Covering Mobile Phone Forensics, Information Security and Computer Security
PwnageTool 2.0 MACOSX version is released.
For more details, please visit:
rlslog.net
also see:
UPDATE: Don’t have a Mac? You can do it in Windows as well. For instractions, go here:
Step-by-Step Guide to Pwn first generation iPhone running firmware 2.0 using Windows
In a previous post http://www.mysecured.com/?p=202 I showed that your data is not wiped when you do a normal restore. So in this post I will show you some of the ways you can wipe your phone with some degree of certainty that the information on it is wiped.
If you want to wipe your iPhone before you sell it on eBay or give it back to Apple because the touch screen stopped working all of a sudden! Then here are the different ways you can wipe it:
- Jonathan Zdziarski’s method:
http://www.zdziarski.com/papers/wipe.html
It involves jailbreaking and command line access. It is best suited for people with jailbroken iPhones and are really paranoid and control freaks!
- Rich Mogull’s (securosis.com) method:
http://securosis.com/2008/05/20/formatting-an-iphone-to-wipe-data/Which is an easy to do 2 restores and 3 overwrites of the iPhone device’s user data area. Look at this video from CNET on youtube:
- BigBoss Wipe App Method:
http://sleepers.net/news/?p=174
This needs the iPhone to be jailbroken as well. It does a zero out wipe on the device, so it will require a restore afterwards.
The basic idea of all of the methods is to overwrite the data in the user area. Be it by overwriting it with music as in Mogull’s method or by using a wipe tool as with BigBoss or by overwriting it with zeros as in Jonathan’s method. I prefer the latter two methods as overwriting with music might leave some of the data intact (call me paranoid!). But on the other hand it could be the only option for people who do not want to jailbreak their iPhone or do not have the technical expertise to do so.
According to Jonathan Zdziarski:
So, if you have to return your iPhone to an Apple or AT&T store and they offer to replace it with a new one, make sure that you wipe your data properly first. A proper bit level wipe is needed here and NOT a system restore!
Sources for downloading iPhone third party apps. Here is a list:
Community Sources:
BigBoss: thebigboss.org/repo.xml
Conceited Software: http://www.macminicolo.net/conceited/iphone/cache.plist
ModMyiFone.com: modmyifone.com/installer.xml
Ste Packaging:http://repo.smxy.org/iphone-apps/ (make sure you include the last /)
iPod Touch Fans: www.touchrepo.com/repo.xml
Other Sources:
aka.Repository: akamatsu.org/repo.xml
AlliPodHax Source: ihacks.us/index.xml or allipodhax.3host.biz/index.xml
AlohaSoft 1.0.2 - homepage.mac.com/reinholdpenner/102.xml
AlohaSoft 1.1.1: homepage.mac.com/reinholdpenner/111.xml
AlohaSoft 1.1.2: homepage.mac.com/reinholdpenner/112.xml
Apple (not really Apple): applerepo.com
AppTapp Official: repository.apptapp.com
Apogee LTD: apogeeltd.com
Blaze Official: blazecompany.googlepages.com/
BigBoss Beta: sleepers.net/iphonerepobeta
BlackWolf: m8an.de/ownrisk.xml (Extended Preferences)
Byooi Digicide: byooi.com/iphone/digicide.plist (Jiggy Apps)
CedSoft (iSnake/Bounce): prog.cedsoft.free.fr
Chris Miles Repository (iSolitare): iphone.rustyredwagon.com/repo
Conceited Software Beta: http://conceitedsoftware.com/iphone/beta/
CopyCoders: homepage.mac.com/hartsteins/copycoders/copycoders.xml (Network Apps)
dajavax: dajavax.googlepages.com/repo.xml
databinge: repo.databinge.com
Death to Design: iphone.deathtodesign.com
Digital Agua: repo.digitalagua.com
Dlubbat’s Apps: www.dlubbat.com/iphone.xml
Fight Club: dezign999.com/repo
