off-topic, but I did find out that you can burrow nicely into (at least the unencrypted) iDevice backups and get data out. This is useful if you want to exfiltrate data from some apps, such as grab their configuration plist or even snag text files or even pictures the apps have taken with the cam and stored internally in their data folders. This is possible because iTunes uses sqlite3 to catalog both the backups and the files in the backups.
this bit of code loads the most recently created backup and locates the plist file for the Alertus app, converting it to readable text and saving it for viewing:
rm "$tempfile" 2> /dev/null
if [ -z "$1" ] ; then
backup_folder=$(ls -t "$root" | head -n1)
if [ -z "$backup_folder" ] ; then
echo "run a backup or supply folder name"
ts=$(stat -f "%m" "$root")
modified=$(date -j -f "%s" $ts "+%Y/%m/%d %H:%M:%S")
f=$(sqlite3 "$f" "SELECT fileID FROM Files WHERE (domain='$domain' and relativePath='$relativePath')")
echo "plist is backed up at \"$f\""
cp "$f" "$tempfile"
plutil -convert xml1 "$tempfile"
echo "converted to \"$tempfile\""
or if you already have the name of the backup and need to browse it... you can dump that entire list of files into x.txt for reading in your word processor of choice
sqlite3 -header -column -cmd '.width 44 110 181 5 48' "$root" "SELECT * FROM Files" > x.txt
Note this is just letting you identify specific files in the backup, from there you just have to copy them out and maybe rename them and have at it. The biggest challenge normally is FINDING the file you are interested in among the effectively random names. But I thought it was also interesting to see what sort of files (and DATA) the apps are keeping on me. I suspect this would be quite interesting to anyone that's bored and thinks maybe some of their apps are spyyyyying on them