Reply to post: Re: It's likely I'm missing something.

Apple engineers rebel, refuse to work on iOS amid FBI iPhone battle

Displacement Activity

Re: It's likely I'm missing something.

@Bucky2: no-one seems to have specifically answered your point.

*If* the processor on the iPhone board (or any other embedded system) is generic, in the sense that it doesn't have extra mask processing to give it a unique attribute of some sort, then you're probably right. You just use the ATE equipment which was used to test the boards to extract the ROM data, create a VM, and you're good to go. However, many ROM devices will have a security bit which may be blown after manufacture to prevent this. To get around this, you may (or may not) have to get the chip off the board and read it (normally, ie not with JTAG/ATE equipment) in your own test rig.

However, the processor may be customised. Older Intel x86 processors had a CPUID instruction which returned a unique serial number, for example. The problem with this sort of thing is that it involves an extra manufacturing mask and is therefore expensive. I don't know (or care, actually) whether Apple does this. If they do, the unlock algorithm presumably requires knowledge of both the 4-digit passcode and the processor ID. In these cases, you may have to resort to getting the top off the chip and examining it under an electron microscope to try to find the ID (which is not necessarily very expensive). If you have some knowledge of the algorithm you may instead be able to brute-force this in your VM.

Anyway, having said all that, I've worked on various embedded devices and I would be very surprised (astonished) if Apple doesn't already have software that can boot up any iPhone without knowing the passcode.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon