Developer options

Some device services are reserved for developers and require certain preparations (depending on the operating system version).

Devices up to iOS/iPadOS 15.x require mounting a "DeveloperDiskImage" file that matches the software version. Numerous available images have been compiled in the "ufade-developer" submodule. UFADE will try to mount a suitable image.

iOS/iPadOS 16.x devices also require developer mode to be activated. This option is not initially available on the device. UFADE therefore first queries the current status of the developer options. The further procedure depends on whether a lock code is set on the device.

Without a lock code set: Developer mode is activated and the device restarts automatically. After the restart, the activation of the developer mode must be confirmed.

With lock code set: The menu entry for activating developer mode is made available (Settings → Privacy & security → Developer Mode). Activation requires a restart. After the restart, the activation of the developer mode must be confirmed.

As of iOS/iPadOS 17.x, a new connection to the device is also established via a VPN tunnel. In the current implementation, this requires the use of administrator authorizations on the host device. The compiled Windows version must be executed "as administrator" for this purpose. The other available versions and the application executed via Python request the system administrator/sudo password at runtime via board implementations (e.g. Pkexec under Linux) and start a privileged subprocess.

Another exception concerns iOS/iPadOS versions 17.0 - 17.3.1: A kernel patch for Linux is required for a successful tunnel connection.

Screenshots

One of the potentially relevant developer services is the ScreenshotService. UFADE can address this service to create screenshots of the current screen output of the device.

When a screenshot is created, a "screenshots" subdirectory is created. The following files are created for each recording:

• The screenshot in PNG format named after <model number>_MM_TT_YYYY_HH_MM_SS
• A TXT file with the same name containing the SHA256 hash of the image
• A PDF report about the screenshot taken with additional information about the source device

This procedure was chosen to give more credibility to the screenshots created. However, it is not guaranteed that the evidential value of the screenshots created with UFADE will be recognized in court in every case or that misuse of this function is excluded.

Chat Capture

This is an extension of the screenshot function with the option of automatically capturing complete chats.

The user must enter the name of the app and the other party here. The chat recording starts when the recording direction is selected. An image is created for each message.

It cannot be guaranteed that this function can be used with every chat application that is currently available or will be available in the future. This depends on various factors, such as the arrangement of controls in the app. In trials, successful use was possible with the chat applications Whatsapp, Telegram, Instagram, Potato and Facebook Messenger.

File System Overview

The developer options also allow for an insight into the file system, similar to the UNIX command ls. UFADE will attempt to recursively traverse all paths starting from the "/var" directory and write the directory structure to a text file.

This call is very slow and may exceed the duration of an actual file system backup.

Up to iOS 15.x, this call can map the complete file system. Starting from iOS 16.x, user data is located on a separate partition. Therefore, only system data will be collected from iOS 16 onwards. This may potentially be used to check if new files are created due to a system update.

DDI Unmount

For devices with iOS 16 and below, a DeveloperDiskImage had to be mounted to access the developer menu. This can be unmounted to restore the original state of the device. Alternatively, the device can be restarted.