Posted on 03/23/2016 5:59:34 AM PDT by Citizen Zed
Here's Zdziarski's possible explanation ...
[Most of the tech experts Ive heard from believe the same as I do that NAND mirroring is likely being used to some degree to brute force the pin on the device. This is where the NAND chip is typically desoldered, dumped into a file (likely by a chip reader/programmer, which is like a cd burner for chips), and then copied so that if the device begins to wipe or delay after five or ten tries, they can just re-write the original image back to the chip. This technique is kind of like cheating at Super Mario Bros. with a save-game, allowing you to play the same level over and over after you keep dying. Only instead of playing a game, theyre trying different pin combinations.]
(Excerpt) Read more at businessinsider.com ...
**This is where the NAND chip is typically desoldered, dumped into a file (likely by a chip reader/programmer, which is like a cd burner for chips), and then copied so that if the device begins to wipe or delay after five or ten tries, they can just re-write the original image back to the chip. **
Wait, is this saying our intell ppl had to get Israeli intell ppl to tach them how to mirror a chip? Shouldn’t we already know how to do this?
Tach should be “teach.”
Maybe I need a 5th grader to teach me how to preview.
The whole FBI/Apple thing is a Red Herring.
Anyone in the reverse engineering industry, yes there is a whole industry based on this technology, can access the data on the phone as long as it is in their physical possession. I absolutely refuse to believe the a nation state as advanced as the US and agencies like the FBI to not have the same capabilities. This is the same technology used to read the contents of a physically damaged device.
The DOD is well aware of this technology so any electronic device used by them must undergo rigorous testing to assure that once destructed the device is unreadable. (this is not as easy as one may think). Please check out MIL-HDBK 115 for more information.
ANY memory can be read directly from the silicon with the proper care and tools.
Therefore: it is my supposition that the FBI wants to gain access to devices NOT in their possession.
Are these the same people who created Stuxnet?
Are these the same people who created Stuxnet?
Yes, you’re welcome.
If I were Apple, I’d be very concerned if they get into the chip and find the names of the Brussels bombers.
What is on the killers phone that is not available from providers phone records (numbers, time duration), GPS tracking records (location over time), emails (archiving) from internet providers???? NSA is supposed track terrorists!?!
All that can be acquired without having the physical phone.
It all looks like another version of going after the gun ban after random killing.
What is left of citizens privacy ???
You already pay for your phone that gives the almighty government free access to your private activity.
Yeah, freedom for terrorists, spying on citizens!
You could step through each clock cycle and find the instructions to wipe the disk and simply re-architect the simulator to bypass that code sequence and start over.
Some MIT guys hacked an XBox several years ago simply by dumping all the code and data from the bus.
Pinging dayglored and Shadow Ace for their ping lists. . .
The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.
If you want on or off the Mac Ping List, Freepmail me
That won't work on the iPhone. The passcode is not on the iPhone
“Wait, is this saying our intell ppl had to get Israeli intell ppl to tach them how to mirror a chip? Shouldnt we already know how to do this?”
We do. This is just a commercial firm looking for advertising.
You should read up on Apple’s methods.
You might revise your thinking.
I already suggested doing this weeks ago and dumping the microcode, OS, and data into a hundreds or thousands of virtual ARM devices in the cloud, and let each one spin with a set of logons.
You could step through each clock cycle and find the instructions to wipe the disk and simply re-architect the simulator to bypass that code sequence and start over.
We did basically the same thing 30 years ago with Commodore 64 game cartridges.
We would put the game cartridge ROM in a reader and then copy the code to a floppy and run it from there.
And of course, give copies to friends.
The game manufactures got on to this so they started including code on the ROM to kill or overwrite the memory area where the game was running.
So we learned to use an disassembler to step through the code and null out the offending code.
What goes around, comes around.
That will not work. To do that you have to be able to READ the invisible and unreadable section of the A6 processor called the Encryption Engine where the one-way hash is stored. Unless you can figure out how to do that, you cannot duplicate the hardware required to do it. Apple already anticipated that approach and designed a way to defeat it. That segment of the A6 is unreadable from RAM, is unaccessible from the A6's data processor, and is not readable from external hardware probes.
The Encryption Engine, although not as sophisticated as the Secure Element of the A7's and later iOS Device processors' security, has its own small processor built in to handle the dedicated functions it needs.
Any access attempt to try and read the stored secure data by scanning will be destructive of that data.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.