1/27/2024

Recovering Data From An Old Encrypted Time Machine Backup

Recovering data from a backup should be an easy thing to do. At least this is what you expect. Yesterday I had a problem which should have been easy to solve, but it was not. I hope this blog post can help others who face the same problem.


The problem

1. I had an encrypted Time Machine backup which was not used for months
2. This backup was not on an official Apple Time Capsule or on a USB HDD, but on a WD MyCloud NAS
3. I needed files from this backup
4. After running out of time I only had SSH access to the macOS, no GUI

The struggle

By default, Time Machine is one of the best and easiest backup solution I have seen. As long as you stick to the default use case, where you have one active backup disk, life is pink and happy. But this was not my case.

As always, I started to Google what shall I do. One of the first options recommended that I add the backup disk to Time Machine, and it will automagically show the backup snapshots from the old backup. Instead of this, it did not show the old snapshots but started to create a new backup. Panic button has been pressed, backup canceled, back to Google.


Other tutorials recommend to click on the Time Machine icon and pressing alt (Option) key, where I can choose "Browse other backup disks". But this did not list the old Time Machine backup. It did list the backup when selecting disks in Time Machine preferences, but I already tried and failed that way.


YAT (yet another tutorial) recommended to SSH into the NAS, and browse the backup disk, as it is just a simple directory where I can see all the files. But all the files inside where just a bunch of nonsense, no real directory structure.

YAT (yet another tutorial) recommended that I can just easily browse the content of the backup from the Finder by double-clicking on the sparse bundle file. After clicking on it, I can see the disk image on the left part of the Finder, attached as a new disk.
Well, this is true, but because of some bug, when you connect to the Time Capsule, you don't see the sparse bundle file. And I got inconsistent results, for the WD NAS, double-clicking on the sparse bundle did nothing. For the Time Capsule, it did work.
At this point, I had to leave the location where the backup was present, and I only had remote SSH access. You know, if you can't solve a problem, let's complicate things by restrict yourself in solutions.

Finally, I tried to check out some data forensics blogs, and besides some expensive tools, I could find the solution.

The solution

Finally, a blog post provided the real solution - hdiutil.
The best part of hdiutil is that you can provide the read-only flag to it. This can be very awesome when it comes to forensics acquisition.


To mount any NAS via SMB:
mount_smbfs afp://<username>@<NAS_IP>/<Share_for_backup> /<mountpoint>

To mount a Time Capsule share via AFP:
mount_afp afp://any_username:password@<Time_Capsule_IP>/<Share_for_backup> /<mountpoint>

And finally this command should do the job:
hdiutil attach test.sparsebundle -readonly

It is nice that you can provide read-only parameter.

If the backup was encrypted and you don't want to provide the password in a password prompt, use the following:
printf '%s' 'CorrectHorseBatteryStaple' | hdiutil attach test.sparsebundle -stdinpass -readonly

Note: if you receive the error "resource temporarily unavailable", probably another machine is backing up to the device

And now, you can find your backup disk under /Volumes. Happy restoring!

Probably it would have been quicker to either enable the remote GUI, or to physically travel to the system and login locally, but that would spoil the fun.

Related news


  1. Hacker Tools Free Download
  2. Hackrf Tools
  3. Hacking Tools 2019
  4. Tools For Hacker
  5. Pentest Tools Review
  6. Hacker Tools For Mac
  7. Hacker Tools Online
  8. Best Hacking Tools 2019
  9. Hacking Tools Windows 10
  10. Nsa Hacker Tools
  11. Easy Hack Tools
  12. Hacker Tool Kit
  13. Pentest Tools Alternative
  14. Pentest Tools Kali Linux
  15. Pentest Tools Alternative
  16. Hacker Tools For Mac
  17. Hacking Tools Kit
  18. Pentest Tools Free
  19. World No 1 Hacker Software
  20. Hacker Tools Free Download
  21. Nsa Hack Tools Download
  22. Hacking Tools 2020
  23. Hack Tools For Games
  24. How To Hack
  25. Best Hacking Tools 2019
  26. Best Pentesting Tools 2018
  27. Hacking Tools For Windows Free Download
  28. Hack Tools Pc
  29. Hack Tools For Mac
  30. Hackrf Tools
  31. Pentest Tools Review
  32. Hacker Tools Free
  33. Hack Tools Mac
  34. Free Pentest Tools For Windows
  35. Pentest Tools Port Scanner
  36. Hack Tool Apk
  37. Pentest Tools
  38. Pentest Tools Website
  39. Hacking Tools Hardware
  40. Hackrf Tools
  41. Pentest Tools
  42. Pentest Tools Subdomain
  43. Underground Hacker Sites
  44. Hacking Tools Github
  45. Hacking Tools Name
  46. Pentest Tools Subdomain
  47. Hack Tools For Pc
  48. Ethical Hacker Tools
  49. Hack Rom Tools
  50. Hacker Tools For Mac
  51. Best Hacking Tools 2020
  52. Hacker Tool Kit
  53. Install Pentest Tools Ubuntu
  54. Hacker Tools Free Download
  55. Hacker Tools Windows
  56. Usb Pentest Tools
  57. Hacking App
  58. Best Hacking Tools 2020
  59. Hacking Tools Github
  60. Pentest Tools Url Fuzzer
  61. Pentest Tools Website
  62. Github Hacking Tools
  63. Hacking Tools For Windows
  64. Pentest Tools Bluekeep
  65. Tools Used For Hacking
  66. Pentest Tools Open Source
  67. Black Hat Hacker Tools
  68. Hack Tools For Pc
  69. Tools 4 Hack
  70. Pentest Tools Windows
  71. Bluetooth Hacking Tools Kali
  72. Hack Tools For Ubuntu
  73. Pentest Tools Find Subdomains
  74. Hack App
  75. Hack Tools
  76. Hacking Tools Windows 10
  77. Hacking Tools For Windows 7
  78. Free Pentest Tools For Windows
  79. Hacker Tools Github
  80. Pentest Tools Subdomain
  81. Underground Hacker Sites
  82. Hacker Tools 2020
  83. Pentest Reporting Tools
  84. Hacking Tools Hardware
  85. Github Hacking Tools
  86. Wifi Hacker Tools For Windows
  87. Pentest Tools For Mac
  88. Pentest Tools Nmap
  89. What Are Hacking Tools
  90. Nsa Hack Tools Download
  91. Hacking Tools For Windows Free Download
  92. Hacker Tools 2019
  93. Hacking Tools Github
  94. Top Pentest Tools
  95. Hacking Tools Windows 10
  96. Hacking Tools Download
  97. Pentest Tools For Ubuntu
  98. Pentest Automation Tools
  99. Hack Tools Download
  100. Hack Tool Apk No Root
  101. Pentest Tools Bluekeep
  102. Hacker Tools Linux
  103. Hack Tool Apk No Root
  104. Pentest Tools Online
  105. Hacking Tools For Mac
  106. Hacking Tools Hardware
  107. Github Hacking Tools
  108. Hacking App
  109. Hacking App
  110. Hacker Tools For Mac
  111. Hack Website Online Tool
  112. Hack Tool Apk No Root
  113. Hacker Tools Windows
  114. Hacker Tools Hardware
  115. Hack Tools 2019
  116. Hacker Tools Apk
  117. Nsa Hack Tools Download
  118. Hacking Tools For Windows
  119. What Are Hacking Tools
  120. Beginner Hacker Tools
  121. Hack Tools
  122. Pentest Tools Website
  123. Pentest Tools For Android
  124. Nsa Hack Tools
  125. Hacker Search Tools
  126. Hack Tools Github
  127. Hacking Tools 2020

CEH: 10 Hacking Tools For Hackers


There are a lot of hacking tools available over the internet but mostly we need some of them. In this blog you'll learn about hacking tools which are typically used in the world of hacking by penetration testers.

SmartWhois

SmartWhois is an information-gathering program that allows you to find all available information about an IP address, hostname, or domain, including country, state or province, city, name of the network provider, administrator, and technical support contact information. SmartWhois is a graphical version of the basic Whois program.

SocksChain

SocksChain is a tool that gives a hacker the ability to attack through a chain of proxy servers. The main purpose of doing this is to hide the hacker's real IP address and therefore minimize the chance of detection. When a hacker works through several proxy servers in series, it's much harder to locate the hacker. Tracking the attacker's IP address through the logs of several proxy servers is complex and tedious work. If one of the proxy servers' log files is lost or incomplete, the chain is broken, and the hacker's IP address remains anonymous.

NeoTrace, VisualRoute, and VisualLookout

NeoTrace, VisualRoute, and VisualLookout are all packet-tracking tools with a GUI or visual interface. They plot the path the packets travel on a map and can visually identify the locations of routers and other internet working devices. These tools operate similarly to traceroute and perform the same information gathering; however, they provide a visual representation of the results.

Visualware's eMailTrackerPro

Visualware's eMailTrackerPro ( www.emailtrackerpro.com/ ) and MailTracking ( http://mailtracking.com/ ) are tools that allow an ethical hacker to track email messages. When you use these tools to send an email, forward an email, reply to an email, or modify an email, the resulting actions and tracks of the original email are logged. The sender is notified of all actions performed on the tracked email by an automatically generated email.

IPEye

IPEye is a TCP port scanner that can do SYN, FIN, Null, and XMAS scans. It's a command line tool.
IPEye probes the ports on a target system and responds with closed, reject, drop, or open. Closed means there is a computer on the other end, but it doesn't listen at the port. Reject means a firewall is rejecting the connection to the port (sending a reset back). Drop means a firewall is dropping everything to the port, or there is no computer on the other end. Open means some kind of service is listening at the port. These responses help a hacker identify what type of system is responding.

IPSecScan

IPSecScan is a tool that can scan either a single IP address or a range of addresses looking for systems that are IPSec enabled that means the system has IPSec enabled while disabled means that it either has IPSec disabled, the compatibility issue or the configuration issue that not reveal to you that it has IPSec enabled. Indeterminable means that the scanner isn't sure if IPSec is enabled or disabled.

Icmpenum

Icmpenum uses not only ICMP Echo packets to probe networks, but also ICMP Timestamp and ICMP Information packets. Furthermore, it supports spoofing and sniffing for reply packets. Icmpenum is great for scanning networks when the firewall blocks ICMP Echo packets but fails to block Timestamp or Information packets.

SNMP Scanner

SNMP Scanner allows you to scan a range or list of hosts performing ping, DNS, and Simple Network Management Protocol (SNMP) queries. This tool helps you to find out the current information about the device of SNMP nodes in the given network.

hping2 tool

The hping2 tool is notable because it contains a host of other features besides OS fingerprinting such as TCP, User Datagram Protocol (UDP), ICMP, and raw-IP ping protocols, traceroute mode, and the ability to send files between the source and target system.

THC-Scan, PhoneSweep, and TeleSweep

THC-Scan, PhoneSweep, and TeleSweep are tools that identify phone numbers and can dial a target to make a connection with a computer modem. These tools generally work by using a predetermined list of common usernames and passwords in an attempt to gain access to the system. Most remote-access dial-in connections aren't secured with a password or use very rudimentary security.

Read more