I am analyzing an iPhone. I use mobile edit forensic express 5.
Unluckly the iPhone backup is password protected. I tried a four digit pin attack with no result.
Other attack are too long.
Is there something to bypass the password?
Thnks best regards
If the device is running iOS11, and you have the device, it is possible to reset the backup password using the following process
If you can’t remember the password for your encrypted backup
You can’t restore an encrypted backup without its password. With iOS 11 or later, you can make a new encrypted backup of your device by resetting the password. Here’s what to do
1. On your iOS device, go to Settings > General > Reset.
2. Tap Reset All Settings and enter your iOS passcode.
3. Follow the steps to reset your settings. This won't affect your user data or passwords, but it will reset settings like display brightness, Home screen layout, and wallpaper. It also removes your encrypted backup password.
4. Connect your device to iTunes again and create a new encrypted backup.
You won't be able to use previous encrypted backups, but you can back up your current data using iTunes and setting a new backup password.
Click
HTH
JC
You can try Oxygen Forensic Detective software. It has the built-in Passware module that helps to find passwords to encrypted backups using the latest algorithms and technologies including distributed processing and GPU acceleration. You can choose any of the available attacks, like brute-force, dictionary, Xieve, etc.
If the device is running iOS11, and you have the device, it is possible to reset the backup password using the following process
If you can’t remember the password for your encrypted backup
You can’t restore an encrypted backup without its password. With iOS 11 or later, you can make a new encrypted backup of your device by resetting the password. Here’s what to do
1. On your iOS device, go to Settings > General > Reset.
2. Tap Reset All Settings and enter your iOS passcode.
3. Follow the steps to reset your settings. This won't affect your user data or passwords, but it will reset settings like display brightness, Home screen layout, and wallpaper. It also removes your encrypted backup password.4. Connect your device to iTunes again and create a new encrypted backup.
You won't be able to use previous encrypted backups, but you can back up your current data using iTunes and setting a new backup password.
Click
Here for more details. HTH
JC
I tried this. But It asks me the old password. I don't have it.
thanks
JC's instructions are great but as mentioned that reset only works on new backups not the previous one you have so any new backup you create will work but it won't work on the old one.
Jamie
Try 1234. if the user does not define a password, 1234 is defined as the automatic password.
JC's instructions are great but as mentioned that reset only works on new backups not the previous one you have so any new backup you create will work but it won't work on the old one.
Jamie
if you still have the device you can update it to ios11 and follow the same instructions
Password can be digit but also letters - BF attack can be time consuming if you will work only on one machine. If you don't have any hints and you want access those backup check iOS version - there was a bug in 10.x which allow very fast attack. If you still got a problem you can drop me PM - we can try to check how much time it can take on our GPUs PCs by distribute attack
Bruteforcing the backup is a matter of GPU power + pure luck at this point.
What about iCloud ? I'd start digging there…
Hello All,
I have recently removed the iPhone backup encryption from iOS 10.3.3 and 11.1.2 and 11.4 by using the reset settings option.
I am wondering if resetting the user settings is a common way analysts remove the encryption or is bypassing the code using Elcomsoft or Passware the preferred method for a forensic perspective?
If so does anyone know what changes are made?
I have noted that all security features are removed (PIN, Encrpytion and Biometrics) as well as any preset user background images.
Any input will be greatly appreciated.
Kind Regards.