Spent a bit of time this weekend trying to help my cousin copy everything off of her iPhone 6, so that it can be wiped and transferred to another person. But since I'm stubborn and contrary, I didn't want to do it in iTunes (plus I didn't have her password)...
Enter libimobiledevice, and idevicebackup, referenced by a nice post from Santoku Linux https://santoku-linux.com/howto/mobile-forensics/howto-create-a-logical-backup-of-an-ios-device-using-libimobiledevice-on-santoku-linux/ . But since I'm stubborn and contrary, the CD image wouldn't install in VirtualBox on my laptop. Sigh. Ok, build from source. Vagrant ubuntu, then clone libimobiledevice and just about all the other pieces of their github, run idevicebackup and... well, this iPhone is too new, try using idevicebackup2. Cool, backing up, ##### marks dancing across the screen in little boxes, stuff being written unencrypted to disk, excellent.
Verify that the backup is readable and not encrypted, sweeet. Now what did I get in my 2.5GB of disk space? I still have no idea.
idevicebackup has an "unback" command that should convert the plist and SQLite files into a meaningful folder structure, which is said to work on version of IOS > 6. Unfortunately, the feature on the phone (which needs to be plugged in) that they were using to read and translate the backup was broken between IOS 10.3.0 and 10.3.1 (this fact was, and still is undocumented in the toolset, except for the closed github issue). So unback is not available.
End state: 2.5GB of possibly-useful-in-the-future data, and a wiped iPhone. Oh well, that's life on the bleeding edge of tech.
