|
|
|
|
|
|
by zalzane
4284 days ago
|
|
|
are you sure they built in a real backdoor? i thought they salted user PINs with a hard-wired nonce that's specific to every device - then when the fuzz needs to get the device unlocked apple looks up what the hard-wired nonce is for that specific device, and then crack the 4 digit pin. anyone have details on how apple actually unlocked devices? |
|
|
Not quite. There are two nonces involved. One is (probably) easy for Apple to extract (the randomly generated, re-writable value in effaceable storage) and the other is (supposedly) very difficult to extract, because it's burned into the CPU hardware. If all works as intended, the only way to extract the second one is to decap the CPU and read it with a microscope.
Also, you can have arbitrarily long PINs, including alphanumeric.
If Apple's security PDF is correct, the only obvious way Apple can break the PIN is via brute force, which I believe they claim to provide when LEAs request it.