Jump to content
Sign in to follow this  
Master_Scythe

iCloud lock - Brainstorm with me

Recommended Posts

So work was handed a pile of iPads (ipad 3's I think?) and one of them is iCloud locked.

These are all our devices, purchased by us, but there is no way to know what staff member had this one.

I know their name starts with K, and @p......au

In other words, they used their domain email account, thank christ.

 

Now, before I go down the long path of trying all 400 staff whos name start with a K, does anyone have any ideas?

 

Im happy to open up and solder serial cables onto the board, or jump pins on the memory chip.

There are no limits, I just want it working again.

 

Really, all I need is the associated email address; then I can take ownership of it on my domain, 'forgot my password' and go from there.

But for some reason it only shows the first letter.

 

ideas?

Share this post


Link to post
Share on other sites

In theory you can just factory reset these things by USB attachment then use iTunes or a 3rd party utility.

 

Have a friend who's iPhone is in a similar situation but not got my hands on it to test out yet.

Share this post


Link to post
Share on other sites

I'm assuming there was no tracking system in place to track what device was given to who?

Share this post


Link to post
Share on other sites
Posted (edited)

Probably something like MAC address which you'd need to have the thing booted up to look at... then again if it's hitting up the domain for authentication then you should be able to find it out once it connects by Wifi.

But then it's only useful if someone has bothered to maintain an asset register entry linking MAC to whoever is the user of the thing.

Edited by Rybags

Share this post


Link to post
Share on other sites

In theory you can just factory reset these things by USB attachment then use iTunes or a 3rd party utility.

 

Have a friend who's iPhone is in a similar situation but not got my hands on it to test out yet.

 

Nope, that trick got me past the PIN lock, but the iClous lock happens when you connect to WiFi.

Checks the product ID.

 

I can't even see serial headers on the board to tap into.....

This is going to be a matter of finding every ipad user who starts with K ><

Share this post


Link to post
Share on other sites

Short of hacking that apple 🍎 database, or finding a way to completely wiping the iPad of all data, looks like you are stuck.

Share this post


Link to post
Share on other sites
Posted (edited)

I guess buy a shattered one, and replace the mainboard?

 

I do have some contacts inside apple, I might ask them to look at people who are using our domain.

I'm sure they're not allowed to PROVIDE the info, but he can talk from memory ;)

Edited by Master_Scythe

Share this post


Link to post
Share on other sites

Seems it's probably not possible if it's a newer device. They beefed up security to prevent users factory resetting so easily as a theft prevention measure.

 

Still, I do suspect you might be able to get the MAC out of it if it can connect to a wifi network though what use if it's not kept in a local database.

 

The problem with new logic board is that it'll probably cost 80% or more the price of replacing the entire device anyway.

Share this post


Link to post
Share on other sites

Seems it's probably not possible if it's a newer device. They beefed up security to prevent users factory resetting so easily as a theft prevention measure.

Still, I do suspect you might be able to get the MAC out of it if it can connect to a wifi network though what use if it's not kept in a local database.

The problem with new logic board is that it'll probably cost 80% or more the price of replacing the entire device anyway.

 

Yeah, it's pretty bullshit.

We had law enforcement go in, in person, and they still refused to help.

 

I don't want the fucking password, I just need to know the email address so we can start working through it.

 

Whoever in apple decided a SINGLE letter was enough, was a fucking braindead retard, and I'll say that to their face.

We have 2000 employees, "Oh, there's a K in the name" isn't fucking helpful.

 

We can get a court order seizing their records of customers related to our business, as we're related to law enforcement; but it's a fuckload of effort to unlock an ipad.

Share this post


Link to post
Share on other sites
Posted (edited)

That's why I don't buy 2nd hand iphones or ipads, if they are icloud locked you are just stuffed with a brick.

At least with an android device you can load some kinda android system on it via your PC.

Edited by Jeruselem

Share this post


Link to post
Share on other sites

I don't suppose it could have an "accident" and claim the insurance hey

Share this post


Link to post
Share on other sites

I don't suppose it could have an "accident" and claim the insurance hey

 

Nah it's too old to warrant the premium.

I'm genuinely surprised that Police can't demand the NAME on the device.

I know apple can't decrypt things by force, or provide passwords;

But the name is CLEARLY in plain text somewhere (as it shows some of it).

 

"This device was recovered, who's was it?"

"Awwwwm we can't tell you, we're above the law despite having that info in plain text"

Share this post


Link to post
Share on other sites

The name might not necessarily be available without logging in.

 

To perform authorized login the phone would only need to send IMEI and the userid and password that the user has entered to the iCloud server.

Whether this is how it works, NFI. But in a corporate sense its a friggen ridiculous way to run things.

 

From a quick look around it seems the general consensus is you can be SOL even if you know the userid but not the password.

And it seems there's plenty of scam sites around willing to take your moneys for no service provided in this area.

 

Isn't there sufficient control to change your Wifi parameters in the locked state? Possibly you can get the IMEI details as well.

Share this post


Link to post
Share on other sites

The name might not necessarily be available without logging in.

 

To perform authorized login the phone would only need to send IMEI and the userid and password that the user has entered to the iCloud server.

Whether this is how it works, NFI. But in a corporate sense its a friggen ridiculous way to run things.

 

From a quick look around it seems the general consensus is you can be SOL even if you know the userid but not the password.

And it seems there's plenty of scam sites around willing to take your moneys for no service provided in this area.

 

Isn't there sufficient control to change your Wifi parameters in the locked state? Possibly you can get the IMEI details as well.

 

I can retrieve the password just fine, because I can tell it's one of OUR domain email accounts.

So I'll just put a redirect on, or take over the email while I reset password.

It's all above board; its not a personal device, its a company device.

 

Just that k.......@p.........au isn't enough to know. We have multiple users whos name start with K.

And knowing this is an old user, tons who also are now left.

 

to be able to show the 'K @ p .au' part, the email address MUST be in plain text.

Edited by Master_Scythe

Share this post


Link to post
Share on other sites

Maybe... or maybe it only makes the obscured id accessible.

For unique identification they'd need to use the IMEI since multiple devices could share the same email/AppleID account, so in theory they could just store the obscured email ID + a hash of the full ID.

 

Getting info on this, or anything complex Apple related really is a treasure hunt. The fly-shit to pepper ratio of Apple information via searching on the net is about 5 times that of Windows stuff.

Share this post


Link to post
Share on other sites

Maybe... or maybe it only makes the obscured id accessible.

For unique identification they'd need to use the IMEI since multiple devices could share the same email/AppleID account, so in theory they could just store the obscured email ID + a hash of the full ID.

 

Getting info on this, or anything complex Apple related really is a treasure hunt. The fly-shit to pepper ratio of Apple information via searching on the net is about 5 times that of Windows stuff.

 

Luckily I DO know someone who works in Apple. In the Level3 support.

So perhaps I can get him to look for me.

 

We shall see. And I shall report back.

Share this post


Link to post
Share on other sites

Ask him for one what's the lack of any commonsense behind having a concealed userid prompt and no unique identifying info available which inevitably causes such clusterfucks in a corporate environment.

  • Like 1

Share this post


Link to post
Share on other sites

Ask him for one what's the lack of any commonsense behind having a concealed userid prompt and no unique identifying info available which inevitably causes such clusterfucks in a corporate environment.

 

It also means if someone steals the ipad, or it's lost and recovered, you can't email the owner.

And neither can police.

Share this post


Link to post
Share on other sites

 

Maybe... or maybe it only makes the obscured id accessible.

For unique identification they'd need to use the IMEI since multiple devices could share the same email/AppleID account, so in theory they could just store the obscured email ID + a hash of the full ID.

 

Getting info on this, or anything complex Apple related really is a treasure hunt. The fly-shit to pepper ratio of Apple information via searching on the net is about 5 times that of Windows stuff.

 

Luckily I DO know someone who works in Apple. In the Level3 support.

So perhaps I can get him to look for me.

 

We shall see. And I shall report back.

 

 

Friends in high fruity places?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×