My Take on FBI’s “Alternative” Method | Zdziarski’s Blog of Things
FBI acknowledged today that there “appears” to be an alternative way into Farook’s iPhone 5c — something that experts have been shouting for weeks now; in fact, we’ve been saying there are several viable methods. Before I get into which method I think is being used here, here are some possibilities of other viable methods and why I don’t think they’re part of the solution being utilized
1.A destructive method, such as de-capping or deconstruction of the microprocessor would preclude FBI from being able to come back in two weeks to continue proceedings against Apple. Once the phone is destroyed, there’s very little Apple can do with it. Apple cannot repair a destroyed processor without losing the UID key in the process. De-capping, acid and lasers, and other similar techniques are likely out.
2.We know the FBI hasn’t been reaching out to independent researchers, and so this likely isn’t some fly-by-night jailbreak exploit out of left field. If respected security researchers can’t talk to FBI, there’s no way a jailbreak crew is going to be allowed to either.
3.An NSA 0-day is likely also out, as the court briefs suggested the technique came from outside USG.
4.While it is possible that an outside firm has developed an exploit payload using a zero-day, or one of the dozens of code execution vulnerabilities published by Apple in patch releases, this likely wouldn’t take two weeks to verify, and the FBI wouldn’t stop a full court press (literally) against Apple unless the technique had been reported to have worked. A few test devices running the same firmware could easily determine such an attack would work, within perhaps hours. A software exploit would also be electronically transmittable, something that an outside firm could literally email to the FBI. Even if that two weeks accounted for travel, you still don’t need anywhere near this amount of time to demonstrate an exploit. It’s possible the two weeks could be for meetings, red tape, negotiating price, and so on, but the brief suggested that the two weeks was for verification, and not all of the other bureaucracy that comes after.
5.This likely has nothing to do with getting intel about the passcode or reviewing security camera footage to find Farook typing it in at a cafe; the FBI is uncertain about the method being used and needs to verify it. They wouldn’t go through this process if they believed they already had the passcode in their possession, unless it was for fasting and prayer to hope it worked.
6.Breaking the file system encryption on one of NSA/CIAs computing clusters is unlikely; that kind of brute forcing doesn’t give you a two week heads-up that it’s “almost there”. It can also take significantly longer — possibly years — to crack.
7.Experimental techniques such as frankensteining the crypto engine or other potentially niche edge techniques would take much longer than two weeks (or even two months) to develop and test, and would likely also be destructive.
With those methods eliminated from our argument, we’re left with one that sticks out the most. But first, the “who”: we do know that the FBI frequently works with a number of contracted external forensics and data recovery labs, especially a handful at the top. The likelihood here is that a third party contractor, such as one of these forensics or data recovery firms, has devised a method and notified FBI of their findings. Many firms have outright denied that they are the one, however there are at least a few firms that are not denying it, or not talking at all. The one that is the most tight lipped is, of course, the one people are paying the most attention to. I’m not at liberty to specify who, but you can count on reporters to be banging on doors in the middle of the night for this kind of information.
Speaking of middle-of-the-night, the brief was dated for Sunday, suggesting perhaps it was put together Sunday night. No forensics companies in the US are likely up and working at that hour, which seems to at least hint that it’s possible this company may be based overseas, where it would’ve been Monday morning. This is speculation, however worth investigating as a number of such DOJ contractors are based overseas.
We also know, based on the submitted court brief today, that FBI believes two weeks will be sufficient time for them to test and verify the soundness of this alternative technique. This tells us two things: 1. Whatever technique is being used likely isn’t highly experimental (or it’d take more time), and 2. Chances are the technique has been developed over the past several weeks that this case has been going on.
So what technology could be developed and reliably tested within say, roughly a month? Just a few weeks ago, congressman Issa confronted Comey rather aggressively before Congress. He described a NAND mirroring technique that the tech community had been buzzing about for a week or so prior to the hearing. He referenced “making 10,000 copies” of the storage chip. In reality, this process is much easier, and that’s what I think is probably the most feasible technique to use here.
Most of the tech experts I’ve heard from believe the same as I do — that NAND mirroring is likely being used to some degree to brute force the pin on the device. This is where the NAND chip is typically desoldered, dumped into a file (likely by a chip reader/programmer, which is like a cd burner for chips), and then copied so that if the device begins to wipe or delay after five or ten tries, they can just re-write the original image back to the chip. This technique is kind of like cheating at Super Mario Bros. with a save-game, allowing you to play the same level over and over after you keep dying. Only instead of playing a game, they’re trying different pin combinations. It’s possible they’ve also made hardware modifications to their test devices to add a socket, allowing them to quickly switch chips out, or that they’re using hardware to simulate this chip so that they don’t have to.
One other possibility exists along the same lines. Some firms have developed hardware invasive techniques that worked on older iOS 8 devices in a fashion similar to IP-BOX, that allowed them to brute force the pin code by blocking the writes of the passcode attempts to disk. In iOS 9, Apple made a change that caused these passcode attempts to be verified on disk after they were written. Using a NAND copying / mirroring technique, this barrier could be overcome in iOS 9, allowing the device to write and verify the attempt, but have that change later blown away by restoring an original copy of the chip. They wouldn’t have to copy the whole NAND in this case. If they can isolate the part of the chip that is written to (even though it’s encrypted), they can just keep writing over that portion of the chip. If the methods from iOS 8 were borrowed for this, then it could be partially automated by entering the pin through the USB, as well as using a light sensor to determine which pin successfully unlocked the device
NOTE: They actually made this change in several different versions of iOS, but the IP-BOX developers kept finding ways around it. The change that broke IP BOX fixed a race condition, but there was also the actual write-verification of the passcode attempt, which happened later on to put other tools out of commission.
All of this paints a pretty clear picture: the leading theory at present, based on all of this, is that an external forensics company, with hardware capabilities, is likely copying the NAND storage off the chip and frequently re-copying all or part of the chip’s contents back to the device in order to brute force the pin — and may or may not also be using older gear from iOS 8 techniques to do it. The two weeks the FBI has asked for are not to develop this technique (it’s most likely already been developed, if FBI is willing to vacate a hearing over it), but rather to demonstrate, and possibly sell, the technique to FBI by means of a field test on some demo units.
This shouldn’t be a surprise to anyone, as it’s a fairly straightforward technique. It’s also a technique that wouldn’t work in an A7 or newer iPhone that has a Secure Enclave. More importantly, this technique wouldn’t work at all had Farook used a complex alphanumeric passcode. The weak link in all of this has been Farook and his poor choice of security.
Disclaimer: My hypothesis could just as easily be wrong, given that we have very little information to go on. This is merely my fair assessment based on what I know of the details of this case. The NAND being in play seems the most likely scenario, however