SlideShare una empresa de Scribd logo

iOS Forensics: Overcoming iPhone Data Protection

A
Andrey Belenko
Tecnología
1 de 40
Descargar para leer sin conexión
iOS Forensics: Overcoming iPhone Data Protection Andrey Belenko Chief Security Researcher Elcomsoft Co. Ltd. 1
Agenda • iOS Forensics 101 • iOS 4 Data Protection • iOS Forensics • Passcode • Keychain • Storage 2
Forensics 101 Acquisition ➜ Analysis ➜ Reporting GOALS: 1. Assuming physical access to the device extract as much information as practical 2. Leave as little traces/artifacts as practical 3
iOS Forensics 101 • Passcode • Prevents unauthorized access to the device • Bypassing passcode is usually enough • Keychain • System-wide storage for sensitive data • Encrypted • Storage encryption • iPhone 3Gs and later can encrypt disk data 4
iOS Forensics 101 • iOS is modified version of Mac OS X • Familiar environment • iOS enforces additional security • Code signing: can’t run unsigned executables • Sandboxing: access to system is limited • Acquisition options: • Via exposed interfaces (i.e. Sync, Backup) • Via circumventing security and running own code 5
iOS Forensics 101 • Logical: iOS Backup • Ask device to produce a backup • Device must be unlocked • Device may produce encrypted backup • Limited amount of information • Physical: filesystem acquisition • Boot-time exploit to run unsigned code • Device lock state isn’t relevant • Can get all information from the device • Since iOS 4 filesystem is encrypted 6
Pre-iOS 4 Forensics • Device passcode can be bypassed • Storage is effectively not encrypted • Device transparently decrypts data • Keychain data is encrypted • One can either decrypt all or nothing. Usually all. Once you have code execution, rest is easy 7
New in iOS 4 • Passcode protection is much more robust • Storage is encrypted • Metadata is not encrypted • Contents of (almost) every file is encrypted • New (and better) Keychain encryption • New (and better) iTunes backup format All these are part of iOS 4 Data Protection 8
AES Keys • All iOS devices have built-in AES processor with 2 hardcoded keys: • GID Key is shared by all devices of the same kind • UID Key is unique to each and every device (hardware key) • More keys are computed during startup: • Key 0x835 = AES_encrypt (UID, 0101..01) (device key) • Derived keys depend solely on GID or UID and thus are fixed for the particular device 9
Protection Classes • Content is grouped into protection classes: •Available only when device is unlocked •Available after first device unlock (and until off) •Always available • Each protection class assigned a master encryption key • Master keys are protected by device key and passcode • Protected master keys form system keybag • New keys created during device restore 10
System Keybag • Stores protected (encrypted) master keys • Keybag payload is encrypted before writing to disk • Stored in /private/var/keybags/systembag.kb • File has NSProtectionNone protection class • Meaning it is encrypted • 11 protection classes in total • All but NSProtectionNone are stored in systembag.kb • NSProtectionNone is stored in Effaceable Storage 11
Effaceable Storage • Region of flash memory • Facilitates storage of small amounts of data with ability to quickly erase them • Items within effaceable storage are called lockers • As of iOS 4: 960 bytes capacity, 3 lockers: • ‘BAG1’ – systembag.kb payload key and IV • ‘Dkey’ – NSProtectionNone class master key • ‘EMF!’ – Filesystem encryption key 12
Unlocking Keybag Passcode Key Device Key if (WRAP & 0x2) if (WRAP & 0x1) Keybag (locked) Keybag (unlocked) Protected Key DECRYPT Key WRAP = 1 Protected Key UNWRAP Key WRAP = 2 Protected Key UNWRAP DECRYPT Key WRAP = 3 Protected Key DECRYPT Key WRAP = 1 Protected Key UNWRAP DECRYPT Key WRAP = 3 ... ... 13
Escrow Keybag • “Usability feature” • Allows iTunes to unlock the device • Contains same master keys as system keybag • Created when device (unlocked) is connected to the iTunes for the first time • Stored on the computer side • Protected by 256 bit random “passcode” • “Passcode” is stored on the device • Escrow keybag gives same powers as knowing the passcode 14
iOS 4 Key Hierarchy Must be done on the device Passcode UID Key KDF EMF Key Decrypt Key 89B Key 835 Passcode Key Effaceable Storage ‘EMF!’ System Keybag (locked) ‘Dkey’ Class A Key (#1) ‘BAG1’ Unlock Class B Key (#2) Class C Key (#3) Class D Key (#4) Class Key #5 systembag.kb Decrypt System Keybag … (unlocked) Class Key #11 15
iOS 4 Key Hierarchy Must be done on the device Passcode Required to decrypt files/keychain UID Key KDF EMF Key Decrypt Key 89B Key 835 Passcode Key Effaceable Storage ‘EMF!’ System Keybag (locked) ‘Dkey’ Class A Key (#1) ‘BAG1’ Unlock Class B Key (#2) Class C Key (#3) Class D Key (#4) Class Key #5 systembag.kb Decrypt System Keybag … (unlocked) Class Key #11 16
iOS 4 Key Hierarchy Must be done on the device Passcode Required to decrypt files/keychain Sufficient for key reconstruction UID Key KDF EMF Key Decrypt Key 89B Key 835 Passcode Key Effaceable Storage ‘EMF!’ System Keybag (locked) ‘Dkey’ Class A Key (#1) ‘BAG1’ Unlock Class B Key (#2) Class C Key (#3) Class D Key (#4) Class Key #5 systembag.kb Decrypt System Keybag … (unlocked) Class Key #11 17
iOS 4 Key Hierarchy Must be done on the device Passcode Required to decrypt files/keychain Sufficient for key reconstruction UID Key KDF EMF Key Decrypt Key 89B Key 835 Passcode Key Effaceable Storage ‘EMF!’ System Keybag (locked) ‘Dkey’ Class A Key (#1) ‘BAG1’ Unlock Class B Key (#2) Class C Key (#3) Class D Key (#4) Class Key #5 systembag.kb Decrypt System Keybag … (unlocked) Class Key #11 18
iOS 4 Key Hierarchy Must be done on the device Passcode Required to decrypt files/keychain Sufficient for key reconstruction UID Key KDF EMF Key Decrypt Key 89B Key 835 Passcode Key Effaceable Storage ‘EMF!’ System Keybag (locked) ‘Dkey’ Class A Key (#1) ‘BAG1’ Unlock Class B Key (#2) Class C Key (#3) Class D Key (#4) Class Key #5 systembag.kb Decrypt System Keybag … (unlocked) Class Key #11 19
iOS 4 Key Hierarchy Must be done on the device Passcode Required to decrypt files/keychain Sufficient for key reconstruction UID Key KDF EMF Key Decrypt Key 89B Key 835 Passcode Key Effaceable Storage ‘EMF!’ System Keybag (locked) ‘Dkey’ Class A Key (#1) ‘BAG1’ Unlock Class B Key (#2) Class C Key (#3) Class D Key (#4) Class Key #5 systembag.kb Decrypt System Keybag … (unlocked) Class Key #11 20
iOS 4 Key Hierarchy Must be done on the device Passcode Required to decrypt files/keychain Sufficient for key reconstruction UID Key KDF EMF Key Decrypt Key 89B Key 835 Passcode Key Effaceable Storage ‘EMF!’ System Keybag (locked) ‘Dkey’ Class A Key (#1) ‘BAG1’ Unlock Class B Key (#2) Class C Key (#3) Class D Key (#4) Class Key #5 systembag.kb Decrypt System Keybag … (unlocked) Class Key #11 21
Pre-iOS 4 Passcode • Lockscreen (i.e. UI) is the only protection • Passcode is stored in the keychain • Passcode itself, not its hash • Can be recovered or removed instantly • Remove record from the keychain • And/or remove setting telling UI to ask for the passcode 22
23
iOS 4 Passcode • Passcode is used to compute passcode key • Computation tied to hardware key • Same passcode will yield different passcode keys on different devices! • Passcode key required to unlock all but 3 master keys in system keybag • Most files are NSProtectionNone thus don’t need passcode • Most keychain items are accessible WhenUnlocked or AfterFirstUnlock thus DO require passcode 24
iOS 4 Passcode • Passcode-to-Key transformation is slow • Offline bruteforce currently not possible • Requires extracting hardware key • On-device bruteforce is slow •2 p/s on iPhone 3G, 7 p/s on iPad • System keybag contains hint on password complexity 25
iOS 4 Passcode • 0 – digits only, length = 4 (simple passcode) 26
iOS 4 Passcode • 0 – digits only, length = 4 (simple passcode) • 1 – digits only, length != 4 27
iOS 4 Passcode • 0 – digits only, length = 4 (simple passcode) • 1 – digits only, length != 4 • 2 – contains non-digits, any length 28
iOS 4 Passcode • 0 – digits only, length = 4 (simple passcode) • 1 – digits only, length != 4 • 2 – contains non-digits, any length Can at least identify weak passcodes 29
Demo 30
Pre-iOS 4 Keychain • SQLite3 Database, only passwords are encrypted • All items are encrypted with the device key (0x835) and random IV • Key is unique for each device and is fixed for lifetime of the device • Key can be extracted (computed) for offline use • All past and future keychain items from the device can be decrypted using that key Encrypted with Key 0x835 IV Data SHA-1 (Data) 0 16 31
iOS 4 Keychain • SQLite3 Database, only passwords are encrypted • Available protection classes: • kSecAttrAccessibleWhenUnlocked (+ ...ThisDeviceOnly) • kSecAttrAccessibleAfterFirstUnlock (+ ...ThisDeviceOnly) • kSecAttrAccessibleAlways (+ ...ThisDeviceOnly) • Random key for each item • Item key is protected with corresponding protection class master key 0 Class Wrapped Item Key Encrypted Item 0 4 8 48 32
Pre-iOS 4 Storage • No encryption before iPhone 3GS • Starting with iPhone 3GS: • Encryption uses EMF key for everything • Provides fast wipe, not confidentiality • Transparent to applications • Filesystem acquisition is not affected 33
iOS 4 Storage • Available protection classes: • NSProtectionNone • NSProtectionComplete • If no protection class is specified, EMF key is used • Filesystem metadata and unprotected files • Transparent encryption and decryption (same as pre-iOS 4) • If protection class is specified, per-file random key is used • Key protected with master key is stored com.apple.system.cprotect extended attribute 34
iOS 4 Storage • Acquired raw image has everything decrypted with EMF key • Filesystem metadata is OK • File contents are not • Restoring file data requires reverse transformations: • Encrypt with EMF key to get correct ciphertext • Decrypt with file key to get plaintext 35
iOS 4 Forensics Must be done on the device Passcode Required to decrypt files/keychain Sufficient for offline key reconstruction UID Key KDF EMF Key Decrypt Key 89B Key 835 Passcode Key Effaceable Storage ‘EMF!’ System Keybag (locked) ‘Dkey’ Class A Key (#1) ‘BAG1’ Unlock Class B Key (#2) Class C Key (#3) Class D Key (#4) Class Key #5 systembag.kb Decrypt System Keybag … (unlocked) Class Key #11 36
iOS 4 Forensics • Acquiring disk image is not enough for iOS 4+ • Content protection keys must also be extracted from the device during acquisition • Effaceable Storage contents are also needed to decrypt dd images. • Passcode or escrow keybag is needed for a complete set of master keys • In real world it might be a good idea to extract source data and compute protection keys offline 37
Conclusion • iPhone physical analysis is possible again • Physical acquisition requires boot-time exploit • Passcode is usually not a problem • Both proprietary and open-source tools for iOS 4 forensics available 38
Questions? 39
iOS Forensics: Overcoming iPhone Data Protection a.belenko@elcomsoft.com @andreybelenko www.elcomsoft.com 40

Recomendados

iOS and BlackBerry Forensics
iOS and BlackBerry ForensicsiOS and BlackBerry Forensics
iOS and BlackBerry ForensicsAndrey Belenko
 
iPhone Data Protection in Depth
iPhone Data Protection in Depth iPhone Data Protection in Depth
iPhone Data Protection in DepthSeguridad Apple
 
IOS Encryption Systems
IOS Encryption SystemsIOS Encryption Systems
IOS Encryption SystemsPeter Teufl
 
Mobile Device Encryption Systems
Mobile Device Encryption SystemsMobile Device Encryption Systems
Mobile Device Encryption SystemsPeter Teufl
 
DefCon 2012 - Gaining Access to User Android Data
DefCon 2012 - Gaining Access to User Android DataDefCon 2012 - Gaining Access to User Android Data
DefCon 2012 - Gaining Access to User Android DataMichael Smith
 
iPhone forensics on iOS5
iPhone forensics on iOS5iPhone forensics on iOS5
iPhone forensics on iOS5Satish b
 
Hacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyHacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyClubHack
 
Hacking and Securing iOS Applications
Hacking and Securing iOS ApplicationsHacking and Securing iOS Applications
Hacking and Securing iOS Applicationsn|u - The Open Security Community
 

Recomendados

iOS and BlackBerry Forensics
iOS and BlackBerry ForensicsiOS and BlackBerry Forensics
iOS and BlackBerry ForensicsAndrey Belenko
 
iPhone Data Protection in Depth
iPhone Data Protection in Depth iPhone Data Protection in Depth
iPhone Data Protection in DepthSeguridad Apple
 
IOS Encryption Systems
IOS Encryption SystemsIOS Encryption Systems
IOS Encryption SystemsPeter Teufl
 
Mobile Device Encryption Systems
Mobile Device Encryption SystemsMobile Device Encryption Systems
Mobile Device Encryption SystemsPeter Teufl
 
DefCon 2012 - Gaining Access to User Android Data
DefCon 2012 - Gaining Access to User Android DataDefCon 2012 - Gaining Access to User Android Data
DefCon 2012 - Gaining Access to User Android DataMichael Smith
 
iPhone forensics on iOS5
iPhone forensics on iOS5iPhone forensics on iOS5
iPhone forensics on iOS5Satish b
 
Hacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyHacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyClubHack
 
Hacking and Securing iOS Applications
Hacking and Securing iOS ApplicationsHacking and Securing iOS Applications
Hacking and Securing iOS Applicationsn|u - The Open Security Community
 
Hacking and securing ios applications
Hacking and securing ios applicationsHacking and securing ios applications
Hacking and securing ios applicationsSatish b
 
iOS secure app development
iOS secure app developmentiOS secure app development
iOS secure app developmentDusan Klinec
 
Beginner’s Guide on How to Start Exploring IoT Security 1st Session
Beginner’s Guide on How to Start Exploring IoT Security 1st SessionBeginner’s Guide on How to Start Exploring IoT Security 1st Session
Beginner’s Guide on How to Start Exploring IoT Security 1st Sessionveerababu penugonda(Mr-IoT)
 
Firmware analysis 101
Firmware analysis 101Firmware analysis 101
Firmware analysis 101veerababu penugonda(Mr-IoT)
 
Pentesting iPhone applications
Pentesting iPhone applicationsPentesting iPhone applications
Pentesting iPhone applicationsSatish b
 
IoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangaloreIoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangaloreveerababu penugonda(Mr-IoT)
 
Beginners guide on how to start exploring IoT 2nd session
Beginners guide on how to start exploring IoT 2nd sessionBeginners guide on how to start exploring IoT 2nd session
Beginners guide on how to start exploring IoT 2nd sessionveerababu penugonda(Mr-IoT)
 
iOS Application Penetration Testing
iOS Application Penetration TestingiOS Application Penetration Testing
iOS Application Penetration Testingn|u - The Open Security Community
 
Hacking and Securing iOS Apps : Part 1
Hacking and Securing iOS Apps : Part 1Hacking and Securing iOS Apps : Part 1
Hacking and Securing iOS Apps : Part 1Subhransu Behera
 
Owasp top 10
Owasp top 10 Owasp top 10
Owasp top 10 veerababu penugonda(Mr-IoT)
 
ios device protection review
ios device protection reviewios device protection review
ios device protection reviewnlog2n
 
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3miOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3mPrem Kumar (OSCP)
 
I Want More Ninja – iOS Security Testing
I Want More Ninja – iOS Security TestingI Want More Ninja – iOS Security Testing
I Want More Ninja – iOS Security TestingJason Haddix
 
Jailbreaking iOS
Jailbreaking iOSJailbreaking iOS
Jailbreaking iOSKai Aras
 
OWASP Melbourne - Introduction to iOS Application Penetration Testing
OWASP Melbourne - Introduction to iOS Application Penetration TestingOWASP Melbourne - Introduction to iOS Application Penetration Testing
OWASP Melbourne - Introduction to iOS Application Penetration Testingeightbit
 
Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...
Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...
Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...eightbit
 
Aes jul-upload
Aes jul-uploadAes jul-upload
Aes jul-uploadSetia Juli Irzal Ismail
 
YOW! Connected 2014 - Developing Secure iOS Applications
YOW! Connected 2014 - Developing Secure iOS ApplicationsYOW! Connected 2014 - Developing Secure iOS Applications
YOW! Connected 2014 - Developing Secure iOS Applicationseightbit
 
iOS jailbreaking
iOS jailbreakingiOS jailbreaking
iOS jailbreakingVarun Luthra
 
Faux Disk Encryption....by Drew Suarez & Daniel Mayer
Faux Disk Encryption....by Drew Suarez & Daniel MayerFaux Disk Encryption....by Drew Suarez & Daniel Mayer
Faux Disk Encryption....by Drew Suarez & Daniel MayerShakacon
 
CNIT 128 2. Analyzing iOS Applications (Part 2)
CNIT 128 2. Analyzing iOS Applications (Part 2)CNIT 128 2. Analyzing iOS Applications (Part 2)
CNIT 128 2. Analyzing iOS Applications (Part 2)Sam Bowne
 
Belenko, sklyarov dark and bright sides of i cloud (in)security
Belenko, sklyarov dark and bright sides of i cloud (in)securityBelenko, sklyarov dark and bright sides of i cloud (in)security
Belenko, sklyarov dark and bright sides of i cloud (in)securityDefconRussia
 

Más contenido relacionado

La actualidad más candente

Hacking and securing ios applications
Hacking and securing ios applicationsHacking and securing ios applications
Hacking and securing ios applicationsSatish b
 
iOS secure app development
iOS secure app developmentiOS secure app development
iOS secure app developmentDusan Klinec
 
Beginner’s Guide on How to Start Exploring IoT Security 1st Session
Beginner’s Guide on How to Start Exploring IoT Security 1st SessionBeginner’s Guide on How to Start Exploring IoT Security 1st Session
Beginner’s Guide on How to Start Exploring IoT Security 1st Sessionveerababu penugonda(Mr-IoT)
 
Pentesting iPhone applications
Pentesting iPhone applicationsPentesting iPhone applications
Pentesting iPhone applicationsSatish b
 
Beginners guide on how to start exploring IoT 2nd session
Beginners guide on how to start exploring IoT 2nd sessionBeginners guide on how to start exploring IoT 2nd session
Beginners guide on how to start exploring IoT 2nd sessionveerababu penugonda(Mr-IoT)
 
Hacking and Securing iOS Apps : Part 1
Hacking and Securing iOS Apps : Part 1Hacking and Securing iOS Apps : Part 1
Hacking and Securing iOS Apps : Part 1Subhransu Behera
 
ios device protection review
ios device protection reviewios device protection review
ios device protection reviewnlog2n
 
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3miOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3mPrem Kumar (OSCP)
 
I Want More Ninja – iOS Security Testing
I Want More Ninja – iOS Security TestingI Want More Ninja – iOS Security Testing
I Want More Ninja – iOS Security TestingJason Haddix
 
Jailbreaking iOS
Jailbreaking iOSJailbreaking iOS
Jailbreaking iOSKai Aras
 
OWASP Melbourne - Introduction to iOS Application Penetration Testing
OWASP Melbourne - Introduction to iOS Application Penetration TestingOWASP Melbourne - Introduction to iOS Application Penetration Testing
OWASP Melbourne - Introduction to iOS Application Penetration Testingeightbit
 
Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...
Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...
Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...eightbit
 
YOW! Connected 2014 - Developing Secure iOS Applications
YOW! Connected 2014 - Developing Secure iOS ApplicationsYOW! Connected 2014 - Developing Secure iOS Applications
YOW! Connected 2014 - Developing Secure iOS Applicationseightbit
 
Faux Disk Encryption....by Drew Suarez & Daniel Mayer
Faux Disk Encryption....by Drew Suarez & Daniel MayerFaux Disk Encryption....by Drew Suarez & Daniel Mayer
Faux Disk Encryption....by Drew Suarez & Daniel MayerShakacon
 

La actualidad más candente (20)

Hacking and securing ios applications
Hacking and securing ios applicationsHacking and securing ios applications
Hacking and securing ios applications
 
iOS secure app development
iOS secure app developmentiOS secure app development
iOS secure app development
 
Beginner’s Guide on How to Start Exploring IoT Security 1st Session
Beginner’s Guide on How to Start Exploring IoT Security 1st SessionBeginner’s Guide on How to Start Exploring IoT Security 1st Session
Beginner’s Guide on How to Start Exploring IoT Security 1st Session
 
Firmware analysis 101
Firmware analysis 101Firmware analysis 101
Firmware analysis 101
 
Pentesting iPhone applications
Pentesting iPhone applicationsPentesting iPhone applications
Pentesting iPhone applications
 
IoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangaloreIoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangalore
 
Beginners guide on how to start exploring IoT 2nd session
Beginners guide on how to start exploring IoT 2nd sessionBeginners guide on how to start exploring IoT 2nd session
Beginners guide on how to start exploring IoT 2nd session
 
iOS Application Penetration Testing
iOS Application Penetration TestingiOS Application Penetration Testing
iOS Application Penetration Testing
 
Hacking and Securing iOS Apps : Part 1
Hacking and Securing iOS Apps : Part 1Hacking and Securing iOS Apps : Part 1
Hacking and Securing iOS Apps : Part 1
 
Owasp top 10
Owasp top 10 Owasp top 10
Owasp top 10
 
ios device protection review
ios device protection reviewios device protection review
ios device protection review
 
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3miOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3m
 
I Want More Ninja – iOS Security Testing
I Want More Ninja – iOS Security TestingI Want More Ninja – iOS Security Testing
I Want More Ninja – iOS Security Testing
 
Jailbreaking iOS
Jailbreaking iOSJailbreaking iOS
Jailbreaking iOS
 
OWASP Melbourne - Introduction to iOS Application Penetration Testing
OWASP Melbourne - Introduction to iOS Application Penetration TestingOWASP Melbourne - Introduction to iOS Application Penetration Testing
OWASP Melbourne - Introduction to iOS Application Penetration Testing
 
Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...
Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...
Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...
 
Aes jul-upload
Aes jul-uploadAes jul-upload
Aes jul-upload
 
YOW! Connected 2014 - Developing Secure iOS Applications
YOW! Connected 2014 - Developing Secure iOS ApplicationsYOW! Connected 2014 - Developing Secure iOS Applications
YOW! Connected 2014 - Developing Secure iOS Applications
 
iOS jailbreaking
iOS jailbreakingiOS jailbreaking
iOS jailbreaking
 
Faux Disk Encryption....by Drew Suarez & Daniel Mayer
Faux Disk Encryption....by Drew Suarez & Daniel MayerFaux Disk Encryption....by Drew Suarez & Daniel Mayer
Faux Disk Encryption....by Drew Suarez & Daniel Mayer
 

Similar a iOS Forensics: Overcoming iPhone Data Protection

CNIT 128 2. Analyzing iOS Applications (Part 2)
CNIT 128 2. Analyzing iOS Applications (Part 2)CNIT 128 2. Analyzing iOS Applications (Part 2)
CNIT 128 2. Analyzing iOS Applications (Part 2)Sam Bowne
 
Belenko, sklyarov dark and bright sides of i cloud (in)security
Belenko, sklyarov dark and bright sides of i cloud (in)securityBelenko, sklyarov dark and bright sides of i cloud (in)security
Belenko, sklyarov dark and bright sides of i cloud (in)securityDefconRussia
 
Synapse india iphone apps presentation oncracking and analyzing apple icloud
Synapse india iphone apps presentation oncracking and analyzing apple icloudSynapse india iphone apps presentation oncracking and analyzing apple icloud
Synapse india iphone apps presentation oncracking and analyzing apple icloudSynapseIndiaiPhoneApps
 
iOS Application Penetation Test
iOS Application Penetation TestiOS Application Penetation Test
iOS Application Penetation TestJongWon Kim
 
“Secure Password Managers” and “Military-Grade Encryption” on Smartphones:...
“Secure Password Managers” and “Military-Grade Encryption” on Smartphones:...“Secure Password Managers” and “Military-Grade Encryption” on Smartphones:...
“Secure Password Managers” and “Military-Grade Encryption” on Smartphones:...Positive Hack Days
 
Mr. Andrey Belenko - secure password managers and military-grade encryption o...
Mr. Andrey Belenko - secure password managers and military-grade encryption o...Mr. Andrey Belenko - secure password managers and military-grade encryption o...
Mr. Andrey Belenko - secure password managers and military-grade encryption o...nooralmousa
 
How to do Cryptography right in Android Part Two
How to do Cryptography right in Android Part TwoHow to do Cryptography right in Android Part Two
How to do Cryptography right in Android Part TwoArash Ramez
 
Maemo 6 Platform Security
Maemo 6 Platform SecurityMaemo 6 Platform Security
Maemo 6 Platform SecurityPeter Schneider
 
Troopers14 Advanced Smartphone forensics - Vladimir Katalov
Troopers14 Advanced Smartphone forensics - Vladimir KatalovTroopers14 Advanced Smartphone forensics - Vladimir Katalov
Troopers14 Advanced Smartphone forensics - Vladimir KatalovJose Moruno Cadima
 
Ярослав Воронцов — Пара слов о mobile security.
Ярослав Воронцов — Пара слов о mobile security.Ярослав Воронцов — Пара слов о mobile security.
Ярослав Воронцов — Пара слов о mobile security.DataArt
 
"Mobile security: iOS", Yaroslav Vorontsov, DataArt
"Mobile security: iOS", Yaroslav Vorontsov, DataArt"Mobile security: iOS", Yaroslav Vorontsov, DataArt
"Mobile security: iOS", Yaroslav Vorontsov, DataArtDataArt
 
Eloi Sanfélix y Javier Moreno - Hardware hacking on your couch [RootedCON 2012]
Eloi Sanfélix y Javier Moreno - Hardware hacking on your couch [RootedCON 2012]Eloi Sanfélix y Javier Moreno - Hardware hacking on your couch [RootedCON 2012]
Eloi Sanfélix y Javier Moreno - Hardware hacking on your couch [RootedCON 2012]RootedCON
 
Attacking and Defending Apple iOS Devices
Attacking and Defending Apple iOS DevicesAttacking and Defending Apple iOS Devices
Attacking and Defending Apple iOS DevicesTom Eston
 
CNIT 128 2. Analyzing iOS Applications (Part 1)
CNIT 128 2. Analyzing iOS Applications (Part 1)CNIT 128 2. Analyzing iOS Applications (Part 1)
CNIT 128 2. Analyzing iOS Applications (Part 1)Sam Bowne
 
What's in a Jailbreak? - BSides 2019 keynote
What's in a Jailbreak? - BSides 2019 keynoteWhat's in a Jailbreak? - BSides 2019 keynote
What's in a Jailbreak? - BSides 2019 keynoteMarkDowd13
 
List of Software tools for encryption
List of Software tools for encryptionList of Software tools for encryption
List of Software tools for encryptionCliford John Reandino
 
Solnik secure enclaveprocessor-pacsec
Solnik secure enclaveprocessor-pacsecSolnik secure enclaveprocessor-pacsec
Solnik secure enclaveprocessor-pacsecPacSecJP
 

Similar a iOS Forensics: Overcoming iPhone Data Protection (20)

CNIT 128 2. Analyzing iOS Applications (Part 2)
CNIT 128 2. Analyzing iOS Applications (Part 2)CNIT 128 2. Analyzing iOS Applications (Part 2)
CNIT 128 2. Analyzing iOS Applications (Part 2)
 
Belenko, sklyarov dark and bright sides of i cloud (in)security
Belenko, sklyarov dark and bright sides of i cloud (in)securityBelenko, sklyarov dark and bright sides of i cloud (in)security
Belenko, sklyarov dark and bright sides of i cloud (in)security
 
Synapse india iphone apps presentation oncracking and analyzing apple icloud
Synapse india iphone apps presentation oncracking and analyzing apple icloudSynapse india iphone apps presentation oncracking and analyzing apple icloud
Synapse india iphone apps presentation oncracking and analyzing apple icloud
 
iOS Forensics
iOS Forensics iOS Forensics
iOS Forensics
 
iOS Application Penetation Test
iOS Application Penetation TestiOS Application Penetation Test
iOS Application Penetation Test
 
“Secure Password Managers” and “Military-Grade Encryption” on Smartphones:...
“Secure Password Managers” and “Military-Grade Encryption” on Smartphones:...“Secure Password Managers” and “Military-Grade Encryption” on Smartphones:...
“Secure Password Managers” and “Military-Grade Encryption” on Smartphones:...
 
Mr. Andrey Belenko - secure password managers and military-grade encryption o...
Mr. Andrey Belenko - secure password managers and military-grade encryption o...Mr. Andrey Belenko - secure password managers and military-grade encryption o...
Mr. Andrey Belenko - secure password managers and military-grade encryption o...
 
How to do Cryptography right in Android Part Two
How to do Cryptography right in Android Part TwoHow to do Cryptography right in Android Part Two
How to do Cryptography right in Android Part Two
 
Maemo 6 Platform Security
Maemo 6 Platform SecurityMaemo 6 Platform Security
Maemo 6 Platform Security
 
Troopers14 Advanced Smartphone forensics - Vladimir Katalov
Troopers14 Advanced Smartphone forensics - Vladimir KatalovTroopers14 Advanced Smartphone forensics - Vladimir Katalov
Troopers14 Advanced Smartphone forensics - Vladimir Katalov
 
Ярослав Воронцов — Пара слов о mobile security.
Ярослав Воронцов — Пара слов о mobile security.Ярослав Воронцов — Пара слов о mobile security.
Ярослав Воронцов — Пара слов о mobile security.
 
"Mobile security: iOS", Yaroslav Vorontsov, DataArt
"Mobile security: iOS", Yaroslav Vorontsov, DataArt"Mobile security: iOS", Yaroslav Vorontsov, DataArt
"Mobile security: iOS", Yaroslav Vorontsov, DataArt
 
Ethereum Security 101
Ethereum Security 101Ethereum Security 101
Ethereum Security 101
 
Eloi Sanfélix y Javier Moreno - Hardware hacking on your couch [RootedCON 2012]
Eloi Sanfélix y Javier Moreno - Hardware hacking on your couch [RootedCON 2012]Eloi Sanfélix y Javier Moreno - Hardware hacking on your couch [RootedCON 2012]
Eloi Sanfélix y Javier Moreno - Hardware hacking on your couch [RootedCON 2012]
 
Attacking and Defending Apple iOS Devices
Attacking and Defending Apple iOS DevicesAttacking and Defending Apple iOS Devices
Attacking and Defending Apple iOS Devices
 
CNIT 128 2. Analyzing iOS Applications (Part 1)
CNIT 128 2. Analyzing iOS Applications (Part 1)CNIT 128 2. Analyzing iOS Applications (Part 1)
CNIT 128 2. Analyzing iOS Applications (Part 1)
 
Messing around avs
Messing around avsMessing around avs
Messing around avs
 
What's in a Jailbreak? - BSides 2019 keynote
What's in a Jailbreak? - BSides 2019 keynoteWhat's in a Jailbreak? - BSides 2019 keynote
What's in a Jailbreak? - BSides 2019 keynote
 
List of Software tools for encryption
List of Software tools for encryptionList of Software tools for encryption
List of Software tools for encryption
 
Solnik secure enclaveprocessor-pacsec
Solnik secure enclaveprocessor-pacsecSolnik secure enclaveprocessor-pacsec
Solnik secure enclaveprocessor-pacsec
 

Último

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 

Último (20)

