[Cryptography] The FBI can (almost certainly) crack the San Bernardino iPhone without Apple's help

[Ron Garret]

On Mar 1, 2016, at 2:48 AM, Jerry Leichter <leichter at lrw.com> wrote:

>> Just posted this, targeted more towards the general public than the people on this list, but I would appreciate feedback (and maybe an upvote on Hacker News):
>> 
>> http://blog.rongarret.info/2016/02/the-fbi-can-almost-certainly-crack-san.html
> Sigh.  This has become a meme so quickly, and it's just wrong.
> 
> You can clone the memory chip of an iPhone.  But even in the iPhone 5C in question, that doesn't give you the chip UUID, which is embedded in the processor - which provides no way to read it.  Without the UUID, knowing the lock code doesn't tell you the encryption key.
> 
> We've spent so many years working with universal Turing machines and software and virtual machines that we sometimes forget that underneath it all there's actual hardware, and that universal replicators of hardware don't exist....

Yes, I know this, and I specifically addressed it.  The attack is not a brute force attack on the AES key, it’s a brute force attack on the PIN.  It works like this:

1.  De-solder the flash chip and read its contents

2.  Replace the flash chip with a ZIF socket (probably connected to a short ribbon cable).

3.  Re-install the flash chip and make five guesses at the PIN.

4.  Power down, replace the flash chip with a fresh copy of the original, and go to Step 3.

rg