Locked iPhone

This topic contains 19 replies, has 6 voices, and was last updated by  caissyd 6 years, 6 months ago.

  • Author
    Posts
  • #8299
     caissyd 
    Participant

    Hi everyone,

    Ok first, I think most people here on this forum know me by now and I am not a bad guy. I say this because this story really look bad…  :-

    My accountant now has an iPhone 4S, but she still has her old iPhone 3G (no longer connect to a carrier). So she is only using her iPhone 4S. This old iPhone 3G was sync and backed up to iTunes, which was installed on her laptop. The problem is that last fall, somebody broke into her office and stole many things, including her laptop. And since she hasn’t used her old iPhone 3G for a while, she couldn’t remember her password. She tried login in many times and ended up locking her old phone…

    The thing is she has pictures of her daughter that was taken by this phone and was backed up on her stolen laptop. She asked me if I could retrieve her pictures…

    She contacted Apple and they said the only thing they can do is wipe out the phone for her (since they match the serial number to her name), but they cannot unlock it for her (which is a good thing!). So she came to me, knowing what I do for a leaving…

    So you see? My story looks like the ones we get once in a while on this forum! I feel a bit lame for that…  :-[ But I have known her for many years now and I know she’s telling the truth… The phone’s id is under her name and there is a picture of her daughter in the logging screen… And no, I didn’t steal/found an iPhone I try to steal data from.

    I spent something around 6 hours trying to jailbreak this locked iPhone without success… I think she was using iOS 4.1 or something close to this.

    So is it possible to recover pictures from a locked iPhone?

    Thanks

  • #52263
     rattis 
    Participant

    probably not much help, but did you see this?

    http://lifehacker.com/5852948/what-to-do-if-youve-forgotten-your-iphones-passcode

    It says you can sync the phone even when it’s locked. Not having an iphone, and not touching itunes in about 6 years, I don’t know if you can add and sync a new device while it is locked.

  • #52264
     caissyd 
    Participant

    Thanks chrisj but the problem with this is you need “the” iTunes that was used for the backup BEFORE the phone got locked. As you may or may not know, you can only sync your iPhone, iPod or iPad with a single version of iTunes. If she would still have her laptop (with the version of iTunes she used to sync with), she could recover her phone using this technique. Similarly, if she wouldn’t care about her pictures, she could use this procedure with any iTunes to reset the phone to the factory state.

    The problem is in the fact she wants her pictures back…

    But thanks anyways!

  • #52265
     Matthias2012 
    Participant

    Hello H1t M0nk3y,

    how good is your german?
    On the last IT-Security Exhibition in Nuernberg/Germany the CIO of ssys.de showed how to get into a locked iPad. Maybe this will give you an idea..
    He also said that an iPhone works similiar…
    http://www.techcast.com/events/it-sa-livehacking/dienstag-gruen-1015-schreiber
    it shows him in action…

    Regards

  • #52266
     m0wgli 
    Participant

    Unfortunately, from what I’ve been able to find (as I’m sure you have), given the circumstances, your friend needs to start considering those pictures lost.:(

    I hope to be proved wrong!

  • #52267
     Matthias2012 
    Participant

    I looked at the video and then I looked at your first posting again and I`am afraid but if your tried to “bruteforce” the pin for the GUI, then the device will have deleted the AES-decryption keys after X attempts and even for a forensic expert the data is lost… :'(

    Regards

  • #52268
     dynamik 
    Participant

    I thought this was simple to do offline if you open up the phone and remove the storage device. Invalid attempts aren’t going to wipe it since that depends on the running OS software. You should be able to do that almost instantly if she was only using a four-digit PIN. I don’t work with this much, so I don’t know the specific tools, but I swear I’ve heard this attack discussed multiple times.

  • #52269
     rattis 
    Participant

    @H1t M0nk3y wrote:

    As you may or may not know, you can only sync your iPhone, iPod or iPad with a single version of iTunes.

    This I did not know, I thought you could sync  / back up to multiple version of iTunes (like I said, haven’t used in forever).

    what about attaching it to a linux box and just mounting it as a local device? I don’t remember having to do anything special when I had my ipod color.

  • #52270
     caissyd 
    Participant

    what about attaching it to a linux box and just mounting it as a local device? I don’t remember having to do anything special when I had my ipod color.

    @chrisj: I tried but the phone itself is locked, so it doesn’t work either…

    the device will have deleted the AES-decryption keys after X attempts and even for a forensic expert the data is lost…

    @matthias2012: I don’t know german at all (regarding the video), but do you know at which iOS version Apple has started to do this?

    I thought this was simple to do offline if you open up the phone and remove the storage device. Invalid attempts aren’t going to wipe it since that depends on the running OS software. You should be able to do that almost instantly if she was only using a four-digit PIN. I don’t work with this much, so I don’t know the specific tools, but I swear I’ve heard this attack discussed multiple times.

    @ajohnson: I think I may have to follow this route… I will research on this topic and post my findings. I hope I won’t have to buy new hardware…

  • #52271
     m0wgli 
    Participant

    I was looking through these last night, you might find something of use in here:

    iOS hacking resource collection

  • #52272
     jjwinter 
    Participant

    Did she use iCloud for backup?

  • #52273
     m0wgli 
    Participant

    @jjwinter wrote:

    Did she use iCloud for backup?

    Unfortunately to use iCloud you need iOS 5 or higher, this isn’t available for the iPhone 3G.

  • #52274
     caissyd 
    Participant

    Well, I think her pictures are gone forever now… :-[

    Thanks everyone for you help. At least, I have learn quite a few things along the way…

  • #52275
     dynamik 
    Participant

    Ah, turns out I was wrong. You can’t do an offline attack because you need to extract the hardware key.

    Have you tried something like this? https://www.youtube.com/watch?v=S6OIK0oL6SI

    It looks like Elcomsoft has a commercial tool too: http://www.elcomsoft.com/eppb.html That might be worth a shot if nothing else works and the photos are worth $80 to her.

  • #52276
     m0wgli 
    Participant

    @H1t M0nk3y wrote:

    At least, I have learn quite a few things along the way…

    Same here, I know now considerably more about iOS security than I did last week.

    @ajohnson wrote:

    Ah, turns out I was wrong. You can’t do an offline attack because you need to extract the hardware key.

    Elcomsoft also offer an iOS Forensic Toolkit which can extract the keys, however, it’s availability is restricted to select government entities (such as law enforcement, forensic organizations and intelligence agencies).

    @ajohnson wrote:

    It looks like Elcomsoft has a commercial tool too: http://www.elcomsoft.com/eppb.html That might be worth a shot if nothing else works and the photos are worth $80 to her.

    AFAIK this works on a backup of the device, not the physical device.

  • #52277
     dynamik 
    Participant

    @m0wgli wrote:

    @ajohnson wrote:

    It looks like Elcomsoft has a commercial tool too: http://www.elcomsoft.com/eppb.html That might be worth a shot if nothing else works and the photos are worth $80 to her.

    AFAIK this works on a backup of the device, not the physical device.

    Ah, you’re right. I just glanced at it before I went out the door.

    I’m still curious if he’s tried something like the tool in the video I linked to. That seemed fairly comprehensive.

  • #52278
     Matthias2012 
    Participant

    Quote:
    I don’t know german at all (regarding the video), but do you know at which iOS version Apple has started to do this?

    I will contact this guy and ask for that…

    Regards

  • #52279
     caissyd 
    Participant

    Thanks everyone for your help, but I failed trying to recover her pictures.

    But on the other end, it’s good to know that if someone steals your phone, they won’t be able to get to your personal data!  :-

    But thanks again for all your help!

  • #52280
     Matthias2012 
    Participant

    Hi,

    OK, I`ve asked the guy and that is what he told me..
    If you type in the PIN x-times wrong the iPhone will go into locked mode, but don`t worry. You can boot another iOS over the cable, reset the counter and then use a brute-force-tools to recover the PIN.
    If you have activated the feature hardware encryption (3GS, 4 and up) then the phone will protect with AES the RAM and a special protected area (I do not have an iPhone so I don`t know exactly what does that means). It will destroy the AES keys and everything is gone when you type in the PIN x-times wrong. The same feature is used for a remote wipe, independent what you have configured..

    Regards

  • #52281
     caissyd 
    Participant

    Thanks Matthias2012!

    But regarding this:

    You can boot another iOS over the cable, reset the counter and then use a brute-force-tools to recover the PIN.

    How the hell am I gonna do that?!?

    I am a newbee when it comes to mobile hacking…  :-

You must be logged in to reply to this topic.

Copyright ©2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?