SlideShare a Scribd company logo

iOS and BlackBerry Forensics

A
Andrey Belenko

This document discusses iOS and BlackBerry forensics. For iOS forensics, it covers acquisition options such as logical backups, direct file access, and physical acquisition. It explains passcode security prior to iOS 4, and data protection features introduced in iOS 4 and 5. For BlackBerry forensics, it outlines acquisition options and discusses device passwords and file encryption. Useful forensic tools are also listed for examining iOS and BlackBerry devices and data.

Technology
1 of 47
Downloaded 186 times
1
2
Most read
3
4
5
Most read
6
7
8
9
10
11
12
Most read
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
iOS and BlackBerry Forensics Andrey Belenko Elcomsoft Co. Ltd. 1
Agenda • Basics • iOS Forensics – iOS Security before iOS 4 – iOS 4 Data Protection – iOS 5 Data Protection Changes • BlackBerry Forensics • Summary 2
Forensics 101 Acquisition ➜ Analysis ➜ Reporting GOALS: 1.  Assuming  physical  access  to  the  device  extract  as  much   informa>on  as  prac>cal 2.  Leave  as  li@le  traces/ar>facts  as  prac>cal 3
4
iOS: Why Even Bother? • Almost 5 years on the market • 250+ million iOS devices sold worldwide • 6 iPhones, 4 iPods, 2 iPads • “Smart devices” – they do carry a lot of sensitive data • Corporate deployments are increasing There was, is, and will be a real need in iPhone Forensics 5
iPhone Forensics 101 • Acquisition –Need to get data off the device • Passcode –Prevents unauthorized access to the device –Bypassing passcode is usually enough • Keychain –Central storage for sensitive data (passwords, keys) –Encrypted • Storage (disk) encryption 6
iPhone Forensics 101 • Acquisition –Need to get data off the device • Passcode –Prevents unauthorized access to the device –Bypassing passcode is usually enough • Keychain –Central storage for sensitive data (passwords, keys) –Encrypted • Storage (disk) encryption 7
Acquisition Options • Logical: iPhone Backup –Device must be unlocked –Device may produce encrypted backup –Limited amount of information • Read files directly (AFP) –Device must be unlocked –Limited access (non-jailbroken devices) • Physical: filesystem acquisition –Boot-time exploit to run unsigned code –Device lock state isn’t relevant –Can get all information from the device 8
What is Jailbreak? • Jailbreak – circumventing iOS security in order to run custom code • Boot-level or application-level • Tethered or untethered 9
Types of Jailbreaks • App-level JB gets kernel code execution by exploiting apps –e.g. JailbreakMe –Can be fixed by new firmware • Boot-level JB breaks loads custom kernel by breaking chain of trust –e.g. limera1n –Can’t be fixed if exploits vulnerability in BootROM 10
Jailbreak and Forensics • Tethered JB –Host connection is required to boot into JB state –Exploit(s) are sent by the host –May leave minimal traces on the device • Untethered JB –Device is modified so that it can boot in jailbroken state by itself –Leaves permanent traces 11
Acquisition Options • Logical: iPhone Backup –Device must be unlocked –Device may produce encrypted backup –Limited amount of information • Read files directly (AFP) –Device must be unlocked –Limited access (non-jailbroken devices) • Physical: filesystem acquisition –Boot-time exploit to run unsigned code –Device lock state isn’t relevant –Can get all information from the device 12
Acquisition Options • Logical: iPhone Backup –Device must be unlocked –Device may produce encrypted backup –Limited amount of information • Read files directly (AFP) –Device must be unlocked –Limited access (non-jailbroken devices) • Physical: filesystem acquisition –Boot-time exploit to run unsigned code –Device lock state isn’t relevant –Can get all information from the device 13
Unlocking the Device • Passcode • iTunes pairing –if iTunes have seen the device before, it can unlock it –iOS 4: always –iOS 5: if passcode has been entered on device after power-on –don’t switch off iOS 5 device after seizure (if there is a chance that you’ll have PC/Mac it is paired with) 14
