Apple vs. Feds

[HokieForever]

Really good article in plain English that explains it, he gives the technical then plain English details:

http://blog.trailofbits.com/2016/02/17/ ... urt-order/

Note: When he gets to the Security enclave section and this statement " All devices with TouchID (or any devices with A7 or later A-series processors) have a Secure Enclave." He is talking about iPhone 5S and later.

To circumvent the Secure Enclave it is theorized that Apple could do the following:
If the device does contain a Secure Enclave, then two firmware updates, one to iOS and one to the Secure Enclave, are required to disable these security features. The end result in either case is the same. After modification, the device is able to guess passcodes at the fastest speed the hardware supports.

Note: This does not get the FBI access only allows them to brute force the security code unimpeded and if the security code is 10 characters and complex ie not using birthdays, SS#, etc. 25 years for FBI to crack, 253 years for 11 characters

https://theintercept.com/2016/02/18/pas ... -backdoor/

HokieForever

[HokieForever]

Sure they do. They have the random keys for every phone created at the factory. They don't need the security code as that's not part of the key. Just listen to what they're saying, they say they have the capability to push an update to all phones to unlock it. They couldn't do that if the key was in the user domain. They just don't want to do it and the claims of breaking every phone just isn't true.

Obvious I am not talking to someone you understands, moving on.....

HokieForever

[awesome guy]

Sure they do. They have the random keys for every phone created at the factory. They don't need the security code as that's not part of the key. Just listen to what they're saying, they say they have the capability to push an update to all phones to unlock it. They couldn't do that if the key was in the user domain. They just don't want to do it and the claims of breaking every phone just isn't true.

Obvious I am not talking to someone you understands, moving on.....

HokieForever

bahahaha. Move on, you're just speaking out of your ass.

[Major Kong]

Really good article in plain English that explains it, he gives the technical then plain English details:

http://blog.trailofbits.com/2016/02/17/ ... urt-order/

Note: When he gets to the Security enclave section and this statement " All devices with TouchID (or any devices with A7 or later A-series processors) have a Secure Enclave." He is talking about iPhone 5S and later.

To circumvent the Secure Enclave it is theorized that Apple could do the following:
If the device does contain a Secure Enclave, then two firmware updates, one to iOS and one to the Secure Enclave, are required to disable these security features. The end result in either case is the same. After modification, the device is able to guess passcodes at the fastest speed the hardware supports.

Note: This does not get the FBI access only allows them to brute force the security code unimpeded and if the security code is 10 characters and complex ie not using birthdays, SS#, etc. 25 years for FBI to crack, 253 years for 11 characters

https://theintercept.com/2016/02/18/pas ... -backdoor/

HokieForever

Thank you HF very good stuff.

[awesome guy]

Sure they do. They have the random keys for every phone created at the factory. They don't need the security code as that's not part of the key. Just listen to what they're saying, they say they have the capability to push an update to all phones to unlock it. They couldn't do that if the key was in the user domain. They just don't want to do it and the claims of breaking every phone just isn't true.

Obvious I am not talking to someone you understands, moving on.....

HokieForever

Here's a very easy way to hack it. Get the encryption key from Apple, which they have. Physically remove the hard drive and make a snapshot onto a virtual drive. Decrypt with the key to read the raw data or use that virtual drive as the base AMI for a device emulator on Amazon Web Services. Then brute force the security key and BFD if a virtual drive is wiped at that point. they could write a program that standups an instance, attempts to log in 4 times and then destroys it if unsuccessful so they interact with the virtual phone as if they were the end user. Easy, peasy. Most of what they want is probably on the icloud account anyway. You clearly don't understand what you're talking about.

[HvilleHokie]

I don't understand why they can't just remove the memory from the phone, make a copy of it, and then have at it in a virtual environment. Is that not a thing?

The data is encrypted with aes 256. A brute force attack with even a super computer would take longer than the history of the universe. They really really need the key.

[awesome guy]

I don't understand why they can't just remove the memory from the phone, make a copy of it, and then have at it in a virtual environment. Is that not a thing?

The data is encrypted with aes 256. A brute force attack with even a super computer would take longer than the history of the universe. They really really need the key.

