Instructions Reveal How US Agencies Use GrayKey to Bypass Locked iPhones

BY Sanuj Bhatia

Published 22 Jun 2021

GrayKey is an infamous iPhone ‘hacking’ tool widely used by law enforcement agencies in the U.S. to extract data from locked iPhones. Even though the tool is now said to be no longer working after iOS 12, reports of the FBI unlocking an iPhone 11 Pro running iOS 13 have come up.

GrayKey basically uses the brute force technique to bypass locked iPhones, by using all the possible lock screen combinations to unlock the iPhone. The tool is mostly used by the U.S. police department, and even though the tool’s technique doesn’t sound convincingly good enough, it has been known to crack a lot of iPhones.

Motherboard has received some instructions on how to use the GrayKey toolbox. The instructions were supposedly written by the San Diego Police Department. The report claims that before the person plugs an iPhone into the GrayKey box, he/she is asked to “determine if proper search authority has been established for the requested Apple mobile device.”

The operator is even asked if the device is in Before First Unlock (BFU) or After First Unlock (AFU) mode and if it has a damaged screen or low battery. According to the iPhone’s situation, the toolbox then installs an agent to the device (locked iPhone in this case).

The instructions then reveal how the police extract the data. GrayKey provides options on the type of data it collects, and how it collects it. The options include extracting metadata for inaccessible files, and “immediate extraction when SE-bound passcode.” The instructions also include a reference to “crackstation-human-only.txt” in case the locked iPhone uses an alphanumeric passcode combination.

“crackstation-human-only.txt” is a wordlist created by password security website Crackstation. The archive includes around 1.5 billion words of potential iPhone password combinations. The instructions also show how the operator can make his/her own wordlist.

“If the brute force agent has successfully installed, Airplane mode will be activated, and the Apple mobile device can be disconnected or remain connected to the GrayKey unit for data extraction,” the instructions read. GrayKey also installs an agent called HideUI that allows government agencies to records the user’s passcode if authorities hand their phone back to them.

[Via Motherboard]