What's new
By:

Jailbreak without passcode?

O

offthegrid

iPF Noob
Can an iPad be jail-broken without the device passcode? If so, can the data from the device be extracted through jailbreak?



Thanks.
 
I didn't need a passcode when I JB. Not sure what you mean about your second question.

I bumped your thread to our Hacking Section so someone will chime in!
 
SweetPoison said:
I didn't need a passcode when I JB. Not sure what you mean about your second question.

I bumped your thread to our Hacking Section so someone will chime in!
Click to expand...

Thanks, SweetPoison. My company is rolling out iPad and my boss wanted me to find out whether the following scenario is possible:

"One of our executives' iPad is stolen. The thief is able to jailbreak it without knowing the passcode. He then extracts the whole file system using tools like TPot. Sensitive information stored on the iPad gets leaked. "

It'd be interesting to hear the team's thoughts on this.
 
Last edited:
Require users to save data to an enterprise cloud and if anyone steals and jailbreaks an iPad they won't get anything from app storage anyway.

On Android 3.0 there is an encryption option that encrypts the whole file system. I don't know if iPad has something similar. There's also the option to wipe it remotely.which I'm pretty sure iPad.does have. I think your execs will be ok.

Its execs doing stuff like sending and receiving sensitive emails on public wifi networks you have to worry about. That's a D'oh! Made much easier with the invention of the tablet/netbook.

Sent from my Xoom using Tapatalk
 
Last edited:
The short answer to your question offthegrid is yes, but it is quite unlikely. The JB tools on their own would not allow your data to be compromised. The thief would have to be knowledgeable and skilled and have some custom / specialist packages at his disposal. It’s certainly not fair to say that anyone who knows how to jailbreak an iPad would be able to get into your device and retrieve the data. for example, just running resn0w over the top would not reveal or provide access to anything at all.

So like anything, it is possible in theory but would require quite a specialist set of skills and knowledge which are not at all widespread.
The best line of defence as has already been suggested is to have your devices properly provisioned as enterprise devices and have the remote wipe capability on standby so any stolen device is immediately wiped as soon as the situation is notified to the relevant person.

I hope that does not put your boss off opting for them. They are no less secure than any other business device such a laptop really. And remember, the best security is always to train your staff NOT to compromise themselves with the device!
 
Last edited:
f4780y said:
The short answer to your question offthegrid is yes, but it is quite unlikely. The JB tools on their own would not allow your data to be compromised. The thief would have to be knowledgeable and skilled and have some custom / specialist packages at his disposal. It’s certainly not fair to say that anyone who knows how to jailbreak an iPad would be able to get into your device and retrieve the data. for example, just running resn0w over the top would not reveal or provide access to anything at all.
Click to expand...

Thanks for the advice. We do have ability to remotely wipe the device. However, our consultant claims that once [FONT=&quot]he uses redsn0w to jail-break the device without inputting passcode, he can load a free file browsing tool such as Total Commander with TPot. Within a few minutes, he will has full access to the entire iPad file system. He showed me this using his laptop. Although he did uninstall iTune on that laptop, since this laptop was the same one he originally synced the device with, I am not sure if this will still be possible with another laptop. We are just concerned about the possibility that someone may be able to gain access to the data before we have a chance to wipe it.[/FONT]
 
f4780y said:
The short answer to your question offthegrid is yes, but it is quite unlikely. The JB tools on their own would not allow your data to be compromised. The thief would have to be knowledgeable and skilled and have some custom / specialist packages at his disposal. It’s certainly not fair to say that anyone who knows how to jailbreak an iPad would be able to get into your device and retrieve the data. for example, just running resn0w over the top would not reveal or provide access to anything at all.

!
Click to expand...

But, when you run redsnow you can install a package with the jailbreak. So couldn't a dev just make a tweak that will detonate and explode the filesystem for all to see?
So is that what you mean by, "the thief would have to be knowledgeable and skilled and have a custom / special package" ?
 
