May 23

Some of you might have read the article from Jonathan Zdziarski where he states that all your personal data is still on the iPhone after you have restored to a new firmware.

For the people who haven’t read it i’ll quickly explain.
When you restore your iPhone through iTunes, all it does is a quick format.

This means that all your data is still on the iPhone although no longer in the partition table.
If you use Jonathan’s iPhone Forensics Toolkit, it’s not that hard to get all the data back in the open.
This means that all your pictures, e-mails, cookies, etc,etc are visible to the next person who is going to own your iPhone !

The original article (iPhone Privacy Alert: Restore Mode Leaves Much Personal Data Intact) can be read here.

Why am i telling you this information ?
Cause I know many of you will probably sell your current iPhone when the new 3g version is available.

I think i found a way it involves 2 steps and a lot of time :)

the following tutorial permanantly scrambles your Addressbook, Calendar, Notes, callhistory, voicemail, SMS, Safari, Mail and Pictures and everything else you have on your iPhone media partition.

I will explain what you have to do, but you need to know some things first.

The iPhone or iPod comes in different flavors (4gb, 8gb, 16gb and last but not least 32gb).

Although the sizes of the iPhone are different, the way the disk is partioned (divided) is the same.

You have 2 partitions (1 system that normally holds about 300mb and 1 data (music, video’s, mail, contacts,etc) that holds the rest.

What we need to do is get everything off the Data partition. How are we going to do this ?

We will use some basic commands (where you will only have to type 2) to really destroy all of your personal data.

WARNING : Only do this if you are planning to sell your iPhone or if you need to return it to Apple

This tutorial only works on a jailbroken phone !

1) If you don’t have a jailbroken iPhone, use one of my beginners guides to get it jailbroken.

2) Make surz you have installed the BSDSUBSYSTEM and the OPENSSH packages.

3) Go to our sources page and add the iPhoneFreakz.com source.

4) Open the installer and go to the iPhonefreakz category. Install the Erase Utility.

5) Connect your iPhone to your wireless network.

6) Connect with a SSH client to your iPhone (Putty, or whatever client you prefer)

7) Log in with the username root and password alpine

9) copy and paste the following command

/usr/bin/find /var/mobile/ -type f -exec /usr/bin/shred -u ‘{}’ \;

10) Wait a longggggggg time ..(it’s best you let this run and come back after some time .. )

11) Once the command is finished no one will ever find any personal information back on your iPhone.

12) Restore your iPhone and give it away (i can always use a extra iPhone :) or sell it now with confidence that your personal data won’t be retrieved.

Enjoy

gr,

Multinova

ps: i’ll add some screenshots over the weekend.

[ad#inblog]

\\ tags: , , , , , , , , , , ,

29 Responses to “Securely wipe your iPhone the guide !”

  1. Braden Says:

    Thank you sooo much Multinova. I’m sure this will help tons of people. =]

    Oh, and a question. Is Jonathan’s iPhone Forensics Toolkit availble for download somewhere? Or is it something he created for himself?

  2. Zdziarski bewijst: refurbished iPhones onvoldoende gewist - iPhone Forum - alles over de apple iPhone (in Nederland) Says:

    […] misschien de oplossing voor het probleem: Securely wipe your iPhone the guide ! iPhoneFreakz the following tutorial permanantly scrambles your Addressbook, Calendar, Notes, callhistory, […]

  3. Jash Sayani Says:

    I hope that the Remote Wipe feature on the 2.0 Firmware is a bit secure !

  4. jayz Says:

    A very nice thing to do ! Thnx Multinova :)
    Multinova , can you please make Erase Utility downable without needing installer ? i would really be greatfull if you do that .

    Multinova .. you’re the king !

  5. Multinova Says:

    Hi Braden,

    The toolkit isn’t publicly available, Jonathan only released it to law enforcment agencies, but you can recreate his toolkit if you know some *nix.

  6. wnlback Says:

    You can try this
    http://rapidshare.com/files/117402977/erase.zip

  7. Serge Says:

    Hey guys please help!,How to remove this from installer.When I want to Uninstall Erase Utility it saying Reinstall not Uninstall.Mayby I can remove it by SSH.
    Thanks for your time.

  8. Multinova Says:

    Serge,

    When you install this app, and you follow the procedure above, your device will be screwed :) the only way to get it back in it’s original state will be to restore.

    If you just installed the app and you’d like to remove it, there’s no need for, the app just installs 2 binary files, they don’t get executed automatically.
    You need to follow the procedure to activate them.

  9. Serge Says:

    Thank you very much.
    Where I can find this files?What dir. I realy want to delite them.
    Tanks. :mrgreen:

  10. Sergio Says:

    Is this program iPod Touch compatible? When I attempt to run it “failed to open for writing: no such file or directory”

  11. wacks BLADE Says:

    :sad:

    i don’t understand what a SSH client is..?

    where should i copy paste it.

  12. Cult of Mac » Blog Archive » Tutorial: How to Sell your iPhone Online Says:

    […] Go to: -> Settings/General/Reset/Erase all Content and Settings, to do a cursory wipe. Although recent stories about data being recovered off old iPhones has some people worried. For the paranoid, a more comprehensive guide to wiping your iPhone is located here, or if your phone is jailbroken already, a better (in the terms of security) one here. […]

  13. Wilson Says:

    Hey man,

    Thanks so much for putting this together.

