Papers  
 

June 1, 2008: Making your iPhone Safe for Resale

Since my posts regarding the iPhone restore mode being insufficient for wiping data (and Apple's own refurbishing process also being insufficient), many have emailed me asking for instructions on how to properly wipe personal data off of the iPhone. I've been very quiet about how to properly lift data in a forensic manner, as my goal is to avoid seeing a bunch of evidence erasers pop up in the wild (I've already been approached by Symantec about this). What I will share, however, is the way in which I wipe my own devices before I resell them, which I believe the consumer has a right to do. Mind you, I make no guarantees about this and accept no responsibility for you hosing your iPhone. This is what works for me.

NOTE: You might also be interested in this Apple System Sector Wipe tool that BigBoss is hosting, which incorporates this technique in a bootable RAM disk, to make it easier.

  • Perform a full restore, but be sure to set the device up as a "new phone", rather than restore from a backup (of course). This destroys the live file system only, but isn't really necessary. I do this to be extra safe that no writes to the device occur after wiping (and if they do, will not include any of my personal data).
  • Jailbreak the device using something like iLiberty+ and obtain shell access via ssh.
  • Find a copy of 'umount' for the iPhone. This can be found on the RAM disk, or in other places. Don't ask me for it. Now force both mount points into read-only mode:
    # umount -f /private/var
# mount -o ro /private/var
# mount -o ro /
    NOTE: The GUI will be non-responsive when /private/var is mounted read-only, so be sure not to try and use it.

  • Wipe both partitions clean by copying /dev/zero over them. Ideally, /dev/random would be better, but it will heat up the CPU considerably and take a much longer period of time. Unless you are trying to hide information from the CIA or some other organization with the resources to perform low-level NAND recovery, a single /dev/zero wipe will suffice: 
    # cat /dev/zero > /dev/rdisk0s2; cat /dev/zero > /dev/rdisk0s1
  • After complete, force the device into recovery mode (Home + Power until "Connect to iTunes") and then perform another full restore.
  • If you are paranoid about a low-level NAND recovery, use /dev/random and repeat these steps about seven times - or simply take a sledge hammer to the device.
The entire process takes a considerable amount of time - perhaps an hour or two if you get good at it. It's not something anyone is going to be able to pull off if they hear sirens approaching, and so essentially this is only useful for legitimate consumers selling their devices. I'd also recommend wiping any devices you might happen to purchase, to prevent someone else's incriminating evidence from haunting you should the device ever be examined. What doesn't work is simply filling your device with music. For one thing, there is a significant amount of deleted data sitting in live files, so you'd need to restore first, and your data on the root partition isn't going to be overwritten (since music writes only to the media partition). Secondly, as with all Unix systems, the iPhone reserves a certain amount of space on the disk, so even if you were to cat /dev/zero > /private/var/tempfile, it will fail out before the disk is entirely full. The method below, on the other hand, overwrites the raw device, which is much more effective. Because the root file system ceases to exist when the operation is complete, this will ultimately just hang, and your iPhone will become non-responsive until you force it into recovery mode. Ideally, this would work a lot better if a special ramdisk was created for wiping purposes. I personally just hex-edited iLiberty's.

 All Website Content © Jonathan A. Zdziarski. All Rights Reserved.
Reproduction prohibited without permission