一种基于Checkm8漏洞的iPhone取证方法研究

Research on iPhone Forensic Method Based on Checkm8 Vulnerability

Checkm8漏洞是一种基于i Phone手机固件强制升降机模式的硬件漏洞。在电子数据取证工作中,针对未知锁屏密码的i Phone手机检材,文章提出一种利用Checkm8漏洞绕过密码验证提取i Phone手机数据的方法,并通过实验演示了漏洞利用、证据数据挖掘与提取、数据解密分析与证据展示。同时利用堆漏洞对锁屏状态下的i Phone手机进行最高权限提升,获取端口通信权限与数据提取传输权限,解决了密码缺失情况下数据提取问题。

The Checkm8 vulnerability is a hardware vulnerability based on the device firmware upgrade(DFU) mode of the iPhone firmware. This paper proposed a method of using Checkm8 vulnerability to bypass password verification to extract iPhone data, and demonstrated the exploitation of the vulnerability, digital data mining and extraction, data decryption analysis and evidence display. At the same time, the heap vulnerabilities were utilized to upgrade the highest authority, obtain the authority of port communication and transmission on the iPhone in the locked state, which could solve the problem of data extraction in the absence of passwords. This method has high practical value for forensic science.