Ipad lock

frase

frase

Well-Known Member
Reaction score
3,725
Location
Melbourne, Australia
Just had a call from a customer, they had factory reset the device and now cannnot access as do not know passcode.
I stated "If you do not know the Appleid or passcode, you are sitting on a bricked device, as nothing can be done"
They then said "Another tech guy said they can bypass this some way, though the cost is $AUS500."
I suspect this other "tech guy" would be someone from social media or a google search. As I am unsure if the other business's in my area would do such a thing.

I said it is not possible and that sounds like a dodgy practice to me and would not work AFAIK, if so anyway I would not do that.
Just thought it was interesting does such a thing exist? I have never heard or seen of these workarounds if there were all the stolen devices would use this "Fix".

Sounds iShady to me.
 
frase said:
Just had a call from a customer, they had factory reset the device and now cannnot access as do not know passcode.
I stated "If you do not know the Appleid or passcode, you are sitting on a bricked device, as nothing can be done"
They then said "Another tech guy said they can bypass this some way, though the cost is $AUS500."

I said it is not possible and that sounds like a dodgy practice to me and would not work AFAIK, if so anyway I would not do that.
Just thought it was interesting does such a thing exist? I have never heard or seen of these workarounds if there were all the stolen devices would use this "Fix".

Sounds iShady to me.
Click to expand...
I wouldn't mind knowing this, as well. I've not once been able to unlock an Apple device without and Apple ID.
 
I didn't have to complete the process, but I recently looked into resetting the device knowing the Apple ID, but not the password. There needs to be another iDevice associated with the Apple ID or you have to have set up someone else with an iDevice as some sort of "backup contact" on your Apple Account long before this need arose.

Might that be an option?
 
GTP said:
If it was that easy to "unlock" an i device why did the NSA go to so much trouble unlocking that terrorists iPhone?
Click to expand...

Because there was no legitimate owner who was cooperating (or, perhaps, alive)?

But your central point, that Apple makes it very difficult indeed to unlock a device, even if you are the legitimate owner of record, stands.

What I remember about recovering the password for a known Apple ID starts here: https://support.apple.com/en-us/102656
 
They had no other device linked and did not know the AppleID. I think either it was purchased via FB Marketplace, never asked or stolen never asked. I could post here the method of bypassing via NAND and WiFi that I am aware of, though to me it is illegal to do so and something I do not offer to customers.
 
frase said:
I could post here the method of bypassing via NAND and WiFi that I am aware of, though to me it is illegal to do so and something I do not offer to customers.
Click to expand...
Jail breaking is not illegal as long as it's not done for profit. But it's certainly not a solution for run of the mill consumers.
 
There are some shady services that remove iCloud lock on iPhones, iPads, and Macs. A client of mine used this service and claimed that it worked:

iremove.tools

iCloud Bypass (Unlock) - iRemove Software

Bypass iCloud Lock Software powered by iRemove Team. iCloud Unlock Tool for iPhone & iPad. iOS 17 supported. Compatible with Windows and MacOS.
iremove.tools iremove.tools

It looks sketchy af though. I would trust something by Wondershare before I'd trust that, though they don't seem to support anything newer than iOS16:

Dr.Fone - Screen Unlock (iOS) – Unlock iPhone without Passcode/Password

Locked out of your iPhone/iPad? Dr.Fone – Screen Unlock helps unlock iPhone/iPad lock screen easily, remove Apple ID and MDM, and bypass iCloud in a few clicks.
drfone.wondershare.com drfone.wondershare.com
 
Just wanted to throw in here: If you think that Apple phones are secure, I've got a bridge to sell you.

Currently, today, you can find exploits on Github to hack even the newest iPhone with a Zero-Click iMessage or by using the Lightning port (which will never be fixed as it's a hardware issue with the protocol). Various security-focused Linux Distro's have iPhone hacking tools including Zero-Click exploits as well as direct hardware hacking via the Lighting port, Pin Bypass, and unlimited-try bruteforce attacks. iMessageExploit, SOAR, enzyme, iPwn, CiLocks and more.

As @sapphirescales mentioned the "sketchy af" providers (and I agree on the sketch part) - most of those guys are simply implementing free Github or Metasploit exploits into a saleable, easy-to-use form for the average user.

Apple has announced that it has built in a backdoor to its phones (part of the CSAM issue), as well as admitting to secretly giving governments spying powers via push notification data since at least 2021, that persists today.
EFF: Apple's Plan to "Think Different" About Encryption Opens a Backdoor to Your Private Life
EFF:Apple Has Opened the Backdoor to Increased Surveillance and Censorship Around the World
WCCFTECH: No Longer Concerned About Privacy? Apple Opens Backdoors to iPhones to Detect CSAM

I have personally performed some of these exploits (for fun and learning) and can confirm I have had varying degrees of success, more so than failure.

GTP said:
If it was that easy to "unlock" an i device why did the NSA go to so much trouble unlocking that terrorists iPhone?
Click to expand...
I appreciate the sentiment - but a few corrections. It wasn't the NSA, it was the FBI. That matters because the NSA "can't" operate domestically, while the FBI can only operate domestically, and not internationally - lawfully, that is.

Why that matters is this: The FBI was, on paper (law) and in theory, the only organization that could be tasked with the 2016 San Bernardino shooters phone - and the NSA, legally, is not allowed to perform any tasks related to such in a domestic capacity.

Because the 2016 Shooter's iPhone issue was in the US courts and scrutinized within the framework of US law - and the US Government didn't want to disclose their true abilities to the public, they simply had to act as if they couldn't unlock the phone, for if they did, they would have to disclose that they were, in fact, hacking phones all over the world and domestically since at least 2010 - illegally... which would have confirmed Edward Snowden's leaks (Which were essentially already confirmed at this point in 2016).

So, to keep that information secret, they had a "tap-and-dance" about the whole issue. It was "fake news" to save face. That's when they were going to Apple "asking" for them to do it and all that BS fuzz.

GTP said:
It took a long time and a hacker of god knows what ability to do it.
Click to expand...
Well, not really. The shooting attack was on December 2nd, 2015, and the iPhone was unlocked on March 28th, 2016 after the FBI diddled around for 3 months, finally paying for the software.
The delay wasn't because they had a hacker sit down and develop an exploit, it was because they didn't want to pay millions to 3rd parties for their existing software, even after the NSO group demonstrated to the FBI that their software could do it in February (and had been doing it for many years prior)... and they didn't want to disclose that the US Gov't had this capability already.

Apple acknowledged, in court, that they were aware the NSA had the capability - and used that as a defense for not installing a backdoor at the US Gov'ts request (Shame on Apple, they knew): "Apple argued that the FBI had not made use of all of the government's tools, such as employing the resources of the NSA."

We didn't find out until 2019 via the Washington Post's reporting, but the FBI used a company called "Azimuth Security" - an Australian outfit that is tied directly to Trenchant/L2Harris - a US defense supplier for the NSA, US Military and others, part of the "5-eyes" spying apparatus. The software cost the FBI $900,000, because remember, the NSA has to keep quite and "can't legally interfere or help", especially in a domestic court case where questions get asked and disclosed.

Two Azimuth guys were able to unlock the iPhone "within a matter of hours. The hack was called "Condor".
In March 2016, the FBI tested Dowd and Wang’s “Condor” hack. It was successful and was purchased from Azimuth for $900,000. The report notes that while the FBI was relieved, they were also disappointed at losing the chance to press Apple to create a backdoor into iOS.
Click to expand...
So here, you can see the real reason they went this direction.


Further, the FBI complained that the issue was that they couldn't get past the pin-code, but exploits already existed at the time to bypass it physically (From ACLU) and was known to data recovery businesses (Further poking holes in the FBI's defense):
The FBI can simply remove this chip from the circuit board (“desolder” it), connect it to a device capable of reading and writing NAND flash, and copy all of its data. It can then replace the chip, and start testing passcodes. If it turns out that the auto-erase feature is on, and the Effaceable Storage gets erased, they can remove the chip, copy the original information back in, and replace it. If they plan to do this many times, they can attach a “test socket” to the circuit board that makes it easy and fast to do this kind of chip swapping.

If the FBI doesn’t have the equipment or expertise to do this, they can hire any one of dozens of data recovery firms that specialize in information extraction from digital devices.
Click to expand...

Snowden/Wikileaks
"The FBI says Apple has the exclusive technical means to get into this phone," said Snowden. “Respectfully, that’s horseshit."
Click to expand...

Wikileaks and Snowden proved that every iPhone (and pretty much all other phones) has software or hacks since at least 2008, with Zero-Click remote install support as of 2010. See DROPOUTJEEP:
1715356273654.png

NSO Group's Zero-Click, remotely installed Pegasus Spyware was released in 2011 and, as of March 2023, at least, is still in operation.

Check out the ANT NSA documents leak which is telling as to the capabilities available and the timing of such:
ANT Catalog (NSA Catalog of Hacks disclosed by Snowden)


If you would like to read further on anything above, check out my sources:
ANT Catalog (NSA Catalog of Hacks disclosed by Snowden)
Wired: How the FBI Finally Got into the San Bernardino Shooter's iPhone
The Verge: Here’s how the FBI managed to get into the San Bernardino shooter’s iPhone
The Verge: The FBI is telling senators how it hacked the San Bernardino iPhone
Wikipedia: Pegasus (spyware)
Mashable: Edward Snowden says FBI's claim that only Apple can unlock an iPhone is 'horsesh*t'
Youtube: Edward Snowden Video Conference (2016)
ACLU: One of the FBI’s Major Claims in the iPhone Case Is Fraudulent
Wikipedia: Apple–FBI encryption dispute
WaPo: The FBI wanted to unlock the San Bernardino shooter’s iPhone. It turned to a little-known Australian firm.
Wikipedia: Cellebrite
Toms Guide: New Hack Unlocks 'Hundreds of Millions' of iPhones: What You Need to Know
Vice: How a Tiny Startup Became the Most Important Hacking Shop You’ve Never Heard Of
9to5Mac: Report reveals how little-known ‘Azimuth Security’ cracked the iPhone in the San Bernardino FBI case
Github: iOS Hacking
EFF: Apple's Plan to "Think Different" About Encryption Opens a Backdoor to Your Private Life
EFF:Apple Has Opened the Backdoor to Increased Surveillance and Censorship Around the World
WCCFTECH: No Longer Concerned About Privacy? Apple Opens Backdoors to iPhones to Detect CSAM
 
@phaZed,

Let's face it, NOTHING is secure if enough desire to "get at it" exists along with the resources to do the necessary work to achieve that end.

Nothing new about that either. Nor exclusive to computing. Spy vs. Spy, of the real sort, has been going on since time immemorial, and will never cease.

Security is about discouraging "smash and grab" and only somewhat persistent actors. In that regard, Apple's security is pretty good.
 
britechguy said:
Security is about discouraging "smash and grab" and only somewhat persistent actors. In that regard, Apple's security is pretty good.
Click to expand...
With the ability for a somewhat knowledgeable person that can use Github - to be able to send a text message and compromise the phone remotely with no interaction from the user, I would have to disagree.

Edit: Supposedly there is a Rubber ducky script that will unlock an iPhone, too - though I've only heard about it so I can't speak to the efficacy or truthfulness of it.

Being able to plug in a rubber ducky or OMG cable for 30 seconds to PWN the phone... also a huge failure.
 
Nothing is safe, but at least with Android you have the option to make it somewhat safe with a different OS.


Zero-Click Bluetooth Android Hack:
 
Last edited:
phaZed said:
With the ability for a somewhat knowledgeable person that can use Github - to be able to send a text message and compromise the phone remotely with no interaction from the user, I would have to disagree.
Click to expand...

And we'll have to agree to disagree. And only because I consider "a somewhat knowledgable person that can use GitHub," to fall under my personal rubric of "somewhat persistent actors."

Your random kid on the street and the vast majority of computer users, period, have never heard of GitHub nor the other things you mention. They are easy to find if, and only if, you know how to find them, which takes a lot of experience and persistence to even know that correct terms to search for 'em.

But in the final analysis, our "Venn Diagram of Attitude and Opinion," probably overlaps to a huge extent. My main point is that there is no such thing as absolute security, and when it comes to devices like smartphones, "too secure to make them convenient to use" is, well, too secure.

Also, one of the things you noted, which is frequently required, is physical access to the device and the ability to plug it in. If the owner does not maintain physical security over any device, then all bets are off. If you don't have physical control/security, all other types simply don't matter all that much, though much of what Apple is doing does keep the random iPhone finder from doing much of anything to/with it, and that's all I believe they intend to prevent. If a hacker dude or dudette finds it, well, that's a different story, or at least could be.
 
sapphirescales said:
There are some shady services that remove iCloud lock on iPhones, iPads, and Macs. A client of mine used this service and claimed that it worked:

iremove.tools

iCloud Bypass (Unlock) - iRemove Software

Bypass iCloud Lock Software powered by iRemove Team. iCloud Unlock Tool for iPhone & iPad. iOS 17 supported. Compatible with Windows and MacOS.
iremove.tools iremove.tools

It looks sketchy af though. I would trust something by Wondershare before I'd trust that, though they don't seem to support anything newer than iOS16:

Dr.Fone - Screen Unlock (iOS) – Unlock iPhone without Passcode/Password

Locked out of your iPhone/iPad? Dr.Fone – Screen Unlock helps unlock iPhone/iPad lock screen easily, remove Apple ID and MDM, and bypass iCloud in a few clicks.
drfone.wondershare.com drfone.wondershare.com
Click to expand...
Those types of apps never work and are just malware and should be listed as scams.

@phaZed I own some of those tools as well. I have Flipper with the devboard and custom firmware. Good for learning and testing with the kit and firmwares. Years ago I had an Alpha wifi device, think you have one there.

51cm0CKOa6L._AC_SX522_.jpg
 
Last edited:
phaZed said:
Just wanted to throw in here: If you think that Apple phones are secure, I've got a bridge to sell you.

Currently, today, you can find exploits on Github to hack even the newest iPhone with a Zero-Click iMessage or by using the Lightning port (which will never be fixed as it's a hardware issue with the protocol). Various security-focused Linux Distro's have iPhone hacking tools including Zero-Click exploits as well as direct hardware hacking via the Lighting port, Pin Bypass, and unlimited-try bruteforce attacks. iMessageExploit, SOAR, enzyme, iPwn, CiLocks and more.

As @sapphirescales mentioned the "sketchy af" providers (and I agree on the sketch part) - most of those guys are simply implementing free Github or Metasploit exploits into a saleable, easy-to-use form for the average user.

Apple has announced that it has built in a backdoor to its phones (part of the CSAM issue), as well as admitting to secretly giving governments spying powers via push notification data since at least 2021, that persists today.
EFF: Apple's Plan to "Think Different" About Encryption Opens a Backdoor to Your Private Life
EFF:Apple Has Opened the Backdoor to Increased Surveillance and Censorship Around the World
WCCFTECH: No Longer Concerned About Privacy? Apple Opens Backdoors to iPhones to Detect CSAM

I have personally performed some of these exploits (for fun and learning) and can confirm I have had varying degrees of success, more so than failure.


I appreciate the sentiment - but a few corrections. It wasn't the NSA, it was the FBI. That matters because the NSA "can't" operate domestically, while the FBI can only operate domestically, and not internationally - lawfully, that is.

Why that matters is this: The FBI was, on paper (law) and in theory, the only organization that could be tasked with the 2016 San Bernardino shooters phone - and the NSA, legally, is not allowed to perform any tasks related to such in a domestic capacity.

Because the 2016 Shooter's iPhone issue was in the US courts and scrutinized within the framework of US law - and the US Government didn't want to disclose their true abilities to the public, they simply had to act as if they couldn't unlock the phone, for if they did, they would have to disclose that they were, in fact, hacking phones all over the world and domestically since at least 2010 - illegally... which would have confirmed Edward Snowden's leaks (Which were essentially already confirmed at this point in 2016).

So, to keep that information secret, they had a "tap-and-dance" about the whole issue. It was "fake news" to save face. That's when they were going to Apple "asking" for them to do it and all that BS fuzz.


Well, not really. The shooting attack was on December 2nd, 2015, and the iPhone was unlocked on March 28th, 2016 after the FBI diddled around for 3 months, finally paying for the software.
The delay wasn't because they had a hacker sit down and develop an exploit, it was because they didn't want to pay millions to 3rd parties for their existing software, even after the NSO group demonstrated to the FBI that their software could do it in February (and had been doing it for many years prior)... and they didn't want to disclose that the US Gov't had this capability already.

Apple acknowledged, in court, that they were aware the NSA had the capability - and used that as a defense for not installing a backdoor at the US Gov'ts request (Shame on Apple, they knew): "Apple argued that the FBI had not made use of all of the government's tools, such as employing the resources of the NSA."

We didn't find out until 2019 via the Washington Post's reporting, but the FBI used a company called "Azimuth Security" - an Australian outfit that is tied directly to Trenchant/L2Harris - a US defense supplier for the NSA, US Military and others, part of the "5-eyes" spying apparatus. The software cost the FBI $900,000, because remember, the NSA has to keep quite and "can't legally interfere or help", especially in a domestic court case where questions get asked and disclosed.

Two Azimuth guys were able to unlock the iPhone "within a matter of hours. The hack was called "Condor".

So here, you can see the real reason they went this direction.


Further, the FBI complained that the issue was that they couldn't get past the pin-code, but exploits already existed at the time to bypass it physically (From ACLU) and was known to data recovery businesses (Further poking holes in the FBI's defense):


Snowden/Wikileaks


Wikileaks and Snowden proved that every iPhone (and pretty much all other phones) has software or hacks since at least 2008, with Zero-Click remote install support as of 2010. See DROPOUTJEEP:
View attachment 16270

NSO Group's Zero-Click, remotely installed Pegasus Spyware was released in 2011 and, as of March 2023, at least, is still in operation.

Check out the ANT NSA documents leak which is telling as to the capabilities available and the timing of such:
ANT Catalog (NSA Catalog of Hacks disclosed by Snowden)


If you would like to read further on anything above, check out my sources:
ANT Catalog (NSA Catalog of Hacks disclosed by Snowden)
Wired: How the FBI Finally Got into the San Bernardino Shooter's iPhone
The Verge: Here’s how the FBI managed to get into the San Bernardino shooter’s iPhone
The Verge: The FBI is telling senators how it hacked the San Bernardino iPhone
Wikipedia: Pegasus (spyware)
Mashable: Edward Snowden says FBI's claim that only Apple can unlock an iPhone is 'horsesh*t'
Youtube: Edward Snowden Video Conference (2016)
ACLU: One of the FBI’s Major Claims in the iPhone Case Is Fraudulent
Wikipedia: Apple–FBI encryption dispute
WaPo: The FBI wanted to unlock the San Bernardino shooter’s iPhone. It turned to a little-known Australian firm.
Wikipedia: Cellebrite
Toms Guide: New Hack Unlocks 'Hundreds of Millions' of iPhones: What You Need to Know
Vice: How a Tiny Startup Became the Most Important Hacking Shop You’ve Never Heard Of
9to5Mac: Report reveals how little-known ‘Azimuth Security’ cracked the iPhone in the San Bernardino FBI case
Github: iOS Hacking
EFF: Apple's Plan to "Think Different" About Encryption Opens a Backdoor to Your Private Life
EFF:Apple Has Opened the Backdoor to Increased Surveillance and Censorship Around the World
WCCFTECH: No Longer Concerned About Privacy? Apple Opens Backdoors to iPhones to Detect CSAM
Click to expand...
@phaZed thank you for taking the time to compile and present this information. You clarified all this for me. I will take the opportunity to learn from the links you provided and try to be more informed. :)
 
@GTP I hope it wasn't taken that I was picking on you or anything - it just sparked an opportunity to lay out that info... a rabbit hole I fell down (where not many follow!).

@britechguy You're absolutely right on all accounts of security as per the physical. The remote exploit, Zero-click stuff is really scary IMO. A few years back, the iMessage Zero-Click exploit problem manifested itself in the real world where there was a semi-mass exploit deployed in the wild.

The "problem" with iPhone - again, IMO - is that you can't really remove iMessage from being the receiving framework. That is, even if you use WhatsApp or Telegram or some other messaging app, it is still received and processed by the iMessage middle-man framework and then "delivered" to your App of choice, defeating the secure nature of such apps.

With Android, it's akin to a PC - it allows the framework of your choice, the app chosen, to process the messages directly so you don't have to use the go-between of Google/Samsung/whatever.

And I agree, there is such thing as "too secure" or so secure it's practically a pain to use. It's certainly one of those things best reserved for "special people" like reporters, spy's, and secretive industry, etc. where there is a direct and conscious need for such a thing.

And of course - all of that says nothing about what happens "on the network" when it leaves the phone and gets routed through the NSA black boxes at Cell sites and ISP's, Langley, etc.
 
phaZed said:
@GTP I hope it wasn't taken that I was picking on you or anything - it just sparked an opportunity to lay out that info... a rabbit hole I fell down (where not many follow!).
Click to expand...
All good. I appreciated the effort you went to in explaining it. Being enlightened is always a good thing. :)
 
You must log in or register to reply here.

Similar threads

autumn
Iphones / Apple ID, am I going to brick the iphone?
Replies
7
Views
537
Sky-Knight
Sky-Knight
HCHTech
Google Workspace OUs
Replies
0
Views
106
HCHTech
HCHTech
thecomputerguy
I cannot possibly see how this MX record swap is going to work...
Replies
2
Views
359
thecomputerguy
thecomputerguy
britechguy
Unitron Moxi Bluetooth Hearing Aids Not Being Recognized by Windows as Audio Output Devices
Replies
18
Views
576
HCHTech
HCHTech
Diggs
OneDrive/GoogleDrive duplicating?
Replies
2
Views
188
Sky-Knight
Sky-Knight
Back
Top