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 

iOS Forensics: Overcoming iPhone Data Protection

  • 1. iOS Forensics: Overcoming iPhone Data Protection Andrey Belenko Chief Security Researcher Elcomsoft Co. Ltd. 1
  • 2. Agenda • iOS Forensics 101 • iOS 4 Data Protection • iOS Forensics • Passcode • Keychain • Storage 2
  • 3. Forensics 101 Acquisition ➜ Analysis ➜ Reporting GOALS: 1. Assuming physical access to the device extract as much information as practical 2. Leave as little traces/artifacts as practical 3
  • 4. iOS Forensics 101 • Passcode • Prevents unauthorized access to the device • Bypassing passcode is usually enough • Keychain • System-wide storage for sensitive data • Encrypted • Storage encryption • iPhone 3Gs and later can encrypt disk data 4
  • 5. iOS Forensics 101 • iOS is modified version of Mac OS X • Familiar environment • iOS enforces additional security • Code signing: can’t run unsigned executables • Sandboxing: access to system is limited • Acquisition options: • Via exposed interfaces (i.e. Sync, Backup) • Via circumventing security and running own code 5
  • 6. iOS Forensics 101 • Logical: iOS Backup • Ask device to produce a backup • Device must be unlocked • Device may produce encrypted backup • Limited amount of information • Physical: filesystem acquisition • Boot-time exploit to run unsigned code • Device lock state isn’t relevant • Can get all information from the device • Since iOS 4 filesystem is encrypted 6
  • 7. Pre-iOS 4 Forensics • Device passcode can be bypassed • Storage is effectively not encrypted • Device transparently decrypts data • Keychain data is encrypted • One can either decrypt all or nothing. Usually all. Once you have code execution, rest is easy 7
  • 8. New in iOS 4 • Passcode protection is much more robust • Storage is encrypted • Metadata is not encrypted • Contents of (almost) every file is encrypted • New (and better) Keychain encryption • New (and better) iTunes backup format All these are part of iOS 4 Data Protection 8
  • 9. AES Keys • All iOS devices have built-in AES processor with 2 hardcoded keys: • GID Key is shared by all devices of the same kind • UID Key is unique to each and every device (hardware key) • More keys are computed during startup: • Key 0x835 = AES_encrypt (UID, 0101..01) (device key) • Derived keys depend solely on GID or UID and thus are fixed for the particular device 9
  • 10. Protection Classes • Content is grouped into protection classes: •Available only when device is unlocked •Available after first device unlock (and until off) •Always available • Each protection class assigned a master encryption key • Master keys are protected by device key and passcode • Protected master keys form system keybag • New keys created during device restore 10
  • 11. System Keybag • Stores protected (encrypted) master keys • Keybag payload is encrypted before writing to disk • Stored in /private/var/keybags/systembag.kb • File has NSProtectionNone protection class • Meaning it is encrypted • 11 protection classes in total • All but NSProtectionNone are stored in systembag.kb • NSProtectionNone is stored in Effaceable Storage 11
  • 12. Effaceable Storage • Region of flash memory • Facilitates storage of small amounts of data with ability to quickly erase them • Items within effaceable storage are called lockers • As of iOS 4: 960 bytes capacity, 3 lockers: • ‘BAG1’ – systembag.kb payload key and IV • ‘Dkey’ – NSProtectionNone class master key • ‘EMF!’ – Filesystem encryption key 12
  • 13. Unlocking Keybag Passcode Key Device Key if (WRAP & 0x2) if (WRAP & 0x1) Keybag (locked) Keybag (unlocked) Protected Key DECRYPT Key WRAP = 1 Protected Key UNWRAP Key WRAP = 2 Protected Key UNWRAP DECRYPT Key WRAP = 3 Protected Key DECRYPT Key WRAP = 1 Protected Key UNWRAP DECRYPT Key WRAP = 3 ... ... 13
  • 14. Escrow Keybag • “Usability feature” • Allows iTunes to unlock the device • Contains same master keys as system keybag • Created when device (unlocked) is connected to the iTunes for the first time • Stored on the computer side • Protected by 256 bit random “passcode” • “Passcode” is stored on the device • Escrow keybag gives same powers as knowing the passcode 14
  • 15. iOS 4 Key Hierarchy Must be done on the device Passcode UID Key KDF EMF Key Decrypt Key 89B Key 835 Passcode Key Effaceable Storage ‘EMF!’ System Keybag (locked) ‘Dkey’ Class A Key (#1) ‘BAG1’ Unlock Class B Key (#2) Class C Key (#3) Class D Key (#4) Class Key #5 systembag.kb Decrypt System Keybag … (unlocked) Class Key #11 15
  • 16. iOS 4 Key Hierarchy Must be done on the device Passcode Required to decrypt files/keychain UID Key KDF EMF Key Decrypt Key 89B Key 835 Passcode Key Effaceable Storage ‘EMF!’ System Keybag (locked) ‘Dkey’ Class A Key (#1) ‘BAG1’ Unlock Class B Key (#2) Class C Key (#3) Class D Key (#4) Class Key #5 systembag.kb Decrypt System Keybag … (unlocked) Class Key #11 16
  • 17. iOS 4 Key Hierarchy Must be done on the device Passcode Required to decrypt files/keychain Sufficient for key reconstruction UID Key KDF EMF Key Decrypt Key 89B Key 835 Passcode Key Effaceable Storage ‘EMF!’ System Keybag (locked) ‘Dkey’ Class A Key (#1) ‘BAG1’ Unlock Class B Key (#2) Class C Key (#3) Class D Key (#4) Class Key #5 systembag.kb Decrypt System Keybag … (unlocked) Class Key #11 17
  • 18. iOS 4 Key Hierarchy Must be done on the device Passcode Required to decrypt files/keychain Sufficient for key reconstruction UID Key KDF EMF Key Decrypt Key 89B Key 835 Passcode Key Effaceable Storage ‘EMF!’ System Keybag (locked) ‘Dkey’ Class A Key (#1) ‘BAG1’ Unlock Class B Key (#2) Class C Key (#3) Class D Key (#4) Class Key #5 systembag.kb Decrypt System Keybag … (unlocked) Class Key #11 18