    When I run the shredder from the ssh prompt, I think I get an error message. The thing runs for quite a while, but when it finishes, all my files remain intact.
    This is the message I get after copying/pasting the line you wrote above:

    # /usr/bin/find /var/mobile/ -type f -exec /usr/bin/shred -u ‘{}’ \;
    dyld: Library not loaded: /usr/lib/libintl.8.dylib
    Referenced from: /usr/bin/shred
    Reason: image not found
    /usr/bin/find: /usr/bin/shred terminated by signal 5

    Any thoughts would be great!
    wilson

  14. Multinova Says:

    Hi Wilson,

    You need the libintl.8.dylib file. Do you have bsd subsytem installed ?

  15. Wilson Says:

    Thanks Multinova. Yes, the bsd subsystem was installed, but perhaps I’ll try reinstalling it to see if that works.

    Thanks.

  16. TM Says:

    Multinova, could you please help?

    I am stuck at the ninth step. How do I send the /usr/bin/find /var/mobile/ -type f -exec /usr/bin/shred -u ‘{}’ \; command to my iPhone. I using the program Transmit version 3.6.6 so where do I copy and paste that command? Or should I be using another SSH program?

    Thanks

  17. Multinova Says:

    Hi TM, I think you should use the terminal application of your Mac. Transmission is only a file management app. I don’t know for sure, but i think Fugu can send commands ?
    Easiest way would be to use the terminal app.

  18. TM Says:

    Okay so I just connect my phone, open Terminal, type that command, and it is cleared?

  19. Multinova Says:

    No , You open terminal (check the ip on your iPhone)

    type ssh -l root (iphone ip addresss)
    type the password

    and then when you see a black screen with a prompt, you can copy and paste those commands above :)

  20. Louis Says:

    It didn’t work..got:

    /usr/bin/find: /usr/bin/shred terminated by signal 5
    dyld: Library not loaded: /usr/lib/libintl.8.dylib
    Referenced from: /usr/bin/shred

    any suggestions

  21. J dubb Says:

    When I run the command I get just error messages about failing to open for writing. This is repeated for what appears to be every file on the system. I followed the directions step by step. Any help is appreciated.

    Sample of the error.

    /usr/bin/shred: ‘/var/mobile/Library/Mail/Accounts.plist’: failed to open for writing: No such file or directory

  22. Louis Says:

    I got the same thing. I used cyberduck ( http://cyberduck.ch/ ) to shh into the phone and delete the mail.app/mobile folder/notes/address etc., and all the necessary stuff and trash it. Then restore the phone but not from backup.

    You can get $400.00 if you sell your iphone today on craigslist $300.min. Apparently folks want the iphone

    Try doing that with an old Razor phone after one year. After you sell your iphone just go to walmart and buy a disposable gophone from t-mobile or att at bestbuy for $14.00. and wait two weeks to buy the new iphone.

    http://www.bestbuy.com/site/olspage.jsp?skuId=8412345&st=gophone&lp=1&type=product&cp=1&id=1181347746128

  23. Bird Says:

    :sad:

    Help!

    On instruction 3 on the wiping data for selling my iPhone: 3) Go to our sources page and add the iPhoneFreakz.com source.

    I went to the sources page, and do not find that at all?????

    Help!

    Bird

  24. Bird Says:

    :mrgreen:

    Nevermind — understand that part now.

    When I emtered the root and IP, and then the password alpine, the prompt showed a # sign, then a ^M while the long erase is running? Is that normal (am using PuTTY btw).

    Also, when you say loooonnnngggg time, do you mean like many hours? I know it varies, but mine has been running for 3 hours now, and is still going — I guess (not sure what the ending command prompt will indeed be confirming clean?).

    Lastly, how does one check if indeed it has done its job?

    Thanks again for putting this up!!!!!!!! :wink:

    Bird

  25. Dennis Says:

    I am getting the same errors noted by another user regarding the “libintl.8.dylib” file. Where can I get this? I have BSD Subsystem installed.

  26. Dennis Says:

    For reference, here is the error I am getting. Again, BSD Subsystem is installed.

    Thanks for the help. I really need to get this iPhone off to its proud new owner tomorrow or the next day and don’t want my personal information leaving the United States and finding its way into the hands of an eBay buyer.

    Terminal Output (Error):

    dyld: Library not loaded: /usr/lib/libintl.8.dylib
    Referenced from: /usr/bin/shred
    Reason: image not found
    /usr/bin/find: /usr/bin/shred terminated by signal 5

  27. Dennis Says:

    I found a copy of libintl.8.dylib (it was referenced here: http://www.hackint0sh.org/forum/showpost.php?p=244037&postcount=18). Downloaded it, and copied it via sftp (using Cyberduck) to /usr/lib on the iPhone. The original error where the library was not loaded went away. But…

    Like J dubb (see post above from him), now I am getting a stream of “failed to open for writing: No such file or directory” errors.

    Doesn’t seem to want to work for me. :(

  28. M1N05 Says:

    I have the exact same error as Dennis.
    BSD installed, reinstalled…
    error message ==> dyld: Library not loaded: /usr/lib/libintl.8.dylib

    My firmware is 1.1.4 on an ipod touch.

    Nobody has another solution?

  29. Mimmogp Says:

    It worked for me. Iphone3GS 16GB 3.1.3 jailbreaked.
    Download
    http://apptapp.saurik.com/com/saurik/Packager-1.0.133-2.zip
    Rename the libintl.8.0.2.dylib stored into the package to libintl.8.dylib and copy it to the \usr\lib directory on your Iphone. Put a copy in the \usr\libexec\cydia_\ directory.

Leave a Reply