FreeMyiPhone: pxl.freemyiphone.com/
Gogosoft Source: www.blackblack.org/gogobeta.plist
GravyTrain ’s Vault: iiispace.com/installer2.xml (Includes user submitted themes)
hitoriblog Experimental Pack: hpcgi3.nifty.com/moyashi/ipodtouch/repository.cgi
HighTymes: hightymes.org/iphone/plist/index.xml
iApp-a-Day: iappaday.com/install
Imagine09: home.twcny.rr.com/imagine09/Imagine09.xml
iBlackjack: iphonefanclub.com/native
iClarified: installer.iclarified.com
iPhone Cake: iphonecake.com/src/all
iPhoneDevDocs: idevdocs.com/install
iPhone For Taiwan (SummberBoard Themes): iphone4.tw/showme
i.Marine Software (Caissa): caissa.us
imimux Repository (Real Artist): imimux.com
iPhoneIslam: apps.iphoneislam.com
iPod Touched: ipodtouched.net/repo.xml
iPod-Touch-Themes.de: www.ipod-touch-themes.de/installer/repo.xml
iSpazio: http://repo.ispazio.net
iSwitcher (old): web.mac.com/iswitcher2/list.xml
iSwitcher (new) = MeachWare: meachware.com/list.xml
Jeremie Engel: rep.visuaweb.com
Jiggy Main Repository (Jiggy): jiggyapp.com/i
lazyasada: lazyasada.xeterdesign.com/repo.xml
Limited Edition iPhone: limitededitioniphone.com/lei.xml
Loring Studios: loringstudios.com/iPhone-schnapps/index.xml
MarcoGiorgini.com: marcogiorgini.com/iPhone/plist.xml
Makayama Software (CameraPro): tinyurl.com/2t8cax
MaomaLand: maomaland.com/iphone/repo.xml
Mateo (BeatPhone): bblk.net/iphone
McCarron’s Repo: patrickmccarron.com/irepo
MeachWare (new iSwitcher): www.meachware.com/list.xml
Mobile Stacks: mobilestack.googlecode.com/svn/repository/internal.plist
ModMyApple.it (iBirthday): www.serverasp.net/chiafa/MMA/repo.xml
Moyashi: hpcgi3.nifty.com/moyashi/ipodtouch/repository.cgi
MTL Repository: home.mike.tl/iphone
MyApple.pl: i.myapple.pl
newATTiPhone.com: newattiphone.com/repo.xml
NPike.net: http://apps.npike.net/repo.xml
Nuclear Design: nucleardesign.net/repository
Polar Bear Farm: www.polarbearfarm.com/repo/
Polleo Limited: source.polleo.no
Private Indistury: brandonsgames.com/chriss/index.xml
Pyrofer’s Projects: pyrofersprojects.com/repos/repos.xml
R4m0n (iPhysics): iphone.r4m0n.net/repos
RiP Dev (Caterpillar): http://repository.ripdev.com/
Robota Softwarehouse: iphone.robota.nl
Sanoodi Repository: sanoodi.com/iphone
Saurik’s Coding Toolbox (Cydia): apptapp.saurik.com
ScoresPro: www.scorespro.com/iphone/repo.xml
scummVM: urbanfanatics.com/scummvm.xml
sendowski.de (MobileChat)sendowski.de/iphone
Shai’s Apps: ride4.org/shai.xml
Simek’s Graphic: simek.ddl2.pl
Skrew: i.danstaface.net
Slezak’s Stuff: www.spencerslezak.com
Soneso Repository: soneso.com/iphone
SOS iPhone (ContactFlow): rep.sosiphone.com
Spiffyware: spiffyware.net/iphone
Studded: studded.net/installer/index.xml
Surge: iphonesurge.com/iphonesurge.xml
Swell: lyndellwiggins.com/installer/Swell
Swirlyspace: swirlyspace.com/SwirlySpace.xml
Touchmod Team: touchmods.net/rep.xml
Trejan: trejan.com/irepo
Trivialware: mazinger.cs.yale.edu/iphone-apps/index.xml
Unlock.no: i.unlock.no
weiPhone (weTools/weDict): app.weiphone.com/installer
Wizdom on Wheels (Common Website Links): iphoneapps.wizdomonwheels.com
ZodTTD.com Releases: zodttd.com/repo
Language Sources:
Arabic: apps.iphoneislam.com
Chinese: iphone.org.hk/repository.plist
Danish: iphone.vildmedmac.dk/install
French: rep.sosiphone.com
FrenchIphone: rep.frenchiphone.com
German: sendowski.de/iphone
German aXP: lostsoul.aeroxp.org/iphone/index.xml
Greek: www.greek-iphone.com/grloc
Hebrew ?????: ihebrew.net
Hungarian: ifhone.hu/install.xml
Norwegian - iFon: install.ifon.no
Polish - iPolish: krzak.net/iphone
Polish - iPolish(1.1.2): wakoman.ovh.org/iphone
Português-Brasil(1.1.2): iphonemod.com.br/forum/repo/installer.xml
Russian iPhone.RU: iphones.ru/r
Russian iPhone ??-??????: russianiphone.ru/beta
Russian Tools (in English): russianiphone.ru/beta/en
Spanish Phyros iPhone-ES: iphone.frickr.es/index.xml
Swedish iFun.se: ifun.se/swe
Taiwanese: iphone4.tw/unlock
Thai: pradt.net/iphone
Turkish: niffob.com/triphone.xml
Vietnamese: iphone.billydragon.net
More Sources here:
http://www.ipodtouchfans.com/wiki/index.php?title=IPod_touch_Installer_source_list
According to tuaw:
A half dozen different firms are actively hunting for developers who can assist law enforcement in reading data off unjailbroken iPhones
When: April 17, 2008 at 17:00 GMT
Who: Jonathan A. Zdziarski.
Details: While some of a suspect’s data can be viewed using the direct GUI interfaces in the iPhone’s software, much hidden and deleted data is available as well, which may provide for more thorough evidence gathering. Existing commercial forensic tools are sadly lacking their ability to perform deep raw disk level recovery, and so Jonathan will demonstrate how to install his custom forensics toolkit on any existing model iPhone and send a raw disk image to a desktop machine. He will also show you how to recover files specific to the iPhone including deleted keyboard caches, photos, web objects, and much more. Jonathan’s custom forensics toolkit and his accompanying forensic manual will be available free to forensic investigators in law enforcement.
Read More here:
http://www.oreillynet.com/pub/e/949?CMP=ILC-orm_webinars&ATT=iphone-forensics
I know that you’ll love this as a research tool. I love the visulization part and not so much the cover-flow type interface. It is still in beta, so I am expecting more GUI improvements 
Get it here:
http://www.yourergo.com/
Here is a link to a Video demo shown on CNET News.com. It shows the potential of software-as-a-service (SaaS) applications like Basecamp or Salesforce.com on the iPhone. This could boost the sales of the iPhone and at the same time provide another dimention to information accessable to the iPhone mobile device.
Get them here:
http://www.macworld.com/article/60232/2007/10/nov07mobilemac.html?t=213
Thanks to Macworld magazine
As requested by Haitham. The Hard drive is not actually a hard drive. It is a Samsung 65 Nanometer NAND flash part number “K9HBG08U1M” the same one used earlier in the 8GB iPod Nano.
Data sheet can be found here:
http://www.datasheet4u.com/download.php?id=604473
More information and other links can be found here:
http://www.iphonefreak.com/2007/07/iphone-componen.html
Good news for iPhone forensics:
Paraben’s Device Seizure can get a variety of data depending on the operating system version as well as whether or not the phone has been unlocked (often called Jailbreaking). The following is a general guide to what data can be acquired from the different versions, however, our testing shows that different Jailbreaking methods unlock different portions of the phone (for instance, one method allowed Device Seizure to acquire most media files but did not allow access to phone records, contacts, or images uploaded to the phone):
Firmware 1.0, 1.0.1 and 1.0.2: Most logical data can be acquired from the phone Firmware 1.1.1, 1.1.2, 1.1.3, and 1.1.4: Only the /var/root/Media folder will be acquired Firmware Unlocked by a Jailbreaking Utility: Should
acquire most logical data depending on the unlocking software used. This is our first release for the Apple iPhone and we expect to see many more additions to this technology in the future. Keep your subscription
current to make sure you get all the new updates.
As quoted from Paraben. For more information please visit Paraben.