Jailbreak without passcode?

Discussion in 'iPad Hacking' started by offthegrid, Jun 2, 2011.

  1. offthegrid
    Offline

    offthegrid iPF Noob

    Joined:
    Jun 2, 2011
    Messages:
    4
    Thanks Received:
    0
    Trophy Points:
    0
    Location:
    usa
    Ratings:
    +0 / 0
    Can an iPad be jail-broken without the device passcode? If so, can the data from the device be extracted through jailbreak?



    Thanks.
  2. SweetPoison
    Offline

    SweetPoison iPad Legend

    Joined:
    Jun 20, 2010
    Messages:
    14,913
    Thanks Received:
    132
    Trophy Points:
    0
    Location:
    Sacramento, California
    Ratings:
    +134 / 0
    I didn't need a passcode when I JB. Not sure what you mean about your second question.

    I bumped your thread to our Hacking Section so someone will chime in!
  3. offthegrid
    Offline

    offthegrid iPF Noob

    Joined:
    Jun 2, 2011
    Messages:
    4
    Thanks Received:
    0
    Trophy Points:
    0
    Location:
    usa
    Ratings:
    +0 / 0
    Thanks, SweetPoison. My company is rolling out iPad and my boss wanted me to find out whether the following scenario is possible:

    "One of our executives' iPad is stolen. The thief is able to jailbreak it without knowing the passcode. He then extracts the whole file system using tools like TPot. Sensitive information stored on the iPad gets leaked. "

    It'd be interesting to hear the team's thoughts on this.
    Last edited: Jun 2, 2011
  4. extendedforecast
    Offline

    extendedforecast iPF Novice

    Joined:
    May 14, 2011
    Messages:
    46
    Thanks Received:
    0
    Trophy Points:
    0
    Location:
    NYC
    Ratings:
    +0 / 0
    Require users to save data to an enterprise cloud and if anyone steals and jailbreaks an iPad they won't get anything from app storage anyway.

    On Android 3.0 there is an encryption option that encrypts the whole file system. I don't know if iPad has something similar. There's also the option to wipe it remotely.which I'm pretty sure iPad.does have. I think your execs will be ok.

    Its execs doing stuff like sending and receiving sensitive emails on public wifi networks you have to worry about. That's a D'oh! Made much easier with the invention of the tablet/netbook.

    Sent from my Xoom using Tapatalk
    Last edited: Jun 3, 2011
  5. f4780y
    Offline

    f4780y Super Moderator Staff Member

    Joined:
    Sep 11, 2010
    Messages:
    7,106
    Thanks Received:
    636
    Trophy Points:
    113
    Location:
    Troon, Scotland
    Ratings:
    +636 / 0
    The short answer to your question offthegrid is yes, but it is quite unlikely. The JB tools on their own would not allow your data to be compromised. The thief would have to be knowledgeable and skilled and have some custom / specialist packages at his disposal. It’s certainly not fair to say that anyone who knows how to jailbreak an iPad would be able to get into your device and retrieve the data. for example, just running resn0w over the top would not reveal or provide access to anything at all.

    So like anything, it is possible in theory but would require quite a specialist set of skills and knowledge which are not at all widespread.
    The best line of defence as has already been suggested is to have your devices properly provisioned as enterprise devices and have the remote wipe capability on standby so any stolen device is immediately wiped as soon as the situation is notified to the relevant person.

    I hope that does not put your boss off opting for them. They are no less secure than any other business device such a laptop really. And remember, the best security is always to train your staff NOT to compromise themselves with the device!
    Last edited: Jun 3, 2011
  6. offthegrid
    Offline

    offthegrid iPF Noob

    Joined:
    Jun 2, 2011
    Messages:
    4
    Thanks Received:
    0
    Trophy Points:
    0
    Location:
    usa
    Ratings:
    +0 / 0
    Thanks for the advice. We do have ability to remotely wipe the device. However, our consultant claims that once [FONT=&quot]he uses redsn0w to jail-break the device without inputting passcode, he can load a free file browsing tool such as Total Commander with TPot. Within a few minutes, he will has full access to the entire iPad file system. He showed me this using his laptop. Although he did uninstall iTune on that laptop, since this laptop was the same one he originally synced the device with, I am not sure if this will still be possible with another laptop. We are just concerned about the possibility that someone may be able to gain access to the data before we have a chance to wipe it.[/FONT]
  7. graywolf
    Offline

    graywolf iPad Super Guru

    Joined:
    Aug 22, 2010
    Messages:
    3,652
    Thanks Received:
    35
    Trophy Points:
    0
    Location:
    Raleigh, NC USA
    Ratings:
    +35 / 0
    But, when you run redsnow you can install a package with the jailbreak. So couldn't a dev just make a tweak that will detonate and explode the filesystem for all to see?
    So is that what you mean by, "the thief would have to be knowledgeable and skilled and have a custom / special package" ?
  8. f4780y
    Offline

    f4780y Super Moderator Staff Member

    Joined:
    Sep 11, 2010
    Messages:
    7,106
    Thanks Received:
    636
    Trophy Points:
    113
    Location:
    Troon, Scotland
    Ratings:
    +636 / 0
    Yup, that's pretty much it YoungOne.
    So the thief that is stealing the iPad also needs to be a dev of quite reasonable talent (or have access to "specialist" bundle(s) created by one).
    Not an impossible situation, but not that likely in a real world scenario.
    Just my opinion of course. I just think folks can get too paranoid about this kind of stuff.

    EDIT - Although as offthegrid pointed out I was not thinking it through effectively. It's probably easier than I thought.. see blow.
    Last edited: Jun 3, 2011
  9. f4780y
    Offline

    f4780y Super Moderator Staff Member

    Joined:
    Sep 11, 2010
    Messages:
    7,106
    Thanks Received:
    636
    Trophy Points:
    113
    Location:
    Troon, Scotland
    Ratings:
    +636 / 0
    Yes, redsn0w+OpenSSH bundle coupled with TotalCommander+TPot sounds like it will allow USB access to the file system. I must check that myself. I guess I'm not thinking too laterally today at all. Brain fade? Not that specialist a solution after all. My bad, sorry.
    Guess the question is still, how much of a risk do you perceive that to be from a business perspective? If your data is that sensitive it should probably be confined to a properly encrypted disk. If you allow your guys laptops which are well protected, then unless you can ensure a similar level of data protection on the iPad, it's probably off the menu for a while...
    On the plus side, iPad2's are perfectly safe at the moment, because they can't be exploited! No doubt they will be one day though...
    Last edited: Jun 3, 2011
  10. graywolf
    Offline

    graywolf iPad Super Guru

    Joined:
    Aug 22, 2010
    Messages:
    3,652
    Thanks Received:
    35
    Trophy Points:
    0
    Location:
    Raleigh, NC USA
    Ratings:
    +35 / 0
    there is a way to view and edit the filesystem via USB? I would like to know that. I have been trying to do that forever! :)
  11. alexjrivera
    Offline

    alexjrivera iPF Noob

    Joined:
    May 30, 2011
    Messages:
    8
    Thanks Received:
    0
    Trophy Points:
    0
    Ratings:
    +0 / 0
    USB? as in universal serial bus like the flash drives you plug in? please correct me.
  12. f4780y
    Offline

    f4780y Super Moderator Staff Member

    Joined:
    Sep 11, 2010
    Messages:
    7,106
    Thanks Received:
    636
    Trophy Points:
    113
    Location:
    Troon, Scotland
    Ratings:
    +636 / 0
    Yes. USB. iPad connected via it's dock connector and charging cable to PC's USB, just like you do any time you sync with iTunes. Then use something like TotalCommander+TPos to open a SSH tunnel to the iPad and read it's file system.

    iTunnel used to provide this too, but not sure if it's currently supported.
  13. graywolf
    Offline

    graywolf iPad Super Guru

    Joined:
    Aug 22, 2010
    Messages:
    3,652
    Thanks Received:
    35
    Trophy Points:
    0
    Location:
    Raleigh, NC USA
    Ratings:
    +35 / 0
    So just over wifi. Nevermind. I thought it was truly via USB, like a flash drive.
  14. f4780y
    Offline

    f4780y Super Moderator Staff Member

    Joined:
    Sep 11, 2010
    Messages:
    7,106
    Thanks Received:
    636
    Trophy Points:
    113
    Location:
    Troon, Scotland
    Ratings:
    +636 / 0
    Eh? Are you trippin YoungOne? Where did I say WiFi? Over USB. Only over USB...
    Connect the cable and presto. :D

    Link - http://code.google.com/p/t-pot/
    Last edited: Jun 3, 2011
  15. graywolf
    Offline

    graywolf iPad Super Guru

    Joined:
    Aug 22, 2010
    Messages:
    3,652
    Thanks Received:
    35
    Trophy Points:
    0
    Location:
    Raleigh, NC USA
    Ratings:
    +35 / 0
    I thought ssh was over wifi only. :) thanks

Share This Page

Search tags for this page
can you jailbreak without passcode
,
jailbreak ipad with passcode
,

jailbreak iphone without passcode

,

jailbreak without passcode

,
jailbreak without password