Jailbreak without passcode?

Discussion in 'iPad Hacking' started by offthegrid, Jun 2, 2011.

  1. offthegrid
    Offline

    offthegrid iPF Noob

    Joined:
    Jun 2, 2011
    Messages:
    4
    Thanks Received:
    0
    Trophy Points:
    0
    Location:
    usa
    Ratings:
    +0 / 0
    Can an iPad be jail-broken without the device passcode? If so, can the data from the device be extracted through jailbreak?



    Thanks.
  2. SweetPoison
    Offline

    SweetPoison iPad Legend

    Joined:
    Jun 20, 2010
    Messages:
    14,940
    Thanks Received:
    132
    Trophy Points:
    0
    Location:
    Sacramento, California
    Ratings:
    +132 / 0
    I didn't need a passcode when I JB. Not sure what you mean about your second question.

    I bumped your thread to our Hacking Section so someone will chime in!
  3. offthegrid
    Offline

    offthegrid iPF Noob

    Joined:
    Jun 2, 2011
    Messages:
    4
    Thanks Received:
    0
    Trophy Points:
    0
    Location:
    usa
    Ratings:
    +0 / 0
    Thanks, SweetPoison. My company is rolling out iPad and my boss wanted me to find out whether the following scenario is possible:

    "One of our executives' iPad is stolen. The thief is able to jailbreak it without knowing the passcode. He then extracts the whole file system using tools like TPot. Sensitive information stored on the iPad gets leaked. "

    It'd be interesting to hear the team's thoughts on this.
    Last edited: Jun 2, 2011
  4. extendedforecast
    Offline

    extendedforecast iPF Novice

    Joined:
    May 14, 2011
    Messages:
    46
    Thanks Received:
    0
    Trophy Points:
    0
    Location:
    NYC
    Ratings:
    +0 / 0
    Require users to save data to an enterprise cloud and if anyone steals and jailbreaks an iPad they won't get anything from app storage anyway.

    On Android 3.0 there is an encryption option that encrypts the whole file system. I don't know if iPad has something similar. There's also the option to wipe it remotely.which I'm pretty sure iPad.does have. I think your execs will be ok.

    Its execs doing stuff like sending and receiving sensitive emails on public wifi networks you have to worry about. That's a D'oh! Made much easier with the invention of the tablet/netbook.

    Sent from my Xoom using Tapatalk
    Last edited: Jun 3, 2011
  5. f4780y
    Online

    f4780y Super Moderator Staff Member

    Joined:
    Sep 11, 2010
    Messages:
    7,109
    Thanks Received:
    635
    Trophy Points:
    113
    Location:
    Troon, Scotland
    Ratings:
    +635 / 0
    The short answer to your question offthegrid is yes, but it is quite unlikely. The JB tools on their own would not allow your data to be compromised. The thief would have to be knowledgeable and skilled and have some custom / specialist packages at his disposal. It’s certainly not fair to say that anyone who knows how to jailbreak an iPad would be able to get into your device and retrieve the data. for example, just running resn0w over the top would not reveal or provide access to anything at all.

    So like anything, it is possible in theory but would require quite a specialist set of skills and knowledge which are not at all widespread.
    The best line of defence as has already been suggested is to have your devices properly provisioned as enterprise devices and have the remote wipe capability on standby so any stolen device is immediately wiped as soon as the situation is notified to the relevant person.

    I hope that does not put your boss off opting for them. They are no less secure than any other business device such a laptop really. And remember, the best security is always to train your staff NOT to compromise themselves with the device!
    Last edited: Jun 3, 2011
  6. offthegrid
    Offline

    offthegrid iPF Noob

    Joined:
    Jun 2, 2011
    Messages:
    4
    Thanks Received:
    0
    Trophy Points:
    0
    Location:
    usa
    Ratings:
    +0 / 0
    Thanks for the advice. We do have ability to remotely wipe the device. However, our consultant claims that once [FONT=&quot]he uses redsn0w to jail-break the device without inputting passcode, he can load a free file browsing tool such as Total Commander with TPot. Within a few minutes, he will has full access to the entire iPad file system. He showed me this using his laptop. Although he did uninstall iTune on that laptop, since this laptop was the same one he originally synced the device with, I am not sure if this will still be possible with another laptop. We are just concerned about the possibility that someone may be able to gain access to the data before we have a chance to wipe it.[/FONT]
  7. graywolf
    Offline

