Recovering Data From An Old Encrypted Time Machine Backup

Recovering data from a backup should be an easy thing to do. At least this is what you expect. Yesterday I had a problem which should have been easy to solve, but it was not. I hope this blog post can help others who face the same problem.

The problem

1. I had an encrypted Time Machine backup which was not used for months
2. This backup was not on an official Apple Time Capsule or on a USB HDD, but on a WD MyCloud NAS
3. I needed files from this backup
4. After running out of time I only had SSH access to the macOS, no GUI

The struggle

By default, Time Machine is one of the best and easiest backup solution I have seen. As long as you stick to the default use case, where you have one active backup disk, life is pink and happy. But this was not my case.

As always, I started to Google what shall I do. One of the first options recommended that I add the backup disk to Time Machine, and it will automagically show the backup snapshots from the old backup. Instead of this, it did not show the old snapshots but started to create a new backup. Panic button has been pressed, backup canceled, back to Google.

Other tutorials recommend to click on the Time Machine icon and pressing alt (Option) key, where I can choose "Browse other backup disks". But this did not list the old Time Machine backup. It did list the backup when selecting disks in Time Machine preferences, but I already tried and failed that way.

YAT (yet another tutorial) recommended to SSH into the NAS, and browse the backup disk, as it is just a simple directory where I can see all the files. But all the files inside where just a bunch of nonsense, no real directory structure.

YAT (yet another tutorial) recommended that I can just easily browse the content of the backup from the Finder by double-clicking on the sparse bundle file. After clicking on it, I can see the disk image on the left part of the Finder, attached as a new disk.
Well, this is true, but because of some bug, when you connect to the Time Capsule, you don't see the sparse bundle file. And I got inconsistent results, for the WD NAS, double-clicking on the sparse bundle did nothing. For the Time Capsule, it did work.
At this point, I had to leave the location where the backup was present, and I only had remote SSH access. You know, if you can't solve a problem, let's complicate things by restrict yourself in solutions.

Finally, I tried to check out some data forensics blogs, and besides some expensive tools, I could find the solution.

The solution

Finally, a blog post provided the real solution - hdiutil.
The best part of hdiutil is that you can provide the read-only flag to it. This can be very awesome when it comes to forensics acquisition.

To mount any NAS via SMB:

mount_smbfs afp://<username>@<NAS_IP>/<Share_for_backup> /<mountpoint>

To mount a Time Capsule share via AFP:

mount_afp afp://any_username:password@<Time_Capsule_IP>/<Share_for_backup> /<mountpoint>

And finally this command should do the job:

hdiutil attach test.sparsebundle -readonly

It is nice that you can provide read-only parameter.

If the backup was encrypted and you don't want to provide the password in a password prompt, use the following:

printf '%s' 'CorrectHorseBatteryStaple' | hdiutil attach test.sparsebundle -stdinpass -readonly

Note: if you receive the error "resource temporarily unavailable", probably another machine is backing up to the device

And now, you can find your backup disk under /Volumes. Happy restoring!

Probably it would have been quicker to either enable the remote GUI, or to physically travel to the system and login locally, but that would spoil the fun.

More info

1. Hacker Tools Free Download
2. Hacking Tools 2020
3. Hacking Tools For Games
4. Best Hacking Tools 2020
5. Hacker Tool Kit
6. Pentest Tools Download
7. Github Hacking Tools
8. Hack Tools Download
9. Hack Tool Apk No Root
10. Pentest Tools Tcp Port Scanner
11. Pentest Tools Website
12. How To Hack
13. Hacker Tools Apk
14. Hacker Security Tools
15. Hacker Tools Apk
16. Hacking Tools And Software
17. Hacking Tools Mac
18. Pentest Tools Apk
19. Hacking Tools Mac
20. Pentest Tools Linux
21. Pentest Tools Website
22. Hack Tools
23. What Are Hacking Tools
24. Nsa Hack Tools
25. Pentest Tools For Android
26. Hacker
27. Pentest Tools For Windows
28. Usb Pentest Tools
29. Best Hacking Tools 2020
30. Hacking Tools For Windows 7
31. Hack Tools Online
32. Hacker Tools
33. Hacker Tools List
34. Ethical Hacker Tools
35. Pentest Reporting Tools
36. Hacker Tools Free
37. Growth Hacker Tools
38. Tools Used For Hacking
39. Kik Hack Tools
40. Hacking Tools Windows
41. Pentest Tools Free
42. Pentest Tools Free
43. Hacker Tools For Windows
44. Easy Hack Tools
45. Hacking Apps
46. Beginner Hacker Tools
47. Hack Tools Online
48. New Hack Tools
49. Pentest Tools Subdomain
50. Kik Hack Tools
51. Hacker Tools Software
52. Hack Tools 2019
53. Pentest Tools Tcp Port Scanner
54. How To Hack
55. Pentest Tools Windows
56. Hacker Tools Apk
57. Growth Hacker Tools
58. Hacker Security Tools
59. Pentest Tools List
60. Pentest Tools Online
61. Nsa Hacker Tools
62. Pentest Tools Framework
63. Computer Hacker
64. Pentest Recon Tools
65. Hacking Tools Pc
66. Hacking Tools Usb
67. Pentest Tools Alternative
68. How To Make Hacking Tools
69. Hackers Toolbox
70. Hack Tools For Windows
71. Hacking Tools For Mac
72. Hacking Tools Usb
73. Hacker Tools Free Download
74. Hacking Tools 2019
75. Pentest Reporting Tools
76. Growth Hacker Tools
77. Hacker Tools For Pc
78. Game Hacking
79. Pentest Tools Subdomain
80. Pentest Tools For Android
81. Hacker Tools Free
82. Android Hack Tools Github
83. Hacking Tools Usb
84. Pentest Tools For Android
85. Hacking Tools Hardware
86. Wifi Hacker Tools For Windows
87. Pentest Tools Url Fuzzer
88. Hacker Tools For Ios
89. Hacker Tools List
90. Hack And Tools