[Cryptography] The FBI can (almost certainly) crack the San Bernardino iPhone without Apple's help

John Gilmore gnu at toad.com
Tue Mar 1 19:16:04 EST 2016 

Ron Garret suggested:
> The attack is not a brute force attack on the AES key, it's a brute force attack on the PIN.  It works like this:
> 1.  De-solder the flash chip and read its contents
> 2.  Replace the flash chip with a ZIF socket (probably connected to a short ribbon cable).
> 3.  Re-install the flash chip and make five guesses at the PIN.
> 4.  Power down, replace the flash chip with a fresh copy of the original, and go to Step 3.

You may even be able to do a simpler attack, by just filtering out all
the system's attempts to write to the flash chip.  The standard flash
chip interface has a Write Protect signal; shorting that pin to
permanently "on" should prevent any alteration.  Then the software
won't be able to erase keys, won't be able to increment the count of
bad attempts, etc.  The question is whether the system will fail for
other unrelated reasons if its flash chip becomes mysteriously
read-only.

I think the attack Ron suggested will work, as long as the system's
only nonvolatile storage is in a separate flash chip.  You can also
speed it up substantially by replacing the flash chip with a
flash-chip emulator.  The emulator has a Zero Insertion Force socket
to accept the old flash chip, but it also has enough RAM to save a
full copy of the flash chip.  The emulator can be commanded externally
to copy the flash chip's contents into its RAM.

The emulator acts just like a flash chip to the system, but it is not
actually writing data to the flash chip that sits piggyback on it, nor
erasing the flash chip; it's simulating all the reads, writes, and erases by
using its own RAM instead.

So, after every five attempts, you recopy the original flash chip
contents into the emulator's RAM, then do the next five attempts.  If
the phone tries to erase the keys in flash, it's just erasing the RAM
copy.  If the phone tries to remember how many times you tried a wrong
password by writing the count to flash, you are restoring that count
after every five tries.  You may not even have to reboot the phone,
depending on whether it retrieves the number of password attempts from
the flash chip or from its ordinary main memory.(*)

As the Apple iOS Security document (October 2012 version page 20,
October 2014 version page 49, September 2015 version page 58) says:

  Effaceable Storage: A dedicated area of NAND storage, used to store
  cryptographic keys, that can be addressed directly and wiped
  securely.  WHILE IT DOESN'T PROVIDE PROTECTION IF AN ATTACKER HAS
  PHYSICAL POSSESSION OF A DEVICE (emphasis mine), keys held in
  Effaceable Storage can be used as part of a key hierarchy to
  facilitiate fast wipe and forward security.

Here's the flash chip detailed interface spec, and emulators:

  http://www.onfi.org/~/media/ONFI/specs/onfi_3_1_spec.pdf
  https://en.wikipedia.org/wiki/Flash_memory_emulator

	John

(*): If the phone only stores the number of password attempts in main
memory, just cut off its power and reboot it after every 5 guesses,
and you'll get an infinite number of guesses without having to mess
with the flash chip.  (But you'll have to wait for it to reboot each
time.)  If it stores it in flash and retrieves it from flash, then
you'll need the flash emulator to restore the flash after every 5
guesses.

More information about the cryptography mailing list