ElcomSoft Breaks iPhone Encryption

anyone use this yet??

No, but I do know someone that uses the ElcomSoft software to crack. I will ask if they have the updated software and if so, see if I can test my test bed phones (3GS/4 currently running iOS 4.2.1).

The cost of this software is around 1995 pounds iirc.

Everyone needs to check out the project iphone-dataprotection-indepth which does something similar but does not as far as I can tell let you extract the unallocated space.

They use a modified version of HFSExplorer to extract the data from an obtained raw image file.

I have however looked through the source code and I think that with a slight modification it would be relatively easy to parse out the unallocated space in a none encrypted format.

I have managed to compile and succesfully use the tool to extract *all* of a live file system (including the mail) and extract the elusive 0x835 key which holds the key to the kingdom.

You can also bruteforce a simple 4 digit numerical passcode using the tool, it is also possible to extract the Wifi keys etc in plaintext.

I checked with my co-worker today and he is running ElcomSoft's distributed password recovery and does not have the newly released password cracker for the phones. I did add it to our wish-list of software, so maybe one day I will get it to try.

I've used the tool and it works great.

I just put up a review on my blog here
http//blog.csvance.com/?p=174

I've used the tool and it works great.

I just put up a review on my blog here
http//blog.csvance.com/?p=174

Have you tried to parse anything out of unallocated space with this? As all of the literature I have read does not make it clear about the Elcomsoft tools ability to do this? This for me is the deal breaker, recovery of unallocated is something of a complex problem on iOS 4 devices as each file is encrypted with a unique key that is stored in the files resource fork. If you delete the file and along with it the resource fork then its going to be a bit of a problem to recover anything of interest.

Also do you notice anything different about the dd or img file that the elcomsoft tool produces?

Having read your review it appears that these tools do exactly the same thing for free. I have used them and have achieved some cracking results.

According to FTK 3.3, it's seeing unallocated space from the .dmg file produced just fine. It looks just like one pulled from an iPhone 3G using MPE+ earlier this week. I'll run some additional data carving just to be sure.

Also, the main reason I like ElcomSoft's tool is its really all in one nice package. It was really simple to use.

According to FTK 3.3, it's seeing unallocated space from the .dmg file produced just fine. It looks just like one pulled from an iPhone 3G using MPE+ earlier this week. I'll run some additional data carving just to be sure.

Also, the main reason I like ElcomSoft's tool is its really all in one nice package. It was really simple to use.

There is not an issue with seeing unallocated space as such from a raw dd img of the phone, can you pull out anything of use such as a JPG?

You will find some plaintext in the unallocated space but will be very interested to see if you can pull back any file data.

Good luck D ?

I successfully used the Iphone data protection tools get the keys and decrypt a 3gs 4.0.1 dump tonight. I had the same results as you, CaptainF. Hopefully a modification comes out soon to allow us to decrypt entire raw dumps and view them in hex because at its current state emf_decrypter doesnt really do anymore than hfsexplorer can do unless im missing something. Have you had any progress?