Jonathan Zdziarski ...
 
Notifications
Clear all

Jonathan Zdziarski iPhone Tools [Discussion]

32 Posts
15 Users
0 Likes
1,817 Views
 Doug
(@doug)
Posts: 185
Estimable Member
Topic starter
 

I figured that as there are no real areas to discuss or help each other with the iPhone tools a thread might be a good idea.

So with the latest release out has anyone got them setup and working?

I am curious what the 'MULTIPLATFORM' part of the new 4.2.1 scripts really means. My assumption would be 3GS, 4 and iPad.

I have the test fleet ready to go

3G 4.2.1
3GS 4.1 (upgrading to 4.2.1 as we speak)
4 4.2.1
iPad 4.2.1

I shall see exactly how multiplatform the new scripts are over the next couple days.

If anyone has any questions about the tools then this might be a good place to offer/seek help!

 
Posted : 08/02/2011 7:47 pm
(@muirner)
Posts: 65
Trusted Member
 

See this thread for the latest discussion I've seen about Jonathan Zdziarski's tools

<url>http//www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=7051</url&gt;

I'm not doing this to bag JZ, or to even sling poo at him, but my experience was the exact same as everyone else. I emailed him using the address found on his blog, iphoneinsecurity.com, as well as another address I was provided. I received no response to any of my emails, which I semi-expected as I'm non-LE.

You'll find that most users here need help with iPhone investigations are looking to JZ and his methods for help. Unfortunatly he wont support the private sector, or anyone, from what I see.

 
Posted : 08/02/2011 10:48 pm
(@kc5mhb)
Posts: 10
Active Member
 

See this thread for the latest discussion I've seen about Jonathan Zdziarski's tools

&lt;url&gt;http//www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=7051</url&gt;

I'm not doing this to bag JZ, or to even sling poo at him, but my experience was the exact same as everyone else. I emailed him using the address found on his blog, iphoneinsecurity.com, as well as another address I was provided. I received no response to any of my emails, which I semi-expected as I'm non-LE.

You'll find that most users here need help with iPhone investigations are looking to JZ and his methods for help. Unfortunatly he wont support the private sector, or anyone, from what I see.

As is stated on his personal website, Non-LE requests will not be answered. I'm sure he doesn't want others making money off of his research and work, especially the commercial entities. The software and instructions are free to LE. He does offer classes on his process to LE and aside from a day job, this is how he justifies working on the project. I don't blame him either.

Side note Yes the new processes work rather well with the exception that you only get the user data and not a full dd image of the phone. Blame Apple for that and their on the fly encryption which Jonathan is working on along with the 3G phones with version 4.x in them. If you are LE and have the new files, check out the firmware file and it will show which devices are supported.

 
Posted : 02/03/2011 10:07 pm
(@armresl)
Posts: 1011
Noble Member
 

LE can and does make money off his methods, and other phone software methods of removing data from cellphones.

You have to think outside the box to find this answer, but any idea how they do it?

"As is stated on his personal website, Non-LE requests will not be answered. I'm sure he doesn't want others making money off of his research and work, especially the commercial entities. "

 
Posted : 05/03/2011 12:24 pm
Redcelica67
(@redcelica67)
Posts: 130
Estimable Member
 

…………I would argue that it's only a matter of time before someone comes up with an alternative & maybe improved method…….. hopefully )

 
Posted : 05/03/2011 1:49 pm
(@armresl)
Posts: 1011
Noble Member
 

Redelica67, I can't wait, it will be great. I have to go do something or I will be late.

…………I would argue that it's only a matter of time before someone comes up with an alternative & maybe improved method…….. hopefully )

 
Posted : 05/03/2011 11:16 pm
(@kc5mhb)
Posts: 10
Active Member
 

LE can and does make money off his methods, and other phone software methods of removing data from cellphones.

You have to think outside the box to find this answer, but any idea how they do it?

"As is stated on his personal website, Non-LE requests will not be answered. I'm sure he doesn't want others making money off of his research and work, especially the commercial entities. "

What I was refering to was commercial entities making money off of his research. I'm sure LE agencies do charge other agencies for their time to process phones. If our agency could do it, I'm sure we would. That said, my agency is required by state law to assist other LE agencies in investigations when requested. Since we are a state agency and are funded via our legislature, the only way we can recoup funds is if the court orders the suspect to repay our agency for the costs incurred. It doesn't happen very often.

 
Posted : 07/03/2011 8:14 pm
 Doug
(@doug)
Posts: 185
Estimable Member
Topic starter
 

This seems like a more suitable place to discuss the tools so I will repost my questions here.

Question 1
What sort of transfer speeds are people getting?

With the Linux scripts we seem to get 4MB/s no mater which computer we use. Be it an old Dell tower or a new i5 laptop.

Does anyone have any tricks for getting faster transfer speeds?

Question 2
Do the Mac's need to be running a specific version on OSX?
I assume that 10.6.3 would be suitable?

I am looking to upgrade the Mac's we use and wanted to confirm which OS versions people have successfully used.

Question 3
I have noticed that all the iOS4+ extractions we have performed on the Linux box are failing to fully recover the file system. In particular the scripts are not recovering the "private/var/wireless/" folder, which means we are not able to recover the call logs. I have run various grep commands over the whole file system extraction searching for known phone numbers that should appear in the call_history.db but nothing is found.

Example scenario

iPhone 4 Running 4.2.1
handset lock active (Code not known)

We take the file system read using JZ method. But we have no call database?

I was wondering if anyone else had noticed this with the file system recovery scripts on Linux?

Question 4
I have noticed other issues such as on the Linux iOS 4.1 scripts the 'ProtectedIndex' email file is extracted (and registers as the right size) but is filled with nulls. But it seems to extract the file correctly on 4.0.2 devices. This needs further testing but appears to be an issue.

 
Posted : 15/03/2011 7:10 pm
CdtDelta
(@cdtdelta)
Posts: 134
Estimable Member
 

On a side note here, non-LE can get access to his tools (unless he's changed the rules - again)…you just have to sign up for a training class and he gives you access to the site for a year.

Now that's where things stood with him back around iOS 3.x, I don't know if he's changed things around.

Tom

 
Posted : 16/03/2011 7:51 am
(@trewmte)
Posts: 1877
Noble Member
 

What I was refering to was commercial entities making money off of his research….

Maybe that is exactly the point being made about making the software open to all rather than selectivity. Apple produced research and actioned a product called iPhone. JZ's iPhone tool merely uses their original research to make money.

JZ may have good reasons for doing what he is doing, but I'm not entirely convinced by this process that distinguishes, in this particular matter, people on the basis of their employment as to whether they can use a product or not. After all we are not talking about a Tazer here.

Correct me if I am wrong, but is this not a product that uses freedom frontier (not to be disbarred from producing it) approach to being able to create the tool and use it, acts as a proponent of reverse engineering and then in the same breath clamps down on the right of those who can use it?

 
Posted : 16/03/2011 10:56 am
Page 1 / 4
Share: