Now Reading
Extracting data from a damaged iPhone via chip-off technique – Part 2

Extracting data from a damaged iPhone via chip-off technique – Part 2

Our last article, “Extracting data from a damaged iPhone via chip-off technique”, have received mixed reviews from our readers.

Some wrote, that it’s impossible:

It doesn’t work.

ZombieKiller316 of – we don’t know who is it, but we’re sure, he’s a computer forensics professional.

Others wrote, that the data in Apple devices is encrypted (Really? They thought, we didn’t know about it?):

I tried and they ALL ENCRYPTED, except iPhone 3G (very old one)

Sasha Sheremetov, Engineer, Rusolut

How was the decryption done? – Chip off is mostly done in the cases where data is otherwise inaccessible (phone locked, damaged) so the data in the chip would be encrypted and protected by secure enclave.

Harpreet Singh Dardi, Consultant – Computer Forensics & eDiscovery at PwC

Short Answer is it is impossible to Chip-Off anything above 4s due to Encryption being tied to UID and several other features.

There are some advanced NSA level attacks that can compromise a 4s/5/5c if you want to spend 500k + and hire a company to reverse engineer the silicon of the CPU decapping it with Acid/Ion Laser and probing it. A less risky attack would be using Infrared Laser Glitching. Another possible option would be discovering a side-channel attack that compromised the AES Crypto Engine or CPU in order to reveal the UID. In short it aint happening.

kyle_pc_terminator of – man, thank you for this comment.

Okay. It’s time to tell you a bit more about what we can do.

About impossibility in principle of data recovery from damaged Apple devices

Some readers wrote us, that it’s impossible to extract data from any damaged iOS-device. But some iOS-devices, including iPhone 2G, iPhone 3G, don’t use hardware encryption. So it’s possible to use the chip-off technique for data extraction – it’s confirmed by our tests. Also, ACELab KB (Anwer Alkandri, thanks for the link) contains info about data recovery from iPhone 3G chip.


Figure 1. Information from ACELab KB

About Apple devices encryption

Since the release of the iPhone 3GS, Apple has built encryption into the hardware and firmware of its iPhones and iPads to make user’s data even more secure. What is more, in top iOS-devices some other encryption tricks are used. So, there are a number of encryption levels in iOS-devices; about software and hardware encryption, Secure Enclave you can read in open sources, for example, here.

So, if you image the partition with the user data, you’ll see the filesystem structure, but no file content – all files are encrypted.


Figure 2. A part of userdata partition structure


Figure 3. An encrypted JPG file

What should an examiner do?

There are two ways:

  1. Use brute force attack to decrypt data (but, as you remember, iOS-devices have a number of encryption levels).
  2. Find a way to get the keys.

Both ways are impossible, aren’t they?

About our chip-off technique

On the one hand, we can’t speak about the technique in details in order nobody can copy it, on the other hand, we can present it in general via this scheme:


Figure 4. The technique

The problem is – we can take a damaged iPhone and extract data from it. But how to show you that our technique works? We don’t know.

Now we want to answer our readers’ questions:

Q.: For which versions of iOS-devices does your method work?

A.: For all devices released to date (we haven’t tested all of them, but the principle is the same).

Q.: What types of data can be extracted from a damaged iPhone?

A.: Calls, phone book, SMS, MMS, chats, images, videos, etc.

Q.: Can you recover deleted files?

A.: No (excluding deleted SQLite DB records).

Q.: Can you extract data from a locked iPhone?

A.: No, we’ll need the passcode (or lockdown files).

If the device is locked with Touch ID, we need your finger (only joking, we just won’t extract data from such device).

About the authors:

Igor Mikhaylov

Interests: Computer, Cell Phone & Chip-Off Forensics

Oleg Skulkin

Interests: iOS forensics, Android forensics, Mac OS X forensics, Windows forensics, Linux forensics

  • Tim
    2016-06-03 at 12:15 AM

    I have no idea what I just read.

  • Igor Mikhaylov
    2016-06-04 at 5:11 PM

    Do you have a damaged iPhone? Would you like to recover data from it?

    • Ahmed Al Ismail
      2016-09-27 at 5:02 PM

      I have a water damaged Iphone 5s, and I tried multiple places to try just recover the data but all went unsucessful. Can you help with that?

  • Jessa
    2016-08-12 at 12:52 AM

    I know exactly how you are doing this. We do the same. All day, every day 🙂

    • Igor Mikhaylov
      2016-08-14 at 10:34 AM

      Tell us about it.

      Tell us about it.

      • Maribel
        2016-08-25 at 6:02 AM

        Jessa is suggesting that you’re repairing the logic board just enough to recover data.

        I have a shop like Jessa’s but I specialize in chip-off recovery. My method involves putting the flash, CPU and baseband into test sockets that I’ve directly tied into a working board. I boot up the system and make an iTunes backup.

        I’m certain your “technique” is like Jessa’s or maybe like mine. 🙂

  • Gordie
    2016-10-04 at 7:02 AM

    Hi All, I really need your help. I’ve got a severely damaged Iphone 6s that a data recovery agency has tried to repair the logic board just enough to recover data but all attempts failed (its got water damage, heat damage, been tampered with, and parts are missing). The company did suggest the “Chip Off” technique but they have never done it on a Iphone 6s before. Is it possible and should I go ahead with it?

Leave a Response