“The white elephant in the room: How exactly did we get it?” Solnik , a well-known security researcher, said as he wrapped up one of the most anticipated talks at the Black Hat security conference in Las Vegas in early August 2016. In attendance, among hundreds of security professionals and hackers, were researchers from a company that sells iPhone-cracking services to cops around the world, and Apple’s own employees.

Mathew Solnik stood next to two of the best iPhone hackers in the world and addressed the question the hundreds of people watching him were all wondering.

The thing that his team had been able to analyze for the first time was the iPhone’s Secure Enclave Processor (SEP), which handles data encryption for the iPhone. How they were able to do this was a valid question given Apple’s notorious secrecy, and the fact that the SEP is one of the most important and most closely guarded components of the iPhone, the most secure smartphone on the market.

“Well, you get to ask us next time we talk,” Solnik added. (Solnik said the same when I approached him after the talk.)

There was no next time: The team has never publicly discussed its methods.

Now, more than two years later, Motherboard has learned how the team did it. During our investigation, we also discovered how other iPhone hackers research the most secure components and processes of the device.

“It's kind of the golden egg to a jailbreaker.”

Solnik’s team used a “dev-fused” iPhone, which was created for internal use at Apple, to extract and study the sensitive SEP software, according to four sources with specific knowledge of how the research was done. Dev-fused devices are sometimes called prototypes in the security research industry. They are essentially phones that have not finished the production process, or have been reverted to a development state.

In other words, they are pre-jailbroken devices.

These rare iPhones have many security features disabled, allowing researchers to probe them much more easily than the iPhones you can buy at a store. Since the Black Hat talk, dev-fused iPhones have become a tool that security researchers around the world use to find previously unknown iPhone vulnerabilities (known as zero days), Motherboard has learned.