UID – Is a hardware encryption key and unique per device. It is used to generate key 0×835, key 0x89B. The key is only accessible from kernel mode and can not available to user land process. However the restriction can be bypassed by patching IOAESAccelerator kernel service.
GID – Is a hardware encryption key and unique for every iPhone model. It is used to generate key 0×837.
Key 0×835 - Computed at boot time by the kernel. The key is generated by encrypting the hex value 01010101010101010101010101010101 with UID key. It is used as a device key and protects the class keys. The key is also used to encrypt Backup keychain database.
Key 0×837 – Generated by encrypting 345A2D6C5050D058780DA431F0710E15 with GID key. The key is used to decrypt iOS files during firmware update.
Key 0x89B – Computed at boot time by the kernel. The key is generated by encrypting the hex value 183E99676BB03C546FA468F51C0CBD49 with UID key.
Jean Sigwald from Sogeti has released open source forensic tool kit including the scripts to extract keys, decrypt keybags, bruteforce iPhone passcode, etc.
I’ve compiled the code and prepared executables which can be executed directly on the iPhone. The executable files works for all iOS 5 devices including iPhone 4s and iPad 2.
Extract Keys on iPhone:
1. Jailbreak your iPhone.
2. Install openssh from cydia. This allows to do SSH to the device.
3. On Windows workstation, download AESTools, Winscp & Putty tools.
4. Connect iPhone and workstation to the same WI-FI network.
5. Run winscp and connect to the iPhone by typing iPhone IP address, root as username and alpine as password.
6.Copy device_infos, bruteforce, kernel_patcher executables to iPhone root directory.
7.Run putty and connect to the iPhone by typing iPhone IP, root as username and alpine as password.
8.On putty terminal, type below commands to change the permissions of executable files loaded onto device.
chmod 777 kernel_patcher chmod 777 device_infos chmod 777 bruteforce
9. Hardware keys can only be accessed from kernel. In order to use them from user land first we have to patch
IOAESAccelerator kernel service. Kernel_patcher script modifies the kernel and patches IOAESAccelerator.
./kernel_patcher
10. Running device_info extract the keys and stores in a plist file.
./device_infos
11. Data protection class keys stored in the system keybag can be extracted by running bruteforce script. Class keys are protected with passcode key and key 0×835. The script bruteforces the passcode and grabs the passcode key. Later it extracts the keys from keybag and stores the result in a plist file.
./bruteforce
References:
http://code.google.com/p/iphone-dataprotection/
Note: The scripts works only on iOS 5.x devices.
Alternative links:
http://www.4shared.com/file/zJKBZ1Pi/bruteforce.html
http://www.4shared.com/file/gTl0I_FK/device_infos.html
http://www.4shared.com/file/2ADXfWmT/kernel_patcher.html
Week 16 in Review – 2012 | Infosec Events
April 23, 2012 at 6:11 pm
[...] Extracting AES keys from iPhone – securitylearn.wordpress.com The iPhone application processor comes with two built-in encryption keys – UID, GID. OS running on the device cannot read the hardcoded keys but it can use the keys to generate other encryption keys used for data protection, media encryption and keychain encryption. The hardcoded keys can only be used from bootloader and kernel mode. [...]
Anonymous
April 29, 2012 at 9:37 pm
This is brilliant. My sister had changed the passcode on her iPod Touch 4G (running iOS 5) and couldn’t remember it. I followed this tutorial and was able to recover it in about four minutes.
Decrypting the iPhone keychain from backups « SECURITYLEARN
May 3, 2012 at 10:21 pm
[...] SECURITYLEARN A place to learn hacking HomeTrainingWorkshopsAbout RSS ← Extracting AES keys from iPhone [...]
nevrax
May 13, 2012 at 5:25 am
nevrax-iPhone:~ root# ./kernel_patcher
Kernel patching failed
nevrax-iPhone:~ root# uname -a
Darwin nevrax-iPhone 11.0.0 Darwin Kernel Version 11.0.0: Wed Mar 30 18:44:45 PDT 2011; root:xnu-1735.46~10/RELEASE_ARM_S5L8920X iPhone2,1 arm N88AP Darwin
iOS 4.3.3 (8J2)
baseband 05.13.04
Satish B
May 13, 2012 at 4:22 pm
The kernel might be already patched.
cetin
June 4, 2013 at 4:46 am
satishB…..i cant seem to do step:6,i dont understand what you mean by copy device_infos,bruteforce and kernel_patcher…….!
can you give more explanation please
satishb3
June 4, 2013 at 9:02 am
You need to connect to the iPhone using winscp tool. Later you can copy those device_infos,… on to the iPhone by dragging it.
XXXXXX
May 16, 2012 at 7:03 am
Help?
XXXXXX:~ root# ./kernel_patcher
Kernel patching failed
XXXXXX:~ root# ./device_infos
IOAESAccelerator returned: e00002c1
IOAESAccelerator returned: e00002c1
Writing results to 588ebc64bede2bd2.plist
XXXXXX:~ root# ./bruteforce
IOAESAccelerator returned: e00002c1
FAIL: missing UID kernel patch
XXXXXX:~ root#
Satish B
May 18, 2012 at 5:32 pm
The scripts only works for iOS 5. Which version you are using?
nevrax
May 18, 2012 at 5:53 pm
is there any possibility to have this script running on 4.x? at this moment an iPhone 3GS updated to IOS 5.0 can have jailbreak but it could not be unlocked (carrier).
Satish B
May 18, 2012 at 6:37 pm
I am working on the scripts to make them work for 4.x and it will take some more time. Meanwhile try to follow iPhone forensics article, that works for ios 4 too.
You can unlock iPhone 3gs running on iOS 5 if you preserve the baseband. Any how only tethered jailbreak is available for 3gs.
lg
December 21, 2012 at 10:59 pm
I am also looking for something for IOS4 but can’t find the forensic article you mention (only articles about IOS5). Can you post a link?
satishb3
December 22, 2012 at 6:24 am
Techniques explained in this article also works for ios 4. You have to use iOS 4 ipsw file.
nick
September 5, 2012 at 2:33 pm
Using an Ipad 2 what does it mean when on step 10
./device_infos I receive “Unable to find baseband error” ?
step 11 – continues on to over 1,000 lines as well. until I exit out of putty.
satishb3
September 5, 2012 at 6:52 pm
strange. I have never come across such error. Which version of iOS ?
Vivek
September 14, 2012 at 3:13 pm
Hi,
Great article! The downloads links of the software are not working? Please update.
satishb3
September 14, 2012 at 7:36 pm
Fixed the download links
Jerry xiao
October 9, 2012 at 2:47 pm
Help me, please!
xxxx-iPhone:/ root# uname -a
Darwin xxxx-iPhone 11.0.0 Darwin Kernel Version 11.0.0: Sun Apr 8 21:51:26 PDT 2012; root:xnu-1878.11.10~1/RELEASE_ARM_S5L8930X iPhone3,1 arm N90AP Darwin
xxxx-iPhone:/ root# ls -l kernel_patcher
-rwxrwxrwx 1 root admin 13470 Oct 9 16:23 kernel_patcher
xxxx-iPhone:/ root# ./kernel_patcher
Illegal instruction: 4
ios 5.1.1(9b206)
Thank you.
satishb3
October 11, 2012 at 6:37 am
may be it’s already patched.
Kevin_j
October 20, 2012 at 1:10 am
Same issue here..
Illegal Instruction: 4
IOs 5.1.1
device_info gets the same error.
satishb3
October 20, 2012 at 7:36 am
I have updated the scripts just now. Download the scripts again and try once.
lpf
October 25, 2012 at 3:48 pm
I have just tried your current scripts (as of 10/25/2012) with the same iPhone version than Jerry Xiao, but still no luck
iPhone:~ root# uname -a
Darwin iPhone 11.0.0 Darwin Kernel Version 11.0.0: Sun Apr 8 21:51:26 PDT 2012; root:xnu-1878.11.10~1/RELEASE_ARM_S5L8930X iPhone3,1 arm N90AP Darwin
iPhone:~ root# ./kernel_patcher
Illegal instruction: 4
iPhone:~ root# ./device_infos
Illegal instruction: 4
iOS 5.1.1 (9B206)
Absinthe jailbreak
satishb3
October 25, 2012 at 4:50 pm
Seems my website is changing the file during upload. I will email the scripts in couple of hours. Try with them and let me know whether they work or not.
satishb3
October 25, 2012 at 9:55 pm
Have you tried downloading the alternative links?
dan
October 24, 2012 at 6:06 am
Is it possible to add an option to seed the bruteforce script with a series of digits to start with. For instance, I have an 8 digit passcode and know the first 4 but I forgot what I set the last 4 too (I always use the same first 4 and just change up the last).
satishb3
October 25, 2012 at 8:12 pm
I will create when I get time. Meanwhile you can try yourself.
Source code is here – http://code.google.com/p/iphone-dataprotection/source/browse/ramdisk_tools/systemkb_bruteforce.c
Modify the bruteforceuserland function and recompile it.
dan
October 26, 2012 at 4:11 am
Thanks. I will have to clear the cob webs off my C knowledge. Hopefully I will be successful.
Thanks again
dan
October 26, 2012 at 4:58 am
Well, looks like my C skills weren’t all that rusty after all, once you told me which file you used to create your tools, I was able to modify the source and crack my 8 digit passcode in about 4 minutes
So no need to update your version.
Thanks
satishb3
October 26, 2012 at 5:51 am
Great
Patrick
November 22, 2012 at 4:56 am
Has anyone compiled an iOS 4 of these file?
I’m receiving ‘illegal operation’ for the first 2 files, and “Malformed Mach-o file” with bruteforce.
Billybob
December 4, 2012 at 11:22 am
I was able to run kernel_patcher just fine but when I try to do the other two, I get “unable to find baseband service” I am running 5.1.1 on iPod touch 4th gen, I deleted some launch daemons, might have something to do with it?
satishb3
December 4, 2012 at 8:40 pm
Might be yes. Missing IO libraries could be the reason for such error.
Lochy
December 18, 2012 at 7:05 am
Found a working version of the files.
I still get an unable to find baseband service on the device_infos file tho.
http://www.4shared.com/folder/RciVix9U/Extract_AES_Keys.html
satishb3
December 18, 2012 at 7:54 am
That is my 4shared repo
Lochy
December 18, 2012 at 8:02 am
Hha ahk. oh those were the alternative links too.
I totally thought i tried them and it didnt work.. wow silly me.
hah thanks man.
anyways i still got the baseband error but im assuming thats because i was on an ipod not an iphone.
also when i entered the commands in terminal nothing happened.
now when i run the command for keychaintool.py nothing happens. but i did manage to use keychain viewer to look at all the keys and that worked well.
had to take a screenshot of the keys tho because theres no way to store them (that i could see)
Stormulus
December 29, 2012 at 3:48 pm
Thanks for a great tool, once I grabbed the files from your 4shared repo they worked perfectly!
It would be helpful if you zipped all three files and uploaded them to your website. The files hosted there right now just lead to confusion until you read the comments.
Thanks again,
Another happy customer.
satishb3
December 29, 2012 at 5:25 pm
Thx. I will do that.
MikeF
January 28, 2013 at 6:58 am
Satish, great write up. I do have a question, so after obtaining the keys what is the next step in using them to decrypt a dd image of my iphone 4?
Is there another tool I have to use to decrypt it? My ultimate goal is to run Photorec on my dd image to recover some deleted photos in an accidental factory reset. Appreciate any help.
Thanks.
satishb3
January 28, 2013 at 7:56 am
Take a look at my old article “iPhone forensics on ios 5″ step 4.
MikeF
January 28, 2013 at 10:36 am
Thanks for your quick reply Satish. I took a look at your older post on iPhone forensics on ios 5 which really has some great background information.
My current progress so far is I jailbroke my iPhone using RedSn0w, ssh into iPhone and executed ‘dd’ to dump rdisk0 as iphone.img to my PC. Since its from iPhone 4, img is encrypted and Photorec will not work. I need to decrypt img dump using AES keys and HFSExplorer.
I have a few questions that will really help me out (I’ll try to be concise) –
1) I only have Windows, but with Kernel Patcher (link in this post) Mac OS is not needed? Is the Custom Ramdisk script also not needed with current method?
2) After running Bruteforce script, keys taken from keybag downloads to plist file, how can I apply them to HFSExplorer? I have HFSExplorer .021 GUI on PC and there is no option to read in keys.
3) Also, when trying to “Load filesystem from file” by pointing it to saved rdisk0 img, its throwing error message – “Invalid HFS type” even though its reading raw disk image created by dd. Do I have to dump my image a different way?
Really appreciate your help on this, I’ve been racking my brain on this for some time.
satishb3
January 28, 2013 at 11:14 am
You don’t need to grab the image and extraction keys again.
Try this- From iphone copy the keys plist to windows using ssh with winscp. Place your image file and keys plist in same folder then run hfsexplorer.
MikeF
January 31, 2013 at 10:43 am
satish,
I tried putting the raw dd img dump into the same folder as HFSExplorer along with the plist file but when trying to open the dd img file I still get the error message:
Invalid HFS type
Program Supports:
HFS_Plus
HFSX
HFS_WRAPPED_HFS_PLUS
HFS
Detected Type is (Unknown)
I saw in your old article, you talked about using a modified HFSExplorer, do you have that version available anywhere? I didn’t see a link for it in there.
satishb3
January 31, 2013 at 8:20 pm
did you try this – https://code.google.com/p/iphone-dataprotection/downloads/list
Jake
February 4, 2013 at 12:42 pm
Is it possible to do this with IOS 6.1?
I tried it and it said Kernel Patching failed and it says missing UID kernel patch if I run bruteforce.
satishb3
February 4, 2013 at 6:27 pm
It does not work with ios 6. iOS 6 kernel uses ASLR so it is difficult to break.
Jake
February 5, 2013 at 6:55 am
Since my iphone started out with iOS 5 does that mean that it was re-encrypted with ASLR when I upgraded to iOS 6? If I try to downgrade it back to 5 will that allow me to decrypt the resulting disk image? My goal is to recover pictures. Its an iphone 4. I appreciate your expertise.
satishb3
February 5, 2013 at 7:05 am
You can recover photos without downgrading . Follow my article iphone forensics on ios 5.
rathore
February 6, 2013 at 5:47 pm
Hi Satish, Thanks for the excellent article.
I have an iPhone 4S and lost my photos during 6.1 upgrade and i had to restore but didnt have any backup.
I am trying to find a way to undelete the files.
I have got the dump of user partition from the phone but i need to decrypt it and i cannot run the kernel patcher on device. It comes back saying kernel patching failed.
I have read your article about iphone forensics on ios 5 but i cannot find the keys for ios 6.1 firmware.
Can you point me in direction how can i do it, or is it not possible for now?
satishb3
February 6, 2013 at 7:12 pm
For now there is no way to extract keys from ios 6 devices.
Isabelle
February 11, 2013 at 4:37 pm
Very good post; thanks for sharing
I was interested in recovering lost pictures on my iPhone.
It’s an iPhone 5, running jailbroken iOS 6.1 .
If I understand correctly, actually there is no solution to recover them.
Several questions :
1. if a way to extract keys is discovered on iOS 6, it will work for every iPhone model or it can depends on the model of the iPhone ?
2. I have dumped the iPhone memory with the “dd” command; so now I can use my iPhone again normally as the next step will only be needed through the image created, right ?
The only thing that I dont have to do is to reinstall the iOS on this iPhone as, the keys will change and will not be the same as the one used on the dumped image.
Am I correct ?
And so, no other way to recover those lost pictures on my iPhone 5 ….
satishb3
February 14, 2013 at 5:24 pm
For now there is no way to recover them.
1. It works for every model.
2. Right. You can use your phone normally. Later you can recover the images from dd image. Yes, updating or restoring the phone will change the keys.
Greg
February 21, 2013 at 11:45 am
Hello and thanks for making your expertise available here. I am in the same boat as Jake. You mentioned a downgrade is not necessary to recover photos and I am following the “iphone forensics on ios 5″ article. This process is going smoothly so far, though I have reached the instruction to download the iOS 5.1.1 ipsw file from http://www.getios.com. Since I have an iPhone 4, now running iOS 6.1, do I still choose the 5.1.1 9B208 ipsw file or the file for the iOS 6.1?
satishb3
February 21, 2013 at 2:44 pm
Yes. U have to use 5.1.1.
Best Houston DWI Law Firms
April 6, 2013 at 11:29 pm
Nice information and facts about this subject, thanks
so much for posting.
Satish is the HERO
May 1, 2013 at 4:53 pm
Hi,
there is a bug in ios 5 keeping deleting Contacts, check this:
https://discussions.apple.com/thread/3373793?start=150&tstart=0
I was wondering if with my IOS 5.01 jailbreaked iphone i can dd the image without use a RAM disk, I can access the iphone via SSH I also have a SSH server on my pc in the same LAN, I read on your topic that the IOS 5 encrypt the file system.
I tried this command from the iphone terminal
ssh root@SSHSERVERIP dd if=/dev/rdisk0 bs=1M | dd of=ios-root.img
but got this error:
dd: opening `ios-root.img’: Operation not supported
I woud like to know it is possible to dd the image (my iphone has not a lock code )
which step I had to follow after I dd my iphone image on a Windows machine, I have downloaded the modified hfsexplorer but I can’t download the AES TOOLS (link broken)
After that can you show me how to look for deleted contacts (AddressBook.sqlitedb files) as simple as possible.
Good 1st MAY
Satish is the HERO
May 2, 2013 at 3:15 am
Hi Satish
I succeded dd my image using this tool:
cygwin sshserver (other ssh server for windows didn’t work correctly)
I had also to launch this command on the cygwin:
mkgroup -l > /etc/mkgroup
mkpasswd -l > /etc/passwd
ssh-host-config -y
net start sshd
after that I sshd on my iphone (jailbreaked ios 5.01) and than launched this command: dd if=/dev/rdisk0 bs=1M | ssh cyg_server@”IP PC SSHD SERVER” ‘dd
of=iphone-rdisk.img’
and finally I have the full image:
15357+1 records in
15357+1 records out
16103374848 bytes (16 GB) copied, 6528.5 s, 2.5
MB/s
31451904+0 records in
31451904+0 records out
16103374848 bytes (16 GB) copied, 6514.59 s, 2.5
MB/s
after that I used OSFmount tool to mount the image and tried to use photorec_win.exe to recover the AddressBook.sqlitedb
without success
than I read this post again and done this:
iPhone4ios5:/ root# chmod 777 kernel_patcher
iPhone4ios5:/ root# chmod 777 device_infos
iPhone4ios5:/ root# chmod 777 bruteforce
iPhone4ios5:/ root# ./kernel_patcher
Found IOAESAccelerator UID ptr at 805d9a24
vm_write into kernel_task OK
iPhone4ios5:/ root# ./device_infos
Writing results to d5a9ab078c53d97b.plist
iPhone4ios5:/ root# ./bruteforce
Writing results to d5a9ab078c53d97b.plist
keybag id=1
No passcode set
Keybag version : 3
Keybag keys : 10
Class Wrap Key
11 0 2fb02bae82af02d584c3a1595647aef286efc709d68d2eeea022a5323a9fb98e
10 0 8b1902a44b0414106fb9ea24b2c9a1e6f58067b694f39eea694becfd4f3cd16b
9 0 b5c9658175a197251c683c8626a4ac59929d85f3a51fae15d31cf9959ddc8771
8 0 1cf9bedef4ac1724313c2bdf08ee0dcf293185adf948311cbedee60d6dc1f04f
7 0 b2d3e4460a0bb1138a5e03f3a1868350dca85df63233f7b98b19b30c4badc9cc
6 0 d9e50247fe606bd2ada5b07f8bb0134e21b2b13be00efbe2338c8e38965291b1
5 0 b37000616dd7ee7f0449a189a3a82045f6cfdf7c19a22e0e999b89f901c2c292
3 0 a05a81f6225386d6a34503f230d88530efed0a9f589054e8040be0054f90e543
2 0 2dc30111c6814c7ba57d601625f42e6aaa1ac578201be687a98afecf7af38230
1 0 bf113829659a931bed28c1ed708f8344e39852237fd3c63d615020092b5ff717
Passcode key : c88750ab4cd1e43d8bd86fe5ad71b287759bfdb4f4f858931578352350755f8c
Key 0×835 : e61481190b480fa486dc0ba16b69a55d
Writing results to d5a9ab078c53d97b.plist
Now I am stuck as the user “MikeF”
when i load the modified hfsexplorer download from your suggested link it shows this error,
I copied the generated .plist file in the same image folder.
Invalid HFS type
Program Supports:
HFS_Plus
HFSX
HFS_WRAPPED_HFS_PLUS
HFS
Detected Type is (Unknown)
I don’t know how to use:
keychain_dump and keychainviewer0.3.deb
are they necessary to permit hfsexplorer to read my image?
Thanks again for your effort in helping me.
Satish is the HERO
May 2, 2013 at 4:03 am
I am still here, I read your other topic:
and I launched
./keychain_dumper >test.txt
it created a txt full of password and other private stuff.
But as you suggestet to Mike I went to your other topic
“iphone forensic ios5″ part 4
it seems that the way you establish the communication with the iphone is totally different you load a custom firmware and use usb cable and redirect a session, I would like to use other method since I have a jailbreaked iphone I can directly ssh it without using usb cable and ramdisk, but the way you generating the .plist is differenc you are launching also python script.
And the image is in .dmg format not the .img format I generated with dd command.
Now with all the file I have (see my previous post) and this keychan output (.txt) can I load my dd image in hfsexplorer without using ramdisk and python without getting that error (mike user ).
Sorry for troubling you
satishb3
May 2, 2013 at 6:06 am
Did you try this modified HFS explorer – https://code.google.com/p/iphone-dataprotection/downloads/detail?name=hfsexplorer_iphoneEMF_d4ea02bd3fc3.zip&can=2&q=
If it does not work, you can still decrypt the image using emf_decrypter.py. Follow the iPhone forensics on iOS 5 article and install all the python tools. Then place your plist and image file in one directory and run emf_decrypter.py.
IF your goals it to recover data from addressbook you don’t need to do all these steps. You can copy the Adressbook sqlite file to desktop using SSH and run sqlite forensic tools on it (opening the sqlite file using SqliteSpy might also show some deleted data).
Satish is the HERO
May 2, 2013 at 10:56 pm
Thanks for your quick reply!
Yes I tried the modified HFS explorer without success.
Have I to convert the img to dmg ?
I used a virtual mac os x lion but since It had not not the Xcode installed the sudo ARCHFLAGS=’-arch i386 -arch x86_64′ easy_install pycrypto
failed so I had to update my OSX in order to download the latest version of XCode on the Apple Market (the update was mandatory) my virtual machins of MAC OSX did not have a gcc complier.
Now it is past 30 minutes and I don’t know if it is stuck or slowly updating the new update OS version. Tomorrow I will let you know, but I have some questions related where I have to put the img and the plist ? (python_scripts directory? )
Where I can get the UDID to use? I looked in my plist file and it should be at the end. I have to use this string:
d29fcc1a77033acd92df077c89227a1665f8d03
haven’t it ?
udid
cd29fcc1a77033acd92df077c89227a1665f8d03
uuid
725ab1b604c14600b3db275cf1449765
Meanwhile I followed the other suggestion with sqlitespy (since Sqlite foreensic tools seems to be not for free, can you confirm that?)
but I forgot to tell you, when for the first time I noticed that all my contacts disappeared , I went to the apple community and some users suggested to recreate some contacts with the same name, but that didn’t fix my case, now my contact list is just 2 contacts I created , I looked for other AddressBook.sqlitedb with WINSCP but they have the same weight just to contacts weight 224kb (seems to me a bit large) I also used the Sqlitebrowser plugin with firefox, but also seems to have just the 2 new contacts I added .
Sqlite Spy I clicked on every tree Show Data but just noticed the two contacts I created.
Thanks again!
satishb3
May 3, 2013 at 4:26 pm
May be running strings command on sqlite file might help
Satish is the HERO
May 3, 2013 at 3:32 pm
I solved in another way, since I am using lots of social network app that access to my mobile contacts list I wondered what if one of them copied my contact list in their app folder, so i ssh into my phone and grep a unique mobile number ex.
grep -r “399366123″ /var/mobile/Applications/
and than :
Binary file /var/mobile/Applications/6AC63303-2BD1-48C8-A698-75BC082B335A/Documents/Contacts.data matches
BINGO !! VIBER APP KEPT A COPY OF MY CONTACT LIST:p SINCE AFTER THE DELETE I DID NOT OPEN THE VIBER APP IT HAD NOT THE OCCASION TO REFRESH A UPDATE WITH MY DELETED CONTACTS
SQLITE CAN READ THE FILE Contacts.data
Thanks for your support
satishb3
May 3, 2013 at 4:27 pm
Hmmm very clever
Travis T
May 5, 2013 at 10:13 pm
Hi Satish, wonderful write-up. I just have one question. I read your comment about iOS 6 being difficult to break because of ASLR. Does the evasi0n jailbreak help with this issue at all?
satishb3
May 6, 2013 at 8:45 pm
Yes, it is difficult to break iOS 6 because of kernel ASLR and DEP. That might help. But my technical skills are not enough to understand their work