<div dir="ltr">With a four number PIN there are 9999 keys for the <div>data on the phone. All other secrets are constants.</div><div><br>The (AES) key is generated from the PIN (key) entangled with the Unique ID<br><br></div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div>"Each Secure Enclave is provisioned during fabrication with its own UID (Unique ID)
that is not accessible to other parts of the system and is not known to Apple. When
the device starts up, an ephemeral key is created, entangled with its UID, and used
to encrypt the Secure Enclave’s portion of the device’s memory space.
Additionally, data that is saved to the file system by the Secure Enclave is encrypted
with a key entangled with the UID and an anti-replay counter."</div><div><br></div></blockquote>The net is the device can encrypt data with <div>a small set of possible keys. Only the PIN is a variable</div><div>for a given device.<br><br>Can this be used in a lab to reduce the key space for decryption</div><div>and expose data on non volatile storage.<br><br>Presumably the Flash Memory content has been or will be copied and archived.<br>It might also be replaced with a "romulator" like flash emulator that can be quickly</div><div>updated when an ten strike or dumb luck erase sequence is hit.</div><div><br></div><div>Back to the UID+key+GID bounding things to 9999 keys. <br>What activity might be applied to the machine to enumerate</div><div>and extract or just use the 9999 keys. The UID and GID are constant</div><div>secrets.</div><div><br></div><div>Since: "Every iOS device has a dedicated AES 256 crypto engine built </div><div>into the DMA path
between the flash storage and main system </div><div>memory, making file encryption highly
efficient."<br><br>Are there "known data" attacks that can leverage the limited 9999 PINs</div><div>and the fixed GID (Apple Secret sauce) and unknown but also fixed UID </div><div>to find out which of the 9999 PINs was used to secure the phone.</div><div><br></div><div>Presumably the hardware only has to be instructed to read data (DMA) </div><div>into RAM with 9999 user space entered keys for an exhaustive brute force attack. <br></div><div>The bulk of the AES key is fixed in the device and reading flash is quicker than write.<br><br>What happens on a healthy phone when the PIN is changed and how fast can</div><div>the PIN space be exhausted and using a non DMA path test to see if common </div><div>to all phone data be tested against each PIN and bits from the device in question.<br>Once the pin is found reload flash and restart.</div><div><br></div><div>i.e. can the special case that is this phone be used against this phone knowing</div><div>that AES-256 can resist random attack for the life of the universe. </div><div>The secrets held close by Apple of the phone including the GID are never exposed.</div><div>Perhaps they are more vulnerable.<br><br>This is not a kiosk level service. </div><div><br></div><div><div><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"> T o m M i t c h e l l</div></div>
</div></div></div>