±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 34489
New Yesterday: 1 Visitors: 164

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Webinars

iOS Bruteforce

Discussion of forensic issues related to all types of mobile phones and underlying technologies (GSM, GPRS, UMTS/3G, HSDPA, LTE, Bluetooth etc.)
Subforums: Mobile Telephone Case Law
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Go to page 1, 2  Next 
  

iOS Bruteforce

Post Posted: Fri Jun 22, 2018 10:58 pm

www.zdnet.com/article/...-passcode/

I'm pretty sure this has been fixed in 11.4 as I wasn't able to reproduce his results, but it makes me believe 11.3 and below is fair game.  

the_Grinch
Senior Member
 
 
  

Re: iOS Bruteforce

Post Posted: Sat Jun 23, 2018 1:20 am

In my opinion, it is a joke.
_________________
Computer, Cell Phone & Chip-Off Forensics

linkedin.com/in/igormikhaylovcf 

Igor_Michailov
Senior Member
 
 
  

Re: iOS Bruteforce

Post Posted: Sat Jun 23, 2018 2:25 am

It is not a joke, just the story doesn't reveal everything Smile
_________________
Apple passcode unlock + decrypted filesystem dump, Android user locks unlock + physical dump with decrypted userdata partition. We provide our services world-wide, but we reserve the right for choosing which tasks we take and which we deny! 

passcodeunlock
Senior Member
 
 
  

Re: iOS Bruteforce

Post Posted: Sat Jun 23, 2018 11:56 am

Well I will disclose what hasn't work for me so far:

I tested on iOS 11.4 and on 11.1.2 without success. I purchased a lightning to USB adapter that allows you to feed power and plug a usb device into an iPhone. I programmed a RubberDucky with a long string of numbers (with the last one being the one that would unlock the device) and got the 1 minute, then 5 minute delay. I will note that neither device had the wipe after 10 failed attempts enabled.  

the_Grinch
Senior Member
 
 
  

Re: iOS Bruteforce

Post Posted: Sat Jun 23, 2018 3:24 pm

I noticed something very interesting when re-watching the video he posted. At 16 seconds, if you pause it, you'll notice the following: HDBox-Keyboard. Now at this point he has plugged the phone in (to what he says is a computer, but shows us nothing) and then I see that. I happen to own an HDBox which is a device that allows for the brute forcing of Android Passcodes, Patterns and iOS passcodes. Currently my device is at work so I can't test it, but will definitely test it out on Monday.  

the_Grinch
Senior Member
 
 
  

Re: iOS Bruteforce

Post Posted: Sat Jun 23, 2018 8:01 pm

Figured it out! It does definitely work on 11.4 and almost as described by the author. They've updated the article, but I think he was close to on the money.  

the_Grinch
Senior Member
 
 
  

Re: iOS Bruteforce

Post Posted: Sun Jun 24, 2018 1:30 pm

So my testing was flawed. Seems iOS ignores multiple entries of the same code. Thus if you enter 000000 30 times you won't get hit with any limits, but if you entered 000000..111111...222222 etc you'll hit the limit. Back to the drawing board.  

the_Grinch
Senior Member
 
 

Page 1 of 2
Go to page 1, 2  Next