New Script – iOS Locations Scraper

Similar to my iOS Frequent Locations Dumper script, I wanted to extract the iOS locations that are stored in various SQLite databases and review them in CSV and KML output to make analysis easier. You can get the Python script here: https://github.com/mac4n6/iOS-Locations-Scraper

iOS is storing location data (Lats/Longs) in a variety of databases that are only accessible via physical access using a Jailbreak. Each database contains slightly different location data from Cellular (ie: LTE/CDMA), to Wi-Fi (war-driving type data), to application specific (Yelp, see example below). I still have quite a bit of research to do in this area to determine what all these points mean and how they are generated, and how long they persist for - thus a script needed to be created to make my life easier.

/private/var/mobile/Library/Caches/com.apple.routined/cache_encryptedB.db

/private/var/root/Library/Caches/locationd/

  • cache_encryptedA.db
  • cache_encryptedB.db
  • lockCache_encryptedA.db

The new iOS Locations Scraper script takes these extracted databases from a directory, looks at each table for a column labeled ‘Latitude’ and extracts the tuple data and writes it into a CSV and/or KML file. Examples of these files are shown below.

An example of the CSV output:

An example of the KML output in Google Earth (Note: A KML file can be opened in a variety of different tools):

CAVEAT: I wanted to make sure that I put this caveat out there. Some locations are fairly exact to where the device was located at a certain time, however others are more of a general location area (ie: cell tower location). The KML example above shows location artifacts from one database table (cache_encryptedA.db, LocationHarvest) in relation to the Yelp application. That's my iPhone tracking my location when I was using the Yelp app this weekend. (Pretty neat huh?)

For more iOS location-based information take a look at some of my other presentations:

iOS Location Forensics

The iOS of Sauron – How iOS Tracks Everything You Do

 

 

 

 

 

© Sarah Edwards [mac4n6.com and mac4n6.net] 2016
Unauthorized use and/or duplication of this material without express and written permission from this blog’s author
and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given
to Sarah Edwards and [mac4n6.com and mac4n6.net with appropriate and specific direction to the original content.
Opinions expressed on this site of that of Sarah Edwards and no one else unless explicictly stated.