Elcomsoft iOS Forensic Toolkit 6.71: extended Recovery mode support and plenty of bugfixes

Elcomsoft iOS Forensic Toolkit 6.71 extracts additional information from locked and disabled iOS devices through Recovery mode, and fixes several bugs identified in the previous versions.

In Elcomsoft iOS Forensic Toolkit 6.71, we are extending support for querying iOS devices via Recovery mode. In addition to previously extractable information, which included the device model identifier, EDID, ECID/UCID, serial number and, in certain scenarios, the IMEI number, EIFT 6.71 returns information about the bootloader version. By analyzing the bootloader version, the tool displays information about the version of iOS or the range of versions of iOS installed on the device. The new feature comes handy when analyzing iOS devices that are locked after ten unsuccessful unlock attempts, or have entered the USB restricted mode.

In addition to extended Recovery mode support, iOS Forensic Toolkit 6.71 fixes several issues identified in the previous builds. Users can now return to the main menu without creating a backup if the backup is protected with an unknown password. We have also fixed the issue of decrypting keychain records extracted in the course of physical acquisition from certain 32-bit iOS devices. Finally, the Windows edition is now distributed with an interactive installer instead of a simple ZIP archive.

With Apple routinely altering the signing mechanism, features relying on Apple’s private protocols may stop working until the fix is developed. A change in the signing protocol caused the use of non-developer and some personal developer accounts for signing the extraction agent to break. We implemented a fix, and the signing is now working again.

Release notes:

  • Added the ability to obtain bootloader version and iOS version in Recovery mode (supports regular and locked devices, as well as devices in USB restricted mode)
  • Added the ability to go back to main menu if a backup password is set without creating a backup
  • Fixed the issue when signing the extraction agent using non-developer and some personal developer accounts
  • Fixed the problem decrypting the keychain for some 32-bit devices
  • Added the installer for the Windows edition

Vedi anche