This is why Keychain items migrate to a new device only if a backup password is set. If a user chooses not to encrypt an iTunes backup, the backup files aren’t encrypted regardless of their Data Protection class, but the Keychain remains protected with a UID-derived key. This threat can be mitigated with a sufficiently strong password. Despite this large iteration count, there’s no tie to a specific device, and therefore a brute-force attack parallelized across many computers could theoretically be attempted on the backup keybag. The keybag is protected with the password set in iTunes, run through 10 million iterations of PBKDF2. As explained previously, non-migratory Keychain items remain iOS Security wrapped with the UID-derived key, allowing them to be restored to the device they were originally backed up from, but rendering them inaccessible on a different device. A new keybag is created with a new set of keys, and the backed-up data is re-encrypted to these new keys. This file, amongst other things, contains the Backup Key Bag which is described in the iOS Security Guide:īackup keybag is created when an encrypted backup is made by iTunes and stored on the computer to which the device is backed up. I had made the assumption that I would need the entire backup in order to crack the password, and on Austalia’s less-than-fantastic internet, it would take days for Jesse to upload the files.Īs it turns out, all I needed was the ist file that’s inside the backup’s folder. ![]() I did a little more reading an found this article which gave me hope. Since I have a decent gaming rig and have worked with password crackers before, I figured I’d have better luck cracking the password directly. I knew that behind the scenes, these programs must be doing some form of password cracking, and I would be trading performance for convenience. I found a few programs that claimed to be able to unlock encrypted iPhone backups. Motivation and coffee on my side, I started doing some reading. I made it my mission to find a way to get those photos back. I really wanted to get into this backup, because in truth, the thought of those photos forever was pretty upsetting. It’s not official or anything yet, but I’m sure there’s a committee somewhere that on seeing the lost pictures of Jesse’s baby daughter, they would immediately dub her “Cutest baby ever” and disband the committee forever. Now, you’re going to have to believe me when I say this (because I won’t share a photo) but Jesse’s daughter happens to be the cutest little girl that has ever graced this planet. She had tried every variation of the passwords she usually uses and contacting me was a last-ditch effort. There was no cloud backup, no photos synchronised with iTunes, and no other camera or phone that had half as many photos as she had. The thing was, that backup contained the only copies of photos of her baby daughter. Once I told her the bad news, she got upset. I told Jesse that Apple does a pretty good job at securing their stuff and that she would have to remember the password to restore the backup. I did the usual ethical arithmetic and figured that entering her contacts and downloading her apps manually was a small price to pay for forgetting a password. My immediate response was “You want me to hack an iPhone? Hell no!”. A safe doesn’t care that you own it if you forget the combination then you’re out of luck. It was one of those cases where the thing that’s designed to keep the bad guys out was doing a pretty good job at keeping her out too. The problem was that the backup was encrypted and, of course, she couldn’t remember the password. Recently, I got a message from a good friend of mine:ĭo you have a program that can unlock passwords that I can’t reset? □Īfter some back and forth, I worked out that my friend (let’s call her Jesse) had bought a new iPhone and wanted to restore the backup from her old phone. Plus, you know you’ll be doing it for free, and are you really that close with this person? Inevitably, you say yes because of who you are as a person, then spend the next week of your free time cleaning viruses, replacing hard drives, reinstalling Windows and doing whatever else needs to be done. You want to help people, but you’re a busy person and these things take time to do. This forces you to do some mental arithmetic on your ethics. It may come from your family, it may come from your friends, but inevitably you’ll get a message or a call from somebody in distress whose hard drive has died or Facebook was hacked. ![]() If you’ve ever worked in the IT industry, are good with computers, or were simply born after 1980, then you’re probably asked every other week to provide tech support.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |