How to backup an iPhone under Qubes

192 views
Skip to first unread message

qu...@posteo.de

unread,
Oct 5, 2016, 4:23:28 PM10/5/16
to qubes...@googlegroups.com
Hi,

how can I back up my iPhone without a separate Os?

I have installed Windows 10 in an HVM and tried to add both USB
controller devices but then the VM does not start.

Backing up via Wifi does not work because the HVM is behind a NAT.

I have not tried WIndows 7 because I have not access to it.

So is there any solution which does not require another os or another
computer?

Thx in advance

Grzesiek Chodzicki

unread,
Oct 6, 2016, 4:13:34 AM10/6/16
to qubes-users, qu...@posteo.de
USB passthrough for HVM is currently broken, You need to either use a Linux AppVM or do it over the network.

qu...@posteo.de

unread,
Oct 6, 2016, 1:54:14 PM10/6/16
to Grzesiek Chodzicki, qubes-users
Hi ,

thx for your reply.

On 06.10.2016 10:13, Grzesiek Chodzicki wrote:
> W dniu środa, 5 października 2016 22:23:28 UTC+2 użytkownik
> qu...@posteo.de napisał:
> USB passthrough for HVM is currently broken, You need to either use a
> Linux AppVM or do it over the network.

Is there a possibility to run iTunes on Linux in an AppVM? At least I am
not aware of it without a virtual machine with Windows.

Network would work in theory, but it would require a bridge, which is
not possible without patching in Qubes OS afaik.

Network backups also need to be setup for the first time via USB which I
can workaround atm by copying over the iTunes configuration from the
other VM but this still requires a bridge network device.

Regards

raah...@gmail.com

unread,
Dec 3, 2016, 10:39:34 PM12/3/16
to qubes-users, grzegorz....@gmail.com, qu...@posteo.de
what about making an appvm from a win7 templatevm? or prolly all still considered hvm which I think is the prob.

raah...@gmail.com

unread,
Dec 3, 2016, 10:40:08 PM12/3/16
to qubes-users, grzegorz....@gmail.com, qu...@posteo.de, raah...@gmail.com
cause i can assign single device to a linux appvm no probs, but not to the windows hvm.

Vít Šesták

unread,
Dec 4, 2016, 11:27:47 AM12/4/16
to qubes-users
What bridge do you need for network? With Qubes, you can use iptables to route a trafic on a specific port to a specific AppVM.

You need to do this on all VMs that are in the path. Usually, you forward a port from sys-net to sys-firewall and then from sys-firewall to the AppVM you need. Would this solve your problem?

Alternatively, you can forward USB to Windows using usbip. Again, you need iptables rules. I did this in older Qubes version with Linux machines, but it should work the same with Windows.

Security concerns when using usbip this way:

* You trust the VMs where the network goes through (usually sys-firewall).
* The host VM could be attacked if USBIP is vulnerable.
* The guest VM could be attacked if USBIP is vulnerable. I am not sure how much is the guest software maintained, since the last release is about 5Y ago.
* Other general threats related to USB (BadUSB, USB sniffing etc.)

Maybe none of those concerns is a thread for you, but you have been warned.

Regards,
Vít Šesták 'v6ak'

Jean-Philippe Ouellet

unread,
Dec 8, 2016, 1:24:38 AM12/8/16
to Vít Šesták, qubes-users
On Sun, Dec 4, 2016 at 11:27 AM, Vít Šesták
<groups-no-private-mail--con...@v6ak.com>
wrote:
> Alternatively, you can forward USB to Windows using usbip. Again, you need iptables rules. I did this in older Qubes version with Linux machines, but it should work the same with Windows.
>
> Security concerns when using usbip this way:
>
> * You trust the VMs where the network goes through (usually sys-firewall).
> * The host VM could be attacked if USBIP is vulnerable.
> * The guest VM could be attacked if USBIP is vulnerable. I am not sure how much is the guest software maintained, since the last release is about 5Y ago.
> * Other general threats related to USB (BadUSB, USB sniffing etc.)

Note that the new qvm-usb functionality is built using USBIP, just
over qrexec rather than IP, so you may or may not be meaningfully
increasing what you already trust by using it here.

https://github.com/QubesOS/qubes-app-linux-usb-proxy

Vít Šesták

unread,
Dec 8, 2016, 1:47:20 AM12/8/16
to qubes-users
Good point, but it is not the exactly same risk.

First, the qrexec goes directly (maybe trusted dom0), while network gores typically through sys-firewall. Maybe a minor difference for some, but still worth noting. The VM can not only sniff the traffic, but it can also modify it, maybe in order to attack some other VM.

Second, the Windows implementation does not look to be updated, so there can be unpatched known vulnerabilities. Moreover, it might be easier to find unknown vulnerabilities for such unmaintained software.

Both of them might be justifiable, but it is good to know when considering it.

Regards,
Vít Šesták 'v6ak'

Manuel Amador (Rudd-O)

unread,
Dec 8, 2016, 5:12:46 AM12/8/16
to qubes...@googlegroups.com
Qubes network server may be able to add the ability for Windows to join
your LAN with its own IP address, thereby making it visible to your phone.

https://github.com/Rudd-O/qubes-network-server

but, frankly, I have never tested it with Windows.

--
Rudd-O
http://rudd-o.com/

Reply all
Reply to author
Forward
0 new messages