Daily Blog #632: Using Elcomsoft IOS Toolkit on an iPhone with IOS 12.1

Elcomsoft 5.0 & rootlessJB by Kevin Stokes (02.25.2019) This process was done on a device running iOS 12.1.  It is part of Elcomsoft’s tested jailbreaks listed in their documentation for iOS Toolkit 5.0.


Hello Reader,
            Kevin Stokes is the mobile forensics champion in our offices at G-C Partners. When we get a copy of the new Elcomsoft IOS toolkit it was Kevin who went to work to test it out and understand what it was capable of. Kevin was nice enough to write up a quick guide to walk you through the process of doing this yourself!

Elcomsoft 5.0 & rootlessJB by Kevin Stokes (02.25.2019)
This process was done on a device running iOS 12.1. 
It is part of Elcomsoft’s tested jailbreaks listed in their documentation for iOS Toolkit 5.0.
*NOTE:  As always, for a forensic acquisition, document your steps and interactions.

1. Using the Safari mobile browser…


(May work in other browsers? But Safari should exist on phone.)

2. Go to https://ignition.fun, get the app.

3. Select the packages icon (circled in Blue).

Using Elcomsoft IOS Toolkit on an iPhone with IOS 12.1 - Hacking Exposed by David Cowen

4. This will bring up the App categories available.

5. Select Jailbreaks (also circled in Blue).

Using Elcomsoft IOS Toolkit on an iPhone with IOS 12.1 - Hacking Exposed by David Cowen

6. Select the “rootlessJB” from Jake James (again, in blue).
Using Elcomsoft IOS Toolkit on an iPhone with IOS 12.1 - Hacking Exposed by David Cowen


7. “GET” the app (In Red!), to continue


Using Elcomsoft IOS Toolkit on an iPhone with IOS 12.1 - Hacking Exposed by David Cowen


8. Select “Install”, to download and install on the phone.

Using Elcomsoft IOS Toolkit on an iPhone with IOS 12.1 - Hacking Exposed by David Cowen

9. You will now have the “rootlessJB” app installed

10. But wait!  No need to select it yet.

Using Elcomsoft IOS Toolkit on an iPhone with IOS 12.1 - Hacking Exposed by David Cowen

11. We need to work on our trust issues…

Using Elcomsoft IOS Toolkit on an iPhone with IOS 12.1 - Hacking Exposed by David Cowen


12. Trust Issues


13. Go to Settings > General > Device Management


14. Select the Khodal Enterprise app

Using Elcomsoft IOS Toolkit on an iPhone with IOS 12.1 - Hacking Exposed by David Cowen

15. Select Trust Khodal Enterprise

Using Elcomsoft IOS Toolkit on an iPhone with IOS 12.1 - Hacking Exposed by David Cowen



16. Select “Trust” once more.

Using Elcomsoft IOS Toolkit on an iPhone with IOS 12.1 - Hacking Exposed by David Cowen

17. Once Trusted, the screen will look like the following (Allowing you to Delete the App, but don’t)

Using Elcomsoft IOS Toolkit on an iPhone with IOS 12.1 - Hacking Exposed by David Cowen

18. Jailbreak it!


19. Open the rootless JB app, make sure to turn off “iSuperUS” and “Tweaks” (slide left)


20. No need to add these for an acquisition.

Using Elcomsoft IOS Toolkit on an iPhone with IOS 12.1 - Hacking Exposed by David Cowen

21. Select “Jailbreak” (the button with be greyed out for a moment).



Using Elcomsoft IOS Toolkit on an iPhone with IOS 12.1 - Hacking Exposed by David Cowen

22. A message will appear at the bottom when it is successful.  (In testing, this took less than a minute each time)

Using Elcomsoft IOS Toolkit on an iPhone with IOS 12.1 - Hacking Exposed by David Cowen


23. iOS Toolkit Time!


24. Select “F” to perform a File System acquisition.

Using Elcomsoft IOS Toolkit on an iPhone with IOS 12.1 - Hacking Exposed by David Cowen


25. Give the tar file a name, default is “user.tar”

Using Elcomsoft IOS Toolkit on an iPhone with IOS 12.1 - Hacking Exposed by David Cowen

26. Provide the SSH password …  (Hint! It’s “alpine”)

Using Elcomsoft IOS Toolkit on an iPhone with IOS 12.1 - Hacking Exposed by David Cowen

27. Get another cup of coffee, while it downloads. 

Using Elcomsoft IOS Toolkit on an iPhone with IOS 12.1 - Hacking Exposed by David Cowen


Post a Comment