Skip to content
  • About Me
  • Books
  • Photography
  • Papers
  • Security
  • Forensics
  • Essays
  • Christianity

Calendar

July 2022
M T W T F S S
 123
45678910
11121314151617
18192021222324
25262728293031
« Jun    

Archives

  • June 2022
  • May 2022
  • March 2022
  • January 2022
  • December 2021
  • November 2021
  • September 2021
  • July 2021
  • January 2021
  • December 2020
  • November 2020
  • March 2020
  • September 2019
  • August 2019
  • November 2018
  • August 2018
  • March 2018
  • March 2017
  • February 2017
  • January 2017
  • November 2016
  • October 2016
  • July 2016
  • May 2016
  • April 2016
  • March 2016
  • February 2016
  • June 2015
  • March 2015
  • February 2015
  • December 2014
  • November 2014
  • October 2014
  • September 2014
  • August 2014
  • July 2014
  • June 2014
  • May 2014
  • April 2014
  • March 2014
  • January 2014
  • October 2013
  • September 2013
  • June 2013
  • May 2013
  • April 2013
  • December 2012
  • May 2012
  • September 2011
  • June 2011
  • August 2010
  • July 2010
  • May 2010
  • April 2010
  • March 2010
  • February 2010
  • July 2009
  • May 2008
  • March 2008
  • January 2008
  • June 2007
  • August 2006
  • February 2006

Categories

  • Apple
  • Christianity
  • Essays
  • Forensics
  • General
  • Machine Learning
  • Music
  • Opinion
  • Photography
  • Politics
  • Security











ZdziarskiDFIR, security, reverse engineering, photography, theology, funky bass guitar. All opinions are my own.
  • About Me
  • Books
  • Photography
  • Papers
  • Security
  • Forensics
  • Essays
  • Christianity
Apple . Politics . Security

tl;dr technical explanation of #ApplevsFBI

On February 17, 2016 by Jonathan Zdziarski
  • Apple was recently ordered by a magistrate court to assist the FBI in brute forcing the PIN of a device used by the San Bernardino terrorists.
  • The court ordered Apple to develop custom software for the device that would disable a number of security features to make brute forcing possible.
  • Part of the court order also instructed Apple to design a system by which pins could be remotely sent to the device, allowing for rapid brute forcing while still giving Apple plausible deniability that they hacked a customer device in a literal sense.
  • All of this amounts to the courts compelling Apple to design, develop, and protect a backdoor into iOS devices.

Firmware signing capabilities:

  • Apple has firmware signing capabilities for all of their devices, and are the only ones in the world that can boot custom software without exploiting a device. This also requires an authorization ticket from Apple’s servers in order to authorize the code to load onto a device.
  • Firmware updates run as a RAM disk on iOS devices, which is similar to booting off of a USB stick.
  • Apple can write a custom RAM disk (as a “SIF”), sign it, and boot it on any iOS device from restore or DFU mode to run from memory.

Security capabilities:

  • A7 chips have moved the backoff (delay) and retry count for passcode attempts into the “Secure Enclave” (SEP), which is a coprocessor inside newer devices, however this can be updated (or “flashed”) by Apple in its present form to remove these features.
  • The iPhone 5c does not have the new A7 chip, and therefore does not have a Secure Enclave, so the PIN delay is software-based and can be easily disabled anyway.
  • The mechanism that wipes after 10 failed attempts appears to still be software based on all devices, and could be disabled on any device.

Alternative methods:

  • A number of alternative methods exist, some of which are believed to be feasible alternatives that can be performed without Apple’s assistance.
  • The All Writs Act includes a “necessity” prong that insists an order can only be granted if it is the only way to achieve a certain task.

Summary:

  • Apple can, on a technical level, comply with the court’s order to brute force the PIN on an iPhone 5c.
  • Forcing Apple to develop a forensics tool is not the only feasible method available to access the content on the device in question.

Editor’s Notes

  • The only reason it is possible to decrypt this information at all is because the subject chose a weak (numeric) passcode instead of an alphanumeric passcode. Choosing a complex, alphanumeric passcode is computationally infeasible to brute force, regardless of any backdoor compelled by the government. Apple uses the PBKDF2 key derivation function, which involves a mathematically dependent 80ms delay to compute a key, controlled by encryption routines that are bound to the hardware. As a result, it would take six years just to brute force a six digit alphanumeric key, and exponentially more time for longer keys.

 

Archives

  • June 2022
  • May 2022
  • March 2022
  • January 2022
  • December 2021
  • November 2021
  • September 2021
  • July 2021
  • January 2021
  • December 2020
  • November 2020
  • March 2020
  • September 2019
  • August 2019
  • November 2018
  • August 2018
  • March 2018
  • March 2017
  • February 2017
  • January 2017
  • November 2016
  • October 2016
  • July 2016
  • May 2016
  • April 2016
  • March 2016
  • February 2016
  • June 2015
  • March 2015
  • February 2015
  • December 2014
  • November 2014
  • October 2014
  • September 2014
  • August 2014
  • July 2014
  • June 2014
  • May 2014
  • April 2014
  • March 2014
  • January 2014
  • October 2013
  • September 2013
  • June 2013
  • May 2013
  • April 2013
  • December 2012
  • May 2012
  • September 2011
  • June 2011
  • August 2010
  • July 2010
  • May 2010
  • April 2010
  • March 2010
  • February 2010
  • July 2009
  • May 2008
  • March 2008
  • January 2008
  • June 2007
  • August 2006
  • February 2006

Calendar

July 2022
M T W T F S S
 123
45678910
11121314151617
18192021222324
25262728293031
« Jun    

Categories

  • Apple
  • Christianity
  • Essays
  • Forensics
  • General
  • Machine Learning
  • Music
  • Opinion
  • Photography
  • Politics
  • Security

All Content Copyright (c) 2000-2022 by Jonathan Zdziarski, All Rights Reserved