As far as getting the phone decrypted, you can do what Scott said / image the drive then brute force it without the risk of the phone defending itself via wiping itself.
Brute forcing a 4 digit unlock is simple. You would just need a script to image a new drive after every 10 tries. Trying to brute force the actual drive would be impossible without a few new algorithms and quantum computers.
Aha there's the solution. Try it on an actual iPhone and reimage it after every 10 tries. That shouldn't take too long.
As far as getting the phone decrypted, you can do what Scott said / image the drive then brute force it without the risk of the phone defending itself via wiping itself.
Brute forcing a 4 digit unlock is simple. You would just need a script to image a new drive after every 10 tries. Trying to brute force the actual drive would be impossible without a few new algorithms and quantum computers.
You're assuming they used a 4-digit pin code. I use the iOS option to have a full password unlock on my iDevices. I suggest everyone else do so as well.
And as a gov't employee, it's incredibly likely his fingerprints would be on file (not an issue here since he was using a 5C).
So the unlock options are down to: - Peel back the silicon and hope you don't break everything - Do constant brute force/re-imaging with hopes he was an average dumb person and had a weak password - Beg the NSA to sign a weakened version of iOS for you - Invent quantum computing - Obtain Supreme Court decree - Nationalize Apple
Maybe when the FBI fucked up the iCloud option by resetting the guy's password/disassociating it from his account/whatever they did, there were still backups of Apple's systems. Even if so, how long would they hold onto them? You could clone/virtualize Apple's iCloud server, restore it to that pre-FBI backup, and then in a lab environment, set up a bunch of wifi routers with matching SSIDs/PWs to what the phone might have saved in the past (workplace, home wifi, etc).
You could clone/virtualize Apple's iCloud server, restore it to that pre-FBI backup, and then in a lab environment, set up a bunch of wifi routers with matching SSIDs/PWs to what the phone might have saved in the past (workplace, home wifi, etc).
What a terrific and creative idea! The problem is SSL/TLS. Otherwise we could setup some public wifi in a cafe, have the icloud domains resolve to a proxy we control, and MitM everyone's iCloud traffic. If iPhones would installed unsigned software, we could even trick people into installing our app and such when they connect to our wifi and try to install some other app. Encryption really is the last line of defense.
See, I generally refuse to believe to government is as dumb as most of you think it is (obviously that gets called into question every time something like this crops up), and here I'm fairly certain the FBI knows what it is doing. They know what they want, they know why they want it, and they won't stop until they have it. They want the backdoor, they've always wanted the backdoor. The letter agencies all want to be able to do their jobs more effectively, which is catch the bad guys (we can get into the philosophical discussion of who is a "bad guy but for right now they seem to have public interests as their interests). So what if we have to stomp all over the Bill of Rights to do so, we're gonna catch dem turrists.
I'm just waiting for the thunderous applause as they finally get their backdoor. Then we'll all be taking it in the back door.
You could clone/virtualize Apple's iCloud server, restore it to that pre-FBI backup, and then in a lab environment, set up a bunch of wifi routers with matching SSIDs/PWs to what the phone might have saved in the past (workplace, home wifi, etc).
What a terrific and creative idea! The problem is SSL/TLS. Otherwise we could setup some public wifi in a cafe, have the icloud domains resolve to a proxy we control, and MitM everyone's iCloud traffic. If iPhones would installed unsigned software, we could even trick people into installing our app and such when they connect to our wifi and try to install some other app. Encryption really is the last line of defense.
Would that really come into play? It'd require Apple's involvement, obviously, but in this lab environment you'd have the phone, a wifi network it knows to connect to, and an old restored version of the iCloud infrastructure, all operating on this local network. SSL is not an area of deep knowledge for me here, but I've gotta assume they could put some certifying agency for the SSL traffic into that setup as well?
You could clone/virtualize Apple's iCloud server, restore it to that pre-FBI backup, and then in a lab environment, set up a bunch of wifi routers with matching SSIDs/PWs to what the phone might have saved in the past (workplace, home wifi, etc).
