In March of this year I wrote a column asking, “Could test and measurement crack Farook’s iPhone?” Syed Farook, along with his wife, were the San Bernardino terrorists who killed 14 people and injured 22 others at a holiday celebration. His iPhone 5c was recovered, but was protected by a password. In the March column I proposed a method to “crack” the phone, that is, gain entry.

Here’s a short recap of the situation. The default passcode for the iPhone 5c is four numeric digits, so 10,000 possible combinations. The phone will allow 10 attempts before permanently deleting the key to ever get inside. So, law enforcement has a 0.1% chance of entering the phone by guessing, and a 99.9% chance of never seeing the contents. Never . As I wrote, ”You better be a good guesser.”

Here is a photo of the iPhone 5s passcode screen. iPhone 5c does not support Touch ID, but is otherwise the same. You get 10 attempts at the passcode before the phone’s data is gone forever. You better be a good guesser.

I proposed the scheme below:

Step 1: Read the contents of all flash memory on Farook’s iPhone, either by unsoldering the components, or via ICT (In-Circuit Test or serial ports such as JTAG). This is the test and measurement-centric portion of this plan. The data is encrypted, so it is still worthless.

Step 2: Purchase 1000 iPhone 5cs and 1000 of each memory chip. Program the memory to have the exact same data as in Farook’s.

Step 3: Unsolder the memory chips in the 1000 iPhones. Replace them with those programmed with Farook’s data.

Step 4: You now have 1000 copies of Farook’s iPhone. All 10K passcodes can be tried, 10 per iPhone. The password will be cracked within a day.

However, I was stymied on one specific aspect of the plan. In my studies of the iPhone encryption method, I found that Apple had built a crypto engine onto its A6 processor between main memory and flash. By executing the 256-bit encryption algorithm in hardware, Apple allows at-speed access to memory. But, and this is key , each A6 has fused a different 256-bit code into each device, called the UID (Unique ID). That code, when convoluted with the user’s passcode, creates the actual encryption key. The UID is created randomly, there are no records of the UID, and it cannot be read through any port.

The net net of this is that the above scheme won’t work. Even if you enter Farook’s passcode, it won’t unlock the phone if the UID is different, which it is on all the copy phones. I solicited ideas from the readers on how to get around this. Most discussion centered on finding the UID by performing a destructive autopsy of the A6 processor, but even this is problematic. What then? If you could program that UID into A6 processors, you could then replace all processors in all 1000 copy phones (as has been done with the flash memory). But to do so, you need access to Apple’s processor fab line. Alternatively, you could use supercomputers to try all convolutions of the UID and passcodes. This is a different forensic approach from getting a working iPhone.

The bottom line, we didn’t source any ideas that I felt were achievable. And then a researcher from the University of Cambridge came up with an ingenious approach, and demonstrated it successfully on an iPhone 5c. Click ahead to find the answer to this riddle …

An astute reader alerted me to a paper authored by Sergei Skorobogatov, Senior Research Associate at the University of Cambridge Computer Laboratory. I contacted Skorobogatov by email, who gave me permission to reference his paper, “The bumpy road towards iPhone 5c NAND mirroring.” Mirroring, in this case, is a synonym for duplicating, and NAND refers to the specific flash memory technology.

So how did he crack the phone with the given UID issue? In retrospect, it was obvious: he used the original iPhone . He disassembled the phone, built a connectorized daughter board holding the flash memory, and then tested six passwords until powering down, swapping memory boards, and then powering up. The new board, which was a duplicate of the flash memory before any password attempts, also stored the password counter. The phone thought, once again, that no passwords had yet been attempted. Skorobogatov would try six more codes, and swap again with another newly programmed memory board. At this point the procedure continues until the correct password is entered and the phone unlocks.

This shows the electrically hacked iPhone 5c ready for assembly. Image courtesy of University of Cambridge Computer Laboratory.

This is a fully assembled hacked version of the iPhone 5c. Assembly below phone is pluggable flash memory. These assemblies are rotated after every six passcode attempts (a 45 second cycle) until the correct passcode is entered. Skorobogatov estimated that all four digit passcodes could be entered in 20 hours, while six digit passcodes may require three months. Image courtesy of University of Cambridge Computer Laboratory.

The reason Skorobogatov rotated the memory boards after six attempts, not ten, was that the phone would become locked, inserting increasing delays between password attempts. After six attempts, the delay was one minute, a longer time than merely performing another memory swapping process.

And, yes, test and measurement equipment was vital to Skorobogatov’s task. Skorobogatov’s paper is an interesting account of his efforts to decipher Apple’s largely undocumented protocols and duplicate the flash memory. Armed with only an Agilent MSO8104A 1 GHz mixed-signal oscilloscope and an NCI GoLogic 500MHz logic analyzer, Skorobogatov was able to not only decipher the protocols, but to debug some pretty nasty signal integrity issues in the hacked iPhone, now that it had a daughter board with connectors hovering above it.

Remarkably enough, the FBI had dismissed this technique. The FBI had used the 1789 All Writs Act to compel Apple’s aid in hacking the phone. A key criterion of the All Writs Act is that there is no other way to extract the needed evidence.

At a congressional hearing in early March of this year, Rep. Darrel Issa questioned FBI Director Comey on whether they had, indeed, exhausted all alternatives: “Does the 5c have non-volatile memory in which all of the encrypted data and the selection switches for the phone settings are all located in that encrypted data?” he asked. When Comey said he didn’t know, Issa answered his own question. “It does. That means that you can, in fact, remove from the phone all of its memory– all of its non-volatile memory, its disk drive, if you will–and set it over here and have a true copy of it that you could conduct an infinite number of attacks on.” That is probably the most technical discussion I have ever heard at a congressional hearing!

Now, with Sergei Skorobogatov’s research and paper, we know it can be done.

See also:

