There has been a lot of discussion on the internet recently on the ability of an attacker to test unlimited numbers of PIN/Passcode values without triggering the auto-delete function puilt into the iPhones. So I have put together this article to show a means of looking at such a problem logically.
Determining Probable Location of Vulnerability
The exploit involves testing more than ten possible passwords without triggering the erasure of data on the phone. According to the Apple literature, this would not be possible without flaws in the hardware, firmware, or software in the Secure Enclave Processor (SEP). There may be flaws in other parts of the phone that enable the flaw in the SEP to be exploited, but the exploits described involving Cellebrite, GrayKey, and others require flaws in the SEP that violate the postulates that make up the requirements for the SEP. Some of these postulates are as follows.
- It is not feasible to remove the cover of the chip carrier containing the SEP and inserting probes to access or modify data without triggering the erasure. The description of several of the exploits state that the case and chip carriers are not opened or modified.
- Key pieces of persistent data contained in the SEP can’t be read or written using the pins for the chip carrier without going through the software in the SEP.
- There are certain “salt” values that are set during the manufacture of the device and stored in persistent memory in the SEP. Output data lines for memory containing this information only connects to the cryptographic portion of the chip and not by the general purpose CPU in the SEP. It is not possible to read operating system, firmware, or other files without using the cryptographic portion of the chip.
- Certain variables, such as the number of consecutive unsuccessful login attempts and the time of the last unsuccessful login attempt are considered extremely critical. They should only be accessible by the SEP firmware and the code in the firmware capable of reading and/or writing this information has been subjected to additional review.
The first step in analyzing anything is generally research. So I spent a little time on the internet using Google to search for relevant articles. Some combinations that will work well with Google are the following.
- ios unlock tool
- “ios 11” unlock tool
- iphone crack passcode
When you use something like Google Search, it isn’t enough to just look at the first few entries. It is necessary to go through pages of listings and then try new searches based on the items you find.
Based on the Google search, I found that the relevant literature seemed to fall within a few categories. I have listed them below in chronological order.
- Apple CVE-2014-4451 This was an exploit that allowed users to try an unlimited number of PIN codes. The articles were dated November 18, 2014, and the vulnerability was reported detected and resolved within the development of iOS 8.
- Secure Enclave Processor Decryption – Articles published on August 17, 2017 indicate that the decryption key for the Secure Enclave Processor had been published. This means that an attacker could reverse compile the SEP code to learn how it works.
- Chinese Cracker Box – This is a cracker box (reportedly from China) that will crack the PIN code on the latest iPhones. The articles were dated August 17, 2017. I am simply referring to it as the “Chinese Cracker Box” for convenience. The cracker community is not necessarily known for “truth in labeling”.
- GrayKey Cracker Box – GrayKey is a cracker device manufactured by GrayShift. The articles state that information on the device first appeared in late 2017.
- Cellebrite Exploit – Celebrite provides much less information than the others, but a number of articles in February and March 2018 indicate claims that Cellebrite has developed mean of unlocking the latest iPhones.It appears that development of this technique was in late 2017 since one of the articles stated that it was developed in the last few months.
A review of the dates seems to indicate a few connections between the problems.
- Reports on the decryption of the Secure Enclave Processor (SEP) and the Chinese Cracker Box appeared at the same time. This was a few years after CVE-201404451.
- Usage of CVE-2014-4451, the Chinese Cracker Box, and the GrayKey device appear to interrupt a process after a passcode is tested, but before the counter for unsucessful login attempts is incremented.
- The GrayKey and Cellebrite cracks appear to have been developed at about the same time and development was after
the Chinese Cracker Box.
Scientific analysis first requires observation and research. The next step is to create a hypothesis. Let us consider the following as a hypothesis.
- Assume that a person interested in studying vulnerabilities on the iPhone has been collecting iPhones after each update. That would seem reasonable given the amount of money being spent.
- After the firmware decryption key was determined, it would be possible to reverse compile the SEP code before and after CVE-2014-4451 was resolved.
- Comparing the two versions of the SEP code would enable the researcher to find the section of code that waschanged to remove the vulnerability.
- (This step is a wild-ass guess.) The fix may have been to move the incrementing of the counter before the test of the trial password. After all, a successful login will reset the counter, so the overall logic would remain unchanged.
- You would then examine the current version for other places where the same erroneous code appears. (e.g., other locations where the password is tested before incrementing the counter.) Each of these locations would then be checked against the exploit in CVE-2014-4451 to see if any of them could be exploited.
- The Chinese Cracker Box would then be developed using the newly found vulnerability. Sales of the device took place by August, 2017.
- The release of the firmware decryption key came from someone who had access to the development of the Chinese Cracker Box. This is based on the fact that both items were reported at the same time.
- Since the Chinese Cracker Box was available on the underground market, both GrayShift and Cellebrite would have purchased copies of the unit. Four months sounds like a reasonable development time for them to implement their “new and improved” versions.
