±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 1 Overall: 31963
New Yesterday: 6 Visitors: 90

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

RSS Feed Widget

±Latest Webinars

iPhone 6 A1586 and UFED

Discussion of forensic issues related to all types of mobile phones and underlying technologies (GSM, GPRS, UMTS/3G, HSDPA, LTE, Bluetooth etc.)
Subforums: Mobile Telephone Case Law
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Go to page 1, 2  Next 
  

iPhone 6 A1586 and UFED

Post Posted: Mon Mar 20, 2017 12:06 am

Hello guys i got 2 unlocked iPhones with no Security Codes and took a backup with UFED TOUCH, however physical anaylyser could not parse the image and asks for encryption password, while i have not set any password.

I tried to take a backup using itunes too, it can only take encrypted backups, i cannot untick the option.

both iphone 6 are running 10.2.1

Any thoughts?  

almrasl
Newbie
 
 
  

Re: iPhone 6 A1586 and UFED

Post Posted: Mon Mar 20, 2017 2:47 am

Try 1234  

dandaman_24
Senior Member
 
 
  

Re: iPhone 6 A1586 and UFED

Post Posted: Mon Mar 20, 2017 3:57 am

I contacted Cellebrite they told me the same, unfortunately it did not work.

This is interesting.  

almrasl
Newbie
 
 
  

Re: iPhone 6 A1586 and UFED

Post Posted: Mon Mar 20, 2017 7:16 am

The user enabled iTunes backup encryption, this is independent from the passcode.
1234 is the default password which is set by Physical Analyzer if there has not been set a password by the user and you tick the "encrypt backup" box during the extraction process. So in this case this will not work of course.

As far as I know you have these options:

a) Jailbreak it (if possible) and extract data with method 3 in Physical Analyzer. It will not be encrypted.

b) Use Elcomesoft Phone breaker and try brute forcing the password. Or you can create a list of passwords and throw it in Physical Analyser if asked for a password.
This probably won't work because Apple changed the password hashing algorithm with iOS 10. Brute forcing is now very very very slow. So basically this is not really working anymore.

c) Ask the owner of the phone for the password  

SamBrown
Senior Member
 
 
  

Re: iPhone 6 A1586 and UFED

Post Posted: Mon Mar 20, 2017 10:22 pm

Very informative.  

CopyRight
Senior Member
 
 
  

Re: iPhone 6 A1586 and UFED

Post Posted: Wed Mar 22, 2017 1:38 am

Oxygen Forensic Detective can also help you to find the password to the encrypted iTunes backup. The built-in Passware module uses the latest algorithms and technologies including distributed processing and GPU acceleration with ATI and NVIDIA boards. The software offers varoius attacks such as brute-force, dictionary, Xieve, etc.  

OxygenForensics
Senior Member
 
 
  

Re: iPhone 6 A1586 and UFED

Post Posted: Wed Mar 22, 2017 3:42 pm

iPhone uses PBKDF/HMAC2-SHA256 (+10 million iterations) and you can BF it with free HashCat - hashcat.net/forum/thread-6351.html


_________________
Multi-COM - Bogusław Rzepka
multi-com.eu 

Bolo
Member
 
 

Reply to topicReply to topic

Share and Like this forum topic to get more replies




Page 1 of 2
Go to page 1, 2  Next