Notifications
Clear all

Apple iPhone 5 & 6 Encrypted Backup

15 Posts
9 Users
0 Likes
1,132 Views
 PB10
(@pb10)
Posts: 19
Active Member
Topic starter
 

Hey all,

I have an Apple iPhone 5 and 6 which both require an encrypted backup password. I have the passcodes for the device, but not the backup password. As forensic software is unable to recover calls, SMS, social networking messaging data etc, i was wondering if anyone has attempted to jailbreak these devices in the past in order to recover these files?

Would you be able to bypass the backup encryption by jailbreaking the device? Or even be able to recover the backup password from a jailbroken device?

The devices have no iCloud accounts, therefore, 'find my iPhone' is off, making jalibreaking a possibility.

Any thoughts??? D

 
Posted : 07/12/2016 8:58 pm
passcodeunlock
(@passcodeunlock)
Posts: 792
Prominent Member
 

What are your exact device models ? What iOS runs on them ?

 
Posted : 07/12/2016 9:06 pm
 PB10
(@pb10)
Posts: 19
Active Member
Topic starter
 

What are your exact device models ? What iOS runs on them ?

The models and iOS versions are-

iPhone 5 (A1429) - iOS 9.3.2
iPhone 6s (A1688) - iOS 9.3.3

 
Posted : 08/12/2016 3:57 pm
UnallocatedClusters
(@unallocatedclusters)
Posts: 577
Honorable Member
 

PB10,

If you are referring to an iTunes' encryption password that is in place on the iPhones, then here are some options

1) Elcomsoft Phone Breaker Forensic Edition (https://www.elcomsoft.com/eppb.html) US $799.00

2) Compelson MobilEdit Forensic Express (http//www.mobiledit.com/online-store/forensic-express) US $1,200.00

OPTION 1 Elcomsoft Phone Breaker ("EPB") can be used to crack the iTunes encryption password of mobile backups of the iPhones. So, you could use EPB to download iCloud stored mobile backups of both phones (assuming you have the AppleIDs and Passwords for the phones) and then use EPB to crack the iTunes encryption password.

OPTION 2 Alternatively, you could use the latest version of iTunes to make a mobile backup of each iPhone which would be found here C\Users\*USER ACCOUNT NAME*\AppData\Roaming\Apple Computer\MobileSync\Backup\………

Then once you have mobile backups created, you could use EPB to crack the iTunes password. You will need to test option 2 as iTunes might prevent the creation of a mobile backup without inputting the iTunes encryption password.

OPTION 3 Compelson MobilEdit Forensic Express can be used to crack the iTunes password of the iPhones directly (not the mobile backups of the phones).

Other items to look at

If you have the MacBook or Windows computer of the phone owner, use a tool such as Passmark's OSForensics to create an index and "dictionary" file of the computer itself. The "dictionary" file can then be fed into Elcomsoft's Phone Breaker to aid in cracking the iTunes encryption password.

 
Posted : 08/12/2016 10:22 pm
(@randy_randerson)
Posts: 24
Eminent Member
 

Have you tried entering the passcode when prompted? I've had huge success getting into devices when prompted by Cellebrite to enter the password when its processing the file system dump.

 
Posted : 08/12/2016 10:29 pm
UnallocatedClusters
(@unallocatedclusters)
Posts: 577
Honorable Member
 

RR -

I believe the root cause problem the OP is facing is the lack of the iTunes encryption password, not the AppleID password.

 
Posted : 08/12/2016 10:31 pm
passcodeunlock
(@passcodeunlock)
Posts: 792
Prominent Member
 

Create dumps using UFED advanced logical backup method one and set an encryption password, the default is 1234.

 
Posted : 08/12/2016 10:47 pm
 PB10
(@pb10)
Posts: 19
Active Member
Topic starter
 

PB10,

If you are referring to an iTunes' encryption password that is in place on the iPhones, then here are some options

1) Elcomsoft Phone Breaker Forensic Edition (https://www.elcomsoft.com/eppb.html) US $799.00

2) Compelson MobilEdit Forensic Express (http//www.mobiledit.com/online-store/forensic-express) US $1,200.00

OPTION 1 Elcomsoft Phone Breaker ("EPB") can be used to crack the iTunes encryption password of mobile backups of the iPhones. So, you could use EPB to download iCloud stored mobile backups of both phones (assuming you have the AppleIDs and Passwords for the phones) and then use EPB to crack the iTunes encryption password.

