|
|
|
|
|
|
by drewcrawford
3738 days ago
|
|
|
"secure enclave" is a marketing term that has grown over time and is hard to speak meaningfully about. In this particular device, the CPU has a small (~200 bytes) storage area of data that never leave the CPU, burned in at the factory, and allegedly never recorded during manufacturing. This data is involved in the cryptography, and this is what you have to brute-force. Short of capping the CPU, or some crazy side-channel attack, it's unreadable. In addition to that, modern devices have writeable memory areas that similarly stay on-die. That (or is it the related coprocessor?) is sometimes characterized as "the secure enclave" This device does not have that. Since it lacks writeable secure storage, by manipulating the NAND you can defeat the 10-pin lockout, which for obvious reasons has to be implemented in a writeable memory. However that is different than the unlock itself. I am pretty skeptical of the OP, as it seems to me you could just use a write-blocker to preserve the NAND, without going to the trouble of pulling apart the phone every 10 attempts. You may need to do some emulation if iOS tries to check its write, but surely our friends at a three-letter-agency already have something off-the-shelf for this. |
|
|
Not directly just a simple "blocker" as the software apparently also reads after the write to check the success of the write, but it seems something a not too complex is doable.