You're the high level xml document guy aren't you?

Hint, they have the key for the drive. The 10 failed logon attempts triggering a factory reset is the problem, not decrypting the drive. Copying the drive and working off copies gets around that.

[HvilleHokie]

Sure they do. They have the random keys for every phone created at the factory. They don't need the security code as that's not part of the key. Just listen to what they're saying, they say they have the capability to push an update to all phones to unlock it. They couldn't do that if the key was in the user domain. They just don't want to do it and the claims of breaking every phone just isn't true.

Obvious I am not talking to someone you understands, moving on.....

HokieForever

Here's a very easy way to hack it. Get the encryption key from Apple, which they have. Physically remove the hard drive and make a snapshot onto a virtual drive. Decrypt with the key to read the raw data or use that virtual drive as the base AMI for a device emulator on Amazon Web Services. Then brute force the security key and BFD if a virtual drive is wiped at that point. they could write a program that standups an instance, attempts to log in 4 times and then destroys it if unsuccessful so they interact with the virtual phone as if they were the end user. Easy, peasy. Most of what they want is probably on the icloud account anyway. You clearly don't understand what you're talking about.

First, the phones don't contain hard drives. The very fact that you call it that belies any sort of input you have on the issue.

Second, the key is composed of two components: a random key put into each device at manufacture and the user passcode. Without the combination of these two numbers, the data can't be retrieved. Apple does not have either of these numbers. Without them, it would take a period of time several orders of magnitude longer than the universe has existed in order to guess the key like you suggest.

[HvilleHokie]

I don't understand why they can't just remove the memory from the phone, make a copy of it, and then have at it in a virtual environment. Is that not a thing?

The data is encrypted with aes 256. A brute force attack with even a super computer would take longer than the history of the universe. They really really need the key.

You're the high level xml document guy aren't you?

Hint, they have the key for the drive. The 10 failed logon attempts triggering a factory reset is the problem, not decrypting the drive. Copying the drive and working off copies gets around that.

Actually I'm an expert witness for embedded systems and have spent hundreds of hours looking at Apple code. Further, I have 20 years of design experience designing secure hardware for telecommunications and the military.

But please do carry on. Clearly, you've got it all figured out despite every expert in the country disagreeing with you.

[awesome guy]

Sure they do. They have the random keys for every phone created at the factory. They don't need the security code as that's not part of the key. Just listen to what they're saying, they say they have the capability to push an update to all phones to unlock it. They couldn't do that if the key was in the user domain. They just don't want to do it and the claims of breaking every phone just isn't true.

Obvious I am not talking to someone you understands, moving on.....

HokieForever

Here's a very easy way to hack it. Get the encryption key from Apple, which they have. Physically remove the hard drive and make a snapshot onto a virtual drive. Decrypt with the key to read the raw data or use that virtual drive as the base AMI for a device emulator on Amazon Web Services. Then brute force the security key and BFD if a virtual drive is wiped at that point. they could write a program that standups an instance, attempts to log in 4 times and then destroys it if unsuccessful so they interact with the virtual phone as if they were the end user. Easy, peasy. Most of what they want is probably on the icloud account anyway. You clearly don't understand what you're talking about.

First, the phones don't contain hard drives. The very fact that you call it that belies any sort of input you have on the issue.

Second, the key is composed of two components: a random key put into each device at manufacture and the user passcode. Without the combination of these two numbers, the data can't be retrieved. Apple does not have either of these numbers. Without them, it would take a period of time several orders of magnitude longer than the universe has existed in order to guess the key like you suggest.

You're a boob. It is a hard drive. You and the other wanker should put on your thinking caps or stop talking out of your butt. If the secret code is the encryption key then the drive has to be reformatted every time you change the secret as you're by definition also changing the encryption key. But that's of course not how it works. Stick with not understanding XML documents instead of adding encryption to the list of mysteries in your life.

[awesome guy]

I don't understand why they can't just remove the memory from the phone, make a copy of it, and then have at it in a virtual environment. Is that not a thing?

The data is encrypted with aes 256. A brute force attack with even a super computer would take longer than the history of the universe. They really really need the key.

You're the high level xml document guy aren't you?

Hint, they have the key for the drive. The 10 failed logon attempts triggering a factory reset is the problem, not decrypting the drive. Copying the drive and working off copies gets around that.

Actually I'm an expert witness for embedded systems and have spent hundreds of hours looking at Apple code. Further, I have 20 years of design experience designing secure hardware for telecommunications and the military.

But please do carry on. Clearly, you've got it all figured out despite every expert in the country disagreeing with you.

You're a liar and a boob. Hundreds of hours is 3 weeks. I have more experience than you here. And you're not bright enough to realize no one agrees with you. The 10 failed logons erasing data is the shop stopper, not decryption. That's in every article on the subject. I really wish stupid.people like you would exit the industry as your history of failed projects is what drove IT over seas. I mean come on, you don't even think phones have a hard drive. I bet you read solid state and didn't understand that's just a type of drive.

[HvilleHokie]

I don't understand why they can't just remove the memory from the phone, make a copy of it, and then have at it in a virtual environment. Is that not a thing?

The data is encrypted with aes 256. A brute force attack with even a super computer would take longer than the history of the universe. They really really need the key.

You're the high level xml document guy aren't you?

Hint, they have the key for the drive. The 10 failed logon attempts triggering a factory reset is the problem, not decrypting the drive. Copying the drive and working off copies gets around that.

Actually I'm an expert witness for embedded systems and have spent hundreds of hours looking at Apple code. Further, I have 20 years of design experience designing secure hardware for telecommunications and the military.

But please do carry on. Clearly, you've got it all figured out despite every expert in the country disagreeing with you.

You're a liar and a boob. Hundreds of hours is 3 weeks. I have more experience than you here. And you're not bright enough to realize no one agrees with you. The 10 failed logons erasing data is the shop stopper, not decryption. That's in every article on the subject. I really wish stupid.people like you would exit the industry as your history of failed projects is what drove IT over seas. I mean come on, you don't even think phones have a hard drive. I bet you read solid state and didn't understand that's just a type of drive.

You should offer your services to the fbi. Clearly, they (and appearently Apple) are lacking your brand of genius.

[awesome guy]

I don't understand why they can't just remove the memory from the phone, make a copy of it, and then have at it in a virtual environment. Is that not a thing?

The data is encrypted with aes 256. A brute force attack with even a super computer would take longer than the history of the universe. They really really need the key.

You're the high level xml document guy aren't you?

Hint, they have the key for the drive. The 10 failed logon attempts triggering a factory reset is the problem, not decrypting the drive. Copying the drive and working off copies gets around that.

Actually I'm an expert witness for embedded systems and have spent hundreds of hours looking at Apple code. Further, I have 20 years of design experience designing secure hardware for telecommunications and the military.

But please do carry on. Clearly, you've got it all figured out despite every expert in the country disagreeing with you.

You're a liar and a boob. Hundreds of hours is 3 weeks. I have more experience than you here. And you're not bright enough to realize no one agrees with you. The 10 failed logons erasing data is the shop stopper, not decryption. That's in every article on the subject. I really wish stupid.people like you would exit the industry as your history of failed projects is what drove IT over seas. I mean come on, you don't even think phones have a hard drive. I bet you read solid state and didn't understand that's just a type of drive.

You should offer your services to the fbi. Clearly, they (and appearently Apple) are lacking your brand of genius.

They stated the problem as I have. You should stick to masquerading as an interface engineer with high level XML documents as you know crap about encryption.

Here's what those dumbasses at MIT are saying
http://qz.com/618348/this-is-why-the-fb ... o-iphones/

[HokieFanDC]

I don't understand why they can't just remove the memory from the phone, make a copy of it, and then have at it in a virtual environment. Is that not a thing?

The data is encrypted with aes 256. A brute force attack with even a super computer would take longer than the history of the universe. They really really need the key.

You're the high level xml document guy aren't you?

Hint, they have the key for the drive. The 10 failed logon attempts triggering a factory reset is the problem, not decrypting the drive. Copying the drive and working off copies gets around that.

Actually I'm an expert witness for embedded systems and have spent hundreds of hours looking at Apple code. Further, I have 20 years of design experience designing secure hardware for telecommunications and the military.

But please do carry on. Clearly, you've got it all figured out despite every expert in the country disagreeing with you.

You're a liar and a boob. Hundreds of hours is 3 weeks. I have more experience than you here. And you're not bright enough to realize no one agrees with you. The 10 failed logons erasing data is the shop stopper, not decryption. That's in every article on the subject. I really wish stupid.people like you would exit the industry as your history of failed projects is what drove IT over seas. I mean come on, you don't even think phones have a hard drive. I bet you read solid state and didn't understand that's just a type of drive.

iPhones use flash storage, not HDD, or SSD. Why do you think they use something other then flash?

[awesome guy]

I don't understand why they can't just remove the memory from the phone, make a copy of it, and then have at it in a virtual environment. Is that not a thing?

The data is encrypted with aes 256. A brute force attack with even a super computer would take longer than the history of the universe. They really really need the key.

You're the high level xml document guy aren't you?

Hint, they have the key for the drive. The 10 failed logon attempts triggering a factory reset is the problem, not decrypting the drive. Copying the drive and working off copies gets around that.

Actually I'm an expert witness for embedded systems and have spent hundreds of hours looking at Apple code. Further, I have 20 years of design experience designing secure hardware for telecommunications and the military.

But please do carry on. Clearly, you've got it all figured out despite every expert in the country disagreeing with you.

You're a liar and a boob. Hundreds of hours is 3 weeks. I have more experience than you here. And you're not bright enough to realize no one agrees with you. The 10 failed logons erasing data is the shop stopper, not decryption. That's in every article on the subject. I really wish stupid.people like you would exit the industry as your history of failed projects is what drove IT over seas. I mean come on, you don't even think phones have a hard drive. I bet you read solid state and didn't understand that's just a type of drive.

iPhones use flash storage, not HDD, or SSD. Why do you think they use something other then flash?

Flash is a type of SSD. So I think it uses a SSD because it does. Ya'll are saying I'm wrong over the equivalent of me saying "Chevy Silverado has a V8 engine" and ya'll saying "no it doesn't, it has a ecotec engine".

[HokieFanDC]

The data is encrypted with aes 256. A brute force attack with even a super computer would take longer than the history of the universe. They really really need the key.

You're the high level xml document guy aren't you?

Hint, they have the key for the drive. The 10 failed logon attempts triggering a factory reset is the problem, not decrypting the drive. Copying the drive and working off copies gets around that.

Actually I'm an expert witness for embedded systems and have spent hundreds of hours looking at Apple code. Further, I have 20 years of design experience designing secure hardware for telecommunications and the military.

But please do carry on. Clearly, you've got it all figured out despite every expert in the country disagreeing with you.

You're a liar and a boob. Hundreds of hours is 3 weeks. I have more experience than you here. And you're not bright enough to realize no one agrees with you. The 10 failed logons erasing data is the shop stopper, not decryption. That's in every article on the subject. I really wish stupid.people like you would exit the industry as your history of failed projects is what drove IT over seas. I mean come on, you don't even think phones have a hard drive. I bet you read solid state and didn't understand that's just a type of drive.

iPhones use flash storage, not HDD, or SSD. Why do you think they use something other then flash?

Flash is a type of SSD. So I think it uses a SSD because it does. Ya'll are saying I'm wrong over the equivalent of me saying "Chevy Silverado has a V8 engine" and ya'll saying "no it doesn't, it has a ecotec engine".

SSD uses flash as it's storage mechanism. Flash is not a type of SSD. iPhones and iPads use flash, but not SSD. And neither of those are hard drives.

But, on the original topic, agree that the issue is the data erase from brute force password breaking. The issue, as I read it, was that once Apple creates the iOS to be loaded onto the phone they want to break, then that creation can be used to break any iPhone. But, I've also read that this may not be true for iPhone 5S and later.
Honestly, I'd be shocked if China hadn't developed something already. The have been busting iOS software for years now.

[awesome guy]

SSD uses flash as it's storage mechanism. Flash is not a type of SSD. iPhones and iPads use flash, but not SSD. And neither of those are hard drives.

But, on the original topic, agree that the issue is the data erase from brute force password breaking. The issue, as I read it, was that once Apple creates the iOS to be loaded onto the phone they want to break, then that creation can be used to break any iPhone. But, I've also read that this may not be true for iPhone 5S and later.
Honestly, I'd be shocked if China hadn't developed something already. The have been busting iOS software for years now.

Nope, Flash is Apple's brand of SSD. You just don't get it and have out 80's Golden Shovel. I felt bad for you and so found a link to clear your foggy vision

https://danielmiessler.com/blog/the-dif ... rd-drives/

[HokieForever]

SSD uses flash as it's storage mechanism. Flash is not a type of SSD. iPhones and iPads use flash, but not SSD. And neither of those are hard drives.

But, on the original topic, agree that the issue is the data erase from brute force password breaking. The issue, as I read it, was that once Apple creates the iOS to be loaded onto the phone they want to break, then that creation can be used to break any iPhone. But, I've also read that this may not be true for iPhone 5S and later.
Honestly, I'd be shocked if China hadn't developed something already. The have been busting iOS software for years now.

awesome guy is just a troll, ignore him. Look at his other posts in other topics he treats everyone like dirt.

[awesome guy]

SSD uses flash as it's storage mechanism. Flash is not a type of SSD. iPhones and iPads use flash, but not SSD. And neither of those are hard drives.

But, on the original topic, agree that the issue is the data erase from brute force password breaking. The issue, as I read it, was that once Apple creates the iOS to be loaded onto the phone they want to break, then that creation can be used to break any iPhone. But, I've also read that this may not be true for iPhone 5S and later.
Honestly, I'd be shocked if China hadn't developed something already. The have been busting iOS software for years now.

awesome guy is just a troll, ignore him. Look at his other posts in other topics he treats everyone like dirt.

Your 3rd post was telling me I'm ignorant and not worth your time. I don't treat you like dirt, but when you're a pig and sheet on me, I will rub your turd back in your face. Like here, where I demonstrated how little you know about encryption. Or how you call me a troll while trolling. If you don't want to be treated like this then don't be an ass.

[awesome guy]

SSD uses flash as it's storage mechanism. Flash is not a type of SSD. iPhones and iPads use flash, but not SSD. And neither of those are hard drives.

But, on the original topic, agree that the issue is the data erase from brute force password breaking. The issue, as I read it, was that once Apple creates the iOS to be loaded onto the phone they want to break, then that creation can be used to break any iPhone. But, I've also read that this may not be true for iPhone 5S and later.
Honestly, I'd be shocked if China hadn't developed something already. The have been busting iOS software for years now.

awesome guy is just a troll, ignore him. Look at his other posts in other topics he treats everyone like dirt.

Your 3rd post was telling me I'm ignorant and not worth your time. I don't treat you like dirt, but when you're a pig and sheet on me, I will rub your turd back in your face. Like here, where I demonstrated how little you know about encryption. Or how you call me a troll while trolling. If you don't want to be treated like this then don't be an ass.

[HokieFanDC]

SSD uses flash as it's storage mechanism. Flash is not a type of SSD. iPhones and iPads use flash, but not SSD. And neither of those are hard drives.

But, on the original topic, agree that the issue is the data erase from brute force password breaking. The issue, as I read it, was that once Apple creates the iOS to be loaded onto the phone they want to break, then that creation can be used to break any iPhone. But, I've also read that this may not be true for iPhone 5S and later.
Honestly, I'd be shocked if China hadn't developed something already. The have been busting iOS software for years now.

Nope, Flash is Apple's brand of SSD. You just don't get it and have out 80's Golden Shovel. I felt bad for you and so found a link to clear your foggy vision

https://danielmiessler.com/blog/the-dif ... rd-drives/

I think were saying the same thing. SSD can use different types of storage, one is flash (another is RAM)
Flash storage can be used in different applications, one of which is SSD (as well as USB and memory cards). As it says I n the article you posted, SSD is a type of flash.

And neither of those is a hard drive, ie iPhones don't have a hard drive.

[awesome guy]

SSD uses flash as it's storage mechanism. Flash is not a type of SSD. iPhones and iPads use flash, but not SSD. And neither of those are hard drives.

