å®ã®ãšãããã¢ãã€ã«ããã€ã¹ã®ããã¯ã解é€ããæè¡çãªæ¹æ³ã¯ãããèªäœãã³ã³ãã¥ãŒã¿ãŒæ³å»åŠè ã«ãšã£ãŠã®ç®çã§ã¯ãããŸããããã®äž»ãªã¿ã¹ã¯ã¯ãã¡ã¢ãªã«ä¿åãããŠããããŒã¿ã«ã¢ã¯ã»ã¹ããããšã§ãããããã£ãŠãç 究è ãèšå®ãããPINã³ãŒããŸãã¯ç»åãã¹ã¯ãŒãããã€ãã¹ããŠããã€ã¹ããæ å ±ãæœåºããããšã«æåããå Žåãéåžžãããã¯ã解é€ããå¿ èŠã¯ãªããªããŸããäžæ¹ããšãã¹ããŒãããŸã ç©çã¬ãã«ãŸãã¯è«çã¬ãã«ã§ããŒã¿ãæœåºããŠããå Žåã¯ãå°æ¥çã«ããã€ã¹ã®ããã¯ã解é€ããã®ã«åœ¹ç«ã€æ å ±ãåãåãããšãã§ããŸãããã®èšäºã§ã¯ãã€ãŽãŒã«ã»ããã€ãããã°ã«ãŒã-IBã³ã³ãã¥ãŒã¿ãã©ã¬ã³ãžãã¯ç 究æã®å°é家ã¯ãæ³å»åŠã®å°é家ã¯ãã¢ãã€ã«ããã€ã¹ã®ãããã¯ãã€ãã¹ããããšãã§ãããã®æ¹æ³ã«ã€ããŠè©±ãç¶ããŠããŸããæåã®éšåã¯ããã§èŠãããšãã§ããŸã..ã
: , . â , . , . , .
ãã¡ãããããã¯ã解é€ããããã®æè¡çæ©èœã¯ãç¹å®ã®ããã€ã¹ã®ç¹æ§ïŒè£œé å ãã¢ãã«ããªãã¬ãŒãã£ã³ã°ã·ã¹ãã ã®ããŒãžã§ã³ãã€ã³ã¹ããŒã«ãããŠããã»ãã¥ãªãã£æŽæ°ããã°ã©ã ãªã©ïŒãšå¯æ¥ã«é¢é£ããŠããŸããæ³å»åŠè ã¯ãã¢ãã€ã«ããã€ã¹ã®ããã¯ã解é€ããããšãããšãã«ããããã®ç¹ãèæ ®ããå¿ èŠããããŸããAppleããå§ããŸãããã
Appleã¢ãã€ã«ããã€ã¹ã®ããã¯ã解é€ãã
æ¹æ³21ïŒããŒããŠã§ã¢ããã³ãœãããŠã§ã¢ã·ã¹ãã ã䜿çšããGrayKeyããã³UFED Premium
çŸåšåžå Žã«åºãŠããã®ã¯ãPINã³ãŒããéžæããããã¯ãããAppleã¢ãã€ã«ããã€ã¹ããããŒã¿ãæœåºããããã«èšèšããã2ã€ã®ãœãããŠã§ã¢ãšãââãŒããŠã§ã¢ã®è€åäœã§ãã
æåã®ããã€ã¹ã¯GrayshiftGrayKey [23]ã§ããããã€ã¹ã®éçºè ã«ãããšãiOSã®ãã¹ãŠã®ããŒãžã§ã³ã§ã»ãŒãã¹ãŠã®iPhoneã®PINã³ãŒããå埩ããããã«äœ¿çšã§ããŸãã
ããã¯ãäžè¬ã«å ¬éãããŠããæåãªGrayKeyç»åã®1ã€ãã©ã®ããã«èŠãããã§ãã
調æ»å¯Ÿè±¡ã®ããã€ã¹ãæ¥ç¶ããã«ã¯ã2æ¬ã®ãã³ã ãã§ã¯äžååã§ãããã®çç±ã以äžã«èª¬æããŸãã
2çªç®ã®ãã¹ã¯ãŒãã¯ã©ãã«ãŒã¯ã2019幎6æ14æ¥ã«çºè¡šãããCellebriteã®UFEDãã¬ãã¢ã ã§ã[24]ã
ãããããUFED Premiumã¯ãäžé£ã®ããã°ã©ã ïŒUFED 4PCãšã®é¡æšã«ããïŒãŸãã¯ç¹æ®ãªããŒããŠã§ã¢ããã€ã¹ïŒUFED Touchãšã®é¡æšã«ããïŒã®åœ¢ã§ååšããå¯èœæ§ããããŸãã
äž¡æ¹ã®ããã€ã¹ã¯ãå€ãã®åœã®è»äºããã³èŠå¯çµç¹ã§ã®ã¿äœ¿çšã§ããŸããäž¡æ¹ã®è€åäœã®æ©èœã«é¢ããæ å ±ã¯éãããŠããŸããããã¯ãAppleãããã€ã¹ããã®ããŒã¿ã®æœåºã«åŒ·ãå察ããŠãããæ³å»åŠã®å°é家ããã®ãããªããã€ã¹ããããŒã¿ãæœåºããã®ãé²ãããã«ã補åã«åžžã«æ°ããéçºãå°å ¥ããŠããããã§ãã
ããã¯ãããã¢ãã€ã«ããã€ã¹ã®ã¡ã¢ãªãžã®ã¢ã¯ã»ã¹ã劚ããAppleã«ããæ°ããéçºãåé¿ããããã«ãGreyShiftãšCellebriteã®äŒæ¥ãããçšåºŠã®æéïŒæ°é±éããæ°ãæïŒãå¿ èŠãšããããšã¯ç¢ºãã«ç¥ãããŠããŸãã
Appleã¢ãã€ã«ããã€ã¹ã®PINã³ãŒãã¯ããã«ãŒããã©ãŒã¹æ»æã䜿çšããŠè§£èªãããå¯èœæ§ããããŸããæåããå Žåããã®ãããªãã¹ã¯ãŒãã®éžæã«ã¯1æ¥ãããããŸãããã6ãæ以äžãããå ŽåããããŸãããããã£ãŠãPINã®å埩ã«ã¯æéããããããã2å°ã®ã¢ãã€ã«ããã€ã¹ã®ã¿ãGrayKeyã«æ¥ç¶ãããšãç 究è ã®èœåãå€§å¹ ã«å¶éãããŸãã
ã»ãã¥ãªãã£ã®æšå¥šäºé ïŒ 4ã6æåã®é·ãã®ããžã¿ã«ãã¹ã¯ãŒãã¯ãæ€çŽ¢çšèªã®èŠ³ç¹ããã¯æ¯èŒçåãå ¥ããããŸãã7ã8æ¡ã§ãããbrute-forceãã¹ã¯ãŒãbrute-forceã®ã¿ã¹ã¯ããã§ã«éåžžã«è€éã«ããŠããã匷åãªè±æ°åã®ãã¹ã¯ãŒãã䜿çšãããšããã®ã¿ã¹ã¯ã劥åœãªæéå ã«è§£æ±ºã§ããªããªããŸãã
æ¹æ³22ïŒIPããã¯ã¹ããŒããŠã§ã¢ã³ã³ãã¬ãã¯ã¹ã䜿çšãã
iOS 7-8.1ãå®è¡ããŠããããã¯ãããAppleã¢ãã€ã«ããã€ã¹ã®PINã³ãŒããå埩ããã«ã¯ãéåžžãååã«IPããã¯ã¹ã®çµã¿åããã䜿çšããããŒããŠã§ã¢ããã€ã¹ã®ãã¡ããªãŒã䜿çšã§ããŸãããã®ãããªããã€ã¹ã«ã¯ãæ°çŸãã«ããæ°åãã«ã®ç¯å²ã®å€ãã®ããŒããŠã§ã¢å®è£ ããããŸããããšãã°ããã®ãããªå®è£ ã®å€åœ¢ã¯ãIPããã¯ã¹iPhoneãã¹ã¯ãŒãããã¯è§£é€ããŒã«[25]ã§ãããã®ããã€ã¹ã䜿çšããPINã³ãŒãã®å埩ã®çµæã¯æ¬¡ã®ããã«ãªããŸãã
ã¢ãã€ã«ãã©ã¬ã³ãžãã¯çšã®ãœãããŠã§ã¢ãéçºããŠããå€ãã®äŒæ¥ãããã®æ©èœãèšèšã«å®è£ ããŠããŸããSusteenã¯ããã«é²ãã§ãBurner Breakerããããã³ã³ãã¬ãã¯ã¹ã®åœ¢ã§åæ§ã®ããã€ã¹ãå®è£ ããŸããïŒããã¯ãããã¢ãã€ã«ããã€ã¹ã®PINã³ãŒãã¯ããããã«ãã£ãŠååŸãããŸãïŒ[26]ïŒ
ããã€ã¹ã®æ¬è³ªã¯æ¬¡ã®ãšããã§ãããªãã¬ãŒãã£ã³ã°ã·ã¹ãã ïŒiOS 7.xxïŒã«ãœãããŠã§ã¢ãšã©ãŒãååšãããããPINã³ãŒãã®å ¥åã«å€±æããåæ°ã䜿ãæããããåŸã倱æããè©Šè¡åæ°ã®ã«ãŠã³ã¿ãŒããªã»ããããã³ãã³ããããã€ã¹ã«éä¿¡ãããŸããããã«ãããããŒããŠã§ã¢ã³ã³ãã¬ãã¯ã¹ã¯ãç¹å®ã®æ°ã®æ°ããã³ãŒãã®çµã¿åãããåé©çšããŠãããã€ã¹ã®ããã¯ã解é€ã§ããŸãã
IP Box iPhone Password Unlock Toolã®è£œé å ãè¿°ã¹ãŠããããã«ãããã¯ãããAppleã¢ãã€ã«ããã€ã¹ã®4æ¡ã®PINã³ãŒããéžæããã®ã«17æéãããããŸããã
ã»ãã¥ãªãã£ã®ãã³ãïŒ iOS7ããã€ã¹ã¯æ°å¹Žåã«äº€æããå¿ èŠããããŸããã
æ¹æ³23ïŒPINã®å埩
è¥ãiPhoneã¢ãã«ïŒiPhone 5cãŸã§ïŒã®å Žåããã«ãŒããã©ãŒã¹æ»æã«ãã£ãŠPINã³ãŒãããã«ãŒããã©ãŒã¹ããããšãã§ããŸããããšãã°ãããã¯Cellebriteã®UFEDç©çã¢ãã©ã€ã¶ãŒãŸãã¯Elcomsoftã®iOS ForensicToolkitã䜿çšããŠå®è¡ã§ããŸãã
ããã€ã¹ãDFUã¢ãŒãã®å Žåãç¬èªã®ãªãã¬ãŒãã£ã³ã°ã·ã¹ãã ãèµ·åããåã«ããã€ã¹ãå¶åŸ¡ã§ããããã«ããäžé£ã®ãšã¯ã¹ããã€ããããŒããããŸãã
æ¥ç¶ãããiPhone4ã®ããŒã¿æœåºããã³PINå埩ãªãã·ã§ã³ãåããiOSç©çãŠã£ã³ããŠã®å€èŠ³ã
ããã¹ã¯ãŒãã³ãŒãå埩ããªãã·ã§ã³ãéžæãããšãããã¯ãããããã€ã¹ã®PINã³ãŒããéžæãããŸããPINã³ãŒãã®å埩ã®çµæã¯æ¬¡ã®ããã«ãªããŸãã
ãããã¯ãããAppleã¢ãã€ã«ããã€ã¹ããããŒã¿ãæœåºããèŠéã
2019幎9æ27æ¥ãä»®åaxi0mXã®TwitterãŠãŒã¶ãŒãcheckm8ã®æªçšãçºè¡šããŸããã圌ã¯ãäœçŸäžãã®Appleããã€ã¹ïŒiPhone4sããiPhoneXãŸã§ïŒã®æ å ±ãå±éºã«ãããè匱æ§ãæªçšããŸãã[27]ã
iPhone 4SãiPhone 5ãiPhone 5Cã«ã¯ãããã¯ãããããã€ã¹ã®PINã³ãŒãããã«ãŒããã©ãŒã¹ããè©Šè¡åæ°ãå¶éããããŒããŠã§ã¢æ©èœããªãããããããã®ããã€ã¹ã¯ãPINã³ãŒãå€ãå埩ããããã«é 次ãã«ãŒããã©ãŒã¹ããããã«äœ¿çšã§ãããœãããŠã§ã¢ã«å¯ŸããŠè匱ã§ãã
Elcomsoft IOS Forensics Toolkitã®8æã®ãªãªãŒã¹ã«ã¯ãããã€ã¹ïŒiPhone5ããã³iPhone5cïŒã«å¯Ÿãããã®ãããªæ»æã®å®è£ ãå«ãŸããŠããŸãã
ããã«ãPANGUã°ã«ãŒãã®ã»ãã¥ãªãã£ç 究è ã¯ãA8-A10ãããïŒiPhone 6ã6sã7ïŒã«SEPROMã®è匱æ§[28]ãå ±åããŸãããããã«ãããçè«çã«ã¯PINã®æšæž¬ãç¡å¹ã«ãªããŸããã»ãã¥ãªãã£
ã«é¢ããæšå¥šäºé ïŒçŸåšãå®å šãªããã€ã¹ãšèŠãªãããšãã§ããã®ã¯A12ããã³A13ïŒiPhone XRãXSã11ã11ProïŒããã€ã¹ã®ã¿ã§ããå€ãè匱ãªããã€ã¹ãæ°ããå®å šãªããã€ã¹ãšåãiCloudã«æ¥ç¶ãããŠããå Žåã¯ãå€ãããã€ã¹ãä»ããŠæ°ããããã€ã¹ããiCloudããŒã¿ãååŸã§ããããšãå¿ããªãã§ãã ããã
Elcomsoft IOS Forensics Toolkitã®ãã«ãŒããã©ãŒã¹ïŒ
æ¹æ³24ïŒããã¯ããŠã³ãã¡ã€ã«ã䜿çšãã
Appleã¢ãã€ã«ããã€ã¹ãWindowsãŸãã¯MacOSãå®è¡ããŠããã³ã³ãã¥ãŒã¿ãŒã«å°ãªããšã1åæ¥ç¶ãããŠããå ŽåãiTunesã¯ãã®ããã€ã¹äžã«ãã¡ã€ã«ãèªåçã«äœæããç 究è ãããã¯ãããããã€ã¹ããããŒã¿ãæœåºããã®ã«åœ¹ç«ã¡ãŸãã
ãããã®ãã¡ã€ã«ã¯ã次ã®ãã¹ã«ãããŸãã
- Mac OS XïŒ\ private \ var \ db \ lockdown
- Windows 2000ããã³XPïŒCïŒ\ããã¥ã¡ã³ããšèšå®\ãã¹ãŠã®ãŠãŒã¶ãŒ\ã¢ããªã±ãŒã·ã§ã³ããŒã¿\ Apple \ããã¯ããŠã³
- Windows Vistaã7ã8ãããã³10ïŒCïŒ\ ProgramData \ Apple \ Lockdown
ããŒã¿æœåºãæåãããã«ã¯ãç 究è ã¯ãããã®ãã¡ã€ã«ãã¢ãã€ã«ããã€ã¹ã®ææè ã®ã³ã³ãã¥ãŒã¿ãŒããèªåã®ã¯ãŒã¯ã¹ããŒã·ã§ã³ïŒåããã©ã«ããŒå ïŒã«ç§»åããå¿ èŠããããŸãããã®åŸãä»»æã®ãã©ã¬ã³ãžãã¯ããŒã«ãŸãã¯iTunesã䜿çšããŠããŒã¿ãååŸã§ããŸãã
Appleã¢ãã€ã«ããã€ã¹ãiOSããŒãžã§ã³9以éãå®è¡ããŠããŠãããã¯ãããåŸã«åèµ·åãããå Žåãç 究è ã¯ãã®ã¢ãããŒãã䜿çšã§ããªãããšã«æ³šæããããšãéèŠã§ãã
ã»ãã¥ãªãã£ã«é¢ããæšå¥šäºé ïŒåŒ·åãªãã¹ã¯ãŒããã€ã³ã¹ããŒã«ããããã«ãã£ã¹ã¯æå·åãã€ã³ã¹ããŒã«ãããŠããªãã³ã³ãã¥ãŒã¿ãŒã«iOSããã€ã¹ãæ¥ç¶ããªãã§ãã ããã
Androidãªãã¬ãŒãã£ã³ã°ã·ã¹ãã ãå®è¡ããŠããã¢ãã€ã«ããã€ã¹ã®ããã¯ã解é€ãã
Androidãªãã¬ãŒãã£ã³ã°ã·ã¹ãã ãå®è¡ããŠããã¢ãã€ã«ããã€ã¹ã®å ŽåãPINããã¿ãŒã³ãç¥ããªããŠãããŒã¿ã«ã¢ã¯ã»ã¹ã§ããæ¹æ³ãããã€ããããŸãããããã®æ¹æ³ãšãPINãŸãã¯ãã¿ãŒã³ãå埩ããæ¹æ³ã®äž¡æ¹ã«ã€ããŠèª¬æããŸãã
æ¹æ³25ïŒã¢ãã ã®ATã³ãã³ãã䜿çšããŠããã€ã¹ã®ããã¯ã解é€ãã
äžéšã®ã¢ãã€ã«ããã€ã¹ã§ã¯ãATã¢ãã ãããã©ã«ãã§ã¢ã¯ãã£ãåã§ããŸããéåžžããããã¯LG ElectronicsIncã«ãã£ãŠè£œé ãããã¢ãã€ã«ããã€ã¹ã§ãã 2016ã 2017幎ã§ãããä»ã®ã¡ãŒã«ãŒã補é ããããã€ã¹ãããå¯èœæ§ããããŸãã
ããã«ãããç 究è ã¯ATã³ãã³ãã䜿çšããŠã¢ãã€ã«ããã€ã¹ã®æäœãå¶åŸ¡ã§ããŸããããšãã°ããããã®ã³ãã³ãã䜿çšããŠããã¡ãŒã ãŠã§ã¢æŽæ°ã¢ãŒãã®ããã€ã¹ããã¡ã¢ãªãã³ããååŸã§ããŸãããŸãã¯ã1ã€ã®ã³ãã³ãã§ããã€ã¹ã®ããã¯ã解é€ããŸãã ATã³ãã³ãã䜿çšãããšãããã€ã¹ã®ã¡ã¢ãªå ã®ããŒã¿ãå€æŽãããªããããæãæ³çã«æ£ããæ¹æ³ã§ãã
ã¢ãã€ã«ããã€ã¹ã®ããã¯ã解é€ããã«ã¯ã調æ»å¡ã®ã³ã³ãã¥ãŒã¿ãŒã®Windowsããã€ã¹ã®ãªã¹ãã«LGEã¢ãã€ã«USBã¢ãã ãšããŠè¡šç€ºãããå¿ èŠããããŸãã
LGEã¢ãã€ã«USBã¢ãŒãã§ç 究è ã®ã³ã³ãã¥ãŒã¿ãŒã«æ¥ç¶ãããããã¯ãããLGã¹ããŒããã©ã³ïŒ
次ã«ã端æ«ã䜿çšããŠATã³ãã³ããçºè¡ããããå°çšã®ãœãããŠã§ã¢ïŒOxygen Forensic Suite Expertãªã©ïŒã䜿çšã§ããŸãã
ããã¯ãããLGã¹ããŒããã©ã³ãOxygenForensic Suiteã«è¡šç€ºããïŒ
ããã°ã©ã ã€ã³ã¿ãŒãã§ã€ã¹ã®[ããã¯è§£é€]ãã¿ã³ãã¯ãªãã¯ãããšãããã€ã¹ã®ããã¯ã解é€ãããŸãã
ã¢ãã€ã«ãã©ã¬ã³ãžãã¯ã§ã®ATã³ãã³ãã®äœ¿çšã«ã€ããŠã¯ããATã¢ãã ã³ãã³ãã䜿çšããLGAndroidã¹ããŒããã©ã³ã®ç»é¢ã®ããã¯è§£é€ã[29]ã§è©³ãã説æãããŠããŸãã
ä¿è·ã«é¢ããæšå¥šäºé ïŒããã€ã¹ãçŸåšã®ããã€ã¹ã«å€æŽããŠãã ããã
æ¹æ³26ïŒã«ãŒãåãããããã€ã¹ã®ããŒã¿ã«ã¢ã¯ã»ã¹ãã
ã«ãŒãåãããããã€ã¹ãã€ãŸããç 究è ããã§ã«ã¹ãŒããŒãŠãŒã¶ãŒæš©éãæã£ãŠããããã€ã¹ãç 究ã«åãå ¥ããããšãã§ããå ŽåããããŸãããã®ãããªããã€ã¹ã§ã¯ãç 究è ã¯ãã¹ãŠã®ããŒã¿ïŒãã¡ã€ã«ãšè«çããŒãã£ã·ã§ã³ïŒã«ã¢ã¯ã»ã¹ã§ããŸãããããã£ãŠãç 究è ã¯PINãŸãã¯ç»åã®ãã¹ã¯ãŒããå«ããã¡ã€ã«ãæœåºãããããã®å€ã埩å ããããåé€ããŠããã€ã¹ã®ããã¯ã解é€ããããšãã§ããŸãã
説æããæ¹æ³ã«å ããŠãç 究è ãPINãŸãã¯ã°ã©ãã£ãã¯ã³ãŒããå«ããã¡ã€ã«ãèŠã€ããããšãã§ããã¢ãã€ã«ããã€ã¹ã®ç©çãã³ãã¯ã次ã®æ¹æ³ã§çæã§ããŸãã
- ããããªãæ¹åŒïŒã¡ã¢ãªããããåãåºããŠçŽæ¥æ å ±ãèªã¿åãïŒ
- JTAGã¡ãœããïŒããã°ã©ã ã®ãããã°ã«äœ¿çšãããJoint Test Action Groupã€ã³ã¿ãŒãã§ã€ã¹ã䜿çšïŒ
- In-System Programming (ISP) ( )
- Emergency Download Mode ( Qualcomm)
- AT-
æªçšã䜿çšããŠãç 究è ã¯èª¿æ»äžã®ããã€ã¹ã®ãã¡ã€ã«ã·ã¹ãã ã®äžéšãæœåºã§ããŸãããã¡ã€ã«ã·ã¹ãã ã®ãã®ãã©ã°ã¡ã³ãã«ããã¯PINãŸãã¯ãã¿ãŒã³ãå«ããã¡ã€ã«ãå«ãŸããŠããå Žåãç 究è ã¯ãããã®åŸ©å ãè©Šã¿ãããšãã§ããŸãã
ãã¡ã€ã«gesture.keyãsettings.dbãlocksettings.dbãgatekeeper.password.key
PINãŸãã¯ã°ã©ãã£ãã¯ã³ãŒãã«é¢ããæ å ±ã¯ããã¹/ããŒã¿/ã·ã¹ãã /ã®äžã«ãã次ã®ãã¡ã€ã«ã«ä¿åãããŸãã
- ãžã§ã¹ãã£ããŒïŒæ°ãããã¡ãŒã ãŠã§ã¢ã®gatekeeper.pattern.keyïŒ
- password.keyïŒãŸãã¯gatekeeper.password.keyïŒ
- locksettings.db
- locksettings.db-wal
- locksettings.db-shm
- settings.db
- settings.db-wal
- settings.db-shm
ãããã®ãã¡ã€ã«ãåé€ãããããã¡ã€ã«å ã®ããã·ã¥ããããã¹ã¯ãŒãå€ãå€æŽããããããšãã¢ãã€ã«ããã€ã¹ã®ããã¯ã解é€ãããå ŽåããããŸãã
ã»ãã¥ãªãã£ã®æšå¥šäºé ïŒãã®ã¡ãœããïŒgesture.keyïŒã¯ãæå·åããŒã¿ãæ ŒçŽããããã®åå¥ã®é åããŸã ãªãããã¡ã€ã«ã·ã¹ãã ã«åçŽã«æ ŒçŽãããŠããå€ãããã€ã¹ã«é©çšã§ããŸãããã®æ¹æ³ã¯ãæ°ããããã€ã¹ã§ã¯æ©èœããŸããã
æ¹æ³27ïŒããã¯ã³ãŒããå«ããã¡ã€ã«ãåé€ãã
ã¢ãã€ã«ããã€ã¹ã®ããã¯ã解é€ããæãç°¡åãªæ¹æ³ã¯ãããã¯ã³ãŒããå«ããã¡ã€ã«ãåé€ããããšã§ãããããè¡ãã«ã¯ãããã€ã¹ã§USBãããã°ãæå¹ã«ããå¿ èŠããããŸãããæ®å¿µãªããããããåžžã«è¡ããããšã¯éããŸããã
ç 究è ã幞éã§USBãããã°ãã¢ã¯ãã£ãã«ãªã£ãŠããå Žåãæå®ãããäžé£ã®ã³ãã³ãã䜿çšããŠããã¹ã¯ãŒããå«ããã¡ã€ã«ãåé€ã§ããŸã[30]ã
adb devices
adb shell
cd /data/system
su
rm *.key
rm *.key
adb reboot
å¥ã®ãªãã·ã§ã³ã¯ãgesture.keyãã¡ã€ã«ãåé€ããã³ãã³ããå ¥åããããšã§ãã
adb shell rm /data/system/gesture.key
åèµ·ååŸãããã€ã¹ã®ããã¯ãããã«è§£é€ãããããããã¯ç»é¢ã衚瀺ãããŸããããã¯ç»é¢ã¯äžãŸãã¯æšªã«ã¹ã¯ã€ãããã ãã§ãã
ããã¯ã解é€ããå¥ã®æ¹æ³ã¯ããã¹ã¯ãŒããå«ãããŒã¿ããŒã¹ã»ã«ã®å€ãå€æŽããããšã§ãããããè¡ãã«ã¯ã次ã®äžé£ã®ã³ãã³ããå®è¡ããŸã[30]ã
adb shell
cd /data/data/com.android.providers.settings/databases
sqlite3 settings.db
update system set value=0 where name=âlock_pattern_autolockâ;
update system set value=0 where name=âlockscreen.lockedoutpermanentlyâ;
.quit
å¥ã®ãªãã·ã§ã³ã¯ãw3bsit3-dns.comãã©ãŒã©ã ã®ãŠãŒã¶ãŒnstorm1ã«ãã£ãŠæäŸãããŸãã圌ã¯ã次ã®äžé£ã®ã³ãã³ããå ¥åããããšãææ¡ããŠããŸã[31]ã
adb shell
cd /data/data/com.android.providers.settings/databases
sqlite3 settings.db
update secure set value=0 where name='lockscreen.password_salt';
update secure set value=0 where name='lockscreen.password_type';
update secure set value=0 where name='lockscreen.lockoutattemptdeadline';
update secure set value=0 where name='lock_pattern_visible_pattern';
update system set value=0 where name='lockscreen.lockexchange.enable';
.quit
ä¿è·ã®æšå¥šäºé ïŒåã®ãã®ãšåæ§ã
æ¹æ³28ïŒã«ã¹ã¿ã ãã¡ãŒã ãŠã§ã¢ã®ã€ã³ã¹ããŒã«
ç 究è ãäžéã§ãã¢ãã€ã«ããã€ã¹ã§USBãããã°ãæå¹ã«ãªã£ãŠããªãå Žåãããã¯ã³ãŒãïŒãã¹ã¯ãŒãïŒãå«ããã¡ã€ã«ã«ã¢ã¯ã»ã¹ããããã«ã«ã¹ã¿ã ãã¡ãŒã ãŠã§ã¢ãã€ã³ã¹ããŒã«ããããããããåé€ããããšãã§ããŸãã
æã人æ°ã®ããã®ã¯ã«ã¹ã¿ã ãã¡ãŒã ãŠã§ã¢ã§ãã
- CWM RecoveryïŒClockworkMod RecoveryïŒã¯ãAndroidãå®è¡ããŠããã»ãšãã©ã®ããã€ã¹çšã«ãªãªãŒã¹ãããŠãããå€æŽãããéå ¬åŒã®ãã¡ãŒã ãŠã§ã¢ã§ãããã€ãã£ããã¡ãŒã ãŠã§ã¢ãããã¯ããã«å¹ åºãæ©èœãåããŠããŸããäžéšã®ããã€ã¹ã§ã¯ããã€ãã£ããã¡ãŒã ãŠã§ã¢ã®ä»£ããã«ã€ã³ã¹ããŒã«ãããä»ã®ããã€ã¹ã§ã¯ã䞊è¡ããŠã€ã³ã¹ããŒã«ãããŸãã
- Team Win Recovery ProjectïŒTWRPïŒããã»ãšãã©ã®Androidããã€ã¹çšã«ãªãªãŒã¹ãããŠããå€æŽãããéå ¬åŒãã¡ãŒã ãŠã§ã¢ã§ãããã€ãã£ããã¡ãŒã ãŠã§ã¢ãããã¯ããã«å€ãã®æ©èœãåããŠããŸããäžéšã®ããã€ã¹ã§ã¯ããã€ãã£ããã¡ãŒã ãŠã§ã¢ã®ä»£ããã«ã€ã³ã¹ããŒã«ãããä»ã®ããã€ã¹ã§ã¯ã䞊è¡ããŠã€ã³ã¹ããŒã«ãããŸãã
äžéšã®ã«ã¹ã¿ã ãã¡ãŒã ãŠã§ã¢ã¯ãmicroSDã«ãŒãããã€ã³ã¹ããŒã«ã§ããŸããããããã¢ãã€ã«ããã€ã¹ã«ãã©ãã·ã¥ããããã®æé ã¯ã察å¿ããã€ã³ã¿ãŒããããµã€ãã«ãããŸãã
CWM Recoveryãã¢ãã€ã«ããã€ã¹ã«ãã©ãã·ã¥ãããã次ã®ã³ãã³ãã䜿çšããŠDATAããŒãã£ã·ã§ã³ãããŠã³ãããå¿ èŠããããŸãã
mount /dev/nandd /data
ããã€ã¹ãã¡ã€ã«ã«ã¢ã¯ã»ã¹ããåŸãæ¹æ³27 [32]ã§èª¬æãããŠããäžé£ã®ã³ãã³ããå®è¡ããå¿ èŠããããŸãã
ã¢ãã€ã«ããã€ã¹ã§TWRPããã©ãã·ã¥ã§ããå Žåã¯ã[詳现]ãšããTWRPã»ã¯ã·ã§ã³ã«ç§»åãã[ãã¡ã€ã«ãããŒãžã£ãŒ]ãéžæããå¿ èŠããããŸãã次ã«ããã¡ã€ã«ãããŒãžã£ã䜿çšããŠãã·ã¹ãã ãã£ã¬ã¯ããªã®ããŒã¿ãã£ã¹ã¯ã«ç§»åããPINãŸãã¯ç»åãã¹ã¯ãŒããå«ãå¯èœæ§ã®ãããã¡ã€ã«ïŒgesture.keyãsettings.dbãlocksettings.dbãgatekeeper.password.keyãã¡ã€ã«ãªã©ïŒãåé€ããå¿ èŠããããŸãã ãïŒã
TWRPãã¡ã€ã«ãããŒãžã£ãŒã€ã³ã¿ãŒãã§ã€ã¹ã«è¡šç€ºãããgatekeeper.password.keyãgatekeeper.pattern.keyãlocksettings.dbãlocksettings.db-walãlocksettings.db-shmãã¡ã€ã«ïŒ
ã«ã¹ã¿ã ãã¡ãŒã ãŠã§ã¢ã¯ãOdinã䜿çšããŠSamsungã¢ãã€ã«ããã€ã¹ã«ãã©ãã·ã¥ã§ããŸããããã°ã©ã ã®ããŒãžã§ã³ãç°ãªãã°ãã¢ãã€ã«ããã€ã¹ããã©ãã·ã¥ããããã®ç¬èªã®æé ããããŸãã
Odin3ã䜿çšããŠSamsungSM-J710ã¢ãã€ã«ããã€ã¹ã«ã«ã¹ã¿ã ãã¡ãŒã ãŠã§ã¢ãã¢ããããŒãããïŒ
MTKããããæèŒããã¢ãã€ã«ããã€ã¹ïŒMeizuãXiaomiãLenovoãFlyãElephoneãBlackviewãZTEãBlubooãDoogeeãOukitelãUMIããã®ä»ã®äžåœã¡ãŒã«ãŒãªã©ïŒãã«ã¹ã¿ã ãã¡ãŒã ãŠã§ã¢ã¯SPãã©ãã·ã¥ããŒã«ã䜿çšããŠãã©ãã·ã¥ã§ããŸã[33]ã ..ã
ã»ãã¥ãªãã£ã®æšå¥šäºé ïŒãã«ãã£ã¹ã¯ãŸãã¯ãã¡ã€ã«ããšã®æå·åãAndroidããŒãžã§ã³9.0以éã2020幎7æ以éã®ã»ãã¥ãªãã£ããããåããããã€ã¹ã䜿çšããŠãã ããã
æ¹æ³29ïŒãã¡ã€ã«ããPINãå埩ãã
ç 究è ãããã¯ãããããã€ã¹ããPINã³ãŒããŸãã¯ã°ã©ãã£ãã¯ã³ãŒããå«ããã¡ã€ã«ãæœåºã§ããªãå Žåãç 究è ã¯ãã¡ã€ã«ã«ä¿åãããŠããã³ãŒãã®å埩ãè©Šã¿ãããšãã§ããŸãã
ããšãã°ãAndrillerã䜿çšãããšãgesture.keyãã¡ã€ã«ã«ä¿åãããŠããPINã埩å ã§ããŸãã
Andrillerã®ã¡ã€ã³ãŠã£ã³ããŠã®ãã©ã°ã¡ã³ãïŒ
ç»åãã¹ã¯ãŒãïŒgesture.keyïŒãå«ããã¡ã€ã«ããããã·ã¥ãæœåºã§ããŸãããã®ãã¡ã€ã«ã¯ãã¬ã€ã³ããŒããŒãã«ã䜿çšããŠãç»åã³ãŒãã®å€ã§ããäžé£ã®çªå·ã«ãã³ãŒãã§ããŸãããã®ãããªæœåºã®äŸã¯ãAndroid ForensicsïŒCracking the Pattern Lock Protection [34]ã«èšèŒãããŠããŸãããã®ãã¡ã€ã«ã®ããŒã¿ãåæããããã®ã¢ãããŒãã匷調ããå ¬éãããŠããããŒã«ãç 究è«æããªããããgatekeeper.pattern.key
ãã¡ã€ã«ããã°ã©ãã£ãã¯ãã¿ãŒã³ã埩å ããããšã¯çŸåšå°é£ã§ãã
æ¹æ³30ïŒç¹æ®ãªããã°ã©ã ã䜿çšãã
å°çšããã°ã©ã ïŒãŸãã¯ããŒããŠã§ã¢ããã³ãœãããŠã§ã¢ã·ã¹ãã -ããšãã°ãäžèšã®UFED PremiumïŒã䜿çšããŠã調æ»äžã®ããã€ã¹ã®ãã¡ã€ã«ã·ã¹ãã ãç©çãã³ããæœåºããç»é¢ããã¯ã³ãŒããåé€ïŒããã³èª¿æ»åŸã«åŸ©å ïŒããããšãã§ããŸãã次ã®å³ã¯ãSamsungSM-J710Fã®æœåºãªãã·ã§ã³ãåããUFED4PCããã°ã©ã ãŠã£ã³ããŠã瀺ããŠããŸããç 究è ãå©çšã§ããæœåºæ¹æ³ã®å®å šæ§ã衚瀺ããŸãã UFED 4PCã¯ãUFEDãã¬ãã¢ã ã®æ°éããŒãžã§ã³ãšèŠãªãããšãã§ããŸãã
ãããã£ãŠãç 究è ã¯ã¹ããŒããã©ã³ã®ç»é¢ããã¯ãç¡å¹å/埩å ããããããã€ã¹ãã¡ã€ã«ã·ã¹ãã ãæœåºããããããã¯ããã€ãã¹ããŠããã€ã¹ã¡ã¢ãªã®å®å šãªã³ããŒãäœæãããã§ããŸãã
ä¿è·ã«é¢ããæšå¥šäºé ïŒååãšããŠããã®ãããªãœãããŠã§ã¢ããã³ããŒããŠã§ã¢ã·ã¹ãã ã¯ãããã€ã¹ã®ããŒãããŒããŒãŸãã¯ããã»ããµã®è匱æ§ãæªçšãããããäžè¬ãŠãŒã¶ãŒã¯å©çšã§ããŸãããçŸæç¹ã§ã¯ãã»ãšãã©ãã¹ãŠã®KirinãExynosãããã³å€ãããŒãžã§ã³ã®Qualcommããã»ããµãè匱ã§ãã
çµè«
ä»æ¥ã®ã¹ããŒããã©ã³ã¯ãææè ã®å人çãªç掻ã«é¢ããããŒã¿ã®äž»ãªæ å ±æºã§ãããããå®çŸããããã«ãã¢ãã€ã«ããã€ã¹ã¡ãŒã«ãŒã¯ãæ ŒçŽãããŠããããŒã¿ã®ã»ãã¥ãªãã£ãåžžã«åäžãããŠããŸããæè¡çãªèŠ³ç¹ãããããããšã³ãã®iOSããã³Androidã¢ãã€ã«ããã€ã¹ã®ã»ãã¥ãªãã£ã¯é«ã¬ãã«ã§ããããã€ã¹ãžã®ããããªãœãããŠã§ã¢ã®æå·ã§ãããããã€ã¹å ã®ããŒã¿ãžã®ã¢ã¯ã»ã¹ãå®å šã«å€±ãããå¯èœæ§ããããŸãã
説æãããŠããæ¹æ³ã®å€ãã¯ãå€ãããŒãžã§ã³ã®iOSããã³Androidã«ã®ã¿é¢é£ããŠããŸããããšãã°ãããŒãžã§ã³6.0以éãAndroidã¯ãã¡ã€ã«ã·ã¹ãã æå·åã䜿çšããiOS 11.4.1以éã¯USBå¶éã¢ãŒãã¡ã«ããºã ïŒããã€ã¹ã«çµã¿èŸŒãŸããŠããLightningããŒããä»ããããŒã¿äº€æãç¡å¹ã«ããä¿è·ã¡ã«ããºã ïŒã䜿çšããŸãã
ã¢ãã€ã«ããã€ã¹ã¡ãŒã«ãŒãšããŒã¿ãžã®ã¢ã¯ã»ã¹ãæ±ããç 究è ã®éã®ç«¶äºã¯ãé§ãšçºå°ç©ã®éçºã®å°é家ã®éã®ç«¶äºã«äŒŒãŠããŸããä¿åãããããŒã¿ã®ã»ãã¥ãªãã£ã匷åããã«ã¯ãç 究è ãã¢ãã€ã«ããã€ã¹ã®ä¿è·ã¡ã«ããºã ãããæ·±ãç 究ããå¿ èŠããããããã奜å¥å¿ã«ã€ãªãããŸããäŸãšããŠãAppleããã€ã¹çšã®Checkm8ãšã¯ã¹ããã€ãã®éçºããããŸãã Appleã¯ã¢ãã€ã«ããã€ã¹ã®ã»ãã¥ãªãã£ãçå®ã«åŒ·åããŠãããç 究è ã®æŽ»åã劚ããŠããŸãããã®ã¡ãŒã«ãŒã®ã»ãã¥ãªãã£ã¡ã«ããºã ã詳现ã«åæããçµæãBootROMãã€ãŸãåæããŒããæ åœããããã€ã¹ã³ãŒãã«è匱æ§ãçºèŠãããŸããã Checkm8ã䜿çšãããšã2011幎ãã2017幎ã«ãªãªãŒã¹ããããã¹ãŠã®Appleããã€ã¹ïŒiPhone4sããiPhoneXãŸã§ã®ãã¹ãŠã®ã¢ãã«ãå«ãïŒã§ã¹ãŒããŒãŠãŒã¶ãŒæš©éãååŸã§ããŸããããã³iOSãªãã¬ãŒãã£ã³ã°ã·ã¹ãã ã®æ¢åã®ãã¹ãŠã®ããŒãžã§ã³ããã®è匱æ§ã¯å埩äžèœã§ãããããä¿®æ£ããã«ã¯ãAppleã¯äžçäžã®äœçŸäžãã®ããã€ã¹ããªã³ãŒã«ãããããã®BootROMã³ãŒãã眮ãæããå¿ èŠããããŸãã
ã¢ãã€ã«ããã€ã¹ã®ããã¯ã解é€ããããã®ãœãŒã·ã£ã«ã¡ãœããã¯ãã¡ãŒã«ãŒããœãŒã·ã£ã«ãšã³ãžãã¢ãªã³ã°ã®äœ¿çšã劚ããããã€ã¹ææè ãç¹å®ããä»ã®æ¹æ³ãéçºãããŸã§ãåŒãç¶ãé¢é£æ§ããããŸãã
ããã€ã¹ã®ã»ãã¥ãªãã£ã«ã€ããŠè©±ãå Žåãèšäºã®å ¬éæç¹ã§ã¯ãæ¯èŒçå®å šãªããã€ã¹ãæ€èšã§ããŸãã
- iOS13.6.1ããã³6æåãè¶ ãããã¹ã¯ãŒããåããAppleA12ããã³A13ããã»ããµäžã®ããã€ã¹ã
- 2020幎7æä»ãã®ã»ãã¥ãªãã£ããããåããAndroid9.0以éãå®è¡ããQualcomm865ããã³865+ããã»ããµãæèŒããããã€ã¹ãããã«ã¯ãã¹ã¯ãŒãã䜿çšããå¿ èŠããããåçã®ããã¯è§£é€ãã«ã¡ã©ããŒã¹ã®æçŽã»ã³ãµãŒã¯äœ¿çšããªãã§ãã ããã
ãœãŒã¹
22. Introducing GrayKey
23. GrayKey â iPhone
24. UFED Premium
25. IP-BOX iPhone Password Unlock Tool
26. The Burner Breaker
27. . heckm8, iPhone
28. Team Pangu demonstrates an unpatchable SEP vulnerability at MOSEC
29. Oleg Davydov. Unlocking The Screen of an LG Android Smartphone with AT Modem Commands
30. Kevin Arrows. How to Delete Your Android Security PIN
31. |
32. / . settings.db sqlite3
33. SP Flash Tool
34. Android Forensics: Cracking the Pattern Lock Protection
23. GrayKey â iPhone
24. UFED Premium
25. IP-BOX iPhone Password Unlock Tool
26. The Burner Breaker
27. . heckm8, iPhone
28. Team Pangu demonstrates an unpatchable SEP vulnerability at MOSEC
29. Oleg Davydov. Unlocking The Screen of an LG Android Smartphone with AT Modem Commands
30. Kevin Arrows. How to Delete Your Android Security PIN
31. |
32. / . settings.db sqlite3
33. SP Flash Tool
34. Android Forensics: Cracking the Pattern Lock Protection
æ å ±ã»ãã¥ãªãã£ãããã«ãŒãAPTããµã€ããŒæ»æãè©æ¬ºåž«ãæµ·è³ã«é¢ãã Group-IBã®ãããããŠã³ãã¬ã°ã©ã ãã£ãã«t.me/Group_IBãã¹ããããã€ã¹ãããã®èª¿æ»ãGroup-IBãã¯ãããžãŒã䜿çšããå®éã®äºäŸãããã³è¢«å®³è ã«ãªããªãããã®æšå¥šäºé ãæ¥ç¶ïŒ