Our unit has received an iPhone for examination which is in pretty bad shape. Its an IPhone3G, with a huge crack down the screen. The phone will boot up, and the screen responds to touch input, however the 'home' button does not seem to be working. The iPhone is passcode protected so the standard phone examination tools that we use (Cellebrite) will not touch it.
I have used Zadairski's tools in the past to recover an image of a passcode protected iPhone, but the recovery tools require the IPhone to be in DFU mode, which I cannot put the phone into due to the broken home button.
I have found software (recboot) which puts the iPhone into 'Recovery Mode', which allows me to run the 'irecovery -s' command, and from this I know the phone is running IOs 4.1 (iBoot 931.18.27). I did try to run Zadairski's recovery tools, for both mac and Linux, with the phone in recovery mode but had no joy.
The reason for this post is to ask if anyone knows of any software tools or low level command suites which will allow me to force the iPhone3G into DFU mode? Numerous Google searches have not yielded much useful information, although I did find a tool which claims to do it at
The requesting officer has offered to get the iPhone repaired, however I was hoping to leave that to a last resort.
Any help will be much appreciated
As far as I am aware there are no software solutions to put a device into DFU mode.
Taking an iPhone apart is actually pretty painless. For an intricate product it comes apart and goes back together without too much need for swearing !
There is a link to buy a new home button flex cable - £2.75
http//
Follow this link to for disassembly of the iPhone 3G
http//
I may be naive, or even out of date, but I don't think Jonathan Zdziarski's software will allow the forensic acquisition of any firmware past 3.1.3 anyway so getting into DFU mode is unlikely to help with this particular method. AFAIK we're still waiting for a way to get into any devices with IOS 4+.
If this is accurate then getting the phone repaired will accomplish nothing.
Not the news you were hoping for, but at least you know where you stand with it.
DFICSI,
It is worth checking iPhoneinsecurity.com as there are scripts availible to recover the file system from an iOS4+ device. Sadly not a full disk image at this stage but you are atleast getting the full live file system.
Thanks for that.
Doug, scratch that. Full time LE or Military only. Not even forensic contractors allowed.
WHY?
The tools are free to LE but can be used 'at cost' in the private sector.
If you are interested in using the tools then it cannot hurt to drop him an e-mail to see if he will sell the tools to you.
I agree, it's not ideal. I get frustrated with LE only parts at conferences along with different pricing structures for LE vs private when it comes to training.
Thanks for the responses guys
I have taken an iphone apart before (my old one), as I remember it was quite painless, just a case of removing the two screws at the bottom and prising out the glass, however as this is an evidential device I am very nervous about doing that myself, especially with those flimsy ribbon cables inside.
I have the latest Zdairski tools as I am LE. He has a new recovery module for iOS 4.0 and 4.1 which can be used in Ubuntu 10.04. I have tried this module on my own iPhone3G with some success … it has issues with what version of itunes you are running, requires you to load the boot kernel and recovery module on itunes9.1 then downgrade to 8.1 before you run 'recover.sh', and regularly hangs or fails before a full image is taken. His latest scripts for mac will support 4.0 - 4.2 but only in iphone 3Gs and 4
To save me the heartache I may request the phone sent for repair, or if they are happy for me to have a pop at it I will try myself … if I can get the phone in DFU mode then that at least gives me a chance to run Zdairski's tools.
Hi Dave
We have a solution using chipoff to get the RAW data if that helps. Let me know if you want to go to that level to get your evidence.
Bob
cop.geek@gmail.com