But, on the original topic, agree that the issue is the data erase from brute force password breaking. The issue, as I read it, was that once Apple creates the iOS to be loaded onto the phone they want to break, then that creation can be used to break any iPhone. But, I've also read that this may not be true for iPhone 5S and later.
Honestly, I'd be shocked if China hadn't developed something already. The have been busting iOS software for years now.

Nope, Flash is Apple's brand of SSD. You just don't get it and have out 80's Golden Shovel. I felt bad for you and so found a link to clear your foggy vision

https://danielmiessler.com/blog/the-dif ... rd-drives/

I think were saying the same thing. SSD can use different types of storage, one is flash (another is RAM)
Flash storage can be used in different applications, one of which is SSD (as well as USB and memory cards). As it says I n the article you posted, SSD is a type of flash.

And neither of those is a hard drive, ie iPhones don't have a hard drive.

Nope. Keep digging

[HokieJoe]

Meh, Flash, SSD, HDD, it's ALL non-volatile storage.

[absolutvt03]

SSD uses flash as it's storage mechanism. Flash is not a type of SSD. iPhones and iPads use flash, but not SSD. And neither of those are hard drives.

But, on the original topic, agree that the issue is the data erase from brute force password breaking. The issue, as I read it, was that once Apple creates the iOS to be loaded onto the phone they want to break, then that creation can be used to break any iPhone. But, I've also read that this may not be true for iPhone 5S and later.
Honestly, I'd be shocked if China hadn't developed something already. The have been busting iOS software for years now.

Nope, Flash is Apple's brand of SSD. You just don't get it and have out 80's Golden Shovel. I felt bad for you and so found a link to clear your foggy vision

https://danielmiessler.com/blog/the-dif ... rd-drives/

I think were saying the same thing. SSD can use different types of storage, one is flash (another is RAM)
Flash storage can be used in different applications, one of which is SSD (as well as USB and memory cards). As it says I n the article you posted, SSD is a type of flash.

And neither of those is a hard drive, ie iPhones don't have a hard drive.

Nope. Keep digging

iPhones don't have a hard drive in the sense of a disk spinning inside it. The old iPods (and other MP3 players) did. If you're using the term "hard drive" to mean hard disk drive then no the iPhone does not have a hard drive. If you're using hard drive simply to mean built-in storage then it does have that obviously but it's not technically a hard drive. Flash is not "Apple's brand" of anything. Flash memory is used in plenty of non-Apple products. Your link says as much.

[HokieJoe]

SSD uses flash as it's storage mechanism. Flash is not a type of SSD. iPhones and iPads use flash, but not SSD. And neither of those are hard drives.

But, on the original topic, agree that the issue is the data erase from brute force password breaking. The issue, as I read it, was that once Apple creates the iOS to be loaded onto the phone they want to break, then that creation can be used to break any iPhone. But, I've also read that this may not be true for iPhone 5S and later.
Honestly, I'd be shocked if China hadn't developed something already. The have been busting iOS software for years now.

Nope, Flash is Apple's brand of SSD. You just don't get it and have out 80's Golden Shovel. I felt bad for you and so found a link to clear your foggy vision

https://danielmiessler.com/blog/the-dif ... rd-drives/

I think were saying the same thing. SSD can use different types of storage, one is flash (another is RAM)
Flash storage can be used in different applications, one of which is SSD (as well as USB and memory cards). As it says I n the article you posted, SSD is a type of flash.

And neither of those is a hard drive, ie iPhones don't have a hard drive.

Nope. Keep digging

iPhones don't have a hard drive in the sense of a disk spinning inside it. The old iPods (and other MP3 players) did. If you're using the term "hard drive" to mean hard disk drive then no the iPhone does not have a hard drive. If you're using hard drive simply to mean built-in storage then it does have that obviously but it's not technically a hard drive. Flash is not "Apple's brand" of anything. Flash memory is used in plenty of non-Apple products. Your link says as much.

HDD, SSD, or flash are all non-volatile forms of memory storage. It's where the OS and applications reside; and it's not dependent on the power state of a given device (notwithstanding sudden crashes). RAM memory is volatile (dependent on power state); or temporary storage. It's a working area for the OS and installed applications.


Just a FYI for anyone unaware.