private/var/containers/Shared/SystemGroup//Library/Database/.other.db
#LEAWO IOS DATA RECOVERY IMSG BLUETOOTH#
Paired and Seen Bluetooth devices (huge list):.private/var/root/Library/Caches/locationd/cache_encryptedB.db Mattia Epifani performed a quick analysis of the file system image, and reports the following findings. Some preinstalled sounds (such as white noise) and a number of system images were discovered. We have not found any user-created media files on the HomePod. Since the HomePod was stationary, all records point to the home location. It seems that these locations were determined with a Wi-Fi reverse lookup. There were some 102 location reports stored in the HomePod. The HomePod we analyzed contained information about some 253 calls, all dating back to 2020. At a certain point, the syncing seemingly stopped, or was controlled by the “Allow Calls on Other Devices” feature. Back then, we tried to understand how the syncing works and whether one can disable call sync. Once we loaded the image into Elcomsoft Phone Viewer, we’ve seen some data in the following categories: Calls, Locations, and Media.īack in 2016, we discovered that Apple silently synchronizes call logs with iCloud. The size of the file system image extracted from the HomePod (user partition only) was some 3.81 GB. We have not looked into this any further. We also found a list of tokens including an Apple account token. What we saw was a long list of Wi-Fi passwords, which contained passwords to pretty much all Wi-Fi access points stored in the iPhone on the same Apple ID. Once we loaded the file into Elcomsoft Phone Viewer, we were able to see the keychain items available. The HomePod contained a copy of the keychain. Since the HomePod cannot be protected with a passcode and does not allow installing apps, we were wondering what kinds of data the speaker may have and what kinds of passwords its keychain may store.
#LEAWO IOS DATA RECOVERY IMSG HOW TO#
In the previous articles we explained how to connect the first-generation HomePod to a computer, apply the exploit, extract a copy of the file system and decrypt the keychain.