10.11. Troubleshooting

It seems like no matter what technology you are talking about there are going to be a number of troubleshooting steps that are always appropriate, almost no matter what the end user's symptom is. For example, is the hardware working as intended? Will the iPhone make a phone call? Is the service plan still active for the device?

If a device will not power on, try plugging it into a power source to check the battery. If the device is on and running, but otherwise unresponsive, you can try to force quit the frontmost application. To accomplish this, press and hold the lock button until the Shutdown Slider appears. At this point, press and hold the home button for a second or two until the front most application quits. This is the equivalent of using Control-Option-Escape in Mac OS X to force quit an application or Control-Alt-Escape in Windows to bring up the Task Manager.

If that doesn't work, reboot the iPhone or iPod touch by holding the sleep button on the top of the device. After a few moments, a red slider appears, press and slide the slider from left to right to shut down the device, similar to the procedure used to wake an iPhone, Press and hold the sleep button to power the device back on. You can also reset the device by holding down the sleep and home buttons until you see an Apple logo. Finally, you can perform a factory reset on a device from the Settings icon on the home screen: click on General Reset Reset All Settings (make sure you've got a good backup of a device before doing this).

If the device isn't booting at all, you can attempt to boot the device in recovery mode. To do so, first launch iTunes on your admin station. Next, with the device off, press and hold the home button. With the home button depressed, plug the device into your admin station via USB. The iPhone should display that it is in recovery mode, and you can now restore the phone to factory defaults.

With the iPhone and iPod touch, when you are troubleshooting network services then you should always verify network connectivity first. This is critical before you do anything else, as many applications will require the ability to open a network connection to an outside host. If you are having trouble accessing specific services, then provided you can connect to a network, verify that network connections are available between the device you are connecting to and the device you are connecting from. Outside of checking for network connectivity with safari, Apple doesn't really provide a good means for this. You can examine network settings found under the Settings application, but those don't give all the data needed to properly confirm external connectivity. There are some third party applications that can assist here, providing ping and traceroute capabilities. One such app with great polish is Bjango, but there are a handful of others to choose from.

If you encounter problems deploying profiles via the iPhone Configuration Utility, say you receive a generic deployment error when attempting to install a profile on a phone. This can be caused by a few different things. First, verify that the problem is not due simply to a misconfiguration. At times, the issue may be device specific. If this is the case, there may be a problem with your devices configuration file, stored in the folder ~/Library/MobileDevices and named according to the devices identifier. Deleting that file can sometimes resolve your issue. If not, consider deleting the application preferences at ~/Library/Preferences/com.apple.iPhoneConfigurationUtility.plist (make sure it's not running).

10.11.1. Updates

Software and Firmware updates can only be deployed to an iPhone or iPod touch using iTunes. To do so, open iTunes, click on the name of the device in the left column, locating the DEVICES section. Click on the device you are going to update and then click on Check for Update button (as can be seen in Figure 10-33), following the onscreen instructions to completion. Unfortunately, there are no capabilities for over-the-air updates, it all must be user initiated through iTunes syncing. At the time of this writing, Apple does not provide a solution to mass deploy or manage updates to your fleet of devices.

Figure 10.33. iTunes: iPhone Sync Overview

10.11.2. Leveraging the Logs

The iPhone and iPod touch store logs that can be useful in troubleshooting the devices. You can access the logs using the iPhone Configuration Utility. Simply plug the device into the computer you would like to review logs for and then click on the device in the DEVICES list. Next, click on the Console tab (as seen in Figure 10-34) and then you will see the logs there. You can then use the Case Insensitive Filter field to search for specific entries.

Figure 10.34. Device Console logs

10.11.3. Backup and Restoration

Backup and restoration of an iPhone is also a function solely fulfilled client side via USB and iTunes. Unfortunately, there are no centralized management capabilities. A device's configuration, including third party stored data, is backed up whenever it is plugged into the computer. Device media itself is backed up solely according to the iTunes sync settings. This includes the user's music, movies, and pictures. You can also initiate a backup manually by right clicking on your iPhone in the iTunes sidebar, listed under devices. As seen in Figure 10-35, the contextual menu for the device provides several different functions, including transferring songs purchased on the phone to the local computer, backing up, and restoring.

