[Cryptography] Yes, Apple is correct
John Levine
johnl at iecc.com
Sun Feb 21 16:20:00 EST 2016
In article <965E58B9-DEDB-47C3-B45D-77B8C9F92636 at dukhovni.org> you write:
>
>> On Feb 19, 2016, at 6:49 PM, Phillip Hallam-Baker <phill at hallambaker.com> wrote:
>>
>> The payload is signed so any change to the serial number info would
>> cause the payload to be rejected.
>
>Don't change the IMEI whitelist burned into the LE firmware, change
>the IMEI the firmware reads from the phone. My guess is that
>the datapath to the IMEI is not protected, but it is just a guess.
Why guess, when Apple has published a detailed description of it?
https://www.apple.com/business/docs/iOS_Security_Guide.pdf
Every iphone has a unique UID burned into the hardware at the time the
phone was manufactured. The UID is not visible to software, it can
only be used as an AES key. See the document for more details.
So yes, it is possible to write software that will only run on a
particular phone, but of course once you've done that it's trivial to
modify the software to run on other phones, or any phone.
R's,
John
More information about the cryptography
mailing list