It’s Hashed, Not Encrypted

September 9th, 2020 by Oleg Afonin

How many times have you seen the phrase: “Your password is securely encrypted”? More often than not, taking it at face value has little sense. Encryption means the data (such as the password) can be decrypted if you have the right key. Most passwords, however, cannot be decrypted since they weren’t encrypted in the first place. Instead, one might be able to recover them by running a lengthy attack. Let’s talk about the differences between encryption and hashing and discuss why some passwords are so much tougher to break.

Read the rest of this entry »

Extracting iPhone File System and Keychain Without an Apple Developer Account

September 3rd, 2020 by Oleg Afonin

Last year, we have developed an innovative way to extract iPhone data without a jailbreak. The method’s numerous advantages were outweighed with a major drawback: an Apple ID enrolled in the paid Apple’s Developer program was required to sign the extraction binary. This is no longer an issue on Mac computers with the improved sideloading technique.

Read the rest of this entry »

Setting Up Restricted Internet Connection for iPhone Extraction

September 3rd, 2020 by Vladimir Katalov

Regular or disposable Apple IDs can now be used to extract data from compatible iOS devices if you have a Mac. The use of a non-developer Apple ID carries certain risks and restrictions. In particular, one must “verify” the extraction agent on the target iPhone, which requires an active Internet connection. Learn how to verify the extraction agent signed with a regular or disposable Apple ID without the risk of receiving an accidental remote lock or remote erase command.

Read the rest of this entry »

Speed > Security – Apple’s Approach To iOS Data Security

August 31st, 2020 by James Duffy

Today I’m going to be discussing my understanding of a few security concepts Apple have implemented in iOS – including how these concepts influence the user experience and the inevitable outcome for your personal data security. This article is focusing specifically on the encryption-state handling mechanisms within iOS (which handle in what situations data stored on your iOS device is stored in an encrypted or decrypted state).

Read the rest of this entry »

Behind the iPhone 5 and 5c Passcode Cracking

August 25th, 2020 by Vladimir Katalov

Smartphones are used for everything from placing calls and taking photos to navigating, tracking health and making payments. Smartphones contain massive amounts of sensitive information which becomes essential evidence. Accessing this evidence can be problematic or expensive, as was clearly demonstrated during the FBI-Apple encryption dispute, which was about the iPhone 5c used by the San Bernardino shooter in December 2015. With modern technological advances, iPhone 5c unlocks are no longer an issue.

Read the rest of this entry »

iPhone 5 and 5c Passcode Unlock with iOS Forensic Toolkit

August 25th, 2020 by Oleg Afonin

We have discovered a way to unlock encrypted iPhones protected with an unknown screen lock passcode. Our method supports two legacy iPhone models, the iPhone 5 and 5c, and requires a Mac to run the attack. Our solution is decidedly software-only; it does not require soldering, disassembling, or buying extra hardware. All you need is iOS Forensic Toolkit (new version), a Mac computer, and a USB-A to Lightning cable. In this guide, we’ll demonstrate how to unlock and image the iPhone 5 and 5c devices.

Read the rest of this entry »

Breaking LUKS Encryption

August 18th, 2020 by Oleg Afonin

LUKS encryption is widely used in various Linux distributions to protect disks and create encrypted containers. Being a platform-independent, open-source specification, LUKS can be viewed as an exemplary implementation of disk encryption. Offering the choice of multiple encryption algorithms, several modes of encryption and several hash functions to choose from, LUKS is one of the tougher disk encryption systems to break. Learn how to deal with LUKS encryption in Windows and how to break in with distributed password attacks.

Read the rest of this entry »

Extracting Passwords from Qihoo 360 Safe Browser and Tor Browser

August 11th, 2020 by Oleg Afonin

Tor Browser is a well-known tool for browsing the Web while renaming anonymous, while Qihoo 360 Safe Browser is one of China’s most popular desktop Web browsers. According to some sources, it might be the second most-popular desktop Web browser in China. Like many other Chromium-based browsers, 360 Safe Browser offers the ability to save and securely store website passwords, but the implementation is unexpectedly different from most other browsers. An update to Elcomsoft Internet Password Breaker enables the extraction of Qihoo 360 Safe Browser and Tor Browser passwords. Does the “360 Safe” moniker stand the trial, and is Tor really anonymous? Read along to find out!

Read the rest of this entry »

iOS Extraction Without a Jailbreak: Full iOS 9 Support, Simplified File System Extraction

August 6th, 2020 by Oleg Afonin

We updated iOS Forensic Toolkit to bring two notable improvements. The first one is the new acquisition option for jailbreak-free extractions. The new extraction mode helps experts save time and disk space by pulling only the content of the user partition while leaving the static system partition behind. The second update expands jailbreak-free extraction all the way back to iOS 9, now supporting all 64-bit devices running all builds of iOS 9.

Read the rest of this entry »

Extracting and Decrypting iOS Keychain: Physical, Logical and Cloud Options Explored

August 5th, 2020 by Oleg Afonin

The keychain is one of the hallmarks of the Apple ecosystem. Containing a plethora of sensitive information, the keychain is one of the best guarded parts of the walled garden. At the same time, the keychain is relatively underexplored by the forensic community. The common knowledge has it that the keychain contains the users’ logins and passwords, and possibly some payment card information. The common knowledge is missing the point: the keychain contains literally thousands of records belonging to various apps and the system that are required to access lots of other sensitive information. Let’s talk about the keychain, its content and its protection, and the methods used to extract, decrypt and analyze the various bits and pieces.

Read the rest of this entry »