Collect information for all whose iPhone "is disabled,Connect to iTunes" Locked and want recover data
- iPhone have special mechanism design "permanent lock data if 10 times incorrect passcode attempt" and SEP (Secure Enclave Processor) to make iPhone more secure.
- "permanent lock data if 10 times incorrect passcode attempt" means the after 10 times incorrect passcode attempted , your data lost forever. There is an option in iOS perference , erase it or not . but even you don't enable erase , after 10 times incorrect attempts, your iPhone is permanent disabled until you erase all data and reset it by iTunes then restore something from backup. Apple doesn't provide keep data re-enable service official way.
- It means that your data never back if you have no backup before , or even you have backup , the new data after backup still lost.
- So iPhone's secure just means it guarantee the data not be read by someone without permission , it not guarantee the data not be remove in unwanted way.
- In these scenarios , iPhone is insecure totally .
- a. You always unlock your phone by "Touch ID" or "Face ID" . but one day , these unlock systems not work , and you forgot passcode after a long time not use it.
- b. You put your iPhone on desktop , some children want unlock your phone for play games , but failed.
- c. You record a crime or accident scene , but someone don't want the record exists , just need "10 times attempts".
- iPhone's special mechanism design prevent the data can't be read in extreme secure way , but make the data can't be delete in extreme insecure .
- Then , to know how to recover data on "disabled" iPhone is necessary .
https://checkm8.info provides a paid software for passcode lock screen removal , but it only for 12.3 โ 13.x.x and 14.0 .
checkra1n (https://checkra.in) 0.11.0 beta can jailbreak 12.0 - 13.7 . it unlocked USB connection and provide SSH connect , but can't access important many files (e.g /private/var/mobile/Media/DCIM/* )
- PDF: Attack Secure Boot of SEP
- PDF: Demystifying the Secure Enclave Processor
- PDF: (Presentation)Demystifying the Secure Enclave Processor
- PDF: Apple Secure Key Store Cryptographic Module, v1.0 FIPS 140-2 Non-Proprietary Security Policy
- Data Storage on iOS
- Reverse-Engineering the iPhone X Home Indicator Color
- Q&A: Restart Springboard without locking screen? (This method no longer work in iOS 5.x)
- https://github.com/ichitaso/iOS-12.0-12.1.2-SpringBoard-Headers
- https://github.com/nst/iOS-Runtime-Headers
Debugging an iPhone with Bonobo JTAG cable + OpenOCD + GDB demoted by checkm8