the backup is not working with an error "Andriod backup failed - too small i have this issue on my old Sony Andriod and HTC phone. they connect but it never worked.

any ideas?

Hello, when I click on "EXTRACT", a popup telling me to save the backup on the device appears.

I look at the device, but being it encrypted by the owner, it asks to choose and insert a password for the backup.

I insert 123 just to proceed, but then Andriller gets stuck and I can see on the console

Exception in thread Thread-11: Traceback (most recent call last): File "C:\Users\Tanner\AppData\Local\Programs\Python\Python39\lib\threading.py", line 980, in _bootstrap_inner self.run() File "C:\Users\Tanner\AppData\Local\Programs\Python\Python39\lib\threading.py", line 917, in run self._target(*self._args, **self._kwargs) File "C:\Users\Tanner\AppData\Local\Programs\Python\Python39\lib\site-packages\andriller\utils.py", line 40, in command return method(self, *args, **kwargs) File "C:\Users\Tanner\AppData\Local\Programs\Python\Python39\lib\site-packages\andriller\gui\windows.py", line 418, in RunUsbExtraction drill.DataExtraction() File "C:\Users\Tanner\AppData\Local\Programs\Python\Python39\lib\site-packages\andriller\driller.py", line 316, in DataExtraction self.AndroidBackupToTar() File "C:\Users\Tanner\AppData\Local\Programs\Python\Python39\lib\site-packages\andriller\driller.py", line 253, in AndroidBackupToTar self.tarfile = self.tools.ab_to_tar(self.backup) File "C:\Users\Tanner\AppData\Local\Programs\Python\Python39\lib\site-packages\andriller\utils.py", line 160, in ab_to_tar c = zlib_obj.decompress(d) zlib.error: Error -3 while decompressing data: incorrect header check

Is there any possibility to fix this issue?

Hi, Andriller is pretty cool but limited on rooted-only device (for most interesting things).

I know that some expensive forensic extraction software uses ADB to install a temporary app that can grab all SMS and calls (among other things). This app is defined as the default SMS and calls app with the user allowing permissions. After the extraction the app is uninstalled and the default apps are changed to the previous ones.

It would be very useful to have that kind of extraction. Thanks.

Describe the bug Older FaceBook Messenger file will not parse

To Reproduce Steps to reproduce the behavior:

1. Go to Decoders
2. Scroll down to Facebook Messenger
3. Select db file
4. See error below

Expected behavior Parse the messages

Screenshots Started: Andriller CE 3.5.3 Time settings/format: Y-m-d H:M:S Z Detected/PC time: 2021-09-24 11:38:49 Universal time: 2021-09-24 15:38:49 UTC Time in reports: 2021-09-24 15:38:49 UTC <-- Decoding: threads_db2 'sticker_id' Traceback (most recent call last): File "andriller\windows.py", line 63, in func File "andriller\windows.py", line 509, in decode_file File "andriller\decoders.py", line 531, in init File "andriller\classes.py", line 68, in init File "andriller\decoders.py", line 619, in main File "andriller\decoders.py", line 575, in get_sticker KeyError: 'sticker_id'

Environment (please complete the following information):

• OS: Windows 11
• Andriller version 3.5.3
• Was it an installer or run from source (installer/source). CE Version

Target Android device (where applicable): Extracted file

Error Log / Traceback Started: Andriller CE 3.5.3 Time settings/format: Y-m-d H:M:S Z Detected/PC time: 2021-09-24 11:38:49 Universal time: 2021-09-24 15:38:49 UTC Time in reports: 2021-09-24 15:38:49 UTC <-- Decoding: threads_db2 'sticker_id' Traceback (most recent call last): File "andriller\windows.py", line 63, in func File "andriller\windows.py", line 509, in decode_file File "andriller\decoders.py", line 531, in init File "andriller\classes.py", line 68, in init File "andriller\decoders.py", line 619, in main File "andriller\decoders.py", line 575, in get_sticker KeyError: 'sticker_id'

Additional context None

Describe the bug Andriller fails to extract internal databases using the the get_file(su/cat) method.

To Reproduce

1. Connect rooted Android device.
2. Set output folder.
3. Click Check and then Extract.

Expected behavior Andriller extracts and parses the various databases, e.g. calllog.db.

Screenshots n/a

Environment:

• OS: Debian Sid
• Andriller version: 3.5.3
• Installation from PyPi.
• Python version: 3.9.2
• ADB binary path: /usr/bin/adb
• ADB version: Android Debug Bridge version 1.0.41, Version 28.0.2-debian, Installed as /usr/lib/android-sdk/platform-tools/adb

Target Android device:

• When a device is connected, is it recognised when clicked on Check? Yes.
• Device make / model: Oneplus 5T
• Android OS: 11 / Lineage 18.1 "dumpling"
• Screenlock present? Yes, known credentials.

Error Log / Traceback andriller.log

Additional context The reason appears to be related to the unstrip function in the adb_conn.py file. With the following change which effectively bypasses the function, I got the extraction working:

136     def unstrip(self, data: bytes) -> bytes:¬                                   
137         return data # re.sub(self.rmr, b'\n', data)¬ 

So maybe the value of the _is_adb_out_post_v5 variable is not setup correctly? It appears to be False in my case, although I have adb exec-out id available.

Signal has been growing as a secure messaging platform, but extracting from it is currently not supported in Andriller. I was wondering is there is any chance for adding support either for Signal Backup or Signal Database extraction?

Their encryption code and there are standalone backup extraction utilities such as https://github.com/xeals/signal-back (written in Go) and https://github.com/tbvdm/sigbak (written in C).