Компании
<<  Bringing UE3 to Apples iPhone Platform Getting Streaming Video to Android, Apple iOS, Game Consoles and Other Devices  >>
Cracking and Analyzing Apple iCloud backups, Find My iPhone, Document
Cracking and Analyzing Apple iCloud backups, Find My iPhone, Document
iOS 4+ passcode
iOS 4+ passcode
iOS 4+ passcode
iOS 4+ passcode
iOS 4+ passcode
iOS 4+ passcode
iCloud
iCloud
iCloud services
iCloud services
iCloud Control Panel
iCloud Control Panel
iCloud backups: why
iCloud backups: why
iCloud backup - how
iCloud backup - how
iCloud backup - how
iCloud backup - how
iCloud CP: backups
iCloud CP: backups
Files in iCloud
Files in iCloud
Find My Phone
Find My Phone
Find My Phone
Find My Phone
FindMyPhone - demo output
FindMyPhone - demo output
iCloud documents
iCloud documents
iCloud documents
iCloud documents
iCloud CP: documents
iCloud CP: documents
iCloud docs: demo output
iCloud docs: demo output
Possible usage
Possible usage
Possible usage
Possible usage
The Tools
The Tools
The Tools
The Tools
The Tools
The Tools
The Tools
The Tools
The Tools
The Tools
The Tools
The Tools
The Tools
The Tools
The Tools
The Tools
The Tools
The Tools
The Tools
The Tools
The Tools
The Tools
The Tools
The Tools
Apple 2FA (Two-step Verification)
Apple 2FA (Two-step Verification)
Apple 2FA (Two-step Verification)
Apple 2FA (Two-step Verification)
Apple iOS 7
Apple iOS 7
Apple iOS 7
Apple iOS 7
iCloud keychain
iCloud keychain
iCloud keychain
iCloud keychain
iCloud keychain - cont-d
iCloud keychain - cont-d
iCloud keychain - cont-d
iCloud keychain - cont-d
iCloud keychain - cont-d
iCloud keychain - cont-d
Картинки из презентации «Cracking and Analyzing Apple iCloud backups, Find My iPhone, Document Storage» к уроку экономики на тему «Компании»

Автор: V Katalov. Чтобы познакомиться с картинкой полного размера, нажмите на её эскиз. Чтобы можно было использовать все картинки для урока экономики, скачайте бесплатно презентацию «Cracking and Analyzing Apple iCloud backups, Find My iPhone, Document Storage.pptx» со всеми картинками в zip-архиве размером 7834 КБ.

Cracking and Analyzing Apple iCloud backups, Find My iPhone, Document Storage

содержание презентации «Cracking and Analyzing Apple iCloud backups, Find My iPhone, Document Storage.pptx»
Сл Текст Сл Текст
1Cracking and Analyzing Apple iCloud 25iCloud protocol changes (March 2013).
backups, Find My iPhone, Document Storage. Added: X-Apple-MBS-Protocol-Version: 1.7
REcon 2013 Oleg Afonin, ElcomSoft Co. Ltd. Accept:
2The need for iOS forensics. More than application/vnd.com.apple.mbs+protobuf
5 years on the market 6 iPhones, 5 iPods, X-Apple-Request-UUID:
5 iPads 600+ million iOS devices sold 4EFFF273-5611-479B-A945-04DA0A0F2C3A
worldwide “Smart devices” – carry a lot of Changed: X-MMe-Client-Info:
sensitive data Corporate deployments are <iPhone4,1> <iPhone
increasing. OS;5.1.1;9B206>
3iOS data protection. Device passcode <com.apple.AppleAccount/1.0
Protects unauthorized access to the device (com.apple.backupd/(null))> User-Agent:
Bypassing is not enough (used in MobileBackup/5.1.1 (9B206; iPhone4,1).
encryption) Disk encryption 26Find My Phone.
http://images.apple.com/iphone/business/do 27FindMyPhone protocol. How: just
s/iOS_Security_Oct12.pdf Keychain sniffing HTTP traffic (www.icloud.com,
System-wide storage for sensitive data Find My Phone). Authorization: validate:
(keys, passwords etc.) Data is encrypted. https://setup.icloud.com/setup/ws/1/valida
4iOS forensics. Logical acquisition e) ClientBuildNumber=1M.63768 (constant)
(iTunes backups) Physical acquisition ClientId (random GUID) <- instance
iCloud backups and storage. login:
5iOS forensics: Logical Acquisition. https://setup.icloud.com/setup/ws/1/login
“Ask” the device to produce backup Device AppleID extended_login
must be unlocked (by passcode or iTunes) id=sha1(apple_id+instance) password <-
Device may produce encrypted backup dsid. Get devices with location:
Limited amount of information. initClient:
6iOS forensics: Physical Acquisition. https://p11-fmipweb.icloud.com/fmipservice
Boot-time exploit to run unsigned code or client/web/initClient refreshClient:
Jailbreak Device lock state isn’t https://p11-fmipweb.icloud.com/fmipservice
relevant, can bruteforce passcode Can get client/web/refreshClient id dsid <-
all information from the device ... but content (location). Requesting location
not for iPhone 4S, 5 or iPad 4 :(. via Find My Phone makes push request to
7iOS 4+ passcode. the iOS device if Find My Phone and
8iCloud. Introduced in Oct 2011 Location Services are enabled Constant
Introduced with iOS 5 5 GB free storage Up location requests quickly drain iPhone
to 50 GB paid storage Over 300 million battery, device heats up, can be noticed
users in June 2013 Backups, documents, Location information stored for 3 hours.
notes, calendar, Find My Phone. 28FindMyPhone - demo output.
9iCloud services. 29iCloud documents. iCloud: documents in
10iCloud Control Panel. iWork format only EPBB: all formats.
11iCloud backups: why? 30iCloud CP: documents.
12iCloud backup - what. Contacts and 31Get files from iCloud. To get list of
Contact Favorites Messages (including files Authentication request (with given
iMessages) Call history Application data AppleID & password). Client gets
Device settings Camera roll (photos and mmeAuthToken in return; which, in order,
videos) Purchases (music, movies, TV, is used to create authentication token
apps, books) Mail accounts Network (together with dsid). dsid (Destination
settings (saved Wi-Fi hotspots, VPN Signaling IDentifier) is an unique ID
settings etc) Paired Bluetooth devices assigned to the user when registering at
Offline web application cache/database iCloud.com. Request to get
Safari bookmarks, cookies, history, AccountSettings. Client gets an URL
offline data ... and much more. (ubiquityUrl) with an address to get UUID
13iCloud backup - when. Backup runs (unique user identifier), file list, info
daily when the device is: Connected to the on file tokens and for authorization.
Internet over Wi-Fi Connected to a power Request to get file list (POST). Output
source Locked Can force backup [Settings] (for every file): file name file id parent
| [iCloud] | [Storage & Backup] | folder id last change time checksum access
[Back Up Now]. rights To download a given file Request to
14iCloud backup - how. get a file token (using file id, checksum
15iCloud CP: backups. and aliasMap). Authorization request.
16Reverse-engineering iCloud backups. Returns information on file chunks and
jailbreak iPhone Install Open SSH, get containers. Output: container list (with
keychain (keychain-2.db) [Settings] | URLs) and chunk information.
[iCloud] | [Delete Account] | [Delete from 32iCloud backup: packages. KeyNote: PDF,
My iPhone] [Settings] | [General] | Microsoft PowerPoint, KeyNote ’09 Pages:
[Reset] | [Reset All Settings] reboot set PDF, Microsoft Word, Pages ’09 Numbers:
up Wi-Fi connection (proxy) replace PDF, Microsoft Excel, Numbers ’09 Some
keychain with our own trusted root other programs (1Password etc) Many
certificate (need key 0x835 & documents are stored as packages Storage:
keychain) ... read all the traffic :) Key plist + content (text, media files)
0x835 : Computed at boot time by the Reguests: Validate
kernel. Only used for keychain protection https://setup.icloud.com/setup/ws/1/valida
key835 = AES(UID, e Login
bytes("010101010101010101010101010101 https://setup.icloud.com/setup/ws/1/login
1")). Export
17iCloud backup protocol flow. Dynamic: https://p15-ubiquityws.icloud.com/iw/expor
endpoints depend on Apple ID Built on /(dsid)/export_document?... Check export
Google Protocol Buffers (mostly) Files are status
split into chunks Apple provides https://p15-ubiquityws.icloud.com/iw/expor
file-to-chunks mapping, chunk encryption /(dsid)/check_export_status?... Download
keys, and full request info to 3rd-party converted file
storage provider (Amazon/Microsoft) https://p15-ubiquityws.icloud.com/iw/expor
Encryption key depends on chunk data. /(dsid)/download_exported_document?
18Files in iCloud. 33iCloud docs: demo output.
19iCloud backup: authentication. query: 34Possible usage. Backups in iCloud
https://setup.icloud.com/setup/authenticat near-realtime acquisition (SMS, iMessage,
/$APPLE_ID$, Authorization:Basic mail, call logs) browse backup data
<authentication data> authentication without actual device download only data
data = mime64 (AppleID:password) returns: of specific type Find My Phone keep track
mmeAuthToken, dsPrsID example: GET using Google Maps (or whatever) track
/setup/authenticate/$APPLE_ID$ HTTP/1.1 enter/leave pre-defined area 2+ devices
Host: setup.icloud.com Accept: */* simultaneously (meeting alert) Documents
User-Agent: iCloud.exe (unknown version) in iCloud open from 3rd party apps track
CFNetwork/520.2.6 X-Mme-Client-Info: changes download unsupported document data
<PC> <Windows; 6.1.7601/SP1.0; Forensics!
W> <com.apple.AOSKit/88> 35The Tools. Elcomsoft Phone Password
Accept-Language: en-US Authorization: Breaker www.elcomsoft.com Retrieves all
Basic iCloud backups (last 3 backups are stored)
cXR0LnRld3RAaWNtb3VkLmNvbTqRd2VydHkxMjM0NQ Wireless or fixed connection Downloads
=. individual files or converts to iTunes
20iCloud backup: get auth. token, backup format Access to iCloud backups from the
IDs, keys. query: PC Incremental backups (faster
https://setup.icloud.com/setup/get_account downloading) On-the-fly decryption No 2FA
settings Authorization:Basic warning.
<authentication data> authentication 36The Tools. Oxygen Forensic Suite
data = mime64 (dsPrsID:mmeAuthToken) www.oxygen-forensic.com Comprehensive
returns: mmeAuthToken (new/other one!!) forensic analysis Built-in and third-party
query: applications Deleted data analysis (from
https://p11-mobilebackup.icloud.com/mbs/(d application databases) Calls, messages,
PrsID) Authorization: <authentication contacts, event log, tasks, GPS locations
data> authentication data = mime64 Timeline: all user and system activities
(dsPrsID:mmeAuthToken) returns: list of in a single view Communication circles
backup IDs (backupudid) query: Multiple devices analysis investigates
https://p11-mobilebackup.icloud.com/mbs/20 interactions among users of multiple
5111682/(backupudid)/getKeys. mobile devices.
21iCloud backup: download files (1). 37Apple 2FA. Requires to verify your
Enumerate snapshots HTTPS GET identity using one of your devices before
https://p11-mobilebackup.icloud.com/mbs/(d you can: Sign in to My Apple ID to manage
PrsID)/(backupudid)/(snapshotid)/listFiles your account. Make an iTunes, App Store,
offset=(offset)&limit=(limit) Get file or iBookstore purchase from a new device.
authentication tokens HTTPS POST Get Apple ID-related support from Apple.
https://p11-mobilebackup.icloud.com/mbs/(d Does NOT protect: iCloud backups (could it
PrsID)/(backupudid)/(snapshotid)/getFiles ever?) Find My Phone data (the only
Get URLs for file chunks HTTPS POST authorized device stolen?) Documents
https://p11-content.icloud.com/(dsPrsID)/a stored in the cloud iCloud backups
thorizeGet. restored onto a new iOS device = email
22iCloud backup: download files (2). from Apple iCloud backups retrieved with
Download chunks Windows Azure: EPPB = no email.
http://msbnx000004.blob.core.windows.net:8 38Apple 2FA (Two-step Verification).
/cnt/g6YMJKQBPxQruxQAr30C?sp=r&sr=b&am 39Apple iOS 7 what’s new. Disabling
;byte-range=154-31457433&se=2013-06-07 location services in iOS7 now requires
10:14Z&st=2013-06-07T09:19Z&sig=0E Apple ID password (better chances of
Hy75gGHCee%2BjKePZBqz8xbWxpTxaYyASwFXVx2%2 finding stolen devices) Keychain can be
g%3D 'se' contains iCloud authorization synced between Max OS X and iOS Keychain
time (expires in one hour) Amazon AWS: can be stored in iCloud, requires separate
http://us-std-00001.s3-external-1.amazonaw password Icons Downright Ugly.
.com/I9rh20QBPX4jizMAr3vY?x-client-request 40Apple iOS 7.
id=739A222D-0FF5-44DD-A8FF-2A0EB6F49816&am 41iCloud keychain.
;Expires=1371208272&byte-range=2555601 42iCloud keychain - cont-d.
-25556262&AWSAccessKeyId=AKIAIWWR33ECH 43Conclusion. Balance between security,
PC2LUA&Signature=PxAdegw0PLyBn7GWZCnu0 privacy and convenience iCloud security
hi3Xo%3D. risks Use additional encryption Better 2FA
23iCloud encryption. Data stored at implementation Need further work (photo
3rd-party storage providers is encrypted streams, 3rd party apps data: 1Password
Apple has encryption keys to that data etc).
Some files are further encrypted using 44Windows Phone backups. What is saved:
keys from OTA (over-the-air) backup keybag Internet Explorer Favorites List of
Keychain items are encrypted using keys installed apps Theme and accent
from OTA backup keybag Need key 0x835 configuration Call history App settings
(securityd) to decrypt most keys from OTA (where applicable - email and accounts,
backup keybag. lock screen etc) Test messages (SMS
24iCloud backups - summary. There is no conversations) Photos (good quality - uses
user-configurable encryption for iCloud data allowance) Can get with LiveSDK:
backups iCloud backups are stored in Basic user information Contacts Calendars
Microsoft and Amazon clouds in encrypted Files, photos, videos, documents Download
form Apple holds encryption keys and thus full backup?
have access to data in iCloud backups If 45Thank you! Cracking and Analyzing
Apple stores 0x835 keys then it can also Apple iCloud backups, Find My iPhone,
have access to Keychain data (i.e. Document Storage. http://www.elcomsoft.com
passwords) Apple may have legal http://blog.crackpassword.com Facebook:
obligations to do this (e.g. legal ElcomSoft Twitter: @elcomsoft. REcon 2013
enforcement). Oleg Afonin, ElcomSoft Co. Ltd.
Cracking and Analyzing Apple iCloud backups, Find My iPhone, Document Storage.pptx
http://900igr.net/kartinka/ekonomika/cracking-and-analyzing-apple-icloud-backups-find-my-iphone-document-storage-236255.html
cсылка на страницу

Cracking and Analyzing Apple iCloud backups, Find My iPhone, Document Storage

другие презентации на тему «Cracking and Analyzing Apple iCloud backups, Find My iPhone, Document Storage»

«Apple company» - Presentation of the Company Apple Inc. iPod. It has annual sales of more than $ 65,23 billion. The work is done by the student of the group F210K Sidorenko Nina. iPhone. The company designs and manufactures hard ware products: the Macintosh line of computers, the iPod, the iPhone and the iPad. It is based in Cupertino, California.

«Компьютеры Apple» - 1978 г. Apple IIe (1983 - 1993). Apple III 1980-1983. В январе 1981 года на смену Apple II Plus пришел Apple IIe. Современные Макинтоши. Создателем Macintosh считается Джеф Раскин. 2003 г. Стив Джобс и Стив Возняк стали друзьями еще в школе. Часть первая: 1976 – 1985 гг. История Apple Computer. Apple II в исполнении для образовательного рынка.

«Apple» - Apple design. Apple SWOT. Remember – the personal computer wasn’t even on sale then! IBM simon picture: Apple Case Study notes (1). Innovation Management (U09084). This is a big deal, because Apple often creates closed offerings. NB: 600 exceeded 6 weeks later after iPad announcement. Source: YahooFinance.

«Джобс Apple» - Стивен Пол Джобс— американский предприниматель и изобретатель. Создание ПК Apple II. Имя при рождении: англ. Apple II. Все о Стиве в краце. Стив Джобс.

«Производство строительных материалов» - Организационно-правовая форма предприятия – Акционерное общество открытого типа. Финансы: Бизнес-план компании «Монолит» - производство строительных материалов. Стратегический квадрат. Расчеты затрат и доходов, сроки окупаемости. Маркетинговая стратегия: Распространяются путем открытой подписки. Открытое акционерное общество.

«Ауди Центр Варшавка» - Статистика по входящим звонкам в ОП. Факторы успеха Программы лояльности клиентов. Факторы успеха Контроль входящего телефонного трафика, визитов и контрактов. Ауди Центр Варшавка Общая информация. Факторы успеха Выбор эффективных источников коммуникаций. На основе данных ГК АвтоСпецЦентр. Факторы успеха Программы лояльности клиентов, обратная связь.

Компании

40 презентаций о компаниях
Урок

Экономика

125 тем
Картинки
900igr.net > Презентации по экономике > Компании > Cracking and Analyzing Apple iCloud backups, Find My iPhone, Document Storage