Hi,
I have a physical dump form a iPhone 4 (Not 4S) and I was wondering if any of you know of a way to extract the the passcode from the dump. The passcode that was originally enabled on the phone.
The phy. extraction was made by XRY but the passcode is unfortunately not written in the XRY-logs. The phone is no longer within my reach so I cant extract it from the phone itself.
BR M
Are you sure it had a passcode at all when the extraction happened ?!
What tool did you use to dump the phone ?
If you used UFED PA, right click on the ufed EvidenceCollection.ufdx file and open in notepadd++ here it should tell you the PIN.
Are you sure it had a passcode at all when the extraction happened ?!
Yes it had a pin, 70% sure ) (And according to the XRY-log, passcode protected.). In the past (long time ago) XRY could bruteforce the pin (four digits) and it would report the pin in the log (As I remember it) but I cant find it in the log here. I can see that it tried to find the pin but but I cant see that it reports the actual pin.
What tool did you use to dump the phone ?
If you used UFED PA, right click on the ufed EvidenceCollection.ufdx file and open in notepadd++ here it should tell you the PIN.
When the phone was processed we used XRY. Perhaps it did not have a code, the more I think of it the more doubtful I get. But thx for your input.
Can you verify in the physical dump somehow if the passcode was set….. hmmm.
Since the physical dump of the iPhone 4 already exists, there are several ways to analyze it. I think UFED PA, Oxygen Forensics Detective or Belkasoft Evidence Center reveals the passcode.
There might be other programs as well which could solve your task, I heard good things about Mobiledit Forensic Express, Magnet IEF or BlackBag products, just I got no experience with those.
The security code should be in the XRY log file if it was enabled.
Please note that if the device had a complex code we will not be able to decode it.
Please feel free to contact support@msab.com for further information.