I have seen many cases where a maintainer will fix one occurence of a bug but not look for other occurences. In fact many times, the word from management is “Just fix this bug and close out the task. Don’t waste time.” I have heard this expressed very frequently and very forcefully.
Since the potential hackers can now reverse compile the code on the SEP, it would be only logical for them to determine the coding changes that fixed earlier problems and then look for other occurrences of the incorrect logic. In this case, a good method would be to look for all code that can change the value of the counter, a task well within the capability of many IDE’s (Integrated Development Environment) or even the UNIX grep command.
Another problem that I have seen is that nobody seems to use fault trees or coverage charts. This is an attempt to use formal logic to determine items that need to be examined. Many consider it too much work to through all the possibilities, and state that it’s good enough. People keep telling me “Don’t worry. It’s good enough”. My experience in these cases is that it’s almost never good enough and I worry a lot. However, this will covered in more detail in a future post.
I have divided the references according to the events that they describe.
- Stuart C. Ryan, “Apple CVE-2014-4451 – Unlimited incorrect pin attempts on iOS”, November 18, 2014, https://www.youtube.com/watch?v=2Bok9Zgas6g — The account name is stuartcryan on YouTube and he has a web site at stuartryan.com.
- David Schuetz, “Bypassing the lockout delay on iOS devices”, November 18, 2014, https://darthnull.org/security/2014/11/18/ios-lockout-bypass/ — This is the article where I learned about the video from Stuart Ryan.
Decryption of Secure Enclave Processor
- August Mimoso, “Hacker Publishes iOS Secure Enclave Firmware Decryption Key”, ThreatPost, August17, 2107, https://threatpost.com/hacker-publishes-ios-secure-enclave-firmware-decryption-key/127524/
- Brandon Vigliarolo, August 17, 2017, “Hacker claims to have decrypted Apple’s Secure Enclave, destroying key piece of iOS mobile security”, https://www.techrepublic.com/article/hacker-claims-to-have-decrypted-apples-secure-enclave-destroying-key-piece-of-ios-mobile-security/
Chinese Cracker Box
- EverythingApplePro, “This $500 Device Can Hack Any iPhone 7 & 7+ Passcode”, YouTube, August 17, 2017, https://www.youtube.com/watch?v=IXglwbyMydM — Account name is EverythingApplePro. There are several exploits shown in videos from this account.
- Neil Hughes, “Small $500 device shown to brute force hack iPhone 7 lock screen passcodes, but could take days to work”,Apple Insider, August 18, 2017, https://appleinsider.com/articles/17/08/18/small-500-device-shown-to-brute-force-hack-iphone-7-lock-screen-passcodes-but-could-take-days-to-work — This was the article that referenced the video by EverythingApplePro.
- Thomas Reed, “GrayKey iPhone unlocked poses serious security concerns”, https://blog.malwarebytes.com/security-world/2018/03/graykey-iphone-unlocker-poses-serious-security-concerns/
- GrayKey, http://graykey.grayshift.com — This is the website for GrayKey. Attempts to go to http://grayshift.com are forwarded to this page.
- Wagas, “Cellebrite’ Hacking Tool Unlocks Any iOS Devices Including iPhone X”, HackRead, February 27, 2018,
- Tom Spring, “Apple Tackle Cellebrite Unlock Claims, Sort Of” ThreatPost, February 27,2018, https://threatpost.com/apple-tackles-cellebrite-unlock-claims-sort-of/130111/ – Refers to Frbes article
- Roman Dillet, “Unlock iPhones running iOS 11”, TechCrunch, Februry 27, 2018,https://techcrunch.com/2018/02/27/cellebrite-may-have-found-a-way-to-unlock-iphones-running-ios-11/
- Thomas Fox-Brewster, “The Feds Can Now (Probably) Unlock Every iPhone Model In Existence – – Updated”, Forbes, February 26, 2018,
https://www.forbes.com/sites/thomasbrewster/2018/02/26/government-can-access-any-apple-iphone-cellebrite/#523a523f667a — Article indicated that the new technology was developed within the last few months.
Secure Enclave Processor
- Apple Computer, “iOS Security – White Paper”, May, 2016, https://www.apple.com/business/docs/iOS_Security_Guide.pdf This white paper from Apple provides information about the design philosophy behind the Secure Enclave Processor.
- “Black Hat USA 2016”, https://www.blackhat.com/us-16/, This is the official online site for the Black Hat USA 2016 conference.
- Tarjei Mandt, Mathew Solnik, David Wang, “Demystifying the Secure Enclave Processor”, presented at the 2016 USA Black Hat Conference, Las Vegas, Nevada, https://www.blackhat.com/docs/us-16/materials/us-16-Mandt-Demystifying-The-Secure-Enclave-Processor.pdf.