  • 19. iOS 4 Key Hierarchy Must be done on the device Passcode Required to decrypt files/keychain Sufficient for key reconstruction UID Key KDF EMF Key Decrypt Key 89B Key 835 Passcode Key Effaceable Storage ‘EMF!’ System Keybag (locked) ‘Dkey’ Class A Key (#1) ‘BAG1’ Unlock Class B Key (#2) Class C Key (#3) Class D Key (#4) Class Key #5 systembag.kb Decrypt System Keybag … (unlocked) Class Key #11 19
  • 20. iOS 4 Key Hierarchy Must be done on the device Passcode Required to decrypt files/keychain Sufficient for key reconstruction UID Key KDF EMF Key Decrypt Key 89B Key 835 Passcode Key Effaceable Storage ‘EMF!’ System Keybag (locked) ‘Dkey’ Class A Key (#1) ‘BAG1’ Unlock Class B Key (#2) Class C Key (#3) Class D Key (#4) Class Key #5 systembag.kb Decrypt System Keybag … (unlocked) Class Key #11 20
  • 21. iOS 4 Key Hierarchy Must be done on the device Passcode Required to decrypt files/keychain Sufficient for key reconstruction UID Key KDF EMF Key Decrypt Key 89B Key 835 Passcode Key Effaceable Storage ‘EMF!’ System Keybag (locked) ‘Dkey’ Class A Key (#1) ‘BAG1’ Unlock Class B Key (#2) Class C Key (#3) Class D Key (#4) Class Key #5 systembag.kb Decrypt System Keybag … (unlocked) Class Key #11 21
  • 22. Pre-iOS 4 Passcode • Lockscreen (i.e. UI) is the only protection • Passcode is stored in the keychain • Passcode itself, not its hash • Can be recovered or removed instantly • Remove record from the keychain • And/or remove setting telling UI to ask for the passcode 22
  • 23. 23
  • 24. iOS 4 Passcode • Passcode is used to compute passcode key • Computation tied to hardware key • Same passcode will yield different passcode keys on different devices! • Passcode key required to unlock all but 3 master keys in system keybag • Most files are NSProtectionNone thus don’t need passcode • Most keychain items are accessible WhenUnlocked or AfterFirstUnlock thus DO require passcode 24
  • 25. iOS 4 Passcode • Passcode-to-Key transformation is slow • Offline bruteforce currently not possible • Requires extracting hardware key • On-device bruteforce is slow •2 p/s on iPhone 3G, 7 p/s on iPad • System keybag contains hint on password complexity 25
  • 26. iOS 4 Passcode • 0 – digits only, length = 4 (simple passcode) 26
  • 27. iOS 4 Passcode • 0 – digits only, length = 4 (simple passcode) • 1 – digits only, length != 4 27
  • 28. iOS 4 Passcode • 0 – digits only, length = 4 (simple passcode) • 1 – digits only, length != 4 • 2 – contains non-digits, any length 28
  • 29. iOS 4 Passcode • 0 – digits only, length = 4 (simple passcode) • 1 – digits only, length != 4 • 2 – contains non-digits, any length Can at least identify weak passcodes 29
  • 30. Demo 30
  • 31. Pre-iOS 4 Keychain • SQLite3 Database, only passwords are encrypted • All items are encrypted with the device key (0x835) and random IV • Key is unique for each device and is fixed for lifetime of the device • Key can be extracted (computed) for offline use • All past and future keychain items from the device can be decrypted using that key Encrypted with Key 0x835 IV Data SHA-1 (Data) 0 16 31
  • 32. iOS 4 Keychain • SQLite3 Database, only passwords are encrypted • Available protection classes: • kSecAttrAccessibleWhenUnlocked (+ ...ThisDeviceOnly) • kSecAttrAccessibleAfterFirstUnlock (+ ...ThisDeviceOnly) • kSecAttrAccessibleAlways (+ ...ThisDeviceOnly) • Random key for each item • Item key is protected with corresponding protection class master key 0 Class Wrapped Item Key Encrypted Item 0 4 8 48 32
  • 33. Pre-iOS 4 Storage • No encryption before iPhone 3GS • Starting with iPhone 3GS: • Encryption uses EMF key for everything • Provides fast wipe, not confidentiality • Transparent to applications • Filesystem acquisition is not affected 33
  • 34. iOS 4 Storage • Available protection classes: • NSProtectionNone • NSProtectionComplete • If no protection class is specified, EMF key is used • Filesystem metadata and unprotected files • Transparent encryption and decryption (same as pre-iOS 4) • If protection class is specified, per-file random key is used • Key protected with master key is stored com.apple.system.cprotect extended attribute 34
  • 35. iOS 4 Storage • Acquired raw image has everything decrypted with EMF key • Filesystem metadata is OK • File contents are not • Restoring file data requires reverse transformations: • Encrypt with EMF key to get correct ciphertext • Decrypt with file key to get plaintext 35
  • 36. iOS 4 Forensics Must be done on the device Passcode Required to decrypt files/keychain Sufficient for offline key reconstruction UID Key KDF EMF Key Decrypt Key 89B Key 835 Passcode Key Effaceable Storage ‘EMF!’ System Keybag (locked) ‘Dkey’ Class A Key (#1) ‘BAG1’ Unlock Class B Key (#2) Class C Key (#3) Class D Key (#4) Class Key #5 systembag.kb Decrypt System Keybag … (unlocked) Class Key #11 36
  • 37. iOS 4 Forensics • Acquiring disk image is not enough for iOS 4+ • Content protection keys must also be extracted from the device during acquisition • Effaceable Storage contents are also needed to decrypt dd images. • Passcode or escrow keybag is needed for a complete set of master keys • In real world it might be a good idea to extract source data and compute protection keys offline 37
  • 38. Conclusion • iPhone physical analysis is possible again • Physical acquisition requires boot-time exploit • Passcode is usually not a problem • Both proprietary and open-source tools for iOS 4 forensics available 38
  • 40. iOS Forensics: Overcoming iPhone Data Protection a.belenko@elcomsoft.com @andreybelenko www.elcomsoft.com 40