What a terrific and creative idea! The problem is SSL/TLS. Otherwise we could setup some public wifi in a cafe, have the icloud domains resolve to a proxy we control, and MitM everyone's iCloud traffic. If iPhones would installed unsigned software, we could even trick people into installing our app and such when they connect to our wifi and try to install some other app. Encryption really is the last line of defense.
Would that really come into play? It'd require Apple's involvement, obviously, but in this lab environment you'd have the phone, a wifi network it knows to connect to, and an old restored version of the iCloud infrastructure, all operating on this local network. SSL is not an area of deep knowledge for me here, but I've gotta assume they could put some certifying agency for the SSL traffic into that setup as well?
Unless you find an vulnerability in SSL/TLS, which happen all the time, you will have a hard time with this setup.
So you have a phone. It's going to look for updates at say, icloud.com. So you have it on this special LAN where you rigged the DNS server to resolve icloud.com to some local IP where your fake iCloud is. Great.
But it's trying to connect to https://icloud.com. If your fake iCloud doesn't have the private key/certificate that belongs to the real iCloud.com, then the phone will refuse the connection.
You could just make a new private key, then put the public part of that key on the phone and tell the phone to trust it. But if you can do that, you've unlocked the phone already.
If you try to do a MitM attack, it's the same issue. You have to have the private key of the real icloud.com or the phone won't connect through your proxy.
OK, I'm straight on this, then. I'm cooking up some compromise scenario that could arise, since Apple already stated they would've been willing to hand over iCloud backups, but the FBI messed up the account. If they had the means to un-fuck it, they might have quietly done so back in the beginning. But since that would take some development work on Apple's part, they're not interested. If the situation surrounding this phone case comes to a head, they could come to a compromise and un-fuck the iCloud account, perhaps using a local custom version of iCloud, which isn't a problem, since it's Apple doing it and they have their private keys.
Let's Apple say they tried, and were willing to help, but manages to not set precedent. Of course, reading into the situation of this particular phone, it hadn't backed up in weeks, so iCloud is likely off anyway, and they will get no data.
As far as getting the phone decrypted, you can do what Scott said / image the drive then brute force it without the risk of the phone defending itself via wiping itself.
Brute forcing a 4 digit unlock is simple. You would just need a script to image a new drive after every 10 tries. Trying to brute force the actual drive would be impossible without a few new algorithms and quantum computers.
You're assuming they used a 4-digit pin code. I use the iOS option to have a full password unlock on my iDevices. I suggest everyone else do so as well.
News was that the iPhone was only protected by a pin code unlock not a password. (I agree on your security sentiment, use a strong password every time you can.
Apple is having a day next week. We're going to see smaller iPad Pro, hopefully a small iPhone, and maybe some Macs and shit.
One thing that is almost certain is we will see iOS 9.3. All indications suggest that it is going to be FBI-proof.
The more we use software to manage our lives, the more source code will overrule the law of the land. Power will transfer from legislators to programmers. They'll at least need Section 9 to keep us down. Everything is proceeding as I have foreseen.
Apple's next move is to make this kind of attack difficult or impossible.
Not to worry! According to the government, this kind of attack will "only work once, ever, and only on this phone that we have here". It's truly a miraculous discovery.
I'll bet they used the method you suggested that I said was improbable. I concede the point.
Obviously they found nothing interesting, or else there would be a media sensation about how crucial that information was and how dangerous it was for Apple to withhold their assistance.
Obviously they found nothing interesting, or else there would be a media sensation about how crucial that information was and how dangerous it was for Apple to withhold their assistance.
..camera roll filled with dick pics
Nothing beside remains. Round the decay of that colossal wreck
I'll bet they used the method you suggested that I said was improbable. I concede the point.
Obviously they found nothing interesting, or else there would be a media sensation about how crucial that information was and how dangerous it was for Apple to withhold their assistance.
"Okay guys, we're losing this one bad, let's go over the methods you've tried just to see if there's any other way" "Alright" "Did you try "password"?" "Yep." "Did you try Password, with a capital P?" "uh...yes but on an unrelated note I have to go do something right now."
