****UPDATE. PLEASE READ****
It was discovered there was an issue with the original .tar files containing both images. After a little additional testing, I was able to confirm the .tar files were not behaving correctly, which prevented them from being completely parsed. But, they do contain the data. They have now been fixed and can be easily imported into most tools, or extracted and examined manually. If you downloaded the images before 2020-04-20 at 12:15 UTC, please re-download them to get the updated versions.
Since the original .tar files do contain the data, you can extract the files using a terminal window in macOS or Linux if you do not feel like re-downloading. The following command can be used:
tar -xpf NameOfTheTarFile -C NameofDirectoryToPutNewFile
For example: tar -xpf myTarFile.tar -C /Users/JoshHickman/MyDirectory/
This will not work on Windows. Some of the structure contains file names/sym links that prevent Windows from writing the files to disk. Once extracted, you can point your tool of choice at the newly created folder, or you can manually inspect the file structure.
The updated hash values are listed at the end of the post. Sorry for any inconvience. 😦
Since everyone is at home a little more these days, myself included, I thought I would create two iOS 13 images, both of which are now available for download. The images were created using an iPhone SE which was jailbroken just prior to extraction using checkra1n. The first image is of iOS 13.3.1, and there are quite a few apps with user-generated data in them:
Facebook Messenger for Kids (deleted – no activity, unfortunately)
Fitbit (and an associated wearable)
Threads (by Instagram)
The second image is of 13.4.1. She may not remember it, but Jessica Hyde (@B1N2H3X) gave me this idea a while back. I thought it would be neat to see what happens to existing data after an iOS dot update, so I left the data from 13.3.1 on the phone, updated to 13.4.1, generated a bit more data, and performed another extraction. There are additional apps, too:
These apps are in addition to the stock apps/functionality inherent in iOS. Addtionally, there is AppleWatch data, some AirPods (regular and Pro), a HomePod (with a small bit of associated HomeKit data), and a car (CarPlay).
Each image also comes with its own encrypted iTunes backup (password is included in the documentation), its own set of Sysdiagnose logs, and a lot of documentation. All of the components for each image are contained within their own respective zip file.
The images can be found here or here. Google Drive has a quota (downloads per unknown time period) and Microsoft OneDrive may, so if you click on either/both and don’t get anywhere, try the other link or wait a little while and try again. As always, these images are freely available to anyone who wishes to use them for education, training, research, or tool validations.
If you do link, please link to this page, not the image links. I will eventually be moving them and I would hate for your link to break.
Quite a few of the apps/functionalities in these images came from ideas from the Ctrl+Alt+Del talk, so thank you to everyone who provided suggestions!
iOS 13.3.1 Extraction.zip
iOS 13.4.1 Extraction.zip