Android ADB Backup
| Kayvon2008  (Talk | contribs)  (→Extraction) | Kayvon2008  (Talk | contribs)   (→Structucture) | ||
| (35 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
| − | Android backups (.ab) are backups made by Android Debug Bridge (ADB). They are the preferred way of backing up an unrooted stock android device. (Manufacturers and/or carriers may provide their own backup tools). They can be encrypted or unencrypted. They can be created via ADB backup and restored via ADB restore. Android backups themselves are .TAR files with a different header and no footer. Unfortunately, there are no graphical tools yet (other than MobilEDIT Forensics) that can extract them, and they require the command line. | + | {{FormatInfo | 
| + | |formattype=electronic | ||
| + | |subcat=Backup | ||
| + | |subcat2=Android Backup | ||
| + | |extensions={{ext|ab}} | ||
| + | }} | ||
| + | Android backups (.ab) are backups made by Android Debug Bridge (ADB). They are the preferred way of backing up an unrooted stock android device. (Manufacturers and/or carriers may provide their own backup tools). They can be encrypted (with AES) or unencrypted. They can be created via ADB backup and restored via ADB restore. Android backups themselves are [[Tape Archive|.TAR]] files with a different header and no footer. Unfortunately, there are no graphical tools yet (other than mobile forensic tools like Cellebrite Physical Analyzer, Oxygen Detective, Magnet AXIOM, and [https://www.mobiledit.com/forensic-express/details MobilEDIT Forensics], which are all payed) that can extract them, and they require the command line. It is compressed via the DEFLATE method.  | ||
| + | ===Header=== | ||
| + | <pre style="white-space: pre-wrap;  | ||
| + | white-space: -moz-pre-wrap;  | ||
| + | white-space: -pre-wrap;  | ||
| + | white-space: -o-pre-wrap;  | ||
| + | word-wrap: break-word;"> | ||
| + | ANDROID BACKUP | ||
| + | 1 | ||
| + | 1 | ||
| + | none | ||
| + | </pre> | ||
| + | |||
| ==Extraction== | ==Extraction== | ||
| − | It is extremely hard to extract them, and for the [https://sourceforge.net/projects/android-backup-processor/ best available tool] you need the command line (and knowledge how to use it) and Java installed. [https://www.softpedia.com/get/Mobile-Phone-Tools/Droid-Explorer.shtml  Droid Explorer] claims to be able to extract ADB backups, but there is no prompt of extraction and is a pain to install. [https://stackoverflow.com/questions/18533567/how-to-extract-or-unpack-an-ab-file-android-backup-file Other command line tricks] may also convert it to an easily  | + | It is extremely hard to extract them, and for the [https://sourceforge.net/projects/android-backup-processor/ best available tool] you need the command line (and knowledge how to use it) and Java installed. [https://www.softpedia.com/get/Mobile-Phone-Tools/Droid-Explorer.shtml  Droid Explorer] claims to be able to extract ADB backups, but there is no prompt of extraction and is a pain to install. [https://stackoverflow.com/questions/18533567/how-to-extract-or-unpack-an-ab-file-android-backup-file Other command line tricks] may also convert it to an easily extractable TAR. | 
| + | ==Structucture== | ||
| + | <code> /app </code> Contains all app data <br> | ||
| + | <code> /app/(package id) </code> Contains app data <br> | ||
| + | <code> /app/(package id)/a </code> Contains app APK (app file) (if requested) (/data/app/)<br>  | ||
| + | <code> /app/(package id)/f </code> Contains app files (/data/data/(package id)/files) <br> | ||
| + | <code> /app/(package id)/db </code> Contains app SQLite databases (open them [http://inloop.github.io/sqlite-viewer/ here]) (/data/data/(package id)/databases) <br> | ||
| + | <code> /app/(package id)/ef </code> Contains app shared data (storage/emulated/0/Android/data/(package id) ) <br> | ||
| + | <code> /app/(package id)/sp </code> Contains app shared prefrences (app settings), usually [[xml]] files (/data/data/(package id)/shared_preferences)<br> | ||
| + | <code> /app/(package id)/r </code> Contains app resources like webview data (like cookies) and texture cache (/data/data/(package id)/<br> | ||
| + | <code> /app/(package id)/obb </code> Contains .obb files if specified in the backup (/storage/emulated/0/Android/obb/(package id)<br> | ||
| + | <code> /app/(package id)/_manifest </code> AndroidManifest.xml of the app <br> | ||
| + | <code> /shared </code> Contains shared files (/storage/emulated/0/) <br> | ||
| ==Flags== | ==Flags== | ||
| Line 12: | Line 42: | ||
| <code>-noapk  </code> does not back up apk files <br> | <code>-noapk  </code> does not back up apk files <br> | ||
| <code>-obb  </code> Backs up [[.obb]] (app extention) files <br> | <code>-obb  </code> Backs up [[.obb]] (app extention) files <br> | ||
| + | <code>-noobb  </code> Does not back up .obb files <br> | ||
| <code>-shared  </code> Backs up all shared storage (/storage/emulated/0/), including SD cards and USB OTGs, so it is recommended to eject and disconnect any external storage unless you want to back up that. <br> | <code>-shared  </code> Backs up all shared storage (/storage/emulated/0/), including SD cards and USB OTGs, so it is recommended to eject and disconnect any external storage unless you want to back up that. <br> | ||
| <code>-noshared  </code> does not back up shared storage. <br> | <code>-noshared  </code> does not back up shared storage. <br> | ||
| + | <code>-includekeyvalue </code> or <code>-keyvalue</code> Backs up apps that support Key Value backups. Key value backups were added in Android 2.2 “Froyo”, and this flag was added in Android 8.0 “Oreo” (Even since Developer Preview 1) <br> | ||
| + | <code>-nokeyvalue</code> Does not back up key value apps. | ||
| ==Discontinuation== | ==Discontinuation== | ||
| − | Android backups are being discontinued and fully replaced by [[Android Google Drive Backup|Google Drive backups]]. Google drive backups cannot be downloaded, and there is a 25 MB per-app limit. You need a network sniffer to log upload traffic to capture these.  The warning was there since Android 10 “Queen  | + | Android backups are being discontinued and fully replaced by [[Android Google Drive Backup|Google Drive backups]]. Google drive backups cannot be downloaded, and there is a 25 MB per-app limit. You need a network sniffer to log upload traffic to capture these.  The warning was there since the SDK of Android 10 “Queen Cake”, however, backups themselves weren’t changed. In Android 12 “Snow Cone”, apps with Snow Cone’s API level with backup flag set to true and a Snow Cone device will back up to (dumb) Google Drive instead. | 
| + | [[Category:Android]] | ||
| + | [[Category:File formats with extension .ab]] | ||
| + | |||
| + | ==Example== | ||
| + | [https://archive.org/download/cats_20211030/cats.ab cats.ab]: Extracted on a Galaxy Tab A with Android Nougat, Contains Android easter egg (com.android.egg) cats and render data. | ||
| + | ==See also== | ||
| + | *[[iTunes backup]] | ||
Latest revision as of 05:18, 15 November 2022
Android backups (.ab) are backups made by Android Debug Bridge (ADB). They are the preferred way of backing up an unrooted stock android device. (Manufacturers and/or carriers may provide their own backup tools). They can be encrypted (with AES) or unencrypted. They can be created via ADB backup and restored via ADB restore. Android backups themselves are .TAR files with a different header and no footer. Unfortunately, there are no graphical tools yet (other than mobile forensic tools like Cellebrite Physical Analyzer, Oxygen Detective, Magnet AXIOM, and MobilEDIT Forensics, which are all payed) that can extract them, and they require the command line. It is compressed via the DEFLATE method.
| Contents | 
[edit] Header
ANDROID BACKUP 1 1 none
[edit] Extraction
It is extremely hard to extract them, and for the best available tool you need the command line (and knowledge how to use it) and Java installed. Droid Explorer claims to be able to extract ADB backups, but there is no prompt of extraction and is a pain to install. Other command line tricks may also convert it to an easily extractable TAR.
[edit] Structucture
 /app  Contains all app data 
 /app/(package id)  Contains app data 
 /app/(package id)/a  Contains app APK (app file) (if requested) (/data/app/)
 
 /app/(package id)/f  Contains app files (/data/data/(package id)/files) 
 /app/(package id)/db  Contains app SQLite databases (open them here) (/data/data/(package id)/databases) 
 /app/(package id)/ef  Contains app shared data (storage/emulated/0/Android/data/(package id) ) 
 /app/(package id)/sp  Contains app shared prefrences (app settings), usually xml files (/data/data/(package id)/shared_preferences)
 /app/(package id)/r  Contains app resources like webview data (like cookies) and texture cache (/data/data/(package id)/
 /app/(package id)/obb  Contains .obb files if specified in the backup (/storage/emulated/0/Android/obb/(package id)
 /app/(package id)/_manifest  AndroidManifest.xml of the app 
 /shared  Contains shared files (/storage/emulated/0/) 
[edit] Flags
 -all   Backups all compatible apps 
 -f   Chooses the path and name for the file 
(package id)   Backs up the stated package(s) if compatible. 
-system   backups system apps if -all or a system package Id is stated. 
-nosystem   does not back up system data. 
-apk   Backs up the .apk of the app(s) 
-noapk   does not back up apk files 
-obb   Backs up .obb (app extention) files 
-noobb   Does not back up .obb files 
-shared   Backs up all shared storage (/storage/emulated/0/), including SD cards and USB OTGs, so it is recommended to eject and disconnect any external storage unless you want to back up that. 
-noshared   does not back up shared storage. 
-includekeyvalue  or -keyvalue Backs up apps that support Key Value backups. Key value backups were added in Android 2.2 “Froyo”, and this flag was added in Android 8.0 “Oreo” (Even since Developer Preview 1) 
-nokeyvalue Does not back up key value apps.
[edit] Discontinuation
Android backups are being discontinued and fully replaced by Google Drive backups. Google drive backups cannot be downloaded, and there is a 25 MB per-app limit. You need a network sniffer to log upload traffic to capture these. The warning was there since the SDK of Android 10 “Queen Cake”, however, backups themselves weren’t changed. In Android 12 “Snow Cone”, apps with Snow Cone’s API level with backup flag set to true and a Snow Cone device will back up to (dumb) Google Drive instead.
[edit] Example
cats.ab: Extracted on a Galaxy Tab A with Android Nougat, Contains Android easter egg (com.android.egg) cats and render data.

