3 December, 2019

Elcomsoft Extracts Data from Locked iPhones with Unpatchable checkra1n Jailbreak

ElcomSoft Co. Ltd. releases a major update of iOS Forensic Toolkit, the company’s mobile forensic tool for extracting data from a range of Apple devices. Version 5.20 adds the ability to extract the file system and decrypt the keychain from select Apple devices running all versions of iOS from iOS 12 to iOS 13.3. Partial file system extraction is now possible from locked iPhones even if the screen lock password is not known.

“Critical evidence may not be available without low-level access to the file system”, says Vladimir Katalov, ElcomSoft CEO. “For the first time since the iPhone 4, experts can access pretty much everything stored in a wide range of iPhone models. Secret chats, cached messages, working databases, location and system logs and a lot more can be extracted from the iPhone X and older models regardless of the iOS version.”

The list of supported devices includes a number of models ranging from the iPhone 5s all the way up to the iPhone X, iPad models from iPad mini 2 to iPad Pro 10.5 and the new iPad (2018), Apple TV HD (ATV4) and Apple TV 4K. Making use of the new future-proof bootrom exploit built into the checkra1n jailbreak, Elcomsoft iOS Forensic Toolkit can extract the full file system image, decrypt passwords and authentication credentials stored in the iOS keychain. For locked iPhones, the tool offers partial file system extraction.

Extracting Data from Locked iPhones

For the first time, iOS Forensic Toolkit 5.20 supports partial acquisition for BFU (Before First Unlock) devices, as well as for locked devices with unknown screen lock passcode. Targeting a vulnerability in Apple’s bootrom, the jailbreak is installed via DFU mode and is available for all compatible devices regardless of their lock state of BFU/AFU status. As a result, Elcomsoft iOS Forensic Toolkit 5.20 makes it possible to perform partial file system extraction for locked devices as well as devices that are in the USB restricted mode.

The new jailbreak can be installed on devices with known or unknown screen lock passcode. The installation process differs significantly from all previous jailbreaks. More information in our blog: iOS Device Acquisition with checkra1n Jailbreak

Supported Devices

The list of supported devices includes models based on Apple’s A7 through A11 SoC. This includes the iPhone 5s, 6, 6s, SE, 7 and 8 along with the Plus versions, as well as the iPhone X. Apple iPad devices running on the corresponding CPUs are also supported, which includes models ranging from the iPad mini 2 all the way up to the 2018 iPad, iPad 10.2, iPad Pro 12.9 (1.Gen) and iPad Pro 10.5. In addition, Elcomsoft iOS Forensic Toolkit 5.20 supports Apple TV HD (ATV4) and Apple TV 4K.

Pricing and Availability

Elcomsoft iOS Forensic Toolkit 5.20 is immediately available in Windows and Mac editions. North American pricing starts from $1,495 (local pricing may vary). Both Windows and Mac OS X versions are supplied with every order. Existing customers can upgrade at no charge or at a discount depending on their license expiration. Elcomsoft iOS Forensic Toolkit is available stand-alone and as part of Elcomsoft Mobile Forensic Bundle, which offers many additional features including cloud extraction.

About Elcomsoft iOS Forensic Toolkit

Elcomsoft iOS Forensic Toolkit provides forensic access to encrypted information stored in popular Apple devices running iOS. By performing physical acquisition of the device, the Toolkit offers instant access to all protected information including SMS and email messages, call history, contacts and organizer data, Web browsing history, voicemail and email accounts and settings, stored logins and passwords, geolocation history, the original plain-text Apple ID password, conversations carried over various instant messaging apps such as Skype or Viber, as well as all application-specific data saved in the device.

iOS Forensic Toolkit is the only tool on the market to offer physical acquisition for Apple devices equipped with 64-bit SoC (subject to jailbreak availability). Physical acquisition for 64-bit devices returns significantly more information compared to logical and over-the-air approaches.

About ElcomSoft Co. Ltd.

Founded in 1990, ElcomSoft Co.Ltd. is a global industry-acknowledged expert in computer and mobile forensics providing tools, training, and consulting services to law enforcement, forensics, financial and intelligence agencies. ElcomSoft pioneered and patented numerous cryptography techniques, setting and exceeding expectations by consistently breaking the industry’s performance records. ElcomSoft is Microsoft Certrified Partner (Gold competency), and Intel Software Premier Elite Partner.