trying to save user data on 3GS stuck in recovery mode
(I apologize in advance if this is in the wrong place, or contains erroneous conclusions or technical information.)
My wife dropped her iphone 3gs in water for a few seconds. The unit stopped working. I am hopeful that it will work again, at least to get some data off of it, because 1) iTunes indicates it recognizes an iPhone in recovery mode, 2) I can put the phone into recovery mode (i.e., so that the unit displays the Connect to iTunes image), 3) it seems to take and hold a charge, and 4) after some time with the “Connect to iTunes” image, it returns to display the apple logo (though the screen is very faint).
My goal is to save the photos she took on it but didn’t sync to our macbook.
I believe there are 2 basic ways to proceed: 1) attempt to get the iPhone out of recovery mode to boot in normal mode, without performing the entire “restore” operation, or 2) perform the restore operation, and then attempt to use forensic data recovery techniques to attempt to recover the data itself.
I have not performed the restore operation in iTunes because my understanding is that this will delete the filesystem on the user data partition, making it much harder to get the data off of the iPhone, though I believe it wouldn’t erase the data itself.
Based on my research, it appears that Ziphone used to have the functionality I am looking for, but does not for a 3gs. Also, it appears that the Pwnage Tool versions 3.14 and 3.15 have the option “Disable partition wipe-out” greyed out so that option can’t be checked.
So, I have ordered Zdziarski’s book “iphone forensics,” and have several times watched a youtube video narrated by the author and distributed by the publisher, o’reilly. I believe the following steps should work to accomplish my goal:
1. Customize a .ipsw file to include both a) allowing iphone to accept unsigned code, and b) the actual unsigned code that disables the user partition wipe-out that normally occurs as part of iTunes’s restore operation; and
2. Use iTunes’s Restore Mode to deliver that customized .ipsw file to the iphone.
Step 2 is easy – just using iTunes. I believe I can perform step 1 via a combination of Pwnage tool version 3.14 or 3.15 and xpwn and/or the ipsw application, using the –nowipe operator in ipsw (which I am gathering functions similar to the bin/true function in allowing the restore function to complete and exit gracefully without wiping the user data partition.
So my 4 questions are,1) do you think the above would/should work, 2) if so, where can I find most recent ipsw application, and a step-by-step description of how to compile (?) and run it, 3) is there a better/easier/known way to do this? And 4) should it matter which firmware version I use, i.e. does it need to match what was on there before, or does it just need to work with an iphone 3gs.
I do not know which firmware version was on the iphone. Is there any way to tell from the serial number? The 4th and 5th digits of the serial number are 37, which I believe means the device was manufactured in the 37th week of 2009, which would translate to approximately mid-late September based on information from apple’s website and Wikipedia, and google searches.
Please let me know if you have ANY thoughts or suggestions. Thanks for reading and helping.