« Home | OSWA™ » | 6816 hash passwords » | OWASP Web 2.0 Project Update » | Security Surprises On Firefox Quantum » | Hackerhubb.blogspot.com » | Vulcan DoS Vs Akamai » | Hacking Windows 95, Part 2 » | Reversing Some C++ Io Operations » | Practical Dictionary Attack On IPsec IKE » | C++ Std::String Buffer Overflow And Integer Overflow »

Recovering Data From An Old Encrypted Time Machine Backup

Recovering data from a backup should be an easy thing to do. At least this is what you expect. Yesterday I had a problem which should have been easy to solve, but it was not. I hope this blog post can help others who face the same problem.


The problem

1. I had an encrypted Time Machine backup which was not used for months
2. This backup was not on an official Apple Time Capsule or on a USB HDD, but on a WD MyCloud NAS
3. I needed files from this backup
4. After running out of time I only had SSH access to the macOS, no GUI

The struggle

By default, Time Machine is one of the best and easiest backup solution I have seen. As long as you stick to the default use case, where you have one active backup disk, life is pink and happy. But this was not my case.

As always, I started to Google what shall I do. One of the first options recommended that I add the backup disk to Time Machine, and it will automagically show the backup snapshots from the old backup. Instead of this, it did not show the old snapshots but started to create a new backup. Panic button has been pressed, backup canceled, back to Google.


Other tutorials recommend to click on the Time Machine icon and pressing alt (Option) key, where I can choose "Browse other backup disks". But this did not list the old Time Machine backup. It did list the backup when selecting disks in Time Machine preferences, but I already tried and failed that way.


YAT (yet another tutorial) recommended to SSH into the NAS, and browse the backup disk, as it is just a simple directory where I can see all the files. But all the files inside where just a bunch of nonsense, no real directory structure.

YAT (yet another tutorial) recommended that I can just easily browse the content of the backup from the Finder by double-clicking on the sparse bundle file. After clicking on it, I can see the disk image on the left part of the Finder, attached as a new disk.
Well, this is true, but because of some bug, when you connect to the Time Capsule, you don't see the sparse bundle file. And I got inconsistent results, for the WD NAS, double-clicking on the sparse bundle did nothing. For the Time Capsule, it did work.
At this point, I had to leave the location where the backup was present, and I only had remote SSH access. You know, if you can't solve a problem, let's complicate things by restrict yourself in solutions.

 Finally, I tried to check out some data forensics blogs, and besides some expensive tools, I could find the solution.

The solution

Finally, a blog post provided the real solution - hdiutil.
The best part of hdiutil is that you can provide the read-only flag to it. This can be very awesome when it comes to forensics acquisition.


To mount any NAS via SMB:
mount_smbfs afp://<username>@<NAS_IP>/<Share_for_backup> /<mountpoint>

To mount a Time Capsule share via AFP:
mount_afp afp://any_username:password@<Time_Capsule_IP>/<Share_for_backup> /<mountpoint>

And finally this command should do the job:
hdiutil attach test.sparsebundle -readonly

It is nice that you can provide read-only parameter.

If the backup was encrypted and you don't want to provide the password in a password prompt, use the following:
printf '%s' 'CorrectHorseBatteryStaple' | hdiutil attach test.sparsebundle -stdinpass -readonly

Note: if you receive the error "resource temporarily unavailable", probably another machine is backing up to the device

And now, you can find your backup disk under /Volumes. Happy restoring!

Probably it would have been quicker to either enable the remote GUI, or to physically travel to the system and login locally, but that would spoil the fun.
Related articles

  1. Pentest Tools Review
  2. Hack Tools Download
  3. What Are Hacking Tools
  4. Pentest Automation Tools
  5. Hacking Tools Download
  6. Underground Hacker Sites
  7. Hackrf Tools
  8. Android Hack Tools Github
  9. Hack Tools For Pc
  10. Hacking Apps
  11. Hacker Tools For Ios
  12. Pentest Tools For Mac
  13. Pentest Tools Android
  14. Top Pentest Tools
  15. Best Hacking Tools 2020
  16. Pentest Tools Review
  17. Hack Tools Online
  18. Hack And Tools
  19. Pentest Tools Review
  20. Hacker Tools
  21. Hacker Tools
  22. Underground Hacker Sites
  23. Pentest Tools For Android
  24. Pentest Tools Open Source
  25. Pentest Tools Windows
  26. Hacker
  27. Pentest Tools Online
  28. Hacker Tools For Windows
  29. Hackers Toolbox
  30. Hack Tools Mac
  31. Pentest Tools Bluekeep
  32. Hacking Tools For Windows
  33. Best Hacking Tools 2019
  34. Pentest Tools Alternative
  35. Hacker Tools Hardware
  36. Pentest Tools Review
  37. Growth Hacker Tools
  38. Hack Tools For Pc
  39. Computer Hacker
  40. Hacking Tools Kit
  41. Hacking Tools Pc
  42. Pentest Tools Subdomain
  43. Pentest Tools Subdomain
  44. Hacker Tools For Ios
  45. How To Make Hacking Tools
  46. Github Hacking Tools
  47. Hacker Tools List
  48. Blackhat Hacker Tools
  49. Ethical Hacker Tools
  50. Hacker Tools For Mac
  51. Hacking Tools For Pc
  52. Hack Tools
  53. Hacking Tools Name
  54. Hacker Security Tools
  55. Underground Hacker Sites
  56. Blackhat Hacker Tools
  57. Hack Apps
  58. Hacker Tools Software
  59. Hack Tools Mac
  60. Pentest Tools
  61. Hacker Tools For Mac
  62. Pentest Tools Framework
  63. Pentest Tools For Ubuntu
  64. Pentest Tools Tcp Port Scanner
  65. Wifi Hacker Tools For Windows
  66. Computer Hacker
  67. Pentest Tools Bluekeep
  68. Best Hacking Tools 2020
  69. Hacking Tools Github
  70. Pentest Box Tools Download
  71. Best Pentesting Tools 2018
  72. Pentest Tools Free
  73. Hacker Tools List
  74. Growth Hacker Tools
  75. World No 1 Hacker Software
  76. Hack Tools Online
  77. Hackers Toolbox
  78. Hacker Tools Mac
  79. Pentest Tools
  80. Hacker Security Tools
  81. Hack Tools Github
  82. Pentest Automation Tools
  83. Wifi Hacker Tools For Windows
  84. Hack Tools For Games
  85. Hacker Tools
  86. Growth Hacker Tools
  87. Pentest Tools Website Vulnerability
  88. Hackers Toolbox
  89. Free Pentest Tools For Windows
  90. Hacker Tools For Mac
  91. Pentest Tools For Windows
  92. Hacking Tools For Mac
  93. Android Hack Tools Github
  94. Hack Tools For Games
  95. Hack Rom Tools
  96. Hacker Tools Linux
  97. Hacking App
  98. Pentest Tools For Windows
  99. Pentest Reporting Tools
  100. Hacking Tools For Windows 7
  101. Hacking Tools Free Download
  102. Top Pentest Tools
  103. Hacking Tools 2020
  104. Hacking Tools Download
  105. Hacking Tools For Mac
  106. Hacker Tools Hardware
  107. Hacking Tools For Windows Free Download
  108. Hacker Tools For Ios
  109. Hack Website Online Tool
  110. Pentest Tools Apk
  111. Pentest Tools Windows
  112. Hack Tools For Pc
  113. How To Hack
  114. Hacking Tools Download
  115. Pentest Tools Online
  116. Pentest Tools Tcp Port Scanner
  117. Beginner Hacker Tools
  118. Easy Hack Tools
  119. Pentest Tools List
  120. Hacking Tools Usb
  121. Hacking Apps
  122. Hacking App
  123. Pentest Tools Open Source
  124. Github Hacking Tools
  125. Hacker Tools For Pc
  126. Hacking Tools And Software
  127. Hacking Tools
  128. Hacker Tools For Windows
  129. Hacking Tools For Windows Free Download
  130. Hacking Tools For Beginners
  131. Best Pentesting Tools 2018
  132. Best Pentesting Tools 2018
  133. Hack Tool Apk No Root
  134. Wifi Hacker Tools For Windows
  135. Hacker Tools Free
  136. Kik Hack Tools
  137. World No 1 Hacker Software
  138. Tools 4 Hack

Posted by K. Lianne on Monday, January 22, 2024 at 6:46 PM |

Post a Comment

Search


Previous posts

Archives

Links

Subscribe to this blog's feed
[What is this?]
Powered by Blogger
& Blogger Templates