Posts Tagged ‘Apple TV’

Are you excited about the new checkm8 exploit? If you haven’t heard of this major development in the world of iOS jailbreaks, I would recommend to read the Technical analysis of the checkm8 exploit aricle, as well as Developer of Checkm8 explains why iDevice jailbreak exploit is a game changer. The good news is that a jailbreak based on this exploit is already available, look at the checkra1n web site.

The jailbreak based on checkm8 supports iPhone devices based on Apple’s 64-bit platform ranging from the iPhone 5s all the way up to the iPhone 8 and iPhone X. Unlike previous jailbreaks, this one supports most iOS versions, up to and including iOS 13.2.2 at the time of  this writing. Support for future versions of iOS is also possible due to the nature of this exploit. Most iPads are also supported. Currently, there is no support for the Apple Watch, though theoretically it is possible for Series 1, 2 and 3. The Apple TV series 4 and 4K are supported by the exploit, and a jailbreak for series 4 is already available.

What does that mean for the forensic crowd? Most importantly, the jailbreak can be installed even on locked devices, as it works through DFU mode. That does not mean that you will be able to break the passcode. While you can extract some data from a locked device / unknown passcode, it won’t be much. From the other side, the jailbreak allows to dump the complete image of the file system if the passcode is known. This works for all devices from the iPhone 5s to X, many iPads, and Apple TV 4.

In this article, we will briefly describe how to install the jailbreak on Apple TV and what you can expect out of it.

(more…)

This post continues the series of articles about Apple companion devices. If you haven’t seen them, you may want to read Apple TV and Apple Watch Forensics 01: Acquisition first. If you are into Apple Watch forensics, have a look at Apple Watch Forensics 02: Analysis as well. Today we’ll have a look at what’s inside of the Apple TV.

A recent market analysis shows that Apple has sold more than 13 million Apple TV devices worldwide since 2016. Since 2007, Apple manufactured 6 different Apple TV models. Like any other Apple device, the model can be easily identified by checking the label on the bottom of the device.

 

The first-generation Apple TV (model A1218) contains a regular hard drive that can be extracted and imaged with a traditional approach. The operating system is a modified version of Mac OS X 10.4 (Tiger). A detailed explanation on how to approach this kind of devices was introduced at DEFCON 2009 by Kevin Estis and Randy Robbins (the presentation is available here while the video is available here).

The Apple TV from second (model A1378) to fourth (A1625) generations have an internal NAND storage varying from 8 GB (A1378 – A1427 – A1469) to 32 or 64 GB (A1625). These models also feature a USB port connection (micro USB or USB-C). The availability of a USB port allows connecting the device to a PC/Mac. Forensic experts can use the port for data extraction. Apple removed USB connectivity in the latest, fifth generation Apple TV (Apple TV 4K, model A1842), making it more difficult to connect and extract data.

(more…)

While the iPhone is Apple’s bread and butter product, is not the only device produced by the company. We’ve got the Mac (in desktop and laptop variations), the complete range of tablets (the iPad line, which is arguably the best tablet range on the market), the music device (HomePod), the wearable (Apple Watch), and the Apple TV. In today’s article, we are going to cover data extraction from Apple TV and Apple Watch. They do contain tons of valuable data, and are often the only source of evidence.

(more…)