OPTION 2 Alternatively, you could use the latest version of iTunes to make a mobile backup of each iPhone which would be found here C\Users\*USER ACCOUNT NAME*\AppData\Roaming\Apple Computer\MobileSync\Backup\………

Then once you have mobile backups created, you could use EPB to crack the iTunes password. You will need to test option 2 as iTunes might prevent the creation of a mobile backup without inputting the iTunes encryption password.

OPTION 3 Compelson MobilEdit Forensic Express can be used to crack the iTunes password of the iPhones directly (not the mobile backups of the phones).

Other items to look at

If you have the MacBook or Windows computer of the phone owner, use a tool such as Passmark's OSForensics to create an index and "dictionary" file of the computer itself. The "dictionary" file can then be fed into Elcomsoft's Phone Breaker to aid in cracking the iTunes encryption password.

Yes, it is the iTunes encryption password. I have attempted elcomsoft for any 'weak' passcodes, 4-6 digits, alphanumeric. Obviously, the longer the password, the longer the brute force attempt will take.

Unfortunately there are only mobile phones involved, no computers (to create a dictionary file).

Hopefully the owner will cough up the password, in the meantime i was looking at different avenues (such as jailbreaking the device). Would this give me direct access to the database files as the device would no longer be 'locked' down.

 
Posted : 09/12/2016 1:52 pm
(@wotsits)
Posts: 253
Reputable Member
 

PB10,

If you are referring to an iTunes' encryption password that is in place on the iPhones, then here are some options

1) Elcomsoft Phone Breaker Forensic Edition (https://www.elcomsoft.com/eppb.html) US $799.00

2) Compelson MobilEdit Forensic Express (http//www.mobiledit.com/online-store/forensic-express) US $1,200.00

OPTION 1 Elcomsoft Phone Breaker ("EPB") can be used to crack the iTunes encryption password of mobile backups of the iPhones. So, you could use EPB to download iCloud stored mobile backups of both phones (assuming you have the AppleIDs and Passwords for the phones) and then use EPB to crack the iTunes encryption password.

OPTION 2 Alternatively, you could use the latest version of iTunes to make a mobile backup of each iPhone which would be found here C\Users\*USER ACCOUNT NAME*\AppData\Roaming\Apple Computer\MobileSync\Backup\………

Then once you have mobile backups created, you could use EPB to crack the iTunes password. You will need to test option 2 as iTunes might prevent the creation of a mobile backup without inputting the iTunes encryption password.

OPTION 3 Compelson MobilEdit Forensic Express can be used to crack the iTunes password of the iPhones directly (not the mobile backups of the phones).

Other items to look at

If you have the MacBook or Windows computer of the phone owner, use a tool such as Passmark's OSForensics to create an index and "dictionary" file of the computer itself. The "dictionary" file can then be fed into Elcomsoft's Phone Breaker to aid in cracking the iTunes encryption password.

Yes, it is the iTunes encryption password. I have attempted elcomsoft for any 'weak' passcodes, 4-6 digits, alphanumeric. Obviously, the longer the password, the longer the brute force attempt will take.

Unfortunately there are only mobile phones involved, no computers (to create a dictionary file).

Hopefully the owner will cough up the password, in the meantime i was looking at different avenues (such as jailbreaking the device). Would this give me direct access to the database files as the device would no longer be 'locked' down.

I assume you are not in LE? Jailbreaking a phone would make your evidence highly questionable.

 
Posted : 10/12/2016 6:03 am
(@armresl)
Posts: 1011
Noble Member
 

Your evidence is only questionable if you have no idea why or what happened. If you can articulate what you did, the changes made, and the results or lack thereof on mission critical data, then you have no issues.

I assume you are not in LE? Jailbreaking a phone would make your evidence highly questionable.

 
Posted : 10/12/2016 8:59 am
Page 1 / 2
Share: