emf_decrypter.py doesn’t decrypt image about iphone-dataprotection HOT 25 CLOSED

This is on an iPad 3G BTW.

i just pushed a fix. can you update (hg pull && hg update) and retry ?
However you mentioned that the EMF and DKey were all zeroes and this is another 
problem (the decryption will fail without these keys). A few questions :
- did you use the ramdisk or did you dump from a running ios ?
- did the kernel_patcher.py script find all the kernel patches ?
- did you get any errors when the plist file was created ? 

(scratch the first question)

This is a protocol of creating the ramdisk with the current commit from the hg 
repo:

g3-power:iphone-dataprotection g3$ python python_scripts/kernel_patcher.py 
/Volumes/Voodoo/Downloads/2012-01-07/iPad1,1_5.0.1_9A405_Restore.ipsw 
Decrypting kernelcache.release.k48
Unpacking ...
Doing CSED patch
Doing getxattr system patch
Doing _PE_i_can_has_debugger patch
Doing IOAESAccelerator enable UID patch
Doing AMFI patch
Patched kernel written to kernelcache.release.k48.patched
Created script make_ramdisk_k48ap.sh, you can use it to (re)build the ramdisk
g3-power:iphone-dataprotection g3$ sudo ./make_ramdisk_k48ap.sh 
g3-power:iphone-dataprotection g3$ chmod 755 make_ramdisk_k48ap.sh 
g3-power:iphone-dataprotection g3$ sudo ./make_ramdisk_k48ap.sh 
Found iOS SDK 5.0
ln -s /System/Library/Frameworks/IOKit.framework/Versions/Current/Headers IOKit
/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/arm-apple-darwin10-llvm
-gcc-4.2 -Wall -isysroot 
/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS5.0.sdk/ 
-framework IOKit -framework CoreFoundation -framework Security -O3 -I. -o 
device_infos device_infos.c device_info.c IOAESAccelerator.c 
AppleEffaceableStorage.c AppleKeyStore.c bsdcrypto/pbkdf2.c bsdcrypto/sha1.c 
bsdcrypto/key_wrap.c bsdcrypto/rijndael.c util.c IOKit.c registry.c
device_infos.c: In function ‘main’:
device_infos.c:9: warning: initialization discards qualifiers from pointer 
target type
AppleEffaceableStorage.c:50:25: warning: multi-character character constant
bsdcrypto/pbkdf2.c: In function ‘pkcs5_pbkdf2’:
bsdcrypto/pbkdf2.c:102: warning: pointer targets in passing argument 3 of 
‘hmac_sha1’ differ in signedness
bsdcrypto/pbkdf2.c:106: warning: pointer targets in passing argument 3 of 
‘hmac_sha1’ differ in signedness
bsdcrypto/key_wrap.c: In function ‘aes_key_wrap’:
bsdcrypto/key_wrap.c:71: warning: pointer targets in passing argument 2 of 
‘rijndael_encrypt’ differ in signedness
bsdcrypto/key_wrap.c:71: warning: pointer targets in passing argument 3 of 
‘rijndael_encrypt’ differ in signedness
bsdcrypto/key_wrap.c: In function ‘aes_key_unwrap’:
bsdcrypto/key_wrap.c:106: warning: pointer targets in passing argument 2 of 
‘rijndael_decrypt’ differ in signedness
bsdcrypto/key_wrap.c:106: warning: pointer targets in passing argument 3 of 
‘rijndael_decrypt’ differ in signedness
ld: warning: -force_cpusubtype_ALL will become unsupported for ARM architectures
ldid -S device_infos
/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/arm-apple-darwin10-llvm
-gcc-4.2 -Wall -isysroot 
/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS5.0.sdk/ 
-framework IOKit -framework CoreFoundation -framework Security -O3 -I. -o 
restored_external restored_external.c device_info.c remote_functions.c 
plist_server.c AppleKeyStore.c AppleEffaceableStorage.c IOKit.c 
IOAESAccelerator.c util.c registry.c AppleKeyStore_kdf.c bsdcrypto/pbkdf2.c 
bsdcrypto/sha1.c bsdcrypto/rijndael.c bsdcrypto/key_wrap.c
restored_external.c: In function ‘init_usb’:
restored_external.c:34: warning: implicit declaration of function 
‘IOUSBDeviceDescriptionCopyInterfaces’
restored_external.c:34: warning: initialization makes pointer from integer 
without a cast
restored_external.c:89: warning: value computed is not used
restored_external.c:91: warning: value computed is not used
restored_external.c:93: warning: value computed is not used
restored_external.c:95: warning: value computed is not used
restored_external.c:97: warning: value computed is not used
remote_functions.c: In function ‘keybag_get_passcode_key’:
remote_functions.c:140: warning: pointer targets in passing argument 2 of 
‘AppleKeyStore_getPasscodeKey’ differ in signedness
AppleEffaceableStorage.c:50:25: warning: multi-character character constant
AppleKeyStore_kdf.c: In function ‘AppleKeyStore_getPasscodeKey’:
AppleKeyStore_kdf.c:31: warning: pointer targets in passing argument 3 of 
‘pkcs5_pbkdf2’ differ in signedness
bsdcrypto/pbkdf2.c: In function ‘pkcs5_pbkdf2’:
bsdcrypto/pbkdf2.c:102: warning: pointer targets in passing argument 3 of 
‘hmac_sha1’ differ in signedness
bsdcrypto/pbkdf2.c:106: warning: pointer targets in passing argument 3 of 
‘hmac_sha1’ differ in signedness
bsdcrypto/key_wrap.c: In function ‘aes_key_wrap’:
bsdcrypto/key_wrap.c:71: warning: pointer targets in passing argument 2 of 
‘rijndael_encrypt’ differ in signedness
bsdcrypto/key_wrap.c:71: warning: pointer targets in passing argument 3 of 
‘rijndael_encrypt’ differ in signedness
bsdcrypto/key_wrap.c: In function ‘aes_key_unwrap’:
bsdcrypto/key_wrap.c:106: warning: pointer targets in passing argument 2 of 
‘rijndael_decrypt’ differ in signedness
bsdcrypto/key_wrap.c:106: warning: pointer targets in passing argument 3 of 
‘rijndael_decrypt’ differ in signedness
ld: warning: -force_cpusubtype_ALL will become unsupported for ARM architectures
ldid -Skeystore_device.xml restored_external
/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/arm-apple-darwin10-llvm
-gcc-4.2 -Wall -isysroot 
/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS5.0.sdk/ 
-framework IOKit -framework CoreFoundation -framework Security -O3 -I. -o 
bruteforce systemkb_bruteforce.c AppleKeyStore.c AppleEffaceableStorage.c 
IOKit.c IOAESAccelerator.c util.c registry.c AppleKeyStore_kdf.c 
bsdcrypto/pbkdf2.c bsdcrypto/sha1.c bsdcrypto/rijndael.c bsdcrypto/key_wrap.c 
device_info.c
systemkb_bruteforce.c: In function ‘saveKeybagInfos’:
systemkb_bruteforce.c:27: warning: implicit declaration of function 
‘device_info’
systemkb_bruteforce.c:27: warning: initialization makes pointer from integer 
without a cast
systemkb_bruteforce.c: In function ‘main’:
systemkb_bruteforce.c:202: warning: implicit declaration of function 
‘AppleKeyStore_getClassKeys’
systemkb_bruteforce.c:202: warning: initialization makes pointer from integer 
without a cast
AppleEffaceableStorage.c:50:25: warning: multi-character character constant
AppleKeyStore_kdf.c: In function ‘AppleKeyStore_getPasscodeKey’:
AppleKeyStore_kdf.c:31: warning: pointer targets in passing argument 3 of 
‘pkcs5_pbkdf2’ differ in signedness
bsdcrypto/pbkdf2.c: In function ‘pkcs5_pbkdf2’:
bsdcrypto/pbkdf2.c:102: warning: pointer targets in passing argument 3 of 
‘hmac_sha1’ differ in signedness
bsdcrypto/pbkdf2.c:106: warning: pointer targets in passing argument 3 of 
‘hmac_sha1’ differ in signedness
bsdcrypto/key_wrap.c: In function ‘aes_key_wrap’:
bsdcrypto/key_wrap.c:71: warning: pointer targets in passing argument 2 of 
‘rijndael_encrypt’ differ in signedness
bsdcrypto/key_wrap.c:71: warning: pointer targets in passing argument 3 of 
‘rijndael_encrypt’ differ in signedness
bsdcrypto/key_wrap.c: In function ‘aes_key_unwrap’:
bsdcrypto/key_wrap.c:106: warning: pointer targets in passing argument 2 of 
‘rijndael_decrypt’ differ in signedness
bsdcrypto/key_wrap.c:106: warning: pointer targets in passing argument 3 of 
‘rijndael_decrypt’ differ in signedness
ld: warning: -force_cpusubtype_ALL will become unsupported for ARM architectures
ldid -Skeystore_device.xml bruteforce
Downloading ssh.tar.gz from googlecode
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 3022k  100 3022k    0     0   863k      0  0:00:03  0:00:03 --:--:-- 1698k
Archive:  /Volumes/Voodoo/Downloads/2012-01-07/iPad1,1_5.0.1_9A405_Restore.ipsw
  inflating: 038-3715-001.dmg        
TAG: TYPE OFFSET 14 data_length:4
TAG: DATA OFFSET 34 data_length:1041000
TAG: SEPO OFFSET 1041040 data_length:4
TAG: KBAG OFFSET 104105c data_length:38
KBAG cryptState=1 aesType=100
TAG: KBAG OFFSET 10410a8 data_length:38
TAG: SHSH OFFSET 104110c data_length:80
TAG: CERT OFFSET 1041198 data_length:794
Decrypting DATA section
Decrypted data seems OK : ramdisk
/dev/disk2                                              /Volumes/ramdisk
"disk2" unmounted.
"disk2" ejected.
myramdisk.dmg created
You can boot the ramdisk using the following command (fix paths)
redsn0w -i 
/Volumes/Voodoo/Downloads/2012-01-07/iPad1,1_5.0.1_9A405_Restore.ipsw -r 
myramdisk.dmg -k kernelcache.release.k48.patched

I can’t find any errors in the above. 

ok, in the plist file, are the values key835,key89B and lockers present and 
contain meaningful data (ie not 0s) ?
also when you ran ./dump_data_partition.sh was there any errors displayed ?
thanks

The values for key835 and key89B are both present and contain 32 hex-digits.

I looked out for them, but I don’t remember seeing any errors when running 
./dump_data_partition.sh.

I have created a backup of the data partition at /mnt2 via scp. It appears to 
be complete. 

I need to restore the iPad for use as soon as possible. 
Is there anything I can do or prepare now to help untangle this issue further 
or will restoring destroy any chances of getting at the correct values for EMF 
and DKey? 
Can they be calculated from other values that are available?

ok, so there is no "lockers" in the plist file ?
can you ssh into the ramdisk, run ./device_infos and look for errors ?
if you restore then the EMF and DKey will be wiped, they are calculated using 
the missing lockers data and the two keys (835 & 89b).
also i see you used the 5.0.1 ipsw, this is probably not the issue but maybe 
you can retry the whole process (except the data partition dump) using the 5.0 
one.

Ok. ./device_infos does not produce any errors. The resulting plist file is 
similar to the one next to the encrypted dd image by the same name. It lacks 
the top level key-value pairs for KeyBagKeys, classKeys, keybags, passcode and 
passcodeKey.

I recreated the ramdisk with 5.0 as requested. 
python python_scripts/demo_bruteforce.py
Results in the exact same files being generated.

BTW: There is a lockers key in the plist. It contains 1920 hex characters, only 
the first 136 of which are non 0.

ok so no lockers in any case ? this is weird, does the device boots normally 
(you mentionned you need to restore) ?

No. That is why I needed a backup. ;)

I will retry after the restore. If it works then, we will know that something 
was hosed that your code depended upon, right?

you have non empty lockers, key835 and key89B, but EMF and DKey are zeroes 
right ?
if so, can you send me the plist file by email ? that would help understand the 
issue. thanks

Sure. I tried to find your non-truncated email address, but have so far been 
unsuccessful.

Apparently the EMF and DKey lockers were erased when updating from iOS 4 to iOS 
5 (!). Without those keys emf_decrypter cannot work.

hey all, trying to recover images for a friend... ive got the data partition 
successfully. getting this:


Keybag: SIGN check OK
Keybag unlocked with passcode key
cprotect version : 2
WARNING ! This tool will modify the hfs image and possibly wreck it if 
something goes wrong !
Make sure to backup the image before proceeding
You can use the --nowrite option to do a dry run instead
Press a key to continue or CTRL-C to abort


and its been running for almost 24 hours now... does this make sense? ive 
already backup up the dmg... the docs say it updates it in place, but the file 
mod date hasnt changed, nor has the size... should i keep waiting? cut it? 
anyone know how i can know if it is really doing anything or just 'stuck'
?

much appreciated!

sorry to ask but did you "press a key to continue" (in fact i think you need to 
press the enter key) ? it should display "decrypting" for each file it 
processes in the image.

yes - the obvious first... i did.. many times.. but also expected something to 
happen, some output and nothing.. it just froze, with the cursor blinking and 
so i wasnt sure. that it *does* spit out stuff for each file is good news, so 
now i know it wasnt working properly.. question is why, and why no error output

gonna copy the backup image i have and try again. i wonder if a path is 
screwey, will check the script itself.

thanks...

wierd. before doing that, i wanted to see if i can mount the dmg. double 
clicking it mounted it, opening it and i see what looks like an iphone phone 
structure. see attached. im able to browse around, but when i try to open files 
in the /mobile/media/DCIM folder its getting errors.. "file may be damaged or 
in a file format Preview doesnt recognize."

If I am at this step, this is successfully decrypted, right? At this point, 
this is a data issue, which I should check over at PhoneRec forums? 

The dmg can be mounted even if the image is not decrypted (because only the 
"file contents" are encrypted). The error messages when opening files mean that 
emf_decrypter.py did nothing (which is consistent if you said the file 
modification time did not change).
There is probably a bug in emf_decrypter.py if it runs forever without 
displaying "Decrypting". Can you try again and then interrupt the script 
(CTRL+C) and post the python traceback here ? Thanks

ahh.. that make sense. thanks for clarifying. still hope i guess... will get 
back to you soon.

it worked! and PhotoRec is finding images of the unallocated portion of the 
disk. Whoo hoo!
Thanks to spent so much time and effort for making these tools, and most 
importantly, opening them up to the world for free.

This is one of those things that really has an effect on people, you've helped 
save precious memories!

Cheers
- SD