±Your Account
Membership:
New Today: 0
New Yesterday: 4
Overall: 24370
Visitors: 32
±Latest Articles
· Catching the ghost: how to discover ephemeral evidence with Live RAM analysis
· Geo-tagging & Photo Tracking On iOS
· KS – an open source bash script for indexing data
· Mobile Device Geotags & Armed Forces
· Categorization of embedded system forensic collection methodologies
· Interpretation of NTFS Timestamps
· What are ‘gdocs’? Google Drive Data – part 2
· What are ‘gdocs’? Google Drive Data
· Bad Sector Recovery
· Forensic Artifact: Malware Analysis in Windows 8
· Geo-tagging & Photo Tracking On iOS
· KS – an open source bash script for indexing data
· Mobile Device Geotags & Armed Forces
· Categorization of embedded system forensic collection methodologies
· Interpretation of NTFS Timestamps
· What are ‘gdocs’? Google Drive Data – part 2
· What are ‘gdocs’? Google Drive Data
· Bad Sector Recovery
· Forensic Artifact: Malware Analysis in Windows 8
±Follow Us
±Latest Jobs
Back to top
Skip to content
Skip to menu
Back to top
Back to main
Skip to menu
Go to page Previous 1, 2
But just NOT available to 'all and sundry'.
Generally, this question has been raised/asked for many, many years.
Having worked in mobile 'phone development (in my past), devices that have security settings have what are known as 'exits' or 'escapes'. In mobile development they do not think in terms of "forensics" or "evidence". Development projects, e.g. meaning development handsets, are the focus. Checking security means you cannot lock, permanently, every 'test handset' under development, so 'exits' are built in, which saves on 'prototypes' being produced, and means diagnostics etc can be performed. Colloquially speaking 'exits' are 'backdoors'. So are there backdoors in handsets? Of course there are and well-known manufacturers have a different approach not only for testing but for other requirements, too.
Enquiries to open password protected handsets in legal terms are based upon law, lawful requests, legitimacy, proportionality and other reasonableness tests.
_________________
Institute for Digital Forensics (IDF) - LinkedIn
Mobile Telephone Examination Board (MTEB) - LinkedIn
Mobile Telephone Evidence & Forensics trewmte.blogspot.com
ForensicMobex now MTEB Linkedin Subgroup
I'll try to explain this without going into too much technical depth.
As far as we know there are no back doors inserted by Apple. One of the main hurdles for companies trying to acquire data from Apple devices is getting their code running on the platform. This is hard because Apple only allows code that has been verified and approved (signed) by them to run. Code signatures are trivial for Apple to bypass as they can approve whatever code they want. Once you have your code running on the platform you can basically read whatever data you want. So you're free to read the memory chips and pass that data back over USB. This is as I said trivial for Apple as they have the secret keys required to get their code running and they're familiar with the platform so creating code to read the memory chips and send it out over USB is also trivial. So this Apple can help you with.
Now the next problem is that the user data file system contained on these chips is encrypted with a key stored in the effaceable area. Once the data has been decrypted you have the file system in plain text. This Apple can help you with.
Trying to examine the files you run into another issue, some of the files are encrypted. These files are in different protection classes with differently calculated keys. Some of those keys are calculated from multiple factors, for example a combination of device specific keys and the user passcode. Once you've figured out the passcode you can decrypt all files. This Apple really can't help you with if the passcode can't be trivially guessed.
Another issue is restoring deleted information from the file system. Deletion of a file is as simple as marking the file deleted in the file system and throwing away the decryption key. Deleting the entire file system is as simple as throwing away the decryption key to it.
The steps Apple can help you with is getting the data out of the device, decrypt the file system and try to guess the passcode in order to decrypt some of the files.
This is about as secure, in my opinion, as you can reasonably expect from a platform which is always on, always ready.
Correct me if I made a mistake somewhere as I'm writing all of this from memory.
_________________
Peter Andersson, Micro Systemation
Peter which area did you work at Apple regarding iPhone?
_________________
Institute for Digital Forensics (IDF) - LinkedIn
Mobile Telephone Examination Board (MTEB) - LinkedIn
Mobile Telephone Evidence & Forensics trewmte.blogspot.com
ForensicMobex now MTEB Linkedin Subgroup
He works at Microsystemation ie XRY
iphone5 passcode bypass
Re: iphone5 passcode bypass
Posted: Sat Feb 23, 2013 12:14 pm
- Jonathan- Robbo747
The only way to unlock a handset lock on a iphone 4s or 5 is to submit it over to Apple. Join the cue- according to IACIS members, American law enforcement are experiencing backlogs with Apple.
So there is some sort of back door?
But just NOT available to 'all and sundry'.
Generally, this question has been raised/asked for many, many years.
Having worked in mobile 'phone development (in my past), devices that have security settings have what are known as 'exits' or 'escapes'. In mobile development they do not think in terms of "forensics" or "evidence". Development projects, e.g. meaning development handsets, are the focus. Checking security means you cannot lock, permanently, every 'test handset' under development, so 'exits' are built in, which saves on 'prototypes' being produced, and means diagnostics etc can be performed. Colloquially speaking 'exits' are 'backdoors'. So are there backdoors in handsets? Of course there are and well-known manufacturers have a different approach not only for testing but for other requirements, too.
Enquiries to open password protected handsets in legal terms are based upon law, lawful requests, legitimacy, proportionality and other reasonableness tests.
_________________
Institute for Digital Forensics (IDF) - LinkedIn
Mobile Telephone Examination Board (MTEB) - LinkedIn
Mobile Telephone Evidence & Forensics trewmte.blogspot.com
ForensicMobex now MTEB Linkedin Subgroup
-
trewmte - Senior Member
Re: iphone5 passcode bypass
Posted: Mon Feb 25, 2013 2:42 am
So there is some sort of back door?
I'll try to explain this without going into too much technical depth.
As far as we know there are no back doors inserted by Apple. One of the main hurdles for companies trying to acquire data from Apple devices is getting their code running on the platform. This is hard because Apple only allows code that has been verified and approved (signed) by them to run. Code signatures are trivial for Apple to bypass as they can approve whatever code they want. Once you have your code running on the platform you can basically read whatever data you want. So you're free to read the memory chips and pass that data back over USB. This is as I said trivial for Apple as they have the secret keys required to get their code running and they're familiar with the platform so creating code to read the memory chips and send it out over USB is also trivial. So this Apple can help you with.
Now the next problem is that the user data file system contained on these chips is encrypted with a key stored in the effaceable area. Once the data has been decrypted you have the file system in plain text. This Apple can help you with.
Trying to examine the files you run into another issue, some of the files are encrypted. These files are in different protection classes with differently calculated keys. Some of those keys are calculated from multiple factors, for example a combination of device specific keys and the user passcode. Once you've figured out the passcode you can decrypt all files. This Apple really can't help you with if the passcode can't be trivially guessed.
Another issue is restoring deleted information from the file system. Deletion of a file is as simple as marking the file deleted in the file system and throwing away the decryption key. Deleting the entire file system is as simple as throwing away the decryption key to it.
The steps Apple can help you with is getting the data out of the device, decrypt the file system and try to guess the passcode in order to decrypt some of the files.
This is about as secure, in my opinion, as you can reasonably expect from a platform which is always on, always ready.
Correct me if I made a mistake somewhere as I'm writing all of this from memory.
_________________
Peter Andersson, Micro Systemation
-
Pxtxr - Newbie
Re: iphone5 passcode bypass
Posted: Tue Feb 26, 2013 1:17 am
- PxtxrCorrect me if I made a mistake somewhere as I'm writing all of this from memory.
Peter which area did you work at Apple regarding iPhone?
_________________
Institute for Digital Forensics (IDF) - LinkedIn
Mobile Telephone Examination Board (MTEB) - LinkedIn
Mobile Telephone Evidence & Forensics trewmte.blogspot.com
ForensicMobex now MTEB Linkedin Subgroup
-
trewmte - Senior Member
Re: iphone5 passcode bypass
Posted: Tue Feb 26, 2013 2:49 am
ive never worked for apple and most of that is freely available ifnormation
-
randomaccess - Senior Member
Re: iphone5 passcode bypass
Posted: Tue Feb 26, 2013 7:17 am
I do not know if this will work for you (iOS version-dependent) but maybe you will find it helpful to bypass the passcode. Please let us know if it works.
www.dailymail.co.uk/sc...S-6-1.html
www.dailymail.co.uk/sc...S-6-1.html
-
eyez0n - Member
Re: iphone5 passcode bypass
Posted: Tue Feb 26, 2013 11:36 am
This vulnerability also was recently published:
bgr.com/2013/02/25/app...ty-343637/
_________________
Colin Mortimer
FishNet Security
bgr.com/2013/02/25/app...ty-343637/
_________________
Colin Mortimer
FishNet Security
-
Coligulus - Senior Member
Re: iphone5 passcode bypass
Posted: Tue Feb 26, 2013 7:24 pm
- trewmte- PxtxrCorrect me if I made a mistake somewhere as I'm writing all of this from memory.
Peter which area did you work at Apple regarding iPhone?
He works at Microsystemation ie XRY
-
Adam10541 - Senior Member