iPhone Forensics 101 • Acquisition –Need to get data off the device • Passcode –Prevents unauthorized access to the device –Bypassing passcode is usually enough • Keychain –Central storage for sensitive data (passwords, keys) –Encrypted • Storage (disk) encryption 15
iOS < 4.0 Passcode • Lockscreen (i.e. UI) is the only protection • Passcode is stored in the keychain –Passcode itself, not its hash • Can be recovered or removed instantly –Remove record from the keychain –And/or remove setting telling UI to ask for the passcode 16
iOS 4/5 Passcode • Passcode is used to compute encryption key –Computation tied to hardware key –Same passcode will yield different passcode keys on different devices! • Passcode key is required to unlock some of the content protection keys –most files don’t require a passcode for decryption –most keychain items do require a passcode for decryption 17
iOS 4/5 Passcode • Passcode-to-Key transformation is slow • Offline bruteforce currently is not possible –Requires extracting hardware key • On-device bruteforce is slow –2 p/s on iPhone 3G, 7 p/s on iPad • We have hint on password complexity 18
iOS 4/5 Passcode • 0 – digits only, length = 4 (simple passcode) 19
iOS 4/5 Passcode • 0 – digits only, length = 4 (simple passcode) • 1 – digits only, length != 4 20
iOS 4/5 Passcode • 0 – digits only, length = 4 (simple passcode) • 1 – digits only, length != 4 • 2 – contains non-digits, any length 21
iOS 4/5 Passcode • 0 – digits only, length = 4 (simple passcode) • 1 – digits only, length != 4 • 2 – contains non-digits, any length Can at least identify weak passcodes 22
iPhone Forensics 101 • Acquisition –Need to get data off the device • Passcode –Prevents unauthorized access to the device –Bypassing passcode is usually enough • Keychain –Central storage for sensitive data (passwords, keys) –Encrypted • Storage (disk) encryption 23
iOS < 4.0 Keychain • SQLite3 DB, only passwords are encrypted • All items are encrypted with the device key and random IV • Key can be extracted (computed) for offline use • All past and future keychain items from the device can be decrypted using that key Encrypted  with  Key  0x835 IV Data SHA-­‐1  (Data) 0 16 24
iOS 4 Keychain • SQLite3 DB, only passwords are encrypted • Random key for each item, AES-CBC • Item key is protected with corresponding protection class master key • Some keychain items are included in the iTunes backup • In encrypted iTunes backup keychain items are encrypted using backup password 0 Class Wrapped  Item  Key Encrypted  Item 0 4 8 48 25
iOS 5 Keychain • Based on iOS 4 encryption • All attributes are now encrypted (not only password) • AES-GCM is used instead of AES-CBC • Enables integrity verification 2 Class Wrapped  Key  Length Wrapped  Key Encrypted  Data  (+Integrity  Tag) 0 4 8 12 26
iPhone Forensics 101 • Acquisition –Need to get data off the device • Passcode –Prevents unauthorized access to the device –Bypassing passcode is usually enough • Keychain –Central storage for sensitive data (passwords, keys) –Encrypted • Storage (disk) encryption 27
iOS < 4.0 Disk Encryption • No encryption 28
iOS 4 Disk Encryption • Only User partition is encrypted • Available protection classes: – NSProtectionNone (can decrypt without passcode) – NSProtectionComplete (can’t decrypt without passcode) • Filesystem metadata encrypted transparently • Files are encrypted using per-file random key –Reliable recovery of deleted files is not currently possible 29
iOS 5 Disk Encryption • New partition scheme – “LwVM” – Lightweight Volume Manager • Any partition can be encrypted • New protection classes – NSFileProtectionCompleteUntilFirstUserAuthentication – NSFileProtectionCompleteUnlessOpen • IV for file encryption is computed differently 30
iOS Forensics • Acquiring disk image is not enough for iOS 4+ – Content protection keys must also be extracted from the device during acquisition • Passcode or escrow keybag is needed for a complete set of content protection keys • In real world it might be a good idea to extract source data and compute protection keys offline 31
iOS Forensics Must be done on the device Passcode Required to decrypt files/keychain Sufficient for offline key reconstruction UID Key KDF FS Key Decrypt Key 89B Key 835 Passcode Key Effaceable Storage ‘EMF!’ / ‘LwVM’ System Keybag (locked) ‘Dkey’ Class A Key (#1) ‘BAG1’ Unlock Class B Key (#2) Class C Key (#3) Class D Key (#4) Class Key #5 systembag.kb Decrypt System Keybag … (unlocked) Class Key #11 32
Useful Tools • Logical: iPhone Backup –iTunes (acquire) –Oxygen Forensics Suite, iBackupBot (view) –Elcomsoft Phone Password Breaker (recover password, view backup keychain, decrypt backup) • Read files directly (AFP) –iExplorer • Physical: filesystem acquisition –Elcomsoft iOS Forensic Toolkit, AccessData MPE+, Cellebrite UFED, XRY, etc –iphone-dataprotection (at Google Code) 33
iOS Forensic Toolkit iPhone 3GS iPhone iPhone 3G iPhone 4 iPhone 4S iPod Touch 3 iPod Touch 1 iPod Touch 2 iPod Touch 4 iPad 2 iPad 1 iOS version 3.1.3 4.2.1 3.1.3 5.1.1 5.1.1 5.0, 5.01 (JB) Physical + + + + + acquisition Passcode instant + instant + + recovery Keychain + + + + + decryption Disk decryption not encrypted + + 34
Conclusions • iPhone physical analysis is possible • Physical acquisition requires boot-time exploit • Passcode is usually not a problem – Due to technology before iOS 4 – Due to human factor with iOS 4/5 • Both proprietary and open-source tools for iOS 4/5 acquisition are available 35
iCloud Backups • It is now possible to download iOS backups from the iCloud • Backups in iCloud are NOT encrypted –Even if backup encryption is ON • Apple ID and password are required – Can be found on PC/Mac/iOS devices 36
37
BlackBerry Forensics 101 • Acquisition –Need to get data off the device • Device password –Prevents unauthorized access to the device • File encryption –i.e. *.rem files on SD Card 38
Acquisition Options • Logical: BlackBerry backup –Must know device password –Backup encryption is NOT enforced –Limited amount of information • Physical –Must know device password –Can get all information from the device • Chip-off –Don’t need device password –Destructive process 39
Acquisition Options • Logical: BlackBerry backup –Must know device password –Backup encryption is NOT enforced –Limited amount of information • Physical –Must know device password –Can get all information from the device • Chip-off –Don’t need device password –Destructive process 40
Device Password • No reliable ways to recover • Can be recovered in one special case: –Files on SD card are encrypted –Encryption is set to “Security password” or “Device password” • Can be recovered for “Device password & Device Key” if device dump is available 41
BlackBerry Forensics 101 • Acquisition –Need to get data off the device • Device password –Prevents unauthorized access to the device • File encryption –i.e. *.rem files on SD Card 42
File Encryption • Encryption options: –Device Key –Device Password –Device Password & Device Key • Device Key is per-card and stored in NVRAM • Some files are encrypted using different key (?) –E.g. WhatsApp database on SD card –Not clear why, maybe an implementation of PersistentStore 43
File Decryption • Files can be decrypted provided –Device dump (for Device Key option) –Device password (for Device Password option) –Both (for Device Password & Device Key option) • ‘PersistentStore’ files (e.g. WhatsApp database) can be decrypted provided device dump –Tool for this is available free of charge for law enforcement 44
Useful Tools • Logical: BlackBerry backup –BlackBerry Desktop Manager (acquire) –Elcomsoft BlackBerry Backup Explorer (view) –Elcomsoft Phone Password Breaker (recover backup password, decrypt backup; recover BlackBerry PasswordKeeper and Wallet passwords) • Physical –Cellebrite • Other –Elcomsoft Phone Password Breaker (recover device password, decrypt SD card files) 45
Thank You! a.belenko@elcomsoft.com http://ru.linkedin.com/in/belenko @andreybelenko 46
iOS and BlackBerry Forensics Andrey Belenko Elcomsoft Co. Ltd. 47

More Related Content

PPTX
Case of JonBenet Ramsey
Velika D'Souza
 
PPT
Introduction to computer forensic
Online
 
PPT
Collecting and preserving digital evidence
Online
 
PPTX
Physical Examination Of Tyre Marks
Applied Forensic Research Sciences
 
PPTX
Computer forensics toolkit
Milap Oza
 
PPTX
Cybercrime And Cyber forensics
sunanditaAnand
 
PPTX
Mobile Forensics and Cybersecurity
Eric Vanderburg
 
PDF
Customer information security awareness training
AbdalrhmanTHassan
 
Case of JonBenet Ramsey
Velika D'Souza
 
Introduction to computer forensic
Online
 
Collecting and preserving digital evidence
Online
 
Physical Examination Of Tyre Marks
Applied Forensic Research Sciences
 
Computer forensics toolkit
Milap Oza
 
Cybercrime And Cyber forensics
sunanditaAnand
 
Mobile Forensics and Cybersecurity
Eric Vanderburg
 
Customer information security awareness training
AbdalrhmanTHassan
 

What's hot (20)

PPT
Preserving and recovering digital evidence
Online
 
PPTX
Digital Evidence by Raghu Khimani
Dr Raghu Khimani
 
PPT
Murder Case Studies - Investigation Insights
afentisforensics
 
PPTX
Lifting fingerprint from dead body.pptx
ShakeelAhmad581774
 
PPT
Automated Fingerprint Identification Systems
Rmcauley
 
PPT
stature.ppt
alaguprakash2
 
PPTX
Alternative light sources of fingerprint development Part 1.pptx
Applied Forensic Research Sciences
 
PPTX
Computer forensic ppt
Priya Manik
 
PPS
Whats A Hash
American Document Management
 
PPTX
Reconnaissance and Social Engineering
Varunjeet Singh Rekhi
 
PPTX
POROSCOPY AND EDGEOSCOPY
Applied Forensic Research Sciences
 
PPTX
Cyber crime and Security
Vivek Gupta
 
PPTX
Automated Fingerprint Identification System (AFIS)
Alok Yadav
 
PPT
Electronic evidence
Talwant Singh
 
PDF
Confirmatory Test for Semen identification
Parth Chuahan
 
PPT
Ted Bundy
Dani Cathro
 
PPTX
Computer forensics powerpoint presentation
Somya Johri
 
PPTX
Types of Crime Scenes
Don Caeiro
 
PPT
Electornic evidence collection
Fakrul Alam
 
PPTX
Forensic imaging
DINESH KAMBLE
 
Preserving and recovering digital evidence
Online
 
Digital Evidence by Raghu Khimani
Dr Raghu Khimani
 
Murder Case Studies - Investigation Insights
afentisforensics
 
Lifting fingerprint from dead body.pptx
ShakeelAhmad581774
 
Automated Fingerprint Identification Systems
Rmcauley
 
stature.ppt
alaguprakash2
 
Alternative light sources of fingerprint development Part 1.pptx
Applied Forensic Research Sciences
 
Computer forensic ppt
Priya Manik
 
Whats A Hash
American Document Management
 
Reconnaissance and Social Engineering
Varunjeet Singh Rekhi
 
POROSCOPY AND EDGEOSCOPY
Applied Forensic Research Sciences
 
Cyber crime and Security
Vivek Gupta
 
Automated Fingerprint Identification System (AFIS)
Alok Yadav
 
Electronic evidence
Talwant Singh
 
Confirmatory Test for Semen identification
Parth Chuahan
 
Ted Bundy
Dani Cathro
 
Computer forensics powerpoint presentation
Somya Johri
 
Types of Crime Scenes
Don Caeiro
 
Electornic evidence collection
Fakrul Alam
 
Forensic imaging
DINESH KAMBLE
 
Ad

Viewers also liked (14)

PDF
Iphone 5c schematics
Anatol Alizar
 
DOCX
Samsung Mobile Phone Codes
Lenny Henningham
 
PPT
Mobile Phone Memory Card Recovery
mobilecardrecovery
 
PPTX
iOS Forensics
Tjylen Veselyj
 
PDF
Password Recovery Tools
Andrey Belenko
 
RTF
All nokia master codes
Muhammad Sadiq
 
PDF
Secret Codes
Manzer Masood
 
PPTX
Ios forensics
Kamal Patel
 
PDF
File system in iOS
Purvik Rana
 
PPTX
iOS-Application-Security-iAmPr3m
Prem Kumar (OSCP)
 
DOCX
Password hacking
Abhay pal
 
PDF
Hacking iOS: iPhone & iPad (2º Edición) [Índice]
Chema Alonso
 
PDF
Índice del libro "Infraestructuras Críticas y Sistemas Industriales: Auditor...
Chema Alonso
 
PDF
Digital Crime & Forensics - Presentation
prashant3535
 
Iphone 5c schematics
Anatol Alizar
 
Samsung Mobile Phone Codes
Lenny Henningham
 
Mobile Phone Memory Card Recovery
mobilecardrecovery
 
iOS Forensics
Tjylen Veselyj
 
Password Recovery Tools
Andrey Belenko
 
All nokia master codes
Muhammad Sadiq
 
Secret Codes
Manzer Masood
 
Ios forensics
Kamal Patel
 
File system in iOS
Purvik Rana
 
iOS-Application-Security-iAmPr3m
Prem Kumar (OSCP)
 
Password hacking
Abhay pal
 
Hacking iOS: iPhone & iPad (2º Edición) [Índice]
Chema Alonso
 
Índice del libro "Infraestructuras Críticas y Sistemas Industriales: Auditor...
Chema Alonso
 
Digital Crime & Forensics - Presentation
prashant3535
 
Ad

Similar to iOS and BlackBerry Forensics (20)

PDF
Belenko, sklyarov dark and bright sides of i cloud (in)security
DefconRussia
 
PDF
iOS Forensics: Overcoming iPhone Data Protection
Andrey Belenko
 
PDF
iPhone Data Protection in Depth
Seguridad Apple
 
PDF
iOS Forensics: where are we now and what are we missing?
Reality Net System Solutions
 
PDF
Hacking and Securing iOS Applications
n|u - The Open Security Community
 
PPTX
Hacking and Securing iOS Applications by Satish Bomisstty
ClubHack
 
ODP
Synapse india iphone apps presentation oncracking and analyzing apple icloud
SynapseIndiaiPhoneApps
 
PDF
iOS secure app development
Dusan Klinec
 
PDF
Attacking and Defending Apple iOS Devices
Tom Eston
 
PDF
iOS Application Penetation Test
JongWon Kim
 
PPTX
Hacking and securing ios applications
Satish b
 
PPTX
iPhone and iPad Security
Simon Guest
 
PDF
ASFWS 2011 - Secure software development for mobile devices
Cyber Security Alliance
 
PDF
IOS Encryption Systems
Peter Teufl
 
PDF
CNIT 128 2. Analyzing iOS Applications (Part 2)
Sam Bowne
 
PDF
NWSLTR_Volume12_Issue1
Charles Klondike
 
PPTX
Pentesting iOS Applications
jasonhaddix
 
PDF
A (not-so-quick) Primer on iOS Encryption David Schuetz - NCC Group
EC-Council
 
PDF
CodeMash 2.0.1.5 - Practical iOS App Attack & Defense
Seth Law
 
PDF
Hacking and Securing iOS Apps : Part 1
Subhransu Behera
 
Belenko, sklyarov dark and bright sides of i cloud (in)security
DefconRussia
 
iOS Forensics: Overcoming iPhone Data Protection
Andrey Belenko
 
iPhone Data Protection in Depth
Seguridad Apple
 
iOS Forensics: where are we now and what are we missing?
Reality Net System Solutions
 
Hacking and Securing iOS Applications
n|u - The Open Security Community
 
Hacking and Securing iOS Applications by Satish Bomisstty
ClubHack
 
Synapse india iphone apps presentation oncracking and analyzing apple icloud
SynapseIndiaiPhoneApps
 
iOS secure app development
Dusan Klinec
 
Attacking and Defending Apple iOS Devices
Tom Eston
 
iOS Application Penetation Test
JongWon Kim
 
Hacking and securing ios applications
Satish b
 
iPhone and iPad Security
Simon Guest
 
ASFWS 2011 - Secure software development for mobile devices
Cyber Security Alliance
 
IOS Encryption Systems
Peter Teufl
 
CNIT 128 2. Analyzing iOS Applications (Part 2)
Sam Bowne
 
NWSLTR_Volume12_Issue1
Charles Klondike
 
Pentesting iOS Applications
jasonhaddix
 
A (not-so-quick) Primer on iOS Encryption David Schuetz - NCC Group
EC-Council
 
CodeMash 2.0.1.5 - Practical iOS App Attack & Defense
Seth Law
 
Hacking and Securing iOS Apps : Part 1
Subhransu Behera
 

Recently uploaded (20)

PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PPTX
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
PDF
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
PDF
DP Operators-handbook-extract for the Mautical Institute
LeonelMejiaLarios
 
PDF
Hybrid model detection and classification of lung cancer
IAESIJAI
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PPTX
cloud_computing_Infrastucture_as_cloud_p
mainakbhattacharya20
 
PDF
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
PPTX
TLE Review Electricity (Electricity).pptx
JayPolicarpio2
 
