# Anyone know about /private/var/keybags/backup_keys_cache.db

Today I obtained a popup message in my iPad2 (jailbroken making use of absinthe) that it have 0 vacuum.

Making use of ssh, I examine the dimension of folders in the iPad and also figured out an intriguing documents that took 4.1G room and also maintain expanding.

The documents is /private/var/keybags/backup_keys_cache.db

The proprietor is root customer and also wheel team. Interested, I relabel the documents right into backup_keys_cache.db.orig. I do ls once more and also located that the documents obtained developed once more and also currently maintain expanding in dimension.

AbiFathirs-iPad:~ root# ls -alh /private/var/keybags/
total 4.1G
drwx------  2 root wheel  170 Feb 18 23:54 ./
drwxr-xr-x 30 root wheel 1.2K Feb 18 23:52 ../
-rw-------  1 root wheel  97K Feb 19 00:03 backup_keys_cache.db
-rw-------  1 root wheel 4.1G Feb 18 23:56 backup_keys_cache.db.orig
-rw-r--r--  1 root wheel 2.9K Feb 18 18:44 systembag.kb


I need to know if any person else have this troubles? I attempted to uninstall freshly mounted application, from cydia and also from application store, yet the procedure that contacted this documents is still running and also the documents remain to expand.

I attempted to install lsof, yet when I run it, it crash with message Cannot allocate memory

Update Feb 19, 2012:

One of my close friend recommend a short-lived remedy to stop the procedure creating right into this documents. Delete/rename the initial documents, after that create new documents as symbolic link to /dev/null

cd /private/var/keybags/
mv backup_keys_cache.db backup_keys_cache.db.orig2 && ln -s /dev/null backup_keys_cache.db


Now with the documents come to be symbolic link right into the great void, it needs to not hog down the storage room. I still have the initial 4.1GB documents conserved in my laptop computer, and also smaller sized documents that developed after the initial documents obtained relabelled.

I attempted to make use of db4.6_dump to read this documents yet I obtained this message:

DATA=END
db4.6_dump: backup_keys_cache.db: DB_VERIFY_BAD: Database verification failed


My close friend believe maybe from smelling devices, yet he additionally interested why the documents can be that large.

Update Feb 28, 2012

Today I figured out that the application (malware?) could have capacity to find out and also locate a means to constantly write the backup_keys_cache. db documents. It can identify and also delete the softlink that I made right into/ dev/null with the very same name. I attempted to delete the documents, make a directory with the very same name, yet today the directory have actually been relabelled and also the backup_keys_cache. db documents currently had 1.9M dimension.

If the documents not got involved in 4.1GB, I could not mindful concerning it is presence. I require to recognize if any kind of various other iPad 2 customers had the very same trouble. Please examine your tool and also see if you had the documents in there or otherwise.

1
2022-06-07 14:37:24
Source Share

If you switch off iCloud it removes the documents and also releases the memory

0
2022-06-09 16:35:30
Source

After checking out syslog in my iPad, I located 2 rows which contain words key

Feb 28 22:25:21 AbiFathirs-iPad backupd[50473] <Warning>: INFO: Refreshed cache in 4.852 s

Feb 28 22:25:21 AbiFathirs-iPad backupd[50473] <Warning>: INFO: Exporting keychain


I examine backupd executable while doing so checklist and also located it below:

# ps A|grep backupd
50803   ??  Ss     0:00.43 /System/Library/PrivateFrameworks/MobileBackup.framework/backupd


After checking out the executable documents web content making use of strings in my ubuntu laptop computer, I figured out that this could be an iCloud back-up application.

So I attempt to disable iCloud in control panel, and also new the documents /private/var/keybags/backup_keys_cache.db no more show up.

I do not recognize why the cache documents can reach 4GB dimension recently. Yet at the very least currently I recognized which application that create it.

0
2022-06-07 19:42:25
Source