Join Us!

iOS 12.4.0 jailbrok...
 
Notifications
Clear all

iOS 12.4.0 jailbroken traces BlackBag  

  RSS
TinyBrain
(@tinybrain)
Active Member

Is it possible to find jailbroken traces of iOS 12.4.0 by a BlackBag tool in an iPhone XR? We not used BlackBag before.

Quote
Posted : 15/02/2019 3:44 am
passcodeunlock
(@passcodeunlock)
Senior Member

If the device is still jailbroken, yes.

If it was reset to factory reset or firmware flashed, then no.

If it was just a sideload jailbrake, it is gone after reboot.

Please reformulate your question, maybe somebody might be able to help you )

ReplyQuote
Posted : 15/02/2019 10:04 am
v.katalov
(@v-katalov)
Junior Member

First, there is no iOS 12.4 version; the latest is 12.1.4 (plus 11.2 beta 1/2).

Second, not sure what do you mean mean by jailbreaking in this context. There are known vulnerabilities for versions up to 12.1.2, plus some (not available to public) exploits for 12.1.3. Right now there are two jailbreaks unc0ver and rootlessJB, but first, they work on versions up to 12.1.2, and second, the do not support iPhone Xr yet.

Finally, as far as I know, BlackBag do not have their own tool for jailbreaking (or even file system acquisition) – they rely on GrayKey extractions. In the meantime, GrayShift do not disclosure what modifications to the file system are being done (in theory, some traces are left, but to find them you will have to jailbreak or GrayKey tool again).

ReplyQuote
Posted : 15/02/2019 11:30 am
TinyBrain
(@tinybrain)
Active Member

ok, got it - my mistake iOS 12.1.4 (16D57), sorry

Its not about jailbreaking its about finding traces that the device was jailbroken. The info about sidechannel is fine. The question came up as we gave a device to Cellebrite Advanced Unlocking Services and wanted to know if they during unlocking had jailbreaking in use.

ReplyQuote
Posted : 15/02/2019 11:35 am
shahartal
(@shahartal)
Junior Member

The term 'jailbreak' is actually fairly non-standard as it can mean different things.
When most people talk about a jailbreak, they talk about a public tool that removes or reduces restrictions placed by iOS. This usually installs software to the device in a detectable way.
Cellebrite uses a forensic process that avoids to any extent possible modification of the file system, and thus should not be recognizeable in post extraction analysis.

ReplyQuote
Posted : 15/02/2019 1:44 pm
passcodeunlock
(@passcodeunlock)
Senior Member

@tinybrain

If it was just a sideload jailbrake, it is gone after reboot.

Whenever you got a CAS related question, the best is to ask Cellebrite, no ?! )

If the purpose of your post was to find out how CAS did the task, the answer is "Good question?!" or even better "Wizardry." )

@shahartal

Thank you for clarifying this, some of our customers asked this question as well before…

ReplyQuote
Posted : 15/02/2019 2:17 pm
TinyBrain
(@tinybrain)
Active Member

Shahar, toda raba

ReplyQuote
Posted : 16/02/2019 10:22 pm
Share: