ONE Jailbreak Ad

Dumping iOS filesystem

Promotion image of Dumping iOS filesystem article.

Although iTunes backup offers a plethora of valuable databases and diagnostic data, there are situations where performing a complete filesystem dump becomes necessary. This process, however, is only feasible within a jailbroken environment for iOS devices. It entails installing an SFTP server onto the device and configuring specific entitlements using tools like ldid. Let's dive into how to create a full iOS filesystem dump.

Regardless of whether you create an iOS backup using iTunes, idevicebackup2, Files, or uTools, you'll encounter only two options: standard unencrypted backups with limited information or encrypted backups. To backup iPhone without iTunes you can follow our step-by-step guide.

Encrypted backups, safeguarded with a password, contain extra valuable records absent in unencrypted backups, including essential data like Safari history, Safari state, and other pertinent information. This significantly enhances the forensic insights accessible for analysis. However, it's worth noting that iOS system dumps encompass all the data available, providing a view for forensic examination. The process to dump iOS filesystem is straightforward.

Dumping iOS filesystem

To initiate the process of dumping the iOS filesystem, you must first jailbreak your device to gain root access. This can be achieved through various jailbreak tools like unc0ver, checkra1n, or palera1n. Once your iPhone or iPad is successfully jailbroken, you'll need to establish SSH access to the phone. Typically, this requires the use of iproxy, a proxy that binds local TCP ports to be forwarded to the specified ports on a usbmux device.

Follow those steps to dump iOS filesystem using iproxy method:

Step 1. Jailbreak iPhone with a supported tool following our step-by-step guides.

Step 2. Install iproxy app through libimobiledevice on your PC or Mac. On Debian/Ubuntu systems iproxy can be installed with libusbmuxd-tools package.

Step 3. Open the terminal app and run iproxy to be able to ssh as root to localhost on port 2222. Depending on jailbreak you might need to specify a different port number instead of 44.

iproxy 2222 44

Step 4. On your jailbroken iPhone open a terminal app like NewTerm and SSH to your computer as root to localhost on port 2222 and password "alpine" and save a tarball on the host of the "private" folder from iPhone. The dumpling process will take a while.

ssh root@localhost -p 2222 tar czf - /private > dump.tar.gz

Step 5. To extract the dump.tar.gz file, you can use tar command in the terminal.

tar -xzvf dump.tar.gz

An alternative method for dumping the iOS filesystem involves utilizing the sshfs tool, which enables you to mount a remote filesystem using SFTP. To accomplish this, you'll need to install the sftp-server on your jailbroken iDevice.

Follow those steps to dump iOS filesystem using sshfs method:

Step 1. Download locally a compiled copy of sftp-server for iOS.

curl -LO https://github.com/dweinstein/openssh-ios/releases/download/v7.5/sftp-server

Step 2. Upload the sftp-server binary to the iPhone.

scp -P2222 sftp-server root@localhost:.

Step 3. SSH into your iPhone and set some entitlements in order to allow sftp-server to run.

chmod +x sftp-server
ldid -e /binpack/bin/sh > /tmp/sh-ents
ldid -S /tmp/sh-ents sftp-server

Step 4. Create a folder on the host and use it as a mount point. Don't use the "/tmp/" folder.

mkdir root_mount

Step 5. Execute the following command for the mount point.

sshfs -p 2222 -o sftp_server=/var/root/sftp-server root@localhost:/ root_mount

To check and analyse the iOS Filesystem Dump you can utilize a tool like Mobile Verification Toolkit. MVT is a set of utilities to automate the gathering of forensic traces essential for identifying potential compromises on iOS devices. This toolkit proves invaluable in assessing whether an iPhone has been subject to hacking or unauthorized access.

Author Photo
Written by

Kuba has over 20 years of experience in journalism, focusing on jailbreak since 2012. He has interviewed professionals from various companies. Besides journalism, Kuba specializes in video editing and drone flying. He studied IT at university before his writing career.

Post a comment

Latest Posts

Nugget

Nugget unlocks your iPhones full potential on iOS 17.0

LeminLimez released a new project that allows users to activate some hidden iOS features on iOS 17.0. I took a look into Nugget, an open-source software that promises to enable Dynamic Island, Always On Display, set device model name, disable region restrictions...

Essential Tips to Secure Your iOS Devices

Essential Tips to Secure Your iOS Devices

It’s never been more important to secure your iOS devices. iPhones and iPads are rapidly becoming every part of our daily lives, and with it the growing amount of sensitive information stored on these devices. Our devices full of data, ranging from...

RDAR Dynamic Island fix for iOS

How to Fix Dynamic Island RDAR Error 45025538 Issue on iPhone

When you enable Dynamic Island on unsupported devices, you might notice a "rdar" error, which appears as a red bar at the top of the screen. This happens because of a resolution change when activating Dynamic Island on iOS 17.0 to 18.0. The issue mainly...