Acessing filesystem when the iPhone is locked

[ValHook]

To my understanding some iPhone files are encrypted by a filekey stored in filesystem metadata and this key derives from a Class key that derives from the passcode.

When I connect through ssh to my iPhone when it is locked, how come can I read raw content of my files from the user partition? I would assume that the Class key is not available to the OS and therefore simple programs like cat who use simple read syscalls would not be able to retrieve the content of my files.

I know it is not a code related issue but I'd like to know how come I can read my files when my phone is locked. Does yalu remove all this kind of encryption system?

[akachronix]

To be honest, I don't really know because I don't care enough to loom at the source code again.

On Feb 28, 2017, at 8:47 PM, Valentin Mercier notifications@github.com wrote:

To my understanding some iPhone files are encrypted by a filekey stored in filesystem metadata and this key derives from a Class key that derives from the passcode.

When I connect through ssh to my iPhone when it is locked, how come can I read raw content of my files from the user partition? I would assume that the Class key is not available to the OS and therefore simple programs like cat who use simple read syscalls would not be able to retrieve the content of my files.

I know it is not a code related issue but I'd like to know how come I can read my files when my phone is locked. Does yalu remove all this kind of encryption system?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

[ipadkid358]

@akachronix Why bother responding?

@ValHook These class keys you're referring to only apply when a device is rebooted (that time when it says "Device requires a passcode"). If you have any devices with untethered jailbreaks, you should be able to easily verify this.