Conducting a Manual Acquisition of an iOS Device Using Windows: A Workaround
Introduction
Last year, I populated data on an iPhone 6s for iOS 14. Since there weren’t many commercial tools that could obtain an image for iOS 14 devices at the time, the manual acquisition method had to be used to obtain the image for the iPhone 6s. To conduct this manual acquisition, I used Sarah Edward’s “iOS Imaging on the Cheap!” article as a guide. In the article, she uses a Mac to conduct the manual acquisition. However, I did not have a Mac/Linux based laptop to use. Instead, I had to use my Windows 10 laptop to conduct the acquisition. Additionally, I had to use my Windows laptop to also perform the jailbreak on the iPhone 6s. Instead of using iProxy, I ended up using pyusbmux to SSH into the iPhone 6s and obtain the necessary files. I also had to create a bootable Kali Linux USB to conduct the jailbreak on the iPhone 6s. This article will go over the steps to conduct a manual acquisition of a mobile device using a Windows based system. If needed, my documentation and iOS 14 image can be found here.
Steps + Required Tools/Software
To start off, you will need to jailbreak your iOS device by creating a bootable Kali Linux USB (more information on a Kali Linux bootable USB can be found here). Once that is completed, you will need to boot into the Kali Linux USB by restarting your computer and entering the boot menu. Then, you will need to go to the checkra1n website and download the checkra1n beta for Linux. Then, you will need to follow the steps here for installing checkra1n on Linux systems.
The next step is to download and install Git Bash for Windows on your system, which can be found here. You will also need Python installed on your Windows system. Once that is completed, you will need to install OpenSSH on your jailbroken iOS device using Cydia (more information can be found in Sarah Edward’s article linked previously). Once that has been completed, the iOS device will need to be connected to your Windows computer. Then, the iOS device will need to be synced with iTunes. Once these steps have been completed, you are almost ready to conduct the manual acquisition. The last step is to SSH into the iOS device using your Windows laptop. In order to SSH into the device, you will need to download pyusbmux, which can be found here. In Sarah Edward’s article, she used iProxy, which did not work for me on my Windows computer. Therefore, I had to conduct research and find another way to SSH into my iPhone 6s. I came across this article, which used pyusbmux to SSH into a jailbroken iOS device. The next few screenshots will show the steps that were taken to SSH into the iPhone 6s that I used.
Once pyusbmux was downloaded from GitHub, I opened the Git Bash terminal and navigated to the pyusbmux folder, shown in Figure 1 below.
Next, I went into the python-client subfolder and executed the following command: “python tcprelay.py -t 22:4242”, shown in Figure 2 below. This command needs to be executed to connect the iOS device to your Windows system. The command is using port 22 (SSH) as the remote port and port 4242 as the local port.
Lastly, the following command was executed in a new terminal and can be seen in Figure 3 below: “ssh root@127.0.0.1 -p 4242 ‘tar -cf — /private/var/’ > iOS14Image.tar”. This command allowed me to SSH into my iPhone 6s, copy the information stored in the /private/var/ folder, and redirect and save the output in the form of a tar file on my computer. As seen in Figure 3 below, it asked for the password for the root account, which by default is “alpine”.
After a few minutes, the image was created and saved in the C:\Users\Simi directory, as seen in Figure 4 below.
Hash Values of iOS14Image.tar
MD5: 1b3a0648b7765d7149897f412223bf0d
SHA1: c31d60af0c5c6aeef5a247f8055b9610e9362b6b
SHA256: 985c0560a3e7a0ac9e890253e17cf422fa421a62a60a82ea18a97fce765a707d
Conclusion
Overall, this article showed how to use a Windows laptop to conduct a manual acquisition of an iOS device using pysubmux and the Git Bash terminal. With the help of these two tools, I was successfully able to obtain the iOS 14 image using my Windows laptop.
References
https://www.mac4n6.com/blog/2016/3/23/ios-imaging-on-the-cheap
https://bookandcode.com/tech/how-to-ssh-to-a-jailbroken-ios-device-over-usb/
