Chapter 5. Defeating Encryption

Stealing data from many iOS devices has proven a relatively painless undertaking, especially with the many tools available in the open source community. For an attacker, the hard part is already done: the same techniques used for otherwise innocuous purposes, such as jailbreaking or unlock a device, can be retooled to break into a device and commit digital theft. The technical hurdles, such as exploiting the device’s boot loader and disabling the device’s security mechanisms, are already done for the attacker. Whether it’s a tool like redsn0w, which can automate the process of booting unsigned code, or the many distributions of cyanide, greenpois0n, blackra1n, or other tools available to do similar things, an attacker only need a little bit of code and some know-how to hijack a device.

Up to this point, you’ve been dealing primarily with data that is stored unencrypted. Any data stored using Apple’s protection class encryption has come across as unreadable. This chapter will demonstrate different techniques to extract encryption keys from a device and use them to decrypt passwords on the keychain, protection-class encrypted files, and raw disk. You’ll also learn an attack technique involving the equivalent of spyware, which can steal encrypted data without ever deducing the device’s passcode.

Sogeti’s Data Protection Tools

Sogeti is a 20,000 person strong corporation providing professional technology services, specializing in application management, ...

Get Hacking and Securing iOS Applications now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.