Information Technology Reference
In-Depth Information
device and is used to create device-specific keys (the
0x835
key and the
0x89B
key)
that are later used for file system encryption. The UID allows data to be cryptographically
tied to a particular device; so, even if the flash chip is moved from one device to other, the
files are not readable and remain encrypted. The GID key is shared by all devices with the
same application processor (for example, all devices that use the A4 chip) and is used to
decrypt the iOS firmware images (IPSW) during installation, restore, and update. The
GID prevents hackers from reversing the firmware and finding security vulnerabilities.
Apart from the UID and GID, all other cryptographic keys are created by the system's
random number generator
(
RNG
) using an algorithm based on Yarrow. More informa-
tion on encryption and Yarrow-based algorithms can be found at
http://images.apple.com/
iPhone Data Protection Tools is an open source iOS forensic toolkit written by Jean-Bap-
tiste and Jean Sigwald, which uses the custom ramdisk technique. The forensic toolkit
builds a custom ramdisk and loads it to the device by exploiting the Boot ROM vulnerab-
ility in the DFU mode. The custom ramdisk includes tools to enumerate device informa-
tion, brute force passcode attempts, and create a raw image of the disk partition. The
forensic toolkit also obtains device encryption keys, decrypts the file system, and recovers
the deleted files. The iPhone Data Protection Tools currently work with the iPhone 3G,
3GS and 4; iPod touch 2G, 3G and 4G; and iPad 1 models. More information on this can
