In previous iPhone Hacks post we discussed how to get ssh access to someone's else device and how to protect your own iPhone from being hacked. Now let's dig deeper and see how to view or even steal someone's data. But, please, don't take this post too serious, this is just for fun.

LockBackground

How to hack iPhone's filesystem.

Paranoid people from Apple love to write all the data into separate databases, however some of the files lay on the surface. Camera pictures, for instance, can be found in /var/mobile/Media/DCIM. To grab someone's pictures use the scp tool: 
scp -r [email protected].:/var/mobile/Media/DCIM 

Hacking iPhone's .plist files

Moblie iOS settings such as brightness, ringtone, alarm clock are stored in .plist files. There are two types of them - text and binary. Text ones can be edited with any text redactor while binary should be converted to text, edited and converted back. For converting you can use plutil. There are versions for Mac, Linux and Windows. Use command plutil -convert for converting binary-to text-to binary, after plutil -convert xml1 you can edit file, after plutil -convert binary1 - copy it back to device. For example, in  /var/mobile/Library/Prefences/com.apple.springboard.plist file after converting to XML such key could be seen: 
ringtone
system:Motorcycle
This setting defines ringtone. value can look like this: 1. (default ringtone - Marimba) 2. system:ringtone name (ringtone from system library in /Library/Ringtones) 3. itunes:digit/letter code (user uploaded ringtone from /var/mobile/Media/iTunes_Control/Ringtones) By changing those values you can change the phone's ringtone. For changing ringtone's key value you can either use convert com.apple.springboard.plist to text or, by using mobile version of plutil, give command: 
plutil -s ringtone -v “system:Sonar” /var/mobile/Library/Preferences/com.apple.springboard.plist
This pattern works for any iOS settings. iphone hacks sqlite3 sms.db

SQLite iPhone Hacks

SQLite bases keep lots of interesting stuff - SMS, address book and many others. SMS base - /var/mobile/Library/SMS/sms.db, address book - /var/mobile/Library/AddressBook.sqlitedb. By copying it to your PC you can explore them locally. Mac users have built-in sqlite3 tool, Linux and Windows guys - just download. Off course except grabbing SMS and address books you can use sqlite3 to send a message from the future: sqlite3 sms.db “INSERT INTO messages VALUES(0, ‘+0000000’, 1354321900, ‘WE THE FUTURE PEOPLE GREET YOU!’,1,0,NULL,0,0,0,0,0);” Third line contains the date. Reboot an iPhone remotely? Kill all the disk space - not a problem, read Funny and Useful iPhone Hacks [Part 3]