Does anyone have a solution to obtain a logical or physical extraction to a pass coded iPad 2?
Cellebrite doesn't support it without the password and all my research has lead no where.
Thanks for any help.
Unfortunately I think you will find that there are no tools available that can bypass the lock code on anything newer than an iPhone 4 or iPad 1. This is due to the fact there is not a publicly available bootROM exploit which can be used, like there is on iPhone 4/iPad 1 and earlier. The only exception to this is if the device is already jailbroken AND OpenSSH has been installed, and presumably that the root password hasn't been changed from "alpine".
The only thing I am aware of that you could try is to locate the escrow keybag from the computer which the iPad has been synced with. These keys allow iTunes to communicate with the device even when it is locked. If you can harvest those from the owners computer and place them in the necessary place on your examination computer you may be able to at least perform an iTunes backup and acquire all data included in that. Though, this will surely not include email data and any other data which is not backed up.
More information here
http//
It looks like Coligulus has covered this off very well.
I have replied to your PM but sadly it doesn't contain anything extra than the reply above.
If you do have the keys from the machine you could also try waterboard
Thanks all for your input and help. Not sure if I have access to the computer but will look into it. Appreciate your help.
ron
If you do have the keys from the machine you could also try waterboard
Does the Waterboard have their own examiners now ?? lol
If you do have the keys from the machine you could also try waterboard
Does the Waterboard have their own examiners now ?? lol
I think it was a misspelling, he meant, have you tried waterboarding! It's quite effective at getting passwords D
Yeah, if you have the pairing key for the device which can be found at either
Mac OSX - /var/db/lockdown (deviceUDID.plist)
Windows - The location of the key file varies depending on the version.
These along with the Waterboard app would get you around the passcode and potentially retrieve quite a bit of logical data. Below is a copy and paste from the original read-me file which states what the app can potentially get back for you.
- The entire file system of a jailbroken device, in many cases
- The entire "Media" folder of a non-jailbroken device
- Photos, iTunes library, iBooks, and so on
- All Documents, Library, and tmp files for App Store applications
- A roster of all installed App Store applications and their properties
- Extended device identity information including
- IMEI, UUID, MEID, IMSI, UCID, device and baseband serial number, and so on
- Last phone number configured on the device, SIM status, and so on
- Carrier bundle name, version, ICCID, MCC, MNC
- Current time zone configured
- Hardware addresses of WiFi and BT interfaces, chipset model, and son on
- Device name, model, firmware version, iBoot version, and model color
- PRL (preferred roaming list) version and varrier bundle version
- iCloud conflict information
- Battery diagnostics (cycle count, design capacity, and so on)
- NVRAM flags (boot flags and other data)
- The current device time (in seconds since 1970)
- Networking diagnostics showing how much data was used daily on per-app basis
- MobileSync data dumping Notes, Address Book, Calendar, and Safari Bookmarks
- Captures all accounts being synchronized with desktop
- Does not capture iCloud sync accounts, but those do get captured elsewhere
- A gzipped CPIO archive of the following file system components
- Apple support data and system crash logs
- User "Cache" folder
- Cached web data stoerd by various applications
- Screenshots of suspended applications
- Pasteboard (clipboard) data
- Icon cache
- Safari reading list archives
- What appaers to be a video conference cache of local IP + date of call
- Map tile database (of stored / viewed maptiles)
- Apple TV data, if acquiring an Apple TV
- Storage proxy logs
- Bluetooth diagnostic information
- The application installation log
- Some PPP and VPN data
- A complete dump of all activation and pairing records
- Core Location cache
- Keyboard (typing) caches
- System Configuration information (WiFi AP join history / auto-join info)
- A dump of the SMS database, SMS attachments, and SMS drafts
- A dump of various user databases (Address Book, Calendar, Address Book)
- A dump of the user's voicemail stored on the device (including unlistened)
- The user's entire photo album, music collection, and media
- System configuration data, such as accounts and wifi pairing history
- iCloud local cache and control files
- Lists of artifacts stored in iCloud
- Lists of other devices (and computer names) synced with same iCloud
- The tmp directory, which often contains useful data
- If backup encryption is not active, a full backup from the mobile backup
service, acquirable in either file system format or iTunes backup format
C.