Editor’s Note: Related to mobile forensics, a big problem is how to crack the screen lock, especially crack the iPhone’s screen lock password, Currently, CheckRa1n, a jailbreaking tool based on the checkm8 vulnerability, has successfully jailbroken most iPhones on the market, but how to jailbreak on dealing with different devices, whether to crack the screen lock password, how to proceed smartphone forensics, and what’s the results of forensics, now please follow the forensic experts from SalvationDATA to check everything sharing on this article.

iOS-DFU-and-Recovery-Modes_iPhoneX_1200x630

Checkra1n Jailbreak Tool

The Checkra1n jailbreak tool is a free auxiliary tool for jailbreaking iOS devices using the checkm8 vulnerability, the Checkra1n jailbreak tool currently supports iOS12.3 and later versions of iPhone5s to iPhone X, Checkra1n jailbreak is not a perfect jailbreak, the device needs to be jailbroken again after reboot, even if the iPhone is locked and the unlock password is not known, it can still be successfully jailbroken using the Checkra1n jailbreak tool.

DFU Mode

The full name of DFU is Device Firmware Upgrade, namely the iPhone firmware’s forced upgrade and downgrade mode. What it really means is the iPhone firmware’s forced upgrade and downgrade mode. In this mode, the iPhone does not load the operating system or the boot loader. The iPhone must be in DFU mode to activate the checkm8 jailbreak attack.

GUI Jailbreak

1, Download and install Checkra1n,

2, Start Checkra1n,

3, iPhone boot, and connect the computer with USB connection cable.

4, Click the “Start” button,

图片1

5, Click “Start” button, the phone will automatically enter the “Recovery Mode”, at this point, Checkra1n will have instructions to enter DFU mode (instructions vary from model to model).

图片2

6, Follow the Checkra1n prompt to put the phone into DFU mode. Once successfully entered DFU mode, Checkra1n will automatically jailbreak the phone; if it fails, redo the operation until the jailbreak is successful.

图片3

图片4

Command Jailbreak

1, Download and install Checkra1n,

2, iPhone boot, and connect the computer with a USB connection cable.

3, Open “Terminal”, executive command “cd /Applications/checkra1n.app/Contents/”.

4, executive command “MacOS/./checkra1n”.

图片5

5, Manually put the phone into DFU mode.

6, Once successfully entered DFU mode, Checkra1n will automatically jailbreak the phone.

图片6

iPhone Forensics

iphone_dataExtraction_1200x630

Once successfully jailbroken using the Checkra1n jailbreak tool, the iPhone will use port 44 to enable the SSH service (password: alpine), which users can use to access the iPhone’s file system and retrieve files.

Install iproxy

In order to use SSH to access the iPhone’s mobile system, you need to use a iproxy to do the port mapping. In general, there is no iproxy command on the MAC.

1, Install brew

Use the browser to access https://brew.sh/index_zh-cn.html, copy the installation command after the terminal command to successfully install brew.

2, Install usbmuxd

Execute the command “brew install usbmuxd” in the terminal. After a successful installation, you can use iproxy normally.

Use SSH to access the file system

1. Open a terminal and execute the command “sudo iproxy 2020 44”.

图片7

2. Open another terminal and execute the command “SSH root@localhost-p 2020”;

图片8

Input “yes” and click “Enter”.

图片9

Input password “alpine” and click “Enter”.

图片10

3, If you want to get all the phone files, open another terminal and execute the command “scp-p 2020-r root@localhost:/ ~/iphonetemp/”;

After the execution, you can view the obtained phone files in iphonetemp.

4, If an error occurs in executing the SSH command and the “host key verification failed” message is prompted.

This error is typically encountered when operating multiple iPhones on the same computer.

Execute the following two commands to remove the host cache before continuing.

cd ~/.ssh

rm known_hosts

Conclusion

For mobile forensics, how to crack the screen lock password is a big problem, especially crack the iPhone’s screen lock password. Using Checkra1n can already successful jailbreak, the vast majority of the iPhone on the market, but managed to jailbreak after cannot crack the screen lock, and because the problem is only BFU mode can obtain the tiny fraction of available documents, for the most important in a mobile phone forensics data (such as contacts, messages, telephone records, QQ, WeChat, etc.) are unavailable.

BFU-Extraction-Forensic-Analysis-of-Locked-and-Disabled-iPhones

Thanks for your reading, if you are interested in our forensic solutions, come and check out our website for more information. You can also go to our resource page to download our forensic products for free. We welcome you to contact us and claim your free product trial!