From 82e95f0f9e0a27b1fb2d42de0be9eb6e437e0164 Mon Sep 17 00:00:00 2001 From: Julien Palard Date: Tue, 7 Jun 2022 13:11:51 +0200 Subject: [PATCH] iphone --- content/blog/2022-iphone.md | 259 ++++++++++++++++++++++++++++++++++++ 1 file changed, 259 insertions(+) create mode 100644 content/blog/2022-iphone.md diff --git a/content/blog/2022-iphone.md b/content/blog/2022-iphone.md new file mode 100644 index 0000000..0eef750 --- /dev/null +++ b/content/blog/2022-iphone.md @@ -0,0 +1,259 @@ +--- +Title: Finding a lost iPhone owner, the hard way +Date: 2022-06-07 11:39:00 +Summary: My parents found an iPhone, couldn't locate its owner. What I tried next. +--- + +# Mars 2022 + +On March 20, 2022, my parents finds a partially buried phone in the +snow, in Tignes. A shiny iPhone 12 Pro Max, in prinstine condition for +a phone lost on a ski slope where many people could have skied on it! + +Step 0: The phone is discharged, my parents don't have the proper +cables, so they try a wireless charger and it works, YAY! + +Step 1: As it's not the first time they find a phone, [they know how +to quickly find the owner +back](https://twitter.com/sizeof/status/1217469079356874754), they try +to unlock it, no luck, it's a 5 or 6 digit code, so they just wait for +someone to call: should take from a few minutes to a few hours. + +But nobody gonna call: the SIM card is locked! + +The next day I receive a message from my parents: + +> Yesterday I found a nice Phone, I charged it, but nobody calls, what should I do? + +I ask for some pictures, to identify the phone. + +Step 3: I'm guiding them to the "Medical ID" info (behind the Emergency thing). + +But there's no medical ID on this phone. + +Hey people, do fill the medical ID, like right now, while you're +reading this article. It exists on Android too, it's called "Emergency +information", and it really helps finding you back when you loose your +phone. + +I try to guide them to spawning Siri to ask some info about the +owner, but with no luck (looks like it's not possible while the phone +has not been unlocked or something like this). + +As said in step 1, the phone is properly locked, which is a very good +idea, even if in the past my parents quickly found the owner of a lost +unlocked phone just calling back the last number in the call +history. Do properly lock your phone. And no, `0000` is not a proper +password. + +Step 4: I don't know what to do remotely then… so I tell them to give +it to the "lost and found" place in Tignes and hope for the best. + +I tried to shoot [a tweets about +it](https://twitter.com/sizeof/status/1506252615931375617), but with +no luck. + + +# June 2022 + +I went to see my parents and they remember me the lost iPhone, I ask +about the phone not being given to the "lost and found" desk, they say +no (hey Tignes, next time be polite to people coming to the lost and +found desk... it would help). + +So I'm back at it again, there's literally nothing interesting to do +via the OS so I'm opening the SIM card slot: + +- Got an IMEI from the SIM card slot, probably unhelpfull... It + confirms the phone model I already know, it tells me the "Find My + Phone" is enabled on it, but I have nothing more to learn here, + looks like a dead end. +- Got a operator logo (Free) on the SIM card. +- Got a 15 digits number from the SIM card, probably helpfull! + +The number was 15 chars long, not enough to be an ICCID… but according +to Wikipedia the ICCID may start with `89`: + +> Major industry identifier (MII), 2 fixed digits, 89 for telecommunication purposes. + +And as it's a french operator, it may be followed by `33` (the country code). + +So prefixing with `8933` I have a probably valid ICCID! + +Step 5: I call `free` (ooohhh it's hard to get to tell to a human and +not a robot...) and ask them info about this ICCID, which they reply +they don't know this ICCID at all... Obviously the SIM was revoked, +and sadly they don't keep info on revoked SIM cards, at least not in +this DB. + +The guy was very sorry not being able to help, he told me the only way +I had left is to give it to the police, but I told him I prefer +finding the owner myself to ensure it's done, which he completly +agreed. + +OK let's stop trying the normal way, let's try the hard way! The SIM +card is locked and revoked, I have 3 tries for the PIN number which I +guess is either the default one (`1234` for this operator), or `0000` +or I don't know, `0123` maybe? + +So I plug the SIM card on my phone (it's a Pinephone with Mobian on +it), hoping to be able to unlock it and dump some data like: + +- Contact list, +- Last call journal, +- SMS, +- Whatever I don't care just give me a lead... + +I'm no expert with `AT commands`, I just now they exist, it should be enough right? + +Booted my Pinephone, and knowing it would be long I sshed on it from +my laptop to buy me some comfort: + +``` +$ ssh mobian@mobian.local +``` + +Because yes, I can SSH to my phone, and no I did not changed the +default user. But yes I disabled the password login for SSHD and only +log via my Yubikey. + +Next I ran `gnome-session-inhibit bash`: I don't want the phone to +suspend while I'm working on it... It's very comfy for me to have a +real Debian on my phone: feels like working on a laptop. + +OK let's start for real!! + +``` +$ mmcli -m any +[...it's a long output so here's the relevant part...] + ----------------------------------- + Status | state: failed + | failed reason: sim-missing + | power state: on + | signal quality: 0% (cached) + ----------------------------------- +[...it's a long output so here's the relevant part...] +``` + +What? Oh damned, the SIM card is not properly installed in its slot... +And on a Pinpheon when you want to remove the SIM you have to remove +the battery... + +OK let's start again from scratch and: + +``` +$ mmcli -m any +[...it's a long output so here's the relevant part...] + ----------------------------------- + Status | lock: sim-pin + | unlock retries: sim-pin (3), sim-puk (10), sim-pin2 (3), sim-puk2 (10) + | state: locked + | power state: on + | signal quality: 0% (cached) + ----------------------------------- +[...it's a long output so here's the relevant part...] +``` + +Hello SIM card, so you're locked? + +``` +$ mmcli -m any -i 0 --pin 1234 +successfully sent PIN code to the SIM +``` + +``` +$ mmcli -m any +[...it's a long output so I redacted it...] + ----------------------------------- + Status | lock: sim-pin2 + | unlock retries: sim-pin (3), sim-puk (10), sim-pin2 (3), sim-puk2 (10) + | state: enabled + | power state: on + | signal quality: 0% (cached) + ----------------------------------- +[...it's a long output so I redacted it...] +``` + +Yeah, I like when it finally starts to be easy! So what can I get from +this SIM card? The `CPBS` commands is to choose the storage of phone +book memory, and `SM` is for `SIM Phonebook`: + +``` +$ mmcli -m any --command='AT+CPBS=?' +response: '+CPBS: ("SM","DC","MC","ME","RC","EN")' +$ mmcli -m any --command='AT+CPBS="SM"' +response: '' +``` + +OK there's a SIM Phonebook and we just choosen it, let's read it using `CPBR` (`R` for `Read`) + +``` +$ mmcli -m any --command='AT+CPBR=?' +response: '+CPBR: (1-250),40,14' +$ mmcli -m any --command='AT+CPBR=1' +error: command failed: 'GDBus.Error:org.freedesktop.ModemManager1.Error.MobileEquipment.NotFound: Not found' +``` + +Damned, no contacts in the phone book... Which is probably very normal +for an iPhone, but if you don't try, you don't know... + +OK let's try to read some SMS messages then: + +``` +$ mmcli -m any --command='AT+CMGF=1' +response: '' +$ mmcli -m any --command='AT+CMGL="ALL"' +response: '' +``` + +Damned, nothing here neither. + +Out of idea I start doodling around... + +...trying `mmcli -m any` again, remember it was a long output and I +readacted for your readability? I read it fully once, but before +unlocking the SIM, I went to read it fully a second time and BOOM a +section appeared since I unlocked the card: + +``` + ----------------------------------- + Numbers | own: 3365xxxxxxx + ----------------------------------- +``` + +(Obviously there was no `x`s, only a real phone number, redacted for the owner privacy.) + +I immediatly called the number (using a landline phone, remember, my +mobile phone had its guts open with another SIM card in it), got no +response, dropped a weird, completly unprepared message on his voice +mail, like: + +> Hey you may have lost an IPhone, I may have found it, write me an email at julien@palard.fr! + +From my point of view I was not 100% sure to find the right owner, so +the less info I would give, the more info I could ask to validate it's +the right person! + +Gave my email instead of my phone number because... I still had to put +my SIM card in my phone... and I don't know my own landfill number... + +I bet if I receive this message all my scam alerts goes red. All his +scam alerts went red but he called back a few minutes later (after +all, he really lost an iPhone), and after telling him the phone was +found in a ski resort his scam alerts went back green, and after him +telling me the name of the ski resort, my confidence I found the real +owner went green too. + +Hopefully he was working not far away from my house, and we were able +to meet literaly a few minutes later! + +I asked him to unlock the phone as a last ultimate veritifcation he +was the owner, which he was easily be able to do, then he showed me +pictures taken right before loosing the phone! We had a nice chat +afterwards, it's not a situation that happen often! + +So next time you find a phone, don't give up, there's always a tiny +lead hidden somewhere that could get you back to the owner. + +I hope you all added some Emergency Information on your lock screen by +now, saving me a lot of time if I find it!