Input Output + Syslog (iO+S): Obtaining Data From Locked iOS Devices via Live Monitoring

Obtain data from locked iOS devices via live monitoring with iO+S, a powerful toolkit that extracts syslogs, real-time logs, and diagnostic data, providing insights into app usage, permissions, and device activity.

Key takeaways
  • iO+S is a tool for obtaining data from locked iOS devices via live monitoring.
  • Syslog data can be obtained from devices that have crashed and have self-created logs, or from devices that are paired with a PC.
  • Diagnostics mode allows for real-time logging of device activity.
  • The sysdiagnose command can be used to extract logs from devices that are not paired.
  • Pairing records can be used to obtain data from devices without a passcode.
  • The iO+S toolkit includes a tool for fuzzing recovery mode and DFU mode.
  • DFU mode can be used to flash the device’s firmware.
  • Diagnostics mode can be used to bypass USB restricted mode and obtain logs.
  • Syslog data can contain sensitive information such as private rotating MAC addresses, Wi-Fi and Bluetooth identifiers, and app usage logs.
  • The iOS device’s system logs can contain information about app usage, app permissions, and app metadata.
  • The iO+S toolkit can be used to obtain data from devices that are not paired or are locked.
  • Debug logs can be used to obtain information about device activity, such as what apps were running and what data was accessed.
  • The iO+S toolkit includes a tool for analyzing syslog data and extracting useful information.
  • The program will provide a list of all the commands that were run on the device.
  • Syslog data can be exported and analyzed using the syslog analysis tab.
  • The iO+S toolkit can be used to obtain data from devices that are not supported by commercial tools.
  • The program can be used to obtain data from devices that are locked or not paired.
  • The program can be used to obtain data from devices that are in USB restricted mode.
  • The program can be used to obtain data from devices that are in DFU mode.
  • The iO+S toolkit is available for free and can be downloaded from the author’s website.
  • The program has been tested on various iOS devices, including iPhone and iPad.
  • The program is compatible with different iOS versions, including iOS 12 and iOS 13.

More talks

Using Incredibuild to Accelerate Static Code Analysis and Builds - Jonathan "Beau" Peck CppCon 2022

Automated Machine Learning

Nina van Diermen - BERTopic to accelerate Ukrainian aid by the Red Cross

"High Performance Clojure" by Chris Nuernberger

Climate Crisis in Numbers [PyCon DE & PyData Berlin 2024]

Rosio Reyes, Jeremy Tuloup, Eric Charles, Eric Gentry The past, present and future of the Jupyter

37C3 - Adventures in Reverse Engineering Broadcom NIC Firmware

How I Learned to Stop Worrying & Love Misery • Gil Tene • YOW! 2019