Apple is fighting the FBI
-
The FBI is working with Cellebrite to unlock San Bernardino iPhone http://techcrunch.com/2016/03/23/fbi-is-working-with-cellebrite-to-unlock-san-bernardino-iphone-reports-say/
Looks like it is correct https://www.fpds.gov/common/jsp/LaunchWebPage.jsp?command=execute&requestid=66873120&version=1.4
-
So as I understand it, if you guess wrong too much it will destroy the data, so... why not dump the memory of the phone? There's got to be a way to start it up and dump the stack to something else and all the data so you can crack it at your leisure.
-
@tonyshowoff said:
So as I understand it, if you guess wrong too much it will destroy the data, so... why not dump the memory of the phone? There's got to be a way to start it up and dump the stack to something else and all the data so you can crack it at your leisure.
That's what I have always said... just make a full copy of absolutely everything.
-
@Ambarishrh said:
The FBI is working with Cellebrite to unlock San Bernardino iPhone http://techcrunch.com/2016/03/23/fbi-is-working-with-cellebrite-to-unlock-san-bernardino-iphone-reports-say/
So the US completely lacks the skills to do this? Or just no Americans are willing to aid the FBI? It is quite an interesting point that they felt that the solution lay outside of the country.
-
@scottalanmiller said:
@tonyshowoff said:
So as I understand it, if you guess wrong too much it will destroy the data, so... why not dump the memory of the phone? There's got to be a way to start it up and dump the stack to something else and all the data so you can crack it at your leisure.
That's what I have always said... just make a full copy of absolutely everything.
This is Apple, I don't know if anyone has figured out how to do that yet, at least on iOS.
-
@scottalanmiller said:
@tonyshowoff said:
So as I understand it, if you guess wrong too much it will destroy the data, so... why not dump the memory of the phone? There's got to be a way to start it up and dump the stack to something else and all the data so you can crack it at your leisure.
That's what I have always said... just make a full copy of absolutely everything.
This is standard practice for computer forensics... at least from what I was taught. Also make a copy of the original data and only work on the copy never the original.
This whole thing just sounds like it was a ploy to get a backdoor in iOS for government entities to use on a whim.
-
@coliver said:
@scottalanmiller said:
@tonyshowoff said:
So as I understand it, if you guess wrong too much it will destroy the data, so... why not dump the memory of the phone? There's got to be a way to start it up and dump the stack to something else and all the data so you can crack it at your leisure.
That's what I have always said... just make a full copy of absolutely everything.
This is standard practice for computer forensics... at least from what I was taught. Also make a copy of the original data and only work on the copy never the original.
This whole thing just sounds like it was a ploy to get a backdoor in iOS for government entities to use on a whim.
This is what I ultimately suspect.
Edit: Government's way of working: If we can't figure it out, make it illegal.
-
The problem as I understand it is that the key needed to decrypt the data is a 256 bit code stored in the secure enclave. The secure enclave is part of the processor and there is no way to save the data as it were.
So sure, they could extract all of the encrypted data from the drive, and then attempt brute force decryption. I don't recall the current expected amount of time to try all possible options of a 256 bit code, but I'm sure it's still years if not thousands or millions of them.
-
@Dashrender said:
The problem as I understand it is that the key needed to decrypt the data is a 256 bit code stored in the secure enclave. The secure enclave is part of the processor and there is no way to save the data as it were.
So sure, they could extract all of the encrypted data from the drive, and then attempt brute force decryption. I don't recall the current expected amount of time to try all possible options of a 256 bit code, but I'm sure it's still years if not thousands or millions of them.
But they would only need to run through a (presumably) 4 digit pin. What are there 5000-ish different combinations?
-
@coliver close 10,000
-
@coliver said:
@Dashrender said:
The problem as I understand it is that the key needed to decrypt the data is a 256 bit code stored in the secure enclave. The secure enclave is part of the processor and there is no way to save the data as it were.
So sure, they could extract all of the encrypted data from the drive, and then attempt brute force decryption. I don't recall the current expected amount of time to try all possible options of a 256 bit code, but I'm sure it's still years if not thousands or millions of them.
But they would only need to run through a (presumably) 4 digit pin. What are there 5000-ish different combinations?
No, that would be what they need to run through to be allowed to use the secure enclave to get access to the key. But as I mentioned, there is no way for them to copy the secure enclave out of the phone. So currently they are forced to only do the on the phone, and the iOS version currently running will tell the secure enclave to delete itself after 10 bad tries.
If they had a way to extract the secure enclave from the phone, and then run 4 digit pins against that until they got it right, sure they could try 0000-9999 (10K 4 digit pins), but as I mentioned they can't.
-
@brianlittlejohn said:
@coliver close 10,000
Now of course, statistics say you'll find the right code after trying about half, so that's probably where coliver go the 5,000 number.
-
@Dashrender How does the secure enclave prevent the memory chips being imaged?
-
@scottalanmiller said:
@Dashrender How does the secure enclave prevent the memory chips being imaged?
it doesn't.
But if you're talking about the memory chips that actually store the data that the secure enclave uses to store the encyption/decryption key - it's not that it in any way prevents you from doing that... but it's inside the CPU, and there are no APIs that exist to read those chips (chips inside chips?).
So I suppose if you could disassemble the CPU and get to the storage chips that the secure enclave uses, you would have the key. I guess the chances of that happening currently without damaging said memory chips, is near impossible.
So sure, you can get the standard flash/SSD chips from the phone, desolider them, connect them to a reader, pull the data off, and start applying 256 bit decryption codes to it...and we'll see how long that takes before you guess the right one.
-
@scottalanmiller said:
@Dashrender How does the secure enclave prevent the memory chips being imaged?
Also, is the enclave tied to the drive?
AKA: could they image the drive and just keep trying with new images, or does the enclave control the 10 attempts?
-
@Dashrender said:
So sure, you can get the standard flash/SSD chips from the phone, desolider them, connect them to a reader, pull the data off, and start applying 256 bit decryption codes to it...and we'll see how long that takes before you guess the right one.
Well, they have some crazy equipment for that, so while not fast, likely faster than you are thinking.
-
@Dashrender said:
So I suppose if you could disassemble the CPU and get to the storage chips that the secure enclave uses, you would have the key. I guess the chances of that happening currently without damaging said memory chips, is near impossible.
I guess that the difference is is that I am expecting that they have a process for this. I'm not certain that they do, but it seems likely to me that they do. Not cheap, not easy, not 100% reliable, but when needed, I bet that they can do it. And once they have done that, it seems that the rest just falls into place.
-
@BRRABill said:
@scottalanmiller said:
@Dashrender How does the secure enclave prevent the memory chips being imaged?
Also, is the enclave tied to the drive?
AKA: could they image the drive and just keep trying with new images, or does the enclave control the 10 attempts?
The enclave controls the attempts. But those are software attempts.
-
@BRRABill said:
@scottalanmiller said:
@Dashrender How does the secure enclave prevent the memory chips being imaged?
Also, is the enclave tied to the drive?
AKA: could they image the drive and just keep trying with new images, or does the enclave control the 10 attempts?
the drive has nothing to do with it.
the secure enclave is the only thing that matters - and iOS tells the secure enclave to erase itself after 10 bad tries.
-
@Dashrender said:
the secure enclave is the only thing that matters - and iOS tells the secure enclave to erase itself after 10 bad tries.
Right, it's accessing it without iOS that I'm expecting.