | } else if (cmd_flags & CMD_FLAG_ENCRYPTION_DISABLE) { |
| 2130 | if (willEncrypt) { | 2158 | if (willEncrypt) { |
| 2131 | if (!backup_password) { | 2159 | if (!backup_password) { |
| 2160 | backup_password = getenv("BACKUP_PASSWORD"); | ||
| 2161 | if (backup_password) { | ||
| 2162 | backup_password = strdup(backup_password); | ||
| 2163 | } | ||
| 2164 | } | ||
| 2165 | if (!backup_password) { | ||
| 2132 | backup_password = ask_for_password("Enter current backup password", 0); | 2166 | backup_password = ask_for_password("Enter current backup password", 0); |
| 2133 | } | 2167 | } |
| 2134 | } else { | 2168 | } else { |