I'm pretty sure the FBI had Cellebrite (the Israeli firm that currently provides phone imaging hardware to authorities in the US and elsewhere) in their back pocket the whole time.
The FBI wanted to see if they could push Apple for a backdoor, hiding the issue under the cloak of "TERRORISTS, GET SCARED MOTHERFUCKERS".
Cellebrite refuses to share and so does the FBI so they can continue to use the method whenever they want, if this is the truth or the lie, both undermine Apple's image as a company that can secure your information from the Government.
I think the most obvious choice was imaging the drive and brute forcing 10 codes then replacing the image. This could obviously be scaled up to as many drives and threads are devoted to the task. (e.g. make n images of the drive, try n*10 combinations, replace images with new ones, repeat till unlocked).
Pretty sure the FBI isn't going to suddenly talk about all the actionable intelligence it may have found till after it has used that said evidence or intelligence it was looking for. So we'll probably have to wait a while till a freedom of information act allows us to see what they got if its not classified.
Comments
Am I wrong?
So the unlock options are down to:
- Peel back the silicon and hope you don't break everything
- Do constant brute force/re-imaging with hopes he was an average dumb person and had a weak password
- Beg the NSA to sign a weakened version of iOS for you
- Invent quantum computing
- Obtain Supreme Court decree
- Nationalize Apple
Maybe when the FBI fucked up the iCloud option by resetting the guy's password/disassociating it from his account/whatever they did, there were still backups of Apple's systems. Even if so, how long would they hold onto them? You could clone/virtualize Apple's iCloud server, restore it to that pre-FBI backup, and then in a lab environment, set up a bunch of wifi routers with matching SSIDs/PWs to what the phone might have saved in the past (workplace, home wifi, etc).
I'm just waiting for the thunderous applause as they finally get their backdoor. Then we'll all be taking it in the back door.
So you have a phone. It's going to look for updates at say, icloud.com. So you have it on this special LAN where you rigged the DNS server to resolve icloud.com to some local IP where your fake iCloud is. Great.
But it's trying to connect to https://icloud.com. If your fake iCloud doesn't have the private key/certificate that belongs to the real iCloud.com, then the phone will refuse the connection.
You could just make a new private key, then put the public part of that key on the phone and tell the phone to trust it. But if you can do that, you've unlocked the phone already.
If you try to do a MitM attack, it's the same issue. You have to have the private key of the real icloud.com or the phone won't connect through your proxy.
Let's Apple say they tried, and were willing to help, but manages to not set precedent. Of course, reading into the situation of this particular phone, it hadn't backed up in weeks, so iCloud is likely off anyway, and they will get no data.
(I agree on your security sentiment, use a strong password every time you can.
One thing that is almost certain is we will see iOS 9.3. All indications suggest that it is going to be FBI-proof.
The more we use software to manage our lives, the more source code will overrule the law of the land. Power will transfer from legislators to programmers. They'll at least need Section 9 to keep us down. Everything is proceeding as I have foreseen.
1. Actual nuclear war ruining shit
2. Cybernetics
The rest of it is happening or has already happened.
Also, where is the story telling us what they found on the phone?
Obviously they found nothing interesting, or else there would be a media sensation about how crucial that information was and how dangerous it was for Apple to withhold their assistance.
Nothing beside remains. Round the decay of that colossal wreck
"Alright"
"Did you try "password"?"
"Yep."
"Did you try Password, with a capital P?"
"uh...yes but on an unrelated note I have to go do something right now."
The FBI wanted to see if they could push Apple for a backdoor, hiding the issue under the cloak of "TERRORISTS, GET SCARED MOTHERFUCKERS".
Cellebrite refuses to share and so does the FBI so they can continue to use the method whenever they want, if this is the truth or the lie, both undermine Apple's image as a company that can secure your information from the Government.
I think the most obvious choice was imaging the drive and brute forcing 10 codes then replacing the image. This could obviously be scaled up to as many drives and threads are devoted to the task. (e.g. make n images of the drive, try n*10 combinations, replace images with new ones, repeat till unlocked).
EDIT: