We got a case in-lab of an iPhone X (A1865) only. No PC with iTunes backup, no iCloud of the suspect. Apple only confirmed the AppleID was used until end of Jan18 but the device last was in use confirmed Feb 2nd 18 UTC+1 0425h.
How can we after 5-times SOS button and FaceID downgrading to PassCode (Apple says 6-digit was used - I cannot believe this info) fastest unlock the iPhone X except by running Passware?
First Apple iOS stores the PassCode in the Secure Enclave. How can they say the PassCode is a 6-digit? This I hear the first time and cannot believe, I all the time thought all the PassCode info is never submitted to Apple servers, right?
Please help. Thank you.
I'm not sure I follow some of your points.
You should be able to clearly see it is a 6 digit passcode when it requests passcode, right?
Why was the point about SOS necessary? If the device powered off, or more than 48 hours passed since being seized, then it would already be requiring the passcode.
I understand you've said no iTunes and no iCloud, but are you suggesting a brute force for this model/ios is feasible? Not that I know of.
Rolf,
Not all is lost… your agency may submit the device (with the warrant) to Cellebrite's Advanced Services, this is what the service is for - helping Law Enforcement access evidence in very challenging cases.
The passcode type (4 digit, 6 digit, complex numeric, complex alphanumeric) is available without any special Secure Enclave access.
As was mentioned here, you can just power on and watch the screen…
Thank you and Toda raba. I may was unclear in explaination. The iPhone X failbacks to PassCode by default as you mentioned. For my understanding the only surprising was that Apple told us that it is a 6-digit PassCode and I assumed that the PassCode itself never leaves the device to iCloud or iTunes backup. If, it would be possible to bruteforce outside the iPhone X - or just ask Apple to get it by warrant.
The fact is we cannot open. Under no life-threatening conditions we would send it to Petah Tikva for CAS. In this case a missing child is involved and its the device of the mother.
All too slow.
Rolf,
I'm sorry to hear about the missing child case, we try to get such phones processed as quickly as possible. Note there are other Cellebrite lab locations all over the world now (US, Canada, Germany, UK, Singapore, Japan…).
To the matter, Apple has no knowledge of the passcode itself and cannot bruteforce it, it was cryptographically designed to prevent that.
Thank you, Shahartal.
For law enforcement issues we are 24/7 in Munich ready to serve. Just email to contact@cellebrite.com.
@Shahartal, we got informed that the device may runs iOS 11.3 beta 2 (15E5178f) out of the dev channel. Is Cellebrite already ready since Feb 6th 2018 release date of this beta?
I cannot find info about security changes since iOS 11 release except of the Meltdown/Spectre issue.
Does anybody has the email address of Zdziarsky at Apple?
Does anybody has the email address of Zdziarsky at Apple?
Try jonathan.zdziarsky@apple.com