Show HN: Ibex – a cross-platform iOS backup decryption tool

7 points by initzero 2 days ago

ibex is a cross-platform tool designed for decrypting and extracting iOS backups. It provides forensic investigators, security researchers, and power users with the ability to access and analyze encrypted iOS backup data. It can be built and used on macOS, Linux, and Windows and is permitted to be used only with the explicit and informed consent of the backup data owner.

Ibex was written in Go for straightforward compilation and to circumvent dependency issues and with the goal of enabling researchers and defenders assisting civil society victims of spyware and stalkerware

Key Features - Decrypt encrypted iOS backups - Support for latest iOS versions - Cross-platform compatibility (macOS, Windows, Linux) - Automatic backup detection - Single file extraction based on filename match - Structured output organization - Detailed manifest parsing and extraction

Basic Usage Examples

# Run with automatic backup detection and interactive mode ibex

# Specify just the backup path ibex -b /path/to/backup

# Specify backup path and password ibex -b /path/to/backup -p "backup_password"

# Specify custom output directory ibex -b /path/to/backup -p "backup_password" -o /path/to/output

# Specify a single file for decryption and extraction ibex -b /path/to/backup -o /path/to/output --file sms.db

# Specify relative path preserved output ibex -b /path/to/backup -o /path/to/output -r