New docs shed light on GrayKey jailbreak tool for iPhone

New docs shed light on GrayKey jailbreak tool for iPhone

Written instructions for using the GrayKey tool shed light on how law enforcement officials hack Apple’s iPhone mobile devices. 

At the disposal of the publication, Motherboard were documents describing the unlocking of switched off or discharged iPhones.

“How to unlock and retrieve data from Apple mobile devices using GrayKey,” reads instructions, allegedly written by the San Diego Police Department.

GrayKey, developed by Austin-based Grayshift, is designed to unlock modern iOS devices and access their contents. IOS devices are encrypted by default and you need to know the password to access data, but GrayKey allows brute force attacks to bypass protection.

“Before connecting any Apple mobile device to GrayKey, determine if a proper search warrant has been received for the requested Apple mobile device,” the document says.

The instructions describe the various conditions that presumably allow you to establish a connection with the GrayKey: before first unlock (BFU), after first unlock (AFU), a device with a damaged display, and also when the battery is low phone battery.

One section of the instructions also describes how to find an alphanumeric access code. Many iPhone users have numeric-only passcodes. The alphanumeric access code also uses letters, so it has more character variations and can generally be more resistant to brute force attacks using random characters. However, if the device uses an alphanumeric passcode containing real words, it can facilitate hacking thanks to wordlists.

The instructions say that the technician will be able to use a default wordlist called “crackstation-human-only.txt”, presumably associated with the password security site Crackstation. The archive contains about 1.5 billion words. GrayKey users can also import their own wordlists, but only one list can be loaded at a time.

As part of the HideUI feature, GrayKey also allows you to install a module that steals the user’s password secretly if the authorities return the device to him.

Catch up on more articles here

Follow us on Twitter here


Must read


Related Posts