PPTX
A Presentation on Touch Screen Technology
memembruh336
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PDF
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
PDF
Mushroom cultivation and it's methods.pdf
mailmeonrishi
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
PPTX
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
PDF
Getting Started with Data Integration: FME Form 101
Safe Software
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
PDF
A novel scalable deep ensemble learning framework for big data classification...
IAESIJAI
 
A Presentation on Artificial Intelligence
memembruh336
 
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
DP Operators-handbook-extract for the Mautical Institute
LeonelMejiaLarios
 
Hybrid model detection and classification of lung cancer
IAESIJAI
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
cloud_computing_Infrastucture_as_cloud_p
mainakbhattacharya20
 
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
TLE Review Electricity (Electricity).pptx
JayPolicarpio2
 
A Presentation on Touch Screen Technology
memembruh336
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
Mushroom cultivation and it's methods.pdf
mailmeonrishi
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
Getting Started with Data Integration: FME Form 101
Safe Software
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
A novel scalable deep ensemble learning framework for big data classification...
IAESIJAI
 

iOS and BlackBerry Forensics

  • 1. iOS and BlackBerry Forensics Andrey Belenko Elcomsoft Co. Ltd. 1
  • 2. Agenda • Basics • iOS Forensics – iOS Security before iOS 4 – iOS 4 Data Protection – iOS 5 Data Protection Changes • BlackBerry Forensics • Summary 2
  • 3. Forensics 101 Acquisition ➜ Analysis ➜ Reporting GOALS: 1.  Assuming  physical  access  to  the  device  extract  as  much   informa>on  as  prac>cal 2.  Leave  as  li@le  traces/ar>facts  as  prac>cal 3
  • 4. 4
  • 5. iOS: Why Even Bother? • Almost 5 years on the market • 250+ million iOS devices sold worldwide • 6 iPhones, 4 iPods, 2 iPads • “Smart devices” – they do carry a lot of sensitive data • Corporate deployments are increasing There was, is, and will be a real need in iPhone Forensics 5
  • 6. iPhone Forensics 101 • Acquisition –Need to get data off the device • Passcode –Prevents unauthorized access to the device –Bypassing passcode is usually enough • Keychain –Central storage for sensitive data (passwords, keys) –Encrypted • Storage (disk) encryption 6
  • 7. iPhone Forensics 101 • Acquisition –Need to get data off the device • Passcode –Prevents unauthorized access to the device –Bypassing passcode is usually enough • Keychain –Central storage for sensitive data (passwords, keys) –Encrypted • Storage (disk) encryption 7
  • 8. Acquisition Options • Logical: iPhone Backup –Device must be unlocked –Device may produce encrypted backup –Limited amount of information • Read files directly (AFP) –Device must be unlocked –Limited access (non-jailbroken devices) • Physical: filesystem acquisition –Boot-time exploit to run unsigned code –Device lock state isn’t relevant –Can get all information from the device 8
  • 9. What is Jailbreak? • Jailbreak – circumventing iOS security in order to run custom code • Boot-level or application-level • Tethered or untethered 9
  • 10. Types of Jailbreaks • App-level JB gets kernel code execution by exploiting apps –e.g. JailbreakMe –Can be fixed by new firmware • Boot-level JB breaks loads custom kernel by breaking chain of trust –e.g. limera1n –Can’t be fixed if exploits vulnerability in BootROM 10
  • 11. Jailbreak and Forensics • Tethered JB –Host connection is required to boot into JB state –Exploit(s) are sent by the host –May leave minimal traces on the device • Untethered JB –Device is modified so that it can boot in jailbroken state by itself –Leaves permanent traces 11
  • 12. Acquisition Options • Logical: iPhone Backup –Device must be unlocked –Device may produce encrypted backup –Limited amount of information • Read files directly (AFP) –Device must be unlocked –Limited access (non-jailbroken devices) • Physical: filesystem acquisition –Boot-time exploit to run unsigned code –Device lock state isn’t relevant –Can get all information from the device 12
  • 13. Acquisition Options • Logical: iPhone Backup –Device must be unlocked –Device may produce encrypted backup –Limited amount of information • Read files directly (AFP) –Device must be unlocked –Limited access (non-jailbroken devices) • Physical: filesystem acquisition –Boot-time exploit to run unsigned code –Device lock state isn’t relevant –Can get all information from the device 13
  • 14. Unlocking the Device • Passcode • iTunes pairing –if iTunes have seen the device before, it can unlock it –iOS 4: always –iOS 5: if passcode has been entered on device after power-on –don’t switch off iOS 5 device after seizure (if there is a chance that you’ll have PC/Mac it is paired with) 14
  • 15. iPhone Forensics 101 • Acquisition –Need to get data off the device • Passcode –Prevents unauthorized access to the device –Bypassing passcode is usually enough • Keychain –Central storage for sensitive data (passwords, keys) –Encrypted • Storage (disk) encryption 15
  • 16. iOS < 4.0 Passcode • Lockscreen (i.e. UI) is the only protection • Passcode is stored in the keychain –Passcode itself, not its hash • Can be recovered or removed instantly –Remove record from the keychain –And/or remove setting telling UI to ask for the passcode 16
  • 17. iOS 4/5 Passcode • Passcode is used to compute encryption key –Computation tied to hardware key –Same passcode will yield different passcode keys on different devices! • Passcode key is required to unlock some of the content protection keys –most files don’t require a passcode for decryption –most keychain items do require a passcode for decryption 17
  • 18. iOS 4/5 Passcode • Passcode-to-Key transformation is slow • Offline bruteforce currently is not possible –Requires extracting hardware key • On-device bruteforce is slow –2 p/s on iPhone 3G, 7 p/s on iPad • We have hint on password complexity 18
  • 19. iOS 4/5 Passcode • 0 – digits only, length = 4 (simple passcode) 19
  • 20. iOS 4/5 Passcode • 0 – digits only, length = 4 (simple passcode) • 1 – digits only, length != 4 20
  • 21. iOS 4/5 Passcode • 0 – digits only, length = 4 (simple passcode) • 1 – digits only, length != 4 • 2 – contains non-digits, any length 21
  • 22. iOS 4/5 Passcode • 0 – digits only, length = 4 (simple passcode) • 1 – digits only, length != 4 • 2 – contains non-digits, any length Can at least identify weak passcodes 22
  • 23. iPhone Forensics 101 • Acquisition –Need to get data off the device • Passcode –Prevents unauthorized access to the device –Bypassing passcode is usually enough • Keychain –Central storage for sensitive data (passwords, keys) –Encrypted • Storage (disk) encryption 23
  • 24. iOS < 4.0 Keychain • SQLite3 DB, only passwords are encrypted • All items are encrypted with the device key and random IV • Key can be extracted (computed) for offline use • All past and future keychain items from the device can be decrypted using that key Encrypted  with  Key  0x835 IV Data SHA-­‐1  (Data) 0 16 24
  • 25. iOS 4 Keychain • SQLite3 DB, only passwords are encrypted • Random key for each item, AES-CBC • Item key is protected with corresponding protection class master key • Some keychain items are included in the iTunes backup • In encrypted iTunes backup keychain items are encrypted using backup password 0 Class Wrapped  Item  Key Encrypted  Item 0 4 8 48 25
  • 26. iOS 5 Keychain • Based on iOS 4 encryption • All attributes are now encrypted (not only password) • AES-GCM is used instead of AES-CBC • Enables integrity verification 2 Class Wrapped  Key  Length Wrapped  Key Encrypted  Data  (+Integrity  Tag) 0 4 8 12 26
  • 27. iPhone Forensics 101 • Acquisition –Need to get data off the device • Passcode –Prevents unauthorized access to the device –Bypassing passcode is usually enough • Keychain –Central storage for sensitive data (passwords, keys) –Encrypted • Storage (disk) encryption 27
  • 28. iOS < 4.0 Disk Encryption • No encryption 28
  • 29. iOS 4 Disk Encryption • Only User partition is encrypted • Available protection classes: – NSProtectionNone (can decrypt without passcode) – NSProtectionComplete (can’t decrypt without passcode) • Filesystem metadata encrypted transparently • Files are encrypted using per-file random key –Reliable recovery of deleted files is not currently possible 29
  • 30. iOS 5 Disk Encryption • New partition scheme – “LwVM” – Lightweight Volume Manager • Any partition can be encrypted • New protection classes – NSFileProtectionCompleteUntilFirstUserAuthentication – NSFileProtectionCompleteUnlessOpen • IV for file encryption is computed differently 30
  • 31. iOS Forensics • Acquiring disk image is not enough for iOS 4+ – Content protection keys must also be extracted from the device during acquisition • Passcode or escrow keybag is needed for a complete set of content protection keys • In real world it might be a good idea to extract source data and compute protection keys offline 31
  • 32. iOS Forensics Must be done on the device Passcode Required to decrypt files/keychain Sufficient for offline key reconstruction UID Key KDF FS Key Decrypt Key 89B Key 835 Passcode Key Effaceable Storage ‘EMF!’ / ‘LwVM’ System Keybag (locked) ‘Dkey’ Class A Key (#1) ‘BAG1’ Unlock Class B Key (#2) Class C Key (#3) Class D Key (#4) Class Key #5 systembag.kb Decrypt System Keybag … (unlocked) Class Key #11 32
  • 33. Useful Tools • Logical: iPhone Backup –iTunes (acquire) –Oxygen Forensics Suite, iBackupBot (view) –Elcomsoft Phone Password Breaker (recover password, view backup keychain, decrypt backup) • Read files directly (AFP) –iExplorer • Physical: filesystem acquisition –Elcomsoft iOS Forensic Toolkit, AccessData MPE+, Cellebrite UFED, XRY, etc –iphone-dataprotection (at Google Code) 33
  • 34. iOS Forensic Toolkit iPhone 3GS iPhone iPhone 3G iPhone 4 iPhone 4S iPod Touch 3 iPod Touch 1 iPod Touch 2 iPod Touch 4 iPad 2 iPad 1 iOS version 3.1.3 4.2.1 3.1.3 5.1.1 5.1.1 5.0, 5.01 (JB) Physical + + + + + acquisition Passcode instant + instant + + recovery Keychain + + + + + decryption Disk decryption not encrypted + + 34
  • 35. Conclusions • iPhone physical analysis is possible • Physical acquisition requires boot-time exploit • Passcode is usually not a problem – Due to technology before iOS 4 – Due to human factor with iOS 4/5 • Both proprietary and open-source tools for iOS 4/5 acquisition are available 35
  • 36. iCloud Backups • It is now possible to download iOS backups from the iCloud • Backups in iCloud are NOT encrypted –Even if backup encryption is ON • Apple ID and password are required – Can be found on PC/Mac/iOS devices 36
  • 37. 37
  • 38. BlackBerry Forensics 101 • Acquisition –Need to get data off the device • Device password –Prevents unauthorized access to the device • File encryption –i.e. *.rem files on SD Card 38
  • 39. Acquisition Options • Logical: BlackBerry backup –Must know device password –Backup encryption is NOT enforced –Limited amount of information • Physical –Must know device password –Can get all information from the device • Chip-off –Don’t need device password –Destructive process 39
  • 40. Acquisition Options • Logical: BlackBerry backup –Must know device password –Backup encryption is NOT enforced –Limited amount of information • Physical –Must know device password –Can get all information from the device • Chip-off –Don’t need device password –Destructive process 40
  • 41. Device Password • No reliable ways to recover • Can be recovered in one special case: –Files on SD card are encrypted –Encryption is set to “Security password” or “Device password” • Can be recovered for “Device password & Device Key” if device dump is available 41
  • 42. BlackBerry Forensics 101 • Acquisition –Need to get data off the device • Device password –Prevents unauthorized access to the device • File encryption –i.e. *.rem files on SD Card 42
  • 43. File Encryption • Encryption options: –Device Key –Device Password –Device Password & Device Key • Device Key is per-card and stored in NVRAM • Some files are encrypted using different key (?) –E.g. WhatsApp database on SD card –Not clear why, maybe an implementation of PersistentStore 43
  • 44. File Decryption • Files can be decrypted provided –Device dump (for Device Key option) –Device password (for Device Password option) –Both (for Device Password & Device Key option) • ‘PersistentStore’ files (e.g. WhatsApp database) can be decrypted provided device dump –Tool for this is available free of charge for law enforcement 44
  • 45. Useful Tools • Logical: BlackBerry backup –BlackBerry Desktop Manager (acquire) –Elcomsoft BlackBerry Backup Explorer (view) –Elcomsoft Phone Password Breaker (recover backup password, decrypt backup; recover BlackBerry PasswordKeeper and Wallet passwords) • Physical –Cellebrite • Other –Elcomsoft Phone Password Breaker (recover device password, decrypt SD card files) 45
  • 47. iOS and BlackBerry Forensics Andrey Belenko Elcomsoft Co. Ltd. 47