• Stars
    star
    679
  • Rank 66,532 (Top 2 %)
  • Language
    Go
  • License
    Apache License 2.0
  • Created over 6 years ago
  • Updated about 5 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Decrypt Signal encrypted backups outside the app

signal-back

Build status

In version 4.17.5, the Signal Android app introduced encrypted backups. While these are undoubtedly a security benefit over unencrypted backups, they do present an issue in being read into other systems or simply by their owner.

signal-back is intended to use the same decryption process as the Signal app uses when importing its backups, to make them readable without being used by the app.

Usage

Either build from source or download a pre-built binary and put the executable somewhere you can find it.

Usage: signal-back COMMAND [OPTION...] BACKUPFILE

  --help, -h                show help
  --log FILE, -l FILE       write logging output to FILE
  --password PASS, -p PASS  use PASS as password for backup file
  --pwdfile FILE, -P FILE   read password from FILE
  --version, -v             print the version

Commands:
  format   Read and format the backup file
  analyse  Information about the backup file
  extract  Retrieve attachments from the backup
  check    Verify that a backup is readable
  help     Shows a list of commands or help for one command

Current export formats are:

Password

The password you need to decrypt the content of the Signal backup file was shown to you by Signal when you enabled local backups similar to this screenshot. It consists of six groups of five digits.

You can enter the password in the interactive dialog such as 12345 12345 12345 12345 12345 12345 or you can write it in a text file and pass it to signal-back using -P password.txt.

Example usage

Download whichever binary suits your system from the releases page; Windows, Mac OS (darwin), or Linux, and 32-bit (386) or 64-bit (amd64). Checksums are provided to verify file integrity.

Find where you downloaded the file and open an interactive shell (Command Prompt, Terminal.app, gnome-terminal, etc.). Make sure your signal-XXX.backup file is in the same folder.

Decrypting

If you're on Windows:

signal-back_windows_amd64.exe format -f XML -o backup.xml signal-XXX.backup

If you're on MacOS or Linux (where e.g., OS is darwin and ARCH is amd64):

chmod +x signal-back_OS_ARCH
./signal-back_OS_ARCH format -f XML -o backup.xml signal-XXX.backup

Enter your 30-digit password at the prompt (with or without spaces, doesn't matter). Note that your password will not be echoed back to you for security purposes.

You can then copy backup.xml to your phone and restore it using SMS Backup & Restore.

Extracting media

You can pull out all your attachment files from the backup such as images, videos, and PDFs.

If you're on Windows:

signal-back_windows_amd64.exe extract -o output signal-XXX.backup

If you're on MacOS or Linux (where e.g., OS is darwin and ARCH is amd64):

chmod +x signal-back_OS_ARCH
./signal-back_OS_ARCH extract -o output signal-XXX.backup

Everything will be in the output folder where you ran the command. Note that some files may have a .unknown extension; this is because signal-back might not be able to determine what these files are. However, they should still be completely valid files of some sort.

Building from source

Building requires Go and dep. If you don't have one (or both) of these tools, instructions should be easy to find. After you've initialised everything:

$ git clone https://github.com/xeals/signal-back $GOPATH/src/github.com/xeals/signal-back
$ cd $GOPATH/src/github.com/xeals/signal-back
$ dep ensure
$ go build .

You can also just use go get github.com/xeals/signal-back, but I provide no guarantees on dependency compatibility.

Todo list

  • Code cleanup
    • make code legible for other people
  • Actual command line-ness
  • Formatting ideas and options
  • User-friendliness in errors and stuff

License

Licensed under the Apache License, Version 2.0 (LICENSE or http://www.apache.org/licenses/LICENSE-2.0).

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be licensed as above, without any additional terms or conditions.