Saturday, August 22, 2020

Recovering Data From An Old Encrypted Time Machine Backup

Recovering data from a backup should be an easy thing to do. At least this is what you expect. Yesterday I had a problem which should have been easy to solve, but it was not. I hope this blog post can help others who face the same problem.


The problem

1. I had an encrypted Time Machine backup which was not used for months
2. This backup was not on an official Apple Time Capsule or on a USB HDD, but on a WD MyCloud NAS
3. I needed files from this backup
4. After running out of time I only had SSH access to the macOS, no GUI

The struggle

By default, Time Machine is one of the best and easiest backup solution I have seen. As long as you stick to the default use case, where you have one active backup disk, life is pink and happy. But this was not my case.

As always, I started to Google what shall I do. One of the first options recommended that I add the backup disk to Time Machine, and it will automagically show the backup snapshots from the old backup. Instead of this, it did not show the old snapshots but started to create a new backup. Panic button has been pressed, backup canceled, back to Google.


Other tutorials recommend to click on the Time Machine icon and pressing alt (Option) key, where I can choose "Browse other backup disks". But this did not list the old Time Machine backup. It did list the backup when selecting disks in Time Machine preferences, but I already tried and failed that way.


YAT (yet another tutorial) recommended to SSH into the NAS, and browse the backup disk, as it is just a simple directory where I can see all the files. But all the files inside where just a bunch of nonsense, no real directory structure.

YAT (yet another tutorial) recommended that I can just easily browse the content of the backup from the Finder by double-clicking on the sparse bundle file. After clicking on it, I can see the disk image on the left part of the Finder, attached as a new disk.
Well, this is true, but because of some bug, when you connect to the Time Capsule, you don't see the sparse bundle file. And I got inconsistent results, for the WD NAS, double-clicking on the sparse bundle did nothing. For the Time Capsule, it did work.
At this point, I had to leave the location where the backup was present, and I only had remote SSH access. You know, if you can't solve a problem, let's complicate things by restrict yourself in solutions.

Finally, I tried to check out some data forensics blogs, and besides some expensive tools, I could find the solution.

The solution

Finally, a blog post provided the real solution - hdiutil.
The best part of hdiutil is that you can provide the read-only flag to it. This can be very awesome when it comes to forensics acquisition.


To mount any NAS via SMB:
mount_smbfs afp://<username>@<NAS_IP>/<Share_for_backup> /<mountpoint>

To mount a Time Capsule share via AFP:
mount_afp afp://any_username:password@<Time_Capsule_IP>/<Share_for_backup> /<mountpoint>

And finally this command should do the job:
hdiutil attach test.sparsebundle -readonly

It is nice that you can provide read-only parameter.

If the backup was encrypted and you don't want to provide the password in a password prompt, use the following:
printf '%s' 'CorrectHorseBatteryStaple' | hdiutil attach test.sparsebundle -stdinpass -readonly

Note: if you receive the error "resource temporarily unavailable", probably another machine is backing up to the device

And now, you can find your backup disk under /Volumes. Happy restoring!

Probably it would have been quicker to either enable the remote GUI, or to physically travel to the system and login locally, but that would spoil the fun.Related articles
  1. Hacker Tools For Ios
  2. What Is Hacking Tools
  3. Hacker Tools Linux
  4. How To Install Pentest Tools In Ubuntu
  5. Pentest Tools Website Vulnerability
  6. Hacking Tools Github
  7. Hacker Tools For Windows
  8. Hacker Tools Linux
  9. Hacking Tools For Kali Linux
  10. Hack Rom Tools
  11. Pentest Tools For Windows
  12. Pentest Tools Online
  13. Hacker Security Tools
  14. Hacker Tools Github
  15. World No 1 Hacker Software
  16. What Is Hacking Tools
  17. Hack Tool Apk
  18. Hack Tools For Games
  19. Hackrf Tools
  20. Hacker Tools For Ios
  21. Hacking Tools 2019
  22. Pentest Automation Tools
  23. Hacks And Tools
  24. Pentest Tools Android
  25. Hacker Security Tools
  26. Hack Tools Online
  27. Pentest Tools Open Source
  28. Pentest Tools Kali Linux
  29. Hack Apps
  30. Hacking Tools Github
  31. Github Hacking Tools
  32. Hacker Security Tools
  33. Hack Tool Apk No Root
  34. Hacker Tools Github
  35. Bluetooth Hacking Tools Kali
  36. Black Hat Hacker Tools
  37. What Are Hacking Tools
  38. Physical Pentest Tools
  39. Hacking Tools Windows
  40. Easy Hack Tools
  41. Pentest Tools Windows
  42. Hacker Tools For Pc
  43. Hacking Tools Name
  44. Hacking Tools Name
  45. Hacker Tools For Mac
  46. Hacking Tools For Mac
  47. Hack And Tools
  48. Pentest Tools Kali Linux
  49. Pentest Tools Review
  50. Kik Hack Tools
  51. Tools 4 Hack
  52. Pentest Tools Apk
  53. Hack Rom Tools
  54. Pentest Tools Tcp Port Scanner
  55. Pentest Tools Framework
  56. Hacking Tools For Kali Linux
  57. Hacking Tools For Beginners
  58. Pentest Tools Free
  59. Ethical Hacker Tools
  60. Hack Tools For Ubuntu
  61. Pentest Tools Github
  62. Best Pentesting Tools 2018
  63. Hacker Tools 2020
  64. Hacker Tools For Mac
  65. Pentest Tools Website
  66. Hack Tools Download
  67. Hacking Tools 2020
  68. Hacking Tools Free Download
  69. Hacker Tools For Pc
  70. Hackrf Tools
  71. Hack Tools Download
  72. Pentest Tools Website
  73. Pentest Tools Github
  74. Hacking Apps
  75. Hacker Security Tools
  76. Black Hat Hacker Tools
  77. Hacking Tools Free Download
  78. Hack Tools Online
  79. Ethical Hacker Tools
  80. Hacking Tools Download
  81. Pentest Reporting Tools
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)