Input Output + Syslog (iO+S): Obtaining Data From Locked iOS Devices via Live Monitoring

Obtain data from locked iOS devices via live monitoring with iO+S, a powerful toolkit that extracts syslogs, real-time logs, and diagnostic data, providing insights into app usage, permissions, and device activity.

Key takeaways
  • iO+S is a tool for obtaining data from locked iOS devices via live monitoring.
  • Syslog data can be obtained from devices that have crashed and have self-created logs, or from devices that are paired with a PC.
  • Diagnostics mode allows for real-time logging of device activity.
  • The sysdiagnose command can be used to extract logs from devices that are not paired.
  • Pairing records can be used to obtain data from devices without a passcode.
  • The iO+S toolkit includes a tool for fuzzing recovery mode and DFU mode.
  • DFU mode can be used to flash the device’s firmware.
  • Diagnostics mode can be used to bypass USB restricted mode and obtain logs.
  • Syslog data can contain sensitive information such as private rotating MAC addresses, Wi-Fi and Bluetooth identifiers, and app usage logs.
  • The iOS device’s system logs can contain information about app usage, app permissions, and app metadata.
  • The iO+S toolkit can be used to obtain data from devices that are not paired or are locked.
  • Debug logs can be used to obtain information about device activity, such as what apps were running and what data was accessed.
  • The iO+S toolkit includes a tool for analyzing syslog data and extracting useful information.
  • The program will provide a list of all the commands that were run on the device.
  • Syslog data can be exported and analyzed using the syslog analysis tab.
  • The iO+S toolkit can be used to obtain data from devices that are not supported by commercial tools.
  • The program can be used to obtain data from devices that are locked or not paired.
  • The program can be used to obtain data from devices that are in USB restricted mode.
  • The program can be used to obtain data from devices that are in DFU mode.
  • The iO+S toolkit is available for free and can be downloaded from the author’s website.
  • The program has been tested on various iOS devices, including iPhone and iPad.
  • The program is compatible with different iOS versions, including iOS 12 and iOS 13.

More talks

RailsConf 2023 - 10x your teamwork through pair programming by Michael Milewski, Selena Small

Mining Software Development History: Approaches and Challenges | Vadim Markovtsev

Crypto research demystified: the power of fundamentals in a bear market

The Lies We Tell Ourselves Using TypeScript - Stefan Baumgartner, TypeScript Congress 2023

Working with time series data using Django and Timescale with Joaquín Scocozza - DjangoCon US 2022

AMD Hypervisor with Rust - Matthias Heiden - Rust Linz, October 2022

Greg Vernon: Don't Do High Availability, Do Right Availability (PGConf.EU 2023)

Arabesque: a geographic flow visualization application