By Mnest Store โ Your source for professional forensic hardware and software.
When law enforcement needs to access a locked iPhone, GrayKey is often the tool they turn to. Made by the secretive company Grayshift and now owned by Magnet Forensics, GrayKey has established itself as the leading hardware device for bypassing security on modern smartphonesโespecially Apple devices .
Unlike software-only solutions, GrayKey is a physical device (often called a “GrayKey box”) that connects to a locked phone and performs extraction through a combination of exploits and brute-force techniques. It represents the cutting edge of the ongoing arms race between forensic companies and smartphone manufacturers .
1. What is GrayKey?
GrayKey is a mobile device forensic tool designed specifically for law enforcement, public safety government, and defense agencies in select countries . Developed by Grayshiftโa company founded in 2016 and later acquired by Magnet Forensicsโthe tool has become synonymous with high-end iPhone unlocking .
Core Capabilities
- Unlocks locked iOS devicesย (iPhones, iPads) running various versions of iOS
- Extracts full file system dataย from compatible devices
- Supports Android devicesย (with varying levels of success)
- Operates in different extraction states:ย BFU (Before First Unlock), AFU (After First Unlock), and full unlock
The GrayKey box is designed and assembled in the United States, and its availability is strictly controlledโit is not sold to the general public or private individuals .
2. How GrayKey Works
GrayKey operates by connecting to a mobile device through its Lightning or USB-C port. Once connected, the device uses proprietary exploits to bypass security mechanisms and extract data.
Extraction States Explained
| State | Description | What GrayKey Can Extract |
|---|---|---|
| BFU (Before First Unlock) | Device has been powered on but never unlocked since boot | Very limited; only basic metadata |
| AFU (After First Unlock) | Device has been unlocked at least once since boot | Significantly more data; cached files, notifications, some app data |
| Full Unlock | Device passcode has been bypassed or cracked | Complete file system access |
GrayKey’s primary strength is its ability to achieve full file system extractions from iOS devices, including data that would otherwise remain inaccessible .
3. GrayKey vs. iOS Updates: An Ongoing Battle
The most dramatic aspect of GrayKey’s story is its constant struggle to keep pace with Apple’s security updates. Each new iOS release forces Grayshift to find new exploits, and there are periods where GrayKey falls behind.
iOS 18 Situation (November 2024)
Leaked documents revealed by 404 Media and analyzed by multiple tech outlets show the current state of GrayKey vs. iOS 18 :
| iOS Version | GrayKey Status | Details |
|---|---|---|
| iOS 18.0 / 18.0.1 | Partial Extraction | Can only retrieve unencrypted files and metadata (file sizes, folder structures). Cannot access encrypted user data. |
| iOS 18.1 Beta | Completely Broken | No data extraction possible whatsoever. |
| iOS 18.1 Final | Unknown (as of Nov 2024) | Not yet tested/cracked by GrayKey at the time of reporting. |
According to the leaked documents, GrayKey can partially unlock most iOS 18 devices, but iPhone 11 models remain fully unlockable .
The Cat-and-Mouse Cycle
Security experts note that this pattern is predictable :
- Apple releases a new iOS version with security patches
- Forensic tools like GrayKey temporarily lose functionality
- Exploit developers find new vulnerabilities (weeks or months later)
- GrayKey updates to restore extraction capabilities
This cycle means that updating to the latest iOS version remains the best protection for ordinary users, while law enforcement must anticipate delays between iOS releases and GrayKey updates.
4. Android Support: A Mixed Picture
GrayKey is not limited to iPhonesโit also supports Android devices. However, performance varies significantly depending on the manufacturer and model .
Current Android Performance (as of late 2024)
| Device | GrayKey Status |
|---|---|
| Google Pixel 9 | Partial access only in AFU state (after device has been unlocked at least once since boot) |
| Other Android devices | Varies by manufacturer and security implementation |
Forensic examiners generally agree that GrayKey is superior for iOS, while Cellebrite UFED excels with Android . This is why many forensic labs maintain access to both tools.
5. GrayKey Product Editions and Pricing
GrayKey is sold through subscription licenses, not as a one-time purchase. Recent government procurement documents provide transparency into pricing .
License Tiers (Based on Providence Police Contract, August 2025)
| License Type | Features | Annual Cost |
|---|---|---|
| Advanced License | Unlimited Consent and BFU extractions; 125 AFU/Action Credits; 2 Excursion Credits | $34,760 |
| Premier Bundle | Full features including instant unlock and brute force (British Transport Police) | ยฃ45,320 (~$57,000 USD) |
- BFU Extraction:ย Data extraction from devices that have never been unlocked since boot
- AFU Credit:ย Each AFU extraction consumes one credit from the annual allowance
- Excursion Credit:ย Specialized extraction for particularly difficult devices
- Consent Extraction:ย Unlimitedโno credit cost
Sample Procurement (British Transport Police, 2025)
In July 2025, the British Transport Police Authority awarded a contract for a GrayKey License – Premier Bundle to Magnet Forensics. The contract value was ยฃ45,320 (including VAT) for a one-year term from August 2025 to August 2026 .
6. GrayKey in the Forensic Workflow
GrayKey is typically not used alone. In professional forensic labs, it serves as the acquisition toolโextracting data from locked devicesโwhich is then passed to analysis platforms for examination and reporting .
Typical Workflow
- Acquisition:ย GrayKey extracts the file system from a locked iPhone
- Export:ย The extraction is saved as a dump file or UFDR file
- Analysis:ย The dump is imported into analysis tools likeย Magnet AXIOM, Cellebrite Physical Analyzer, or Oxygen Forensic Detective
- Reporting:ย The analysis tool generates court-ready reports
This complementary approach is why many agencies license both GrayKey (for acquisition) and AXIOM (for analysis), often from the same vendor (Magnet Forensics) .
7. Limitations and Criticisms
No forensic tool is perfect, and GrayKey has notable limitations.
Technical Limitations
| Limitation | Details |
|---|---|
| iOS delays | New iOS versions can break compatibility for weeks or months |
| Partial extraction | On newer iOS versions, only unencrypted files and metadata may be accessible |
| Android inconsistency | Performance varies dramatically by manufacturer |
| AFU credit limits | Advanced licenses have annual limits on AFU extractions (e.g., 125 per year) |
Operational Limitations
- Not available to the publicย โ only law enforcement and government agencies
- Cost prohibitiveย for small agencies or individual investigators ($35,000+/year)
- Requires physical accessย to the device
- Legal restrictionsย on use in some jurisdictions
Security Concerns
The very existence of GrayKey raises privacy questions. While law enforcement defends its use for criminal investigations, civil liberties advocates express concern about potential misuse . Apple continues to harden iOS specifically to resist tools like GrayKey, framing it as protecting user privacy.
8. GrayKey vs. Cellebrite UFED: A Comparison
Based on forensic examiner discussions, here is how these two flagship tools compare :
| Factor | GrayKey | Cellebrite UFED |
|---|---|---|
| iOS unlocking | Superior โ best-in-class for iPhones | Good, but requires Premium version for modern iOS |
| Android unlocking | OK โ inconsistent | Excellent โ industry leader |
| Legacy device support | Limited | Extensive (thousands of profiles) |
| Physical extraction | Good on supported devices | Gold standard |
| Analysis capabilities | Limited (acquisition-focused) | Built-in Physical Analyzer |
| Pricing model | Subscription ($35k-57k/year) | Perpetual + maintenance |
| Best use case | iOS acquisitions | Full-service forensic lab |
The consensus among examiners is clear: use GrayKey for iPhones, use UFED for Android and legacy devices .
9. The Future: GrayKey Under Magnet Forensics
Grayshift was acquired by Magnet Forensics (the makers of Magnet AXIOM) in an effort to create an end-to-end forensic ecosystem. This integration means GrayKey extractions can flow directly into AXIOM for analysis, streamlining the investigative workflow .
What This Means for Investigators
- Tighter integrationย between acquisition (GrayKey) and analysis (AXIOM)
- Unified licensingย possibilities through Magnet Forensics
- Continued developmentย backed by a major forensic software company
The acquisition also suggests that GrayKey is not going awayโrather, it is becoming a core component of Magnet’s product strategy.