Yup, that's pretty much it YoungOne.
So the thief that is stealing the iPad also needs to be a dev of quite reasonable talent (or have access to "specialist" bundle(s) created by one).
Not an impossible situation, but not that likely in a real world scenario.
Just my opinion of course. I just think folks can get too paranoid about this kind of stuff.

EDIT - Although as offthegrid pointed out I was not thinking it through effectively. It's probably easier than I thought.. see blow.
 
Last edited:
offthegrid said:
Thanks for the advice. We do have ability to remotely wipe the device. However, our consultant claims that once [FONT=&quot]he uses redsn0w to jail-break the device without inputting passcode, he can load a free file browsing tool such as Total Commander with TPot. Within a few minutes, he will has full access to the entire iPad file system. He showed me this using his laptop. Although he did uninstall iTune on that laptop, since this laptop was the same one he originally synced the device with, I am not sure if this will still be possible with another laptop. We are just concerned about the possibility that someone may be able to gain access to the data before we have a chance to wipe it.[/FONT]
Click to expand...

Yes, redsn0w+OpenSSH bundle coupled with TotalCommander+TPot sounds like it will allow USB access to the file system. I must check that myself. I guess I'm not thinking too laterally today at all. Brain fade? Not that specialist a solution after all. My bad, sorry.
Guess the question is still, how much of a risk do you perceive that to be from a business perspective? If your data is that sensitive it should probably be confined to a properly encrypted disk. If you allow your guys laptops which are well protected, then unless you can ensure a similar level of data protection on the iPad, it's probably off the menu for a while...
On the plus side, iPad2's are perfectly safe at the moment, because they can't be exploited! No doubt they will be one day though...
 
Last edited:
f4780y said:
Yes, redsn0w+OpenSSH bundle coupled with TotalCommander+TPot sounds like it will allow USB access to the file system.
Click to expand...

there is a way to view and edit the filesystem via USB? I would like to know that. I have been trying to do that forever! :)
 
graywolf said:
there is a way to view and edit the filesystem via USB? I would like to know that. I have been trying to do that forever! :)
Click to expand...

USB? as in universal serial bus like the flash drives you plug in? please correct me.
 
Yes. USB. iPad connected via it's dock connector and charging cable to PC's USB, just like you do any time you sync with iTunes. Then use something like TotalCommander+TPos to open a SSH tunnel to the iPad and read it's file system.

iTunnel used to provide this too, but not sure if it's currently supported.
 
f4780y said:
Yes. USB. iPad connected via it's dock connector and charging cable to PC's USB, just like you do any time you sync with iTunes. Then use something like TotalCommander+TPos to open a SSH tunnel to the iPad and read it's file system.

iTunnel used to provide this too, but not sure if it's currently supported.
Click to expand...

So just over wifi. Nevermind. I thought it was truly via USB, like a flash drive.
 
graywolf said:
f4780y said:
Yes. USB. iPad connected via it's dock connector and charging cable to PC's USB, just like you do any time you sync with iTunes. Then use something like TotalCommander+TPos to open a SSH tunnel to the iPad and read it's file system.

iTunnel used to provide this too, but not sure if it's currently supported.
Click to expand...

So just over wifi. Nevermind. I thought it was truly via USB, like a flash drive.
Click to expand...

Eh? Are you trippin YoungOne? Where did I say WiFi? Over USB. Only over USB...
Connect the cable and presto. :D

Link - http://code.google.com/p/t-pot/
 
Last edited:
You must log in or register to reply here.

Most reactions

Similar threads

AAA
Is it possible to remove jailbreak and jailbreak again!???
Replies
11
Views
15K
AAA
AAA
P
I derped, please help.
Replies
2
Views
2K
leelai
leelai
S
How to jailbreak ipad2 again? Pls help, thks much!
Replies
1
Views
4K
Mickey330
Mickey330
iZwipeer
Hack passcode?
Replies
6
Views
16K
iZwipeer
iZwipeer
TIMECMDR
  • Locked
Help needed lost passcode for JB Ipad2 4.3.3
2 3 4
Replies
48
Views
18K
Gabriel1
Gabriel1

Latest posts

Back
Top