First, you need to set up the database by plugging the appropriate md5 into the gendb.py, and then running it. It uses the unix file utility to identify the file and then stores all that in the files table of filetypes.db, which has the schema of name, type, xtype, len, atime, mtime.
The other two scripts use this database to scan through it all. typecount.py will tell you how many of each filetype there are. sqlist.py will scan through all the SQLite3 databases and report the tables they contain. This is useful in identifying the databases in question.
With that out of the way, I found several interesting databases:
$ python sqllist.py
/Users/jacksonservheen/Library/Application Support/MobileSync/Backup/c02ecb74b86a49f95ec96d1a87f4dd4b6abf4b46-20151205-132750/Snapshot
Database 06196a61cf209070363f0b0a05b385a25976c2df
Tables: _SqliteDatabaseProperties, PairedDevices
------------------------------
Database 0d609c54856a9bb2d56729df1d68f2958a88426b
Tables: ZCHECKUPEVENT, ZDEMOLIVEUSAGE, ZEVENT, ZEVENTSCENE, ZLIVEUSAGE, ZPEER, ZPROCESS, ZTSHOOTINGDATA, ZWIFIDATA, Z_PRIMARYKEY, Z_METADATA
------------------------------
Database 12b144c0bd44f2b3dffd9186d3f9c05b917cee25
Tables: Z_METADATA, ZCLOUDSHAREDALBUMINVITATIONRECORD, ZCLOUDFEEDENTRY, ZMOMENTLIBRARY, ZASSETDESCRIPTION, ZALBUMLIST, ZMOMENT, ZADDITIONALASSETATTRIBUTES, Z_1KEYWORDS, ZMOMENTLIST, ZGENERICALBUM, Z_15ALBUMLISTS, Z_16ASSETS, ZFACE, ZCLOUDSHAREDCOMMENT, ZSEARCHDATA, ZGENERICASSET, ZADJUSTMENT, ZCLOUDMASTER, ZUNMANAGEDADJUSTMENT, ZASSETTOALBUMORDER, ZCLOUDRESOURCE, ZCLOUDMASTERMEDIAMETADATA, ZKEYWORD, ZSIDECARFILE, Z_PRIMARYKEY
------------------------------
Database 2041457d5fe04d39d0ab481178355df6781e6858
Tables: _SqliteDatabaseProperties, sqlite_sequence, Identity, ExceptionDate, Category, CategoryLink, ResourceChange, OccurrenceCache, OccurrenceCacheDays, Store, StoreChanges, Calendar, CalendarChanges, Participant, ParticipantChanges, Location, CalendarItem, CalendarItemChanges, Alarm, AlarmChanges, Recurrence, RecurrenceChanges, EventAction, EventActionChanges, Attachment, AttachmentChanges, Sharee, ShareeChanges, Notification, NotificationChanges, ScheduledTaskCache, ClientCursor, ClientSequence, ClientCursorConsumed
------------------------------
Database 22b5fb3c3890cfc5cee685c923922e8ebe8ee9fd
Tables: ZSETTING, Z_PRIMARYKEY, Z_METADATA, ZALARM
------------------------------
Database 2b2b0084a1bc3a5ac8c27afdf14afb42c61a19ca
Tables: _SqliteDatabaseProperties, call, sqlite_sequence
------------------------------
Database 303e04f2a5b473c5ca2127d65365db4c3e055c05
Tables: Z_METADATA, ZRECORDING, ZENTITYREVISION, ZDATABASEPROPERTY, Z_PRIMARYKEY
------------------------------
Database 31bb7ba8914766d4ba40d6dfb6113c8b614be442
Tables: _SqliteDatabaseProperties, ABStore, sqlite_sequence, ABPersonSearchKey, ABPersonBasicChanges, ABGroup, ABAccount, ABGroupMembers, ABMultiValueLabel, ABMultiValueEntry, ABMultiValueEntryKey, ABPhoneLastFour, ABPersonMultiValueDeletes, ABRecent, ABGroupChanges, ABPerson, ABPersonChanges, ABPersonLink, FirstSortSectionCount, LastSortSectionCount, FirstSortSectionCountTotal, LastSortSectionCountTotal, ABMultiValue, ABPersonFullTextSearch, ABPersonFullTextSearch_content, ABPersonFullTextSearch_segments, ABPersonFullTextSearch_segdir, ABPersonFullTextSearch_docsize, ABPersonFullTextSearch_stat
------------------------------
Database 3d0d7e5fb2ce288813306e4d4636395e047a3d28
Tables: _SqliteDatabaseProperties, message, sqlite_sequence, chat, attachment, handle, message_attachment_join, chat_handle_join, chat_message_join
------------------------------
Database 4096c9ec676f2847dc283405900e284a7c815836
Tables: TableInfo, Fences, CompassCalibration, ClusterCompassCalibration, BeaconFences
------------------------------
Database 462db712aa8d833ff164035c1244726c477891bd
Tables: cookies
------------------------------
Database 5a4935c78a5255723f707230a451d79c540d2741
Tables: ZCALLDBPROPERTIES, ZCALLRECORD, Z_PRIMARYKEY, Z_METADATA
------------------------------
Database 609b8b513a0f7eee156dd7fc06ffe1919d9da812
Tables: ZALBUMACTIVITY, ZALBUMCHANGECOUNTER, ZASSETACTIVITY, ZASSETCHANGECOUNTER, ZCHANGECOUNTERMAX, Z_PRIMARYKEY, Z_METADATA
------------------------------
Database 64d0019cb3d46bfc8cce545a8ba54b93e7ea9347
Tables: admin, access, access_times, access_overrides
------------------------------
Database 75b12106910f0b106f64d72eb75397427884fd5a
Tables: sqlite_sequence, properties, metadata, recents, contacts
------------------------------
Database 80c42a429a2e9877c4972b1e1ae246efc55f9c3c
Tables: ZCANCELEDDOWNLOAD, ZPUSHNOTIFICATION, ZPUSHNOTIFICATIONCLIENT, ZPUSHNOTIFICATIONENVIRONMENT, ZRINGTONEPURCHASE, Z_PRIMARYKEY, Z_METADATA
------------------------------
Database 8896671f94fe1f6dc638d66154c4799ebd07f7d3
Tables: TableInfo, GyroCalibration
------------------------------
Database 9143d986a77ab8cf5878e4e9ac80627477eb6674
Tables: ZMICROPAYMENTBASE, ZMICROPAYMENTCLIENT, ZMICROPAYMENTDOWNLOAD, Z_PRIMARYKEY, Z_METADATA
------------------------------
Database 943624fd13e27b800cc6d9ce1100c22356ee365c
Tables: ZACCESSOPTIONSKEY, Z_METADATA, ZDATACLASS, ZACCOUNT, Z_2PROVISIONEDDATACLASSES, Z_2ENABLEDDATACLASSES, ZACCOUNTTYPE, Z_4SUPPORTEDDATACLASSES, Z_4SYNCABLEDATACLASSES, ZAUTHORIZATION, ZACCOUNTPROPERTY, Z_1OWNINGACCOUNTTYPES, Z_PRIMARYKEY
------------------------------
Database 992df473bbb9e132f4b3b6e4d33f72171e97bc7a
Tables: _SqliteDatabaseProperties, voicemail, sqlite_sequence
------------------------------
Database 9c2390b6a6db7028ca5b61aef42d90cb6065bfc5
Tables: software_update
------------------------------
Database af0a461cff85322d0c029fedc42e7841ecbd5b9f
Tables: kvs_value
------------------------------
Database ca3bc056d4da0bbf88b5fb3be254f3b7147e639c
Tables: ZACCOUNT, ZNEXTID, ZNOTE, ZNOTEATTACHMENT, ZNOTEBODY, ZNOTECHANGE, ZPROPERTY, ZSTORE, Z_PRIMARYKEY, Z_METADATA
------------------------------
Database cd6702cea29fe89cf280a76794405adb17f9a0ee
Tables: _SqliteDatabaseProperties, ABThumbnailImage, ABFullSizeImage
------------------------------
Database d1f062e2da26192a6625d968274bfda8d07821e4
Tables: generations, sync_properties, bookmarks, folder_ancestors, bookmark_title_words
------------------------------
Database d22d4e3c06ed92f73666c24a1cd0c80466c7d4d5
Tables: ZMICROPAYMENTDOWNLOAD, Z_PRIMARYKEY, Z_METADATA, ZMICROPAYMENTCLIENT, ZMICROPAYMENTBASE
------------------------------
Database d2acb1ec24ed4669ec97974578478cff5bd236f9
Tables: CacheGroups, sqlite_sequence, Caches, CacheWhitelistURLs, CacheAllowsAllNetworkRequests, FallbackURLs, CacheEntries, CacheResources, CacheResourceData, DeletedCacheResources, Origins
------------------------------
Database ed1f8fb5a948b40504c19580a458c384659a605e
Tables: _SqliteDatabaseProperties, bundle_uuid, sqlite_sequence, bundle_info, subscriber_info
------------------------------
Database ff04ff376697dd4223132d3c16218676bbc24890
Tables: ZGAIHIT, ZGAIPROPERTY, Z_PRIMARYKEY, Z_METADATA
The first db that caught my attention contained tables such as message, chat, and attachment. Some SQLite digging revealed that the message table contained all the SMS/iMessage conversations on the phone.
I also found a tool that supposedly allows you to extract the cellphone location from whatever database contains the table CellLocation.
Along with all these SQLite dbs, I found a number of "Adaptive Multi-Rate Codec (GSM telephony)" files. I assume these are either voicemail recordings or some other recorded data, maybe even recorded phone calls. Since this backup wasn't from my phone, I was hesitant to try to listen to them.
More to come soon I guess?
that you im doing a back up / look through the scrips that Apple are put us thought. want i found out is the do a total sync by shutting there system down for >60 sec then every one start sycnng with the icould"com.apple.sharedstreams.config.maxActiveTimeAfterGlobalResetSync 600". funny. What i have all found are photo of people and groups that are not in with the other main group of photos, it come with a script
ReplyDeleteadjustmentEditorBundleID
adjustmentFormatVersion>
com.apple.camera>
1.0</strin
this was a photo of my whole family at mother day. come under Mutations file in the photo section. i have be changing the code just so i don't get in to the face recognition the is clear happening with out as picking which photo we want to pick. I have all so found log files the you don't have permission to open or export but "you have to give your self special privileges" the next test is to find what you are talking about and there goes there Big Bad Icloud. just by encrypting some script. I'm going back to my nokia retro that latest 3 day with battery, and doesn't leave you with an addiction.
love your information so i thought i mite add to the truth that no one cairs. people are all just a digital foot print and would know what to to with great environment, so why care about the co2 haha.
thank you Sylar you can find me we go though or government DNS to get any internet.. I am watch you google and i will find the way in to your environment to get that $200,000 for bugs and holes.