Join Us!

iphone password bac...
 
Notifications
Clear all

iphone password backup  

  RSS
giandega
(@giandega)
Active Member

I am analyzing an iPhone. I use mobile edit forensic express 5.
Unluckly the iPhone backup is password protected. I tried a four digit pin attack with no result.
Other attack are too long.
Is there something to bypass the password?
Thnks best regards

Quote
Posted : 22/01/2018 9:03 am
JDCoulthard
(@jdcoulthard)
Member

If the device is running iOS11, and you have the device, it is possible to reset the backup password using the following process

If you can’t remember the password for your encrypted backup

You can’t restore an encrypted backup without its password. With iOS 11 or later, you can make a new encrypted backup of your device by resetting the password. Here’s what to do

1. On your iOS device, go to Settings > General > Reset.
2. Tap Reset All Settings and enter your iOS passcode.
3. Follow the steps to reset your settings. This won't affect your user data or passwords, but it will reset settings like display brightness, Home screen layout, and wallpaper. It also removes your encrypted backup password.

4. Connect your device to iTunes again and create a new encrypted backup.

You won't be able to use previous encrypted backups, but you can back up your current data using iTunes and setting a new backup password.

Click Here for more details.

HTH

JC

ReplyQuote
Posted : 22/01/2018 10:19 am
OxygenForensics
(@oxygenforensics)
Active Member

You can try Oxygen Forensic Detective software. It has the built-in Passware module that helps to find passwords to encrypted backups using the latest algorithms and technologies including distributed processing and GPU acceleration. You can choose any of the available attacks, like brute-force, dictionary, Xieve, etc.

ReplyQuote
Posted : 24/01/2018 8:32 am
giandega
(@giandega)
Active Member

If the device is running iOS11, and you have the device, it is possible to reset the backup password using the following process

If you can’t remember the password for your encrypted backup

You can’t restore an encrypted backup without its password. With iOS 11 or later, you can make a new encrypted backup of your device by resetting the password. Here’s what to do

1. On your iOS device, go to Settings > General > Reset.
2. Tap Reset All Settings and enter your iOS passcode.
3. Follow the steps to reset your settings. This won't affect your user data or passwords, but it will reset settings like display brightness, Home screen layout, and wallpaper. It also removes your encrypted backup password.

4. Connect your device to iTunes again and create a new encrypted backup.

You won't be able to use previous encrypted backups, but you can back up your current data using iTunes and setting a new backup password.

Click Here for more details.

HTH

JC

I tried this. But It asks me the old password. I don't have it.
thanks

ReplyQuote
Posted : 16/02/2018 9:10 am
mcman
(@mcman)
Active Member

JC's instructions are great but as mentioned that reset only works on new backups not the previous one you have so any new backup you create will work but it won't work on the old one.

Jamie

ReplyQuote
Posted : 16/02/2018 2:18 pm
Northwind
(@northwind)
Junior Member

Try 1234. if the user does not define a password, 1234 is defined as the automatic password.

ReplyQuote
Posted : 05/04/2018 12:38 pm
randomaccess
(@randomaccess)
Active Member

JC's instructions are great but as mentioned that reset only works on new backups not the previous one you have so any new backup you create will work but it won't work on the old one.

Jamie

if you still have the device you can update it to ios11 and follow the same instructions

ReplyQuote
Posted : 05/04/2018 1:43 pm
Bolo
 Bolo
(@bolo)
Member

Password can be digit but also letters - BF attack can be time consuming if you will work only on one machine. If you don't have any hints and you want access those backup check iOS version - there was a bug in 10.x which allow very fast attack. If you still got a problem you can drop me PM - we can try to check how much time it can take on our GPUs PCs by distribute attack

ReplyQuote
Posted : 05/04/2018 6:05 pm
passcodeunlock
(@passcodeunlock)
Senior Member

Bruteforcing the backup is a matter of GPU power + pure luck at this point.

What about iCloud ? I'd start digging there…

ReplyQuote
Posted : 05/04/2018 8:48 pm
forensicgeek
(@forensicgeek)
New Member

Hello All,

I have recently removed the iPhone backup encryption from iOS 10.3.3 and 11.1.2 and 11.4 by using the reset settings option.

I am wondering if resetting the user settings is a common way analysts remove the encryption or is bypassing the code using Elcomsoft or Passware the preferred method for a forensic perspective?

If so does anyone know what changes are made?

I have noted that all security features are removed (PIN, Encrpytion and Biometrics) as well as any preset user background images.

Any input will be greatly appreciated.

Kind Regards.

ReplyQuote
Posted : 25/07/2018 3:55 pm
HankM
(@hankm)
New Member

Hi guys,

I'm curious too to know if some data are lost by this operation of resetting.

Thanks a lot for your reply

ReplyQuote
Posted : 26/07/2018 1:40 pm
Share: