Leaked instructions on how 'Gray Key', which allows anyone other than the person to unlock the iPhone, works

Because Apple sells the high security of the iPhone, it also takes the stance of 'not providing unlocking tools' to police conducting criminal investigations. For this reason, the US government uses ' GrayKey ' developed by a venture company to unlock the iPhone. New technology media Motherboard gets a document explaining how to use GrayKey through a request for information disclosure. This document reveals how police use GrayKey.

Instructions Show How Cops Use GrayKey to Brute Force iPhones


The US federal court has repeatedly issued court orders to Apple to unlock the iPhone, saying it would interfere with criminal investigations because it cannot be unlocked without knowing the passcode. However, Apple rejected the request, saying that obeying court orders would compromise the security of the iPhone. For this reason, the US government has purchased a tool called 'GrayKey' developed by venture company Grayshift to unlock the iPhone.

The US State Department purchased a service to unlock an iPhone for only 5,000 yen per unit --GIGAZINE

Below is a screenshot newly obtained by Motherboard. At the top of the screen, it says, 'The following Gray Key settings can only be selected for devices that have the appropriate investigative authority. (The ones with a check mark are highlighted).' This means that you need to get an investigation warrant etc. when using Gray Key.

Motherboard also stated in the manual that 'Before connecting the Gray Key to the iPhone, make sure that you have the proper investigative authority for the Apple device that is required to be unlocked.' I will. And according to the instructions, the iPhone has never been unlocked since it was turned on (BFU state), after the first unlock (AFU state), or the display is damaged, or the iPhone It is possible to connect with GrayKey even when the battery is only 2 to 3% remaining.

The GrayKey has said it will install the 'brute-force agent', brute-force attack (

brute-force attack you know is possible to perform the unlocking by).

The following is the machine to connect when unlocking with GrayKey. A photo of this machine was published by Motherboard in 2018.

The documentation also shows that users of GrayKey can optionally choose what information to extract from the connected iOS device and how to extract it.

It is generally believed that a mixture of alphabets is more secure than a passcode that contains only numbers. In this regard, it is possible to mix alphanumeric characters in the passcode on the iPhone. However, with GrayKey, you can select an option for a word list called 'crackstation-human-only.txt' that contains 1.5 billion words, and it is thought that using this list will make it easier to decrypt the passcode. 'Whether the passcode contains the alphabet is automatically detected, and if it does, a human analyst will be required to take additional action,' the manual says.

As mentioned above, GrayKey allows you to unlock your iPhone, while Motherboard points out that Grayshift and Apple are playing a cat-and-mouse game over unlocking.

in Mobile,   Software,   Security, Posted by darkhorse_log