Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

FBI didn't demand help with that layer, it demanded a way to bypass auto erase. They intended to perform the brute force of the 4 digit PIN themselves. Sure, they wanted to be able to enter PINs electronically, but they could just as easily have an intern sit there and enumerate the 1000 combinations once auto erase was disabled.


> FBI didn't demand help with that layer, it demanded a way to bypass auto erase.

...so that they could get past that layer of encryption by making lots of password attempts.


Seems like you could stick one of those stylus nubs on a 3d printer head and do the same thing but rapid fire. That would be pretty cool actually.


Seems like if you were modifying the firmware you could just add a for loop in there that would enter the pins automatically.


I've definitely seen a YouTube video of that.


That was a timing weakness in an older version of iOS that was patched in software. Previously you could just cut power at a precise monent and get unlimited attempts. It's no longer exploitable.


Does that mean that now if you cut power at the same moment the fail counter increments even if the entered code was correct?

Not that it's particularly useful for hackers, I'm just wondering if this can be done "perfectly" at all.


Yes you can, if you sync the commit to NVRAM before giving any external indication of success/failure, and don't leak through any side-channels. The CVE before demo'd by the famous youtube video was that you had a split second after failure was indicated where you could cut the power and keep the failure from being stored.


Milling machine might work better. You need Z as well as X and Y.


Most 3D printers also have a Z axis... Although, it's often the deck itself. But, point taken. Any 3-axis machine should do the trick pretty well.


Why do you assume it's a 4 digit PIN?

iDevices can have longer PINs and PINs with letters and symbols.


Many of the reports in the press were saying it was a 4-digit pin. But it's feasible even to brute force a six-digit PIN in the way I described, it would just take several weeks.


Is there any way to know the length of they pin before bruteforcing?


I use a larger than 8 digit pass code on my iphone. It looks different.

Using a default 4 digit code, you end up with a numeric pad and four boxes. If you use a longer than 4 digit code but stick with numbers, it gives a single box to enter the pass code in but presents a numeric pad. If you use letters at all, it switches to a qwerty-ish keyboard and a single box to enter the pass code.


I'm not sure because I'm not running iOS 9, but from screenshots on the web it looks like the length of the passcode is displayed on the lock screen.


10000


Plot twist, the PIN is 1234 and auto-erase isn't even enabled. I think there's no way to know without trying, and FBI is just too afraid to try it ;-)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: