Here is an extract from an article I read
''Motherboard reported that NFI may have used a method known as “chip-off,” by extracting memory chips from the device and pulling the data off them to attack it off-line, without any limits on how many password guesses are allowed, or how quickly those guesses can be tried.''
Basically they're saying that if you do a chip off with a locked and encrypted phone you can then brute force it without limitation or fear of the wipe mode.
Is this a possible way into the iPhones of recent years that come in locked? Or is this an article writer with no technical knowledge? Have people seen an increase in smartphones that can't be examined?
Just to give a reference
http//www.forensicfocus.com/Forums/viewtopic/t=13751/
jaclaz
That simply is an article writer with no technical knowledge, because Yuri Gobanov's article from Belkasoft has already covered this issue and said "even if chip off is performed on new phones, it won't allow you to see the content as the chip itself is encrypted in the new phones".
That simply is an article writer with no technical knowledge, because Yuri Gobanov's article from Belkasoft has already covered this issue and said "even if chip off is performed on new phones, it won't allow you to see the content as the chip itself is encrypted in the new phones".
Well, it's not like that statement by Yuri Gobanov cancels the other.
Once said that seemingly (see the reference) the good NFI guys DID NOT DO a chip-off or at least NEVER SAID they did it, and that the chip-off has been "invented" by the Motherboard journalist, the theory is not without merits.
Let's take a non-encrypted device and let's make a chip-off extraction.
Converting the bits and pieces extracted into the original data is usually a nightmare but is doable.
Once the conversion from chip-off data to RAW data (equivalent to a physical extraction) is successful everything is fine and dandy.
If the device is additionally encrypted, provided that the conversion from chip-off to RAW is successful/correct it becomes (in the absence of a vulnerability in the encryption scheme) just a matter of brute-forcing the encryption, perfectly doable in theory.
In practice, there is no known hardware powerful enough to brute-force the encryption methods currently in use, but the point about the repeatability ad libitum the attempts without incurring in limits on the number of attempts remains valid.
jaclaz
I didn't mean to brute force the encryption - that's not feasible. I meant to brute force the pin code to unlock the encryption - which if it's a 4 digit pin code will only have 9999 combinations and could be brute forced in a matter of minutes. Is this possible once you have the chip off from a locked recent iPhone?
Brute forcing the encrypted contents, thats pretty lame in my humble opinion. I think what you are trying to say it to brute force the passwords (still sound lame) offline after chip off.
I didn't mean to brute force the encryption - that's not feasible. I meant to brute force the pin code to unlock the encryption - which if it's a 4 digit pin code will only have 9999 combinations and could be brute forced in a matter of minutes. Is this possible once you have the chip off from a locked recent iPhone?
As I see it - and for all we actually "know" (a couple of "sensationalist" articles on technical press do not represent knowledge) all we have is a "vague" statement by the good Dutch NFI guys
http//www.forensicfocus.com/Forums/viewtopic/p=6581159/#6581159
and the "reply" statement by the good BlackBerry guys
http//www.forensicfocus.com/Forums/viewtopic/p=6581193/#6581193
http//
Both of course without any real validity, the one (or the other) may be true, but however they are still both too "vague" to derive anything from them.
In theory we can speculate on the matter, more or less, what we have is a "black box" that when you input a "right" sequence of numbers does its magic and decrypts contents (how exactly this happens doesn't really matter, to unlock what is actually needed is a 4 or maybe 6 digit sequence).
The original "black box" has *something* that keeps count of the attempts made and when a given threshold is reached triggers some counteraction (be it a timeout lock, a permanent lock that can be reset only though specialized hardware, a self destruction, *whatever*).
Now - still in theory - one can imagine that it is possible to either prevent the counter to increase or to reset the counter to 0 every two attempts allowing infinite retries, this could be possible by intercepting *somehow* the increase or access the counter on the original "black box" or by creating a (perfect) "emulator".
But this has nothing to do with what was reported, that while still vague it is clear about data having been exported and then decrypted.
This can only happen (unless the good NFI guys have some hyper-mega-trans-nuclear new, powerful computer to perform brute force) through leveraging a bug or defect in the encryption method or on the specific implementation on the specific device.
jaclaz
I'm not intending to reference the recent Dutch Blackberry debate.
My question applies to anything such as an iPhone with a pin code lock.
Once you get the chip off, can you simply try the 9999 pin combinations in sequence to then decrypt it, bypassing the delays between attempts and potential wipe mode?
Its not as simple as a 9999 combination the actual encryption key is 256 bits long
I'm not intending to reference the recent Dutch Blackberry debate.
My question applies to anything such as an iPhone with a pin code lock.
Once you get the chip off, can you simply try the 9999 pin combinations in sequence to then decrypt it, bypassing the delays between attempts and potential wipe mode?
No, unless you are using the chip-off gathered (rebuilt) image in the (completely hypothetical) "emulator" or similar device, something that simply does not exist (AFAIK).
jaclaz