    graywolf iPad Super Guru

    Joined:
    Aug 22, 2010
    Messages:
    3,655
    Thanks Received:
    35
    Trophy Points:
    0
    Location:
    Raleigh, NC USA
    Ratings:
    +35 / 0
    But, when you run redsnow you can install a package with the jailbreak. So couldn't a dev just make a tweak that will detonate and explode the filesystem for all to see?
    So is that what you mean by, "the thief would have to be knowledgeable and skilled and have a custom / special package" ?
  8. f4780y
    Online

    f4780y Super Moderator Staff Member

    Joined:
    Sep 11, 2010
    Messages:
    7,109
    Thanks Received:
    635
    Trophy Points:
    113
    Location:
    Troon, Scotland
    Ratings:
    +635 / 0
    Yup, that's pretty much it YoungOne.
    So the thief that is stealing the iPad also needs to be a dev of quite reasonable talent (or have access to "specialist" bundle(s) created by one).
    Not an impossible situation, but not that likely in a real world scenario.
    Just my opinion of course. I just think folks can get too paranoid about this kind of stuff.

    EDIT - Although as offthegrid pointed out I was not thinking it through effectively. It's probably easier than I thought.. see blow.
    Last edited: Jun 3, 2011
  9. f4780y
    Online

    f4780y Super Moderator Staff Member

    Joined:
    Sep 11, 2010
    Messages:
    7,109
    Thanks Received:
    635
    Trophy Points:
    113
    Location:
    Troon, Scotland
    Ratings:
    +635 / 0
    Yes, redsn0w+OpenSSH bundle coupled with TotalCommander+TPot sounds like it will allow USB access to the file system. I must check that myself. I guess I'm not thinking too laterally today at all. Brain fade? Not that specialist a solution after all. My bad, sorry.
    Guess the question is still, how much of a risk do you perceive that to be from a business perspective? If your data is that sensitive it should probably be confined to a properly encrypted disk. If you allow your guys laptops which are well protected, then unless you can ensure a similar level of data protection on the iPad, it's probably off the menu for a while...
    On the plus side, iPad2's are perfectly safe at the moment, because they can't be exploited! No doubt they will be one day though...
    Last edited: Jun 3, 2011
  10. graywolf
    Offline

    graywolf iPad Super Guru

    Joined:
    Aug 22, 2010
    Messages:
    3,655
    Thanks Received:
    35
    Trophy Points:
    0
    Location:
    Raleigh, NC USA
    Ratings:
    +35 / 0
    there is a way to view and edit the filesystem via USB? I would like to know that. I have been trying to do that forever! :)
  11. alexjrivera
    Offline

    alexjrivera iPF Noob

    Joined:
    May 30, 2011
    Messages:
    8
    Thanks Received:
    0
    Trophy Points:
    0
    Ratings:
    +0 / 0
    USB? as in universal serial bus like the flash drives you plug in? please correct me.
  12. f4780y
    Online

    f4780y Super Moderator Staff Member

    Joined:
    Sep 11, 2010
    Messages:
    7,109
    Thanks Received:
    635
    Trophy Points:
    113
    Location:
    Troon, Scotland
    Ratings:
    +635 / 0
    Yes. USB. iPad connected via it's dock connector and charging cable to PC's USB, just like you do any time you sync with iTunes. Then use something like TotalCommander+TPos to open a SSH tunnel to the iPad and read it's file system.

    iTunnel used to provide this too, but not sure if it's currently supported.
  13. graywolf
    Offline

    graywolf iPad Super Guru

    Joined:
    Aug 22, 2010
    Messages:
    3,655
    Thanks Received:
    35
    Trophy Points:
    0
    Location:
    Raleigh, NC USA
    Ratings:
    +35 / 0
    So just over wifi. Nevermind. I thought it was truly via USB, like a flash drive.
  14. f4780y
    Online

    f4780y Super Moderator Staff Member

    Joined:
    Sep 11, 2010
    Messages:
    7,109
    Thanks Received:
    635
    Trophy Points:
    113
    Location:
    Troon, Scotland
    Ratings:
    +635 / 0
    Eh? Are you trippin YoungOne? Where did I say WiFi? Over USB. Only over USB...
    Connect the cable and presto. :D

    Link - http://code.google.com/p/t-pot/
    Last edited: Jun 3, 2011
  15. graywolf
    Offline

    graywolf iPad Super Guru

    Joined:
    Aug 22, 2010
    Messages:
    3,655
    Thanks Received:
    35
    Trophy Points:
    0
    Location:
    Raleigh, NC USA
    Ratings:
    +35 / 0
    I thought ssh was over wifi only. :) thanks
  16. f4780y
    Online

    f4780y Super Moderator Staff Member

    Joined:
    Sep 11, 2010
    Messages:
    7,109
    Thanks Received:
    635
    Trophy Points:
    113
    Location:
    Troon, Scotland
    Ratings:
    +635 / 0
    Just to confirm. Tested it out with strong password, TotalCommander+TPot.
    Depressingly easy. Full access to the file system. No specialist skills at all :(

    Thanks for the heads up offthegrid. Sometimes you get so bogged down in technical detail, you need to get taken back to kindergarten for a lesson! Cheers.

    By the way YoungOne. You'll love that. Download TotalCommander and the TPot plugin. File management over USB, really simple. Google it, and don't forget to buy the shareware if you like it :)
  17. f4780y
    Online

    f4780y Super Moderator Staff Member

    Joined:
    Sep 11, 2010
    Messages:
    7,109
    Thanks Received:
    635
    Trophy Points:
    113
    Location:
    Troon, Scotland
    Ratings:
    +635 / 0
    OK. Hold the bus!

    A bit more testing. I followed through on your thoughts about the consultants laptop.

    I connected my iPad to my desktop which it is not synced with. iTunes immediately told me the iPad was locked and I had to unlock it. I was not able to access the device at all via TotalCommander. Completely secure. It was not until I unlocked the device and iTunes recognised the device that access was granted to TotalCommander.

    So, I am satisfied again! I think! :) It IS SECURE. The thief would need the passcode or also to steal the PC that the iPad was synced to...

    Hoorah. Not quite as dumb as I feared I was there! Still, an excellent nights fun. Thanks guys!
  18. graywolf
    Offline

    graywolf iPad Super Guru

    Joined:
    Aug 22, 2010
    Messages:
    3,655
    Thanks Received:
    35
    Trophy Points:
    0
    Location:
    Raleigh, NC USA
    Ratings:
    +35 / 0
    (slams on the brake)





    :)
  19. offthegrid
    Offline

    offthegrid iPF Noob

    Joined:
    Jun 2, 2011
    Messages:
    4
    Thanks Received:
    0
    Trophy Points:
    0
    Location:
    usa
    Ratings:
    +0 / 0
    Thanks for checking on this. While our consultant demonstrated it to me, iTunes was not needed (he actually uninstalled it before the demo). He just used redsn0w to jailbreak and then used TotalCommander TPot to access file system. Did you try that way?
    Last edited: Jun 3, 2011
  20. graywolf
    Offline

    graywolf iPad Super Guru

    Joined:
    Aug 22, 2010
    Messages:
    3,655
    Thanks Received:
    35
    Trophy Points:
    0
    Location:
    Raleigh, NC USA
    Ratings:
    +35 / 0
    Ok... So. I tried the USB ssh thing and got it to work. I have my pc dual booting 7 and xp. Installed it onto my flash drive so USB access is portable. Installed with 7 and iTunes in on 7. iTunes isn't on xp though, and it worked on xp. So it isn't secure? And the redsnow install a package thing is still an idea.

Share This Page

Search tags for this page
can you jailbreak an iphone without knowing the password
,
can you jailbreak without passcode
,
how to break into an ipad without passcode
,
how to jailbreak an iphone without the password
,
how to jailbreak ipad with passcode
,
how to jailbreak ipad without passcode
,
if you jailbreak an iphone with a passcode does the code stay
,
ipad 4 passcode jailbreak
,
ipad password jail
,
iphone 5 jailbreak without passcode
,
jailbreak ipad 2 2nd gen passcode
,
jailbreak ipad with passcode
,
jailbreak ipad without passcode
,
jailbreak iphone with passcode
,

jailbreak iphone without passcode

,
jailbreak passcode ipad
,
jailbreak with passcode
,

jailbreak without passcode

,
jailbreak without password
,
jb iphone without passcode