Posts Tagged ‘passcode’

DFU Mode Cheat Sheet

January 14th, 2021 by Oleg Afonin

The Device Firmware Upgrade mode, or simply DFU, just got a second breath. The ability to image the file system, decrypt the keychain and even do passcode unlocks on some older iPhone models has been made possible thanks to the checkm8 exploit and the checkra1n jailbreak, both of which require switching the phone into DFU. The procedure is undocumented, and the steps are different for the various devices.

From time to time, we stumble upon a weird issue that interferes with the ability to install a jailbreak. One of such problems appearing literally out of the blue is the issue of being unable to remove the screen lock password on some iPhone devices. What could be the reason and how to work around the issue? Read along to find out!

How secure are your chats in your favorite instant messenger? Can someone intercept and read your secret conversations, and can you do something about it? Apple users have access to the highly popular instant messaging system, the iMessage. But how secure it really is? Let’s find out.

Everyone’s iPhones contain overwhelming amounts of highly sensitive personal information. Even if some of that data is not stored on the device, the iPhone itself or the data inside can work as a key to other many things from bank accounts to private family life. While there are many possible vectors of attack, the attacker will always try exploiting the weakest link. Learn to think like one, find the weakest link and eliminate the potential vulnerabilities before they are exploited. This guide comes from the forensic guys making tools for the law enforcement, helping the good guys break into the bad guys’ iPhones.

Smartphones are used for everything from placing calls and taking photos to navigating, tracking health and making payments. Smartphones contain massive amounts of sensitive information which becomes essential evidence. Accessing this evidence can be problematic or expensive, as was clearly demonstrated during the FBI-Apple encryption dispute, which was about the iPhone 5c used by the San Bernardino shooter in December 2015. With modern technological advances, iPhone 5c unlocks are no longer an issue.

We have discovered a way to unlock encrypted iPhones protected with an unknown screen lock passcode. Our method supports two legacy iPhone models, the iPhone 5 and 5c, and requires a Mac to run the attack. Our solution is decidedly software-only; it does not require soldering, disassembling, or buying extra hardware. All you need is iOS Forensic Toolkit (new version), a Mac computer, and a USB-A to Lightning cable. In this guide, we’ll demonstrate how to unlock and image the iPhone 5 and 5c devices.

Passwords are probably the oldest authentication method. Despite their age, passwords remain the most popular authentication method in today’s digital age. Compared to other authentication mechanisms, they have many tangible benefits. They can be as complex or as easy to remember as needed; they can be easy to use and secure at the same time (if used properly).

What can and what cannot be done with an iOS device using Touch ID/Face ID authentication as opposed to knowing the passcode? The differences are huge. For the sake of simplicity, we’ll only cover iOS 12 and 13. If you just want a quick summary, scroll down to the end of the article for a table.

iPhone protection becomes tougher with each iteration. The passcode is extremely hard to break, and it’s just the first layer of defense. Even if the device is unlocked or if you know the passcode, it is not that easy and sometimes impossible to access all the data stored on the device. This includes, for example, conversations in Signal, one of the most secure messengers. Apple did a very good job as a privacy and security advocate.

We loved what Apple used to do about security. During the past years, the company managed to build a complete, multi-layer system to secure its hardware and software ecosystem and protect its customers against common threats. Granted, the system was not without its flaws (most notably, the obligatory use of a trusted phone number – think SS7 vulnerability – for the purpose of two-factor authentication), but overall it was still the most secure mobile ecosystem on the market.