Hi everyone,

Ok first, I think most people here on this forum know me by now and I am not a bad guy. I say this because this story really look bad... 

My accountant now has an iPhone 4S, but she still has her old iPhone 3G (no longer connect to a carrier). So she is only using her iPhone 4S. This old iPhone 3G was sync and backed up to iTunes, which was installed on her laptop. The problem is that last fall, somebody broke into her office and stole many things, including her laptop. And since she hasn't used her old iPhone 3G for a while, she couldn't remember her password. She tried login in many times and ended up locking her old phone...

The thing is she has pictures of her daughter that was taken by this phone and was backed up on her stolen laptop. She asked me if I could retrieve her pictures...

She contacted Apple and they said the only thing they can do is wipe out the phone for her (since they match the serial number to her name), but they cannot unlock it for her (which is a good thing!). So she came to me, knowing what I do for a leaving...

So you see? My story looks like the ones we get once in a while on this forum! I feel a bit lame for that...  But I have known her for many years now and I know she's telling the truth... The phone's id is under her name and there is a picture of her daughter in the logging screen... And no, I didn't steal/found an iPhone I try to steal data from.

I spent something around 6 hours trying to jailbreak this locked iPhone without success... I think she was using iOS 4.1 or something close to this.

So is it possible to recover pictures from a locked iPhone?

Thanks

Thanks chrisj but the problem with this is you need "the" iTunes that was used for the backup BEFORE the phone got locked. As you may or may not know, you can only sync your iPhone, iPod or iPad with a single version of iTunes. If she would still have her laptop (with the version of iTunes she used to sync with), she could recover her phone using this technique. Similarly, if she wouldn't care about her pictures, she could use this procedure with any iTunes to reset the phone to the factory state.

The problem is in the fact she wants her pictures back...

But thanks anyways!

Unfortunately, from what I've been able to find (as I'm sure you have), given the circumstances, your friend needs to start considering those pictures lost.

I hope to be proved wrong!

I thought this was simple to do offline if you open up the phone and remove the storage device. Invalid attempts aren't going to wipe it since that depends on the running OS software. You should be able to do that almost instantly if she was only using a four-digit PIN. I don't work with this much, so I don't know the specific tools, but I swear I've heard this attack discussed multiple times.

@chrisj: I tried but the phone itself is locked, so it doesn't work either...

@Matthias2012: I don't know german at all (regarding the video), but do you know at which iOS version Apple has started to do this?

@ajohnson: I think I may have to follow this route... I will research on this topic and post my findings. I hope I won't have to buy new hardware...

Did she use iCloud for backup?

Well, I think her pictures are gone forever now...

Thanks everyone for you help. At least, I have learn quite a few things along the way...

Same here, I know now considerably more about iOS security than I did last week.


Elcomsoft also offer an iOS Forensic Toolkit which can extract the keys, however, it's availability is restricted to select government entities (such as law enforcement, forensic organizations and intelligence agencies).


AFAIK this works on a backup of the device, not the physical device.