Figure 10.35. Initiate a device backup in iTunes.

Device backups are stored at ~/Library/Application Support/MobileSync/Backup on OS X machines, on Windows machines they can be found at C: Documents and SettingsusernameApplication DataApple ComputerMobileSyncBackup. Inside of this directory, you will see a directory for each device that you have synced with your system, named after the devices identifier, the same identifier utilized by the iPhone Configuration Utility. Each device will have a primary backup folder, as well as incremental backup folders, which are named after the device's identifier and suffixed with a date string. Inside of the device's primary folder, you will find a number of mddata, mdinfo, and mdbackup files. Each file is a plist file in binary format (see Chapter 7).

Because of the lack of management capabilities, ensuring iPhones are fully backed up largely becomes reliant on user interaction. Because of this, it is recommended to utilize server-side storage whenever possible. For instance, it is highly recommended to utilize IMAP or ActiveSync based mail solutions over POP. Shared calendars should be utilized wherever possible, as should contacts. In any case, strong user education is highly encouraged, users need to be aware to their responsibilities to ensuring their iPhone's are synced to their computers on a regular basis.

Restoring a device that has previously been synchronized to a Mac OS X computer is a fairly straightforward process, making resetting devices a plausible troubleshooting step. To restore a device, open iTunes and click on the Device in the DEVICES section of your list in the left-hand pane. At the Summary page you will see a button to Restore. Click on it and you will then be greeted by a confirmation screen asking if you really want to do this, since after all it is going to wipe out anything that was new to the device since the last synchronization. If you are OK with that, click on OK and the restore will begin, and will take as long as the media you have in iTunes will take to synchronize from iTunes to the device.

10.11.4. Bypassing the Passcode

Cellebrite has a solution that can unlock the passcode on an iPhone or iPod if you have a computer that has synchronized with it. iTunes generates a Security ID for each iPhone or iPod that is synchronized (http://www.cellebrite.com/Cellebrite-Supports-iPhone.html). Cellebrite can use the Security ID file from iTunes to gain direct access to the iPhone data and reset the configured passcode. Cellebrite isn't the only tool though, there are others as well, many of which will allow you to mount the device with or without actually writing data to it. But what if you don't have the passcode or a machine that the handheld has been synchronized with? Jonathan Zdziarski, in his book iPhone Forensics, provides steps to remove the passcode without a Security ID file by doing some fun firmware hacks. Overall, the iPhone Forensics book was a good read, although it seems that things with the iPhone are moving so rapidly that many of the steps have changed (or will very shortly).

Prior to the iPhone 3GS, there was still a big component missing for the iPhone and iPod touch which was the development of a full disk encryption (FDE) solution for the platform. Full disk encryption is actually a feature provided by the 3GS, which works its magic, encrypting all data written to the device on the fly. Apple's solution though, is not without its caveats. First and foremost, it has been demonstrated that the encryption key is actually stored in software on the device, rather than utilizing a hardware-based solution, such as TPM. This means that though the data itself is encrypted, the key to unlock that encryption can be retrieved from the device. The ramification of this discovery means that the encryption provided by the 3GS is relegated to one primary benefit: fast wipes. Fully wiping an old generation iPhone or iPod touch can take several hours, depending upon the amount of data stored on the device. That's a lot of time if you are trying to wipe out potentially sensitive data. Due to the iPhones 3GS's full disk encryption, a remote wipe deletes the encryption key in a matter of seconds, rendering all the data on the device irretrievable. This is certainly beneficial, but an iPhone which has had its SIM card removed isn't likely going to receive the remote wipe command. If the attacker has the toolset to extract the key, then the whole system can be bypassed.