|
|
|
|
|
|
by darawk
3779 days ago
|
|
|
In reading the IOS security guide, it's not clear to me that the device GID is actually left unrecorded. See here: https://www.apple.com/business/docs/iOS_Security_Guide.pdf > The UIDs are unique to each device and are not recorded by Apple or any of its suppliers.
The GIDs are common to all processors in a class of devices (for example, all devices
using the Apple A8 processor), and are used for non security-critical tasks such as when
delivering system software during installation and restore. The 'not recorded' explicitly refers only to UID, not GID. This means that in theory the GID is accessible and knowable to/by Apple. With this information, it should be possible to use a different processor in conjunction with the secure enclave that spoofs the correct GID. Correct me if i'm wrong, but isn't this sufficient to bypass the time-delay and thereby unlock the phone? |
|
|