Reply to post: Equivalent of Wallace and Gromit penguin train track scene / Test Rig.

Apple must help Feds unlock San Bernardino killer's iPhone – judge

Anonymous Coward
Anonymous Coward

Equivalent of Wallace and Gromit penguin train track scene / Test Rig.

This really relies on where the code for those 10 password attempts are stored, importantly, where the CMP# zero (attempts left), JPZ #xxxx / ARM Branch instruction is executed, causing the wipe routine to be executed.

Trouble is, often this code is decoded 'in-line', the code before, acts as the decryption values for the code ahead - linked to interrupt timing routines, based on the number of machine cycles to execute a particular instruction. Modifying anything, acts as a tamper switch, altering the processing timings of the code, rendering the code ahead useless. The code ahead also often deletes/scrambles the code behind.

Simply, its the equivalent of the Wallace and Gromit penguin scene, where Gromit lifts a piece of the rail track from behind to lay out in front of the train (he's sitting on), so the train (code in this case) continues to run.

It sounds like a hardware test rig might be possible to image the data off the device 'in-situ' then copy this frozen data back each time a password is attempted to the hardware rig assembly, to allow multiple tries, but I don't see how Apple is under any obligation to offer a hardware test-rig to help decode its own product, or likely to co-operate.

I'd probably think laterally on this one and 'ask' Samsung to do it. I'm sure Samsung has a test-rig somewhere where they have reverse engineered every aspect of the iPhone and its code.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon