mirror of
https://github.com/mvt-project/mvt.git
synced 2024-07-01 00:19:02 +00:00
mvt-ios extract-key: enable pulling password from the environment
This enables automated use of extract-key without requiring a password to be placed in the command line, where it might leak.
This commit is contained in:
parent
53adc05338
commit
270e002f1b
|
@ -81,9 +81,7 @@ def decrypt_backup(destination, password, key_file, backup_path):
|
||||||
#==============================================================================
|
#==============================================================================
|
||||||
@cli.command("extract-key", help="Extract decryption key from an iTunes backup")
|
@cli.command("extract-key", help="Extract decryption key from an iTunes backup")
|
||||||
@click.option("--password", "-p",
|
@click.option("--password", "-p",
|
||||||
help="Password to use to decrypt the backup",
|
help=f"Password to use to decrypt the backup (or, set {PASSWD_ENV} environment variable)")
|
||||||
prompt="Enter backup password",
|
|
||||||
hide_input=True, prompt_required=False, required=True)
|
|
||||||
@click.option("--key-file", "-k",
|
@click.option("--key-file", "-k",
|
||||||
help="Key file to be written (if unset, will print to STDOUT)",
|
help="Key file to be written (if unset, will print to STDOUT)",
|
||||||
required=False,
|
required=False,
|
||||||
|
@ -91,6 +89,17 @@ def decrypt_backup(destination, password, key_file, backup_path):
|
||||||
@click.argument("BACKUP_PATH", type=click.Path(exists=True))
|
@click.argument("BACKUP_PATH", type=click.Path(exists=True))
|
||||||
def extract_key(password, backup_path, key_file):
|
def extract_key(password, backup_path, key_file):
|
||||||
backup = DecryptBackup(backup_path)
|
backup = DecryptBackup(backup_path)
|
||||||
|
|
||||||
|
if password:
|
||||||
|
log.warning("Your password may be visible in the process table because it was supplied on the command line!")
|
||||||
|
if PASSWD_ENV in os.environ:
|
||||||
|
log.warning(f"Ignoring {PASSWD_ENV} environment variable, using --password argument instead")
|
||||||
|
elif PASSWD_ENV in os.environ:
|
||||||
|
log.info(f"Using password from {PASSWD_ENV} environment variable")
|
||||||
|
password = os.environ[PASSWD_ENV]
|
||||||
|
else:
|
||||||
|
password = getpass.getpass(prompt='Enter iOS backup password: ')
|
||||||
|
|
||||||
backup.decrypt_with_password(password)
|
backup.decrypt_with_password(password)
|
||||||
backup.get_key()
|
backup.get_key()
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user