How to securely erase personal data from the iPhone

intel Mac & PPC


If you are looking to sell your iPhone, or give it to somone as a gift, you should probably ensure that your personal data does not remain on the iPhone. Most would think that a restore via iTunes would take care of this. But it does not! It has been proven more than once, and by more than one person - one of them a programmer with deep routes in the iPhone community, and the other a state police detective using a forensics data retrieval kit built by that same programmer - that your personal data survives a restore. In the case of the detective, he purchased his iPhone via Apple directly (refurbished).





NerveGas recently published his notes on how he recommends wiping your iPhone clean before sale. Click here to go to his site. This tutorial comes directly from his notes. There is a second process that is also mentioned, I personally had no luck at all with it. Perhaps it will mature over time and an even easier method for performing this will come about. So a big thank you to NerveGas for publishing this method. I also want to thank the webmaster over at WickedPsyched.com for hosting a critical file needed to conduct this wiping process. I link directly to his site for the file (it's very small), but I'd rather not host anything I don't need to as bandwidth gets crazy over here at times. This entire process will take about an hour and a half to complete, and your iPhone will get a bit warm too, so don't be alarmed.

Attention

I will be using Fugu to upload the files in this tutorial. These instructions can be applied to any files you want to add to your iPhone, provided you already have SSH installed. If you have not installed BSD Subsystem, OpenSSH, or BossPrefs (via the Installer) or used Fugu before, then you must read this tutorial first.



Step 1.

Connect your iPhone to iTunes and put the iPhone into DFU mode. Do this by pressing and holding both the Sleep/Wake button and the Home button for 10 seconds. At this point the screen will turn black, and the iPhone will appear to be off. Continue holding just the Home button at this point.

iPhone



When this pop up appears, you can let go of the Home button. Click OK.

iPhone



iTunes will now display this.

iPhone




Download the firmware restore file for 1.1.4 here. Remember where you put this file and do not decompress it.

Press the Option key and click Restore. A file browser window will open. Navigate to where the firmware file was downloaded, select it, and click Open.

iPhone



Various messages will appear while the process continues.

iPhone



When it has finished you should see this screen next in iTunes.

iPhone



Eject the iPhone from iTunes when it is finished. Close iTunes.




Step 2.

Launch iLibety+. Select "Jailbreak + Installer" and "Activate". My iPhone was previously unlocked, so only check this option if you need to.

iPhone



When it has finished (about 2 minutes later), close iLiberty+.



Step 3.

Launch iTunes. Make sure you select "Set up as a new iPhone". Do not restore from a backup!

iPhone



Then at this screen, make sure you uncheck the sync option before continuing.

iPhone



Close iTunes.



Step 4.

Go to your iPhone and launch the Installer. Install BSD Subsystem 2.1 and OpenSSH. They are both found in the System folder.

iPhone       iPhone


iPhone



Once you are finished press Settings, Wi-Fi and connect to your local network. If you are truly paranoid you might want to change your network password login before entering into the iPhone to a throw away password. Once you've connected, retrieve your IP address, by pressing Wi-Fi and pressing the blue arrow next to your network name.

iPhone




Step 5.

Download Fugu here. Launch Fugu.

Enter your iPhone's IP address in the Connect to: box, then enter root in the Username: box, then enter 22 in the Port: box, then enter / in the Directory: box, then click Connect.

iPhone



The #1 error that Fugu users may see at this point is this.

iPhone



This is caused by a number of things. Any time you restore the iPhone the SSH keys get erased. When you reinstall SSH you generate new keys. If you should switch computers that you work on your iPhone with this could also happen. The solution is very easy.

Go to your menu bar at the top of your screen and click Fugu then select Preferences. Click the Known Hosts button and you will see a list of host IP addresses, or maybe just one. Now find your iPhone's IP address, highlight it, click Delete and then click Save. You can close this window. Go back to the Fugu login screen and connect to your iPhone.

iPhone



You'll get a prompt to continue.

iPhone



You'll be prompted to enter your SSH password. Unless you have changed it, it is "alpine". Click Authenticate.

iPhone



Download the file named "fscmds.tgz" (located at the top of the page) from Wicked Psyched.com. Decompress the file and you will see a folder. Inside the folder is a file called "umount".

Go back to Fugu and look at the right side column which is displaying a list of folders. Double click the folder called "usr". The screen will refresh. Now double click the folder called "bin". The screen will refresh again. Now drag the file called "umount" from the folder it is in, and into the bin folder in Fugu. The screen will refresh again. Now scroll down the list of files in this folder until you see "umount" in the list.

iPhone



Right click the file and select "Get Info" from the pop up menu. Make sure that the number 0755 appears in the box labeled "Octal Mode Representation".

iPhone




Step 6.

On your Mac, open a Finder window and go to the Applications/Utilities folder. Launch the program called Terminal. First enter:

ssh -l root (YOUR IP ADDRESS)

Then when prompted, enter your password, which should be alpine.

Now enter the following four commands:

umount -f /private/var
mount -o ro /private/var
mount -o ro /
cat /dev/zero > /dev/rdisk0s2; cat /dev/zero > /dev/rdisk0s1

At this point leave the iPhone alone, and do not allow your computer to sleep, or otherwise lose power and shut down. It will take approximately 1 hour to complete this process.

iPhone



I knew the process had completed when I saw this:

iPhone



On another iPhone I wiped I received a different message (but still received the pairing pop up below).

iPhone



Close the Terminal.



Step 7.

Launch iTunes. You should get this pop up message:

iPhone



Looks to me like the iPhone has been wiped. Put the iPhone back into DFU mode and restore it to 1.1.4 firmware. You can then choose to use iLiberty+ to jailbreak, activate, and if needed unlock it again. You now have a sanitized phone.







Return to top of page