<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div><blockquote type="cite" class=""><div class=""><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div class=""><blockquote type="cite" class=""><div dir="ltr" class=""><div class="gmail_extra">Teardown sites show me that the flash is available and could be</div><div class="gmail_extra">archived. <a href="https://www.ifixit.com/Teardown/iPhone+5s+Teardown/17383" class="">https://www.ifixit.com/Teardown/iPhone+5s+Teardown/17383</a><br class=""></div></div></blockquote></div>Where's the unique ID? I very much doubt it's in the flash. I'd bet it's on the CPU chip - after all, the RAM is already there - and difficult to extract. If so, the ability to clone the flash gains you nothing - without a CPU chip with the right unique ID, you can't decrypt the flash contents - even if you know the passcode.</div></div></blockquote>It turns out that Apple has actually done better than that. This same discussion showed up on RISKS Digest and someone dug up an Apple description of the security mechanisms that covers the phone in question. Here it is:</div><div><br class=""></div><div><span style="font-family: CourierNewPSMT;" class="">"Every iOS device has a dedicated AES 256 crypto engine built into the DMA</span><br style="font-family: CourierNewPSMT;" class=""><span style="font-family: CourierNewPSMT;" class="">path between the flash storage and main system memory, making file</span><br style="font-family: CourierNewPSMT;" class=""><span style="font-family: CourierNewPSMT;" class="">encryption highly efficient."</span><br style="font-family: CourierNewPSMT;" class=""><br style="font-family: CourierNewPSMT;" class=""><span style="font-family: CourierNewPSMT;" class="">"The device's unique ID (UID) and a device group ID (GID) are AES 256-bit</span><br style="font-family: CourierNewPSMT;" class=""><span style="font-family: CourierNewPSMT;" class="">keys fused into the application processor during manufacturing. No software</span><br style="font-family: CourierNewPSMT;" class=""><span style="font-family: CourierNewPSMT;" class="">or firmware can read them directly; they can see only the results of</span><br style="font-family: CourierNewPSMT;" class=""><span style="font-family: CourierNewPSMT;" class="">encryption or decryption operations performed using them. The UID is unique</span><br style="font-family: CourierNewPSMT;" class=""><span style="font-family: CourierNewPSMT;" class="">to each device and is not recorded by Apple or any of its</span><br style="font-family: CourierNewPSMT;" class=""><span style="font-family: CourierNewPSMT;" class="">suppliers. ... Burning these keys into the silicon prevents them from being</span><br style="font-family: CourierNewPSMT;" class=""><span style="font-family: CourierNewPSMT;" class="">tampered with or bypassed, and guarantees that they can be accessed only by</span><br style="font-family: CourierNewPSMT;" class=""><span style="font-family: CourierNewPSMT;" class="">the AES engine."</span></div><div><span style="font-family: CourierNewPSMT;" class=""><br class=""></span></div><div>The way in which the passcode is combined with the UID/GID isn't described but that's pretty simple stuff.</div><div><br class=""></div><div>So you can clone the SSD and even the RAM of a locked device all you like: It's useless to you without the information in the CPU chip, which you can't clone (without specialized, expensive attacks against the hardware).</div><div><br class=""></div><div><div> -- Jerry</div><div class=""><br class=""></div></div><div><span style="font-family: CourierNewPSMT;" class=""><br class=""></span></div><br class=""></body></html>