+ Reply
Results 1 to 8 of 8

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: Anyone know about /private/var/keybags/backup_keys_cache.db ?

is a discussion within the

Cydia Support

forums, a part of the

Native iPhone / iPod Touch App Discussion

section;
Today I got message in my iPad2 (jailbroken using absinthe) that it have 0 free space. Using ssh, I check the size of folders in the iPad and found out
...
  1. #1
    What's Jailbreak?
    Join Date
    Feb 2012
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Question Anyone know about /private/var/keybags/backup_keys_cache.db ?
    Today I got message in my iPad2 (jailbroken using absinthe) that it have 0 free space.

    Using ssh, I check the size of folders in the iPad and found out an interesting file that took 4.1G space and keep growing.

    The file is
    Code:
    /private/var/keybags/backup_keys_cache.db
    The owner is root user and wheel group. Curious, I rename the file into
    Code:
    backup_keys_cache.db.orig
    . I do
    Code:
    ls
    again and found that the file got created again and now keep growing in size.

    Code:
    AbiFathirs-iPad:~ root# ls -alh /private/var/keybags/
    total 4.1G
    drwx------  2 root wheel  170 Feb 18 23:54 ./
    drwxr-xr-x 30 root wheel 1.2K Feb 18 23:52 ../
    -rw-------  1 root wheel  97K Feb 19 00:03 backup_keys_cache.db
    -rw-------  1 root wheel 4.1G Feb 18 23:56 backup_keys_cache.db.orig
    -rw-r--r--  1 root wheel 2.9K Feb 18 18:44 systembag.kb
    I want to know if anybody else have this problems? I tried to uninstall newly installed application, from cydia and from app store, but the process that wrote to this file is still running and the file continue to grow.

    I tried to install
    Code:
    lsof
    , but when I run it, it crash with message
    Code:
    Cannot allocate memory

  2. #2
    Official SaurikIT Support
    Join Date
    Mar 2011
    Location
    Santa Barbara, CA
    Posts
    332
    Thanks
    1
    Thanked 66 Times in 45 Posts

    Weird! What do you have installed from Cydia? Anything unusual?

  3. #3
    What's Jailbreak?
    Join Date
    Feb 2012
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Mostly I only install console applications. I once add ********* to get ********** and install WhatsApp, after that I have removed the repo and ********** from Cydia. Other apps only WhatsPad and iWipe Cache.

    Is there any easy way to get list of installed cydia app?

    I also want to know if any other iDevice users that have those files in their device?

  4. #4
    Official SaurikIT Support
    Join Date
    Mar 2011
    Location
    Santa Barbara, CA
    Posts
    332
    Thanks
    1
    Thanked 66 Times in 45 Posts

    You can look at your list of installed packages by tapping Manage and tapping Packages. The package AppInfo can make a list that you can copy and paste.

    Under /var/keybags/ my device only has systembag.kb, no backup_keys_cache.db file.

    While googling I also found your question here, and under /var/mobile I do not have a log.0000000001 file. I do have /var/log/racoon.log (which is normal) but it's only 446.8 kb. Googling log.0000000001, it sounds like that is a common filename for a BerkeleyDB file.

    Edit: You could also install the package "syslog > /var/log/syslog" from Cydia, reboot, and then look at /var/log/syslog to see if it has any clues about what the cause of this might be.
    Last edited by brittag; 02-19-2012 at 03:32 AM.

  5. #5
    What's Jailbreak?
    Join Date
    Feb 2012
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Here is the result using AppInfo:


    Sources

    BigBoss
    http://apt.thebigboss.org/repofiles/cydia/dists/stable

    Cydia/Telesphoreo
    http://apt.saurik.com/dists/ios/675.00

    Dev Team
    ultrasn0w.com

    ModMyi.com
    http://apt.modmyi.com/dists/stable

    ZodTTD & MacCiti
    http://cydia.zodttd.com/repo/cydia/dists/stable

    Packages

    adv-cmds - 119-5
    AppInfo - 1.5
    AppList - 1.4.2
    APR (/usr/lib) - 1.3.3-2
    APT 0.6 Transitional - 1:0-23
    APT 0.7 (apt-key) - 0.7.25.3-3
    APT 0.7 HTTPS Method - 0.7.25.3-3
    APT 0.7 Strict - 0.7.25.3-6
    APT 0.7 Strict (lib) - 0.7.25.3-10
    Base Structure - 1-4
    Berkeley DB - 4.6.21-4
    BigBoss Icon Set - 1.0
    Bourne-Again SHell - 4.0.17-13
    bzip2 - 1.0.5-7
    Core Utilities - 8.12-12
    Core Utilities (/bin) - 8.12-7
    cURL - 7.19.4-6
    CyDelete - 2.0.5-1
    Cydia Installer - 1.1.4
    Cydia Translations - 1.1.0
    Darwin Tools - 1-4
    Debian Packager - 1.14.25-9
    Debian Utilities - 3.3.3ubuntu1-1
    Diff Utilities - 2.8.1-6
    Find Utilities - 4.2.33-6
    FullForce - 1.3.4
    GNU Cryptography - 1.4.0-2
    GNU Privacy Guard - 1.4.8-4
    GnuPG Errors - 1.6-2
    gzip - 1.3.12-6
    iOS Firmware - 5.0.1
    iPad - 1
    iPhone Firmware (/sbin) - 0-1
    iWipe Cache - 1.0
    libjpeg - 6b-1
    libstatusbar - 0.9.3~0
    Location Fix for iPad - 1.0
    LZMA Utils - 4.32.7-4
    Mobile Substrate - 0.9.3995
    MouseSupport - svn.r205-1
    New Curses - 5.7-12
    OpenSSH - 5.8p1-9
    OpenSSL - 0.9.8k-9
    PAM (Apple) - 32.1-3
    PAM Modules - 36.1-4
    pcre - 7.9-3
    PreferenceLoader - 2.0.4-1
    Profile Directory - 0-2
    readline - 6.0-7
    shell-cmds - 118-6
    Simulated Key Events - 0.9.2973-1
    Sudo - 1.6.9p12-4
    system-cmds - 433.4-12
    Tape Archive - 1.19-8
    top - 39-4
    UIKit Tools - 1.1.3
    WhatsPad - 0.0.2

  6. #6
    Official SaurikIT Support
    Join Date
    Mar 2011
    Location
    Santa Barbara, CA
    Posts
    332
    Thanks
    1
    Thanked 66 Times in 45 Posts

    Hmm, I'm not familiar with Location Fix for iPad, and I don't know how WhatsPad works, but the rest of the packages look pretty normal. Location Fix for iPad seems a bit old and also seems to have something to do with databases, but not with keychain stuff, so I wouldn't guess that it was related, but it might be worth removing.

    There's also the option of restoring and jailbreaking again and only installing packages one by one to try to isolate the issue, although that can be time-consuming.

  7. #7
    What's Jailbreak?
    Join Date
    Feb 2012
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Yeah, it will be time consuming and I don't have it right now.

    Right now my problems temporarily fixed by symbolic linking the db file into /dev/null.

    If this is really a malware and there are any other people have the similar problems, then I hope this thread and my original thread in stackexchange could help.

  8. #8
    What's Jailbreak?
    Join Date
    Feb 2012
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Hi brittag and anyone who read this thread,

    The application (malware?) that write to the file /private/var/keybags/backup_keys_cache.db seems to know any attempt to stop it to write the file. I really need help from you to check if any other jailbroken iPad who get this problem?

    If the file not growing more than 4GB, I wouldn't have knowing it. Maybe it affect other user, maybe not.

Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts