
My Take on FBI's “Alternative” Method - aorth
http://www.zdziarski.com/blog/?p=5966
======
pkaye
I've done this kind of "NAND mirroring" technique before but in the context of
SSD failure analysis and debugging. We built a special board that would dump
the contents of the NAND to a file and restore it. That way we could be free
to do failure analysis without losing our only evidence. And the effort to
build this infrastructure was not difficult at all and paid back in the first
use.

~~~
rsync
I would love to see pictures of the testing / analysis rig, etc. That would be
very interesting.

~~~
pkaye
Its from a company I no longer work at. Not much really to it. The hardest
part is connecting to the NAND. We had special debug connections provisioned
to make it easy. Other options include desolder the part and putting into a
socket, using a interposer, using boundary scan. Then we had a FPGA board that
connected to the NAND and via USB to a PC. The FPGA board issued the proper
signal patterns to control the NAND and the PC had a GUI interface to issue
all kinds of commands to the NAND including doing a raw read and write to
files. Obviously we cannot decrypt anything stored on NAND.

When we get a failed SSD, I would read the internal logs and try to root cause
it. Sometimes, we have to power up the firmware or change contents of the NAND
to help determine the root cause and the concern is the problem is no longer
reproducible. By keeping a backup, I have a good chance of recovering things
back to the original state.

Having a backup gives me lots of freedom to experiment. I've seen weird multi-
factor failures where a batch of NAND parts would fail due to high
temperature, with particular data pattern written using specific commands. One
of those things that even manufacturing screening could catch in reasonable
time. Debugging these failures was always one of those moments where I would
go in wondering "what the heck is going on" to ... "ah now it makes sense."

------
azurelogic
I think they know the risk is too high, and they jeopardize being able to use
the All Writs Act in a similar situation against a company that lacks all of
the resources that Apple has at their disposal. If patent trolls back down
when challenged too hard, why not the US government?

~~~
notthegov
They first use the momentum of the monolithic "justice" system to flatten you.

Do you accept our authority? You defy it? Okay, the misdemeanor we charged you
with, if you don't plea we will file an unrelated felony against you.

Oh you resisted, oh you showed the evidence we have against you actually
exonerates you?

Okay, the prosecution moves to withdraw the case citing lack of evidence. We
won't give you the opportunity to win against us.

(This happened to me when I was a kid. I won my case. The FBI is acting just
like that. Threaten and lie, then when everyone doubts them, they run. But as
they run, I run after them faster, and in the end they lose.)

~~~
jamesdwilson
story time! <mj popcorn gif>

~~~
gsibble
[http://imgur.com/gallery/kp8te](http://imgur.com/gallery/kp8te)

------
devy
I was just posting the video[1] on iPhone SE thread about the flourishing
iPhone NAND Flash memory upgrade market in China yesterday. Incidentally,
"NAND mirroring technique" is a crucial step in the process of upgrade iPhone
NAND Flash memory. It's increasingly clear that what Congressman Darrell Issa
questioned FBI Director James Comey about what exact steps FBI took to attempt
to crack the iPhone 5C and in the U.S. House hearing was right on the money!
[2]

The iPhone's NAND Flash is in BGA packaging and de-soldering / soldering
aren't too much of an issue for a skilled technician (even Foxconn workers can
do it!)

And did the timing suggest this "3rd party" in the far east? Sunday night in
the U.S. is day time in the far east.

This is getting interesting!

[1]
[https://news.ycombinator.com/item?id=11331044](https://news.ycombinator.com/item?id=11331044)

[2]
[https://news.ycombinator.com/item?id=11249033](https://news.ycombinator.com/item?id=11249033)

~~~
rsync
"I was just posting the video[1] on iPhone SE thread about the flourishing
iPhone NAND Flash memory upgrade market in China yesterday. "

I read those posts and was interested ... and I am sorry to digress now in
this thread, but:

If you upgrade your iphone with an amount of memory that _no iphone has_ ...
what does iOS do ? Does it care ? Does it object ?

If I upgraded a 16GB to a 32GB, I would expect iOS not to notice or care.
However, I would be worried about upgrading a 32GB to, say, a 128GB, which is
a flash memory size that no iphone SE ships with.

What does iOS do ?

~~~
devy
That's a very good question! I am guessing that the memory addressing might be
tricky to figure out - again, I wouldn't be surprised if repair shots had
tried it. It's always safer to use the hardware parts with most compatible
specs - similar like how people do hackintosh [1] :)

You have to also consider the memory chip availability at that specific size
and BGA packaging - since Apple is a top consumer of those flash memory chips
with only 32GB, 64GB and 128GB in sizes (omitting 8GB/16GB), the production of
of those memory chips might very well be coming in ONLY those sizes due to the
economies of scale in manufacturing cost.

[1]
[http://www.hackintosh.com/#hackintosh_compatible](http://www.hackintosh.com/#hackintosh_compatible)

------
nkurz
_3\. An NSA 0-day is likely also out, as the court briefs suggested the
technique came from outside USG._

This seems like very flimsy logic. Not to say that an NSA 0-day is clearly the
answer, but ruling it is non-sensical. Both the NSA and FBI are well are well
practiced with "parallel construction": [http://www.dailydot.com/politics/nsa-
dea-fbi-snowden-doj-oig...](http://www.dailydot.com/politics/nsa-dea-fbi-
snowden-doj-oig/)

~~~
fapjacks
I came here to say this, and also to offer a rimshot of: "But the NSA _is_
outside the USG. Above the law is still outside of it".

~~~
duaneb
Sure. And shell corps aren't unheard of for laundering government actions--the
CIA is particularly known for that tactic.

------
Johnny555
"The weak link in all of this has been Farook and his poor choice of
security."

It's only a poor choice if there's anything worth securing on the phone, and
most people think that there's not, he destroyed his personal phone while
leaving this phone intact.

In any case, most people unlock their phone dozens of times a day, perhaps
hundreds of times a day (for some). So expecting users to use a secure
passphrase as an unlock code is unreasonable. It seems that it would be better
to have a 2 stage system -- if the phone hasn't been unlocked with the
passcode in X hours (user configurable), then it has to be unlocked with the
secure passphrase -- even if someone knows the passcode the phone can't be
unlocked with it after that timer expires. And on reboot, only the passphrase
should be accepted.

So someone that unlocks their phone frequently can use a simple passcode, but
once the phone has been out of their possession for a few hours, only the
passphrase can unlock it.

~~~
mikeash
This could actually be a way to cause some havoc. Leave nothing useful on the
phone, but dangle it in front of authorities, making them go crazy trying to
get into it. I'm sure this guy was not that clever, though.

What you describe is essentially how Touch ID works on newer iPhones, just
with your fingerprint as the simple passcode. On a fresh boot, you have to put
in your full passphrase, and every 48 hours after that. After you put in your
passphrase, fingerprint unlock is available until either you turn the phone
off, 48 hours passes, or fingerprint authentication fails five times in a row.

Unfortunately, the 48 hours thing isn't configurable, so it's not quite
perfect, but it's pretty decent.

Certainly for me, it has immensely improved the security of my phone. In
situations where I don't trust the fingerprint authentication (e.g. crossing
an international border), I can just shut the phone off. Otherwise, it
provides "good enough" security. Yes, there are potential attacks on the
system, by copying my fingerprints and replicating it, but the five-attempt
limit and the 48-hour timeout are good enough. For me, it's a vast improvement
over what came before, when I had a passcode of 0000 just to satisfy some apps
that wouldn't offer certain features unless a passcode was set.

There are some improvements I'd like to see. The timeout should be
customizable. I'd like to be able to set up a "duress fingerprint" which
immediately disables fingerprint authentication, as an easier alternative to
turning off the phone. But overall it seems like a good blend of security and
usability.

~~~
Johnny555
Ahh interesting, I didn't realize that TouchID would also require a password
periodically, I don't have much faith in fingerprint ID, but the required
password helps.

I like your idea of the duress fingerprint since the police can demand that
you supply a fingerprint to unlock a device (but can't demand a passphrase).
If you use the wrong one then "Oops, I was so stressed out I forgot which
fingerprint to use".

I really think it's unlikely that law enforcement will ever take an interest
in my phone, yet I still like knowing that my data is _my_ data.

~~~
shkkmo
> I like your idea of the duress fingerprint since the police can demand that
> you supply a fingerprint to unlock a device (but can't demand a passphrase).

There are cases where a judge can force you to supply a password.

[https://www.eff.org/issues/know-your-
rights#17](https://www.eff.org/issues/know-your-rights#17)

------
Zigurd
The speculation that, on Sunday night, some security researcher was able to
convince the FBI they had a good shot at cracking the phone defies belief.

A simpler and more likely explanation is that the FBIs lawyers, having
overreached, have gone back on an earlier lie and concocted a new lie: Oh
yeah, we need just a couple weeks to try this out. (And for the furore to die
down.)

Don't let these little John Yoos off the hook. They are over-aggressive,
unethical, and unprofessional.

~~~
mikeash
I think it's more likely to be a mix. The FBI knew for a while, if not from
the beginning, that getting into the phone without Apple's help was feasible.
The NAND mirroring technique described here has been floating around for a
while. But the FBI didn't want to, either because they have ulterior motives
in forcing Apple's cooperation or because they just didn't want to take the
risk of breaking anything. Now that they're having so much trouble securing
Apple's cooperation, they either think the alternative is worth trying, or at
least find it to be a good excuse for stopping.

~~~
jessaustin
What you say is plausible. Can it be shown by outside parties what FBI knew
and when? If so, it seems a fair bet that several agents and lawyers perjured
themselves/suborned perjury in their zeal to "win" at all costs.

~~~
mikeash
We know they were aware of the attack no later than three weeks ago, when
Congressman Issa brought it up during the FBI's congressional hearing on the
matter. Of course, that doesn't mean they took it seriously, but I'd say they
should have, given that Issa described it in great detail. In fact the FBI
director said they'd check into it. Of course, that could just be meaningless
pleasantries meant to placate someone in power. The timing certainly is
suggestive, though.

------
owenversteeg
One thing is clear to me from all of this: Rep. Issa is a really smart guy. I
don't agree with his politics (for PATRIOT act, against gay marriage, and
supports anti-flag desecration amendment) but I have quite a bit of respect
for the guy. A few weeks before pretty much anyone else brought up the point
of NAND mirroring, he stood before Congress and confronted Comey about it. In
general, he's written very well thought out letters before about issues before
Congress.

In a Congress where the majority (!!!) does not believe that humans contribute
to climate change, it's rare to find someone who actually thinks.
Congratulations to Rep. Issa for his role in protecting our Constitutional
rights.

~~~
rpgmaker
_Hold your horses_. It seems the natsec apparatus is divided on this case and
many have been vocal about it, including the Secretary of Defense. I don't
think Issa himself cares very much about this issue, it's more likely that
someone close to him, someone not too keen on having the courts ruling on
this, fed him the NAND mirroring line. A good contribution to the debate
congress was having but not enough to justify this inadvertent canonization of
Rep. Issa.

~~~
owenversteeg
Oh, I'd definitely like to avoid a canonization of him if possible. He's anti-
gay, anti-climate change, and supports the PATRIOT act. But even if this is
just a fed line (and this is definitely possible), just think how many other
members of Congress would even be able to deliver such a line or understand
it? Of the 99 others, do you think any would understand NAND mirroring? Even
on a superficial level?

My broader point remains that in general, Rep. Issa takes the time to analyze
things and write about them, often bringing up issues that are otherwise
neglected. Even in his support of the PATRIOT act, he lodged unique complaints
about the constitutionality of the law under the fourth amendment.

------
datashovel
A little off topic, but I was wondering what kind of "wear and tear" occurs on
a phone at the molecular level? I imagine a phone with a "pin" verification
will be tapped fairly regularly in certain places on the screen (especially if
the user never changed their pin).

Also wonder if any of that "wear and tear" would show up in the circuits that
detect taps. Again, if only specific places on the screen are tapped for the
pin (never changed) it may leave enough evidence somewhere somehow at the
molecular level.

Anyone here with knowledge in this area that could debunk or validate this
concept?

------
jeffdavis
The author assumes the FBI wants to continue pursuing Apple.

They might be calculating that it's too risky now, and this is the cleanest
way out without losing face.

They may not even care if the alternative method works or have a viable one.

------
snassar
Of potential interest: "Can This Israeli Company Hack the San Bernardino
iPhone Without Apple’s Help?" by Ariel David Mar 21, 2016 7:58 PM in Haaretz
[http://www.haaretz.com/israel-
news/business/.premium-1.71006...](http://www.haaretz.com/israel-
news/business/.premium-1.710066)

Or:

[https://webcache.googleusercontent.com/search?q=cache:8zcNEr...](https://webcache.googleusercontent.com/search?q=cache:8zcNErpmZ7sJ:www.haaretz.com/israel-
news/business/.premium-1.710066&num=1&hl=en&gl=de&strip=0&vwsrc=0)

~~~
ikeboy
>Aside from a robust research department, Ben-Peretz attributes the company’s
success to its original business in the mobile services sector, which gives
Cellebrite good contacts with mobile phone operators and vendors and ensures
it gets early access to new phone models and operating systems, allowing it to
release updates for its software often months ahead of the competition.

So manufacturers are helping them break in earlier by providing early access?
Why would they do that?

~~~
paulmd
I think they mean "mobile carriers and retailers" there. I.e. they're getting
it from AT&T, or a Sprint Store (or the appropriate Israeli equivalents), not
from Apple.

I would speculate that the relationship is either commercial in nature, or
that it also serves as a pentest to prevent things like unlocking/jailbreaking
contract phones.

------
zmmmmm
I don't see why anybody believes the FBI aren't just lying at this point. They
pretty clearly lied or at least obfuscated the truth on several other points
so far. It seems obvious to me they never cared that much about what was on
the phone and were only after a legal precedent - this claim about being able
to unlock it another way is just a way to save face. It will be interesting to
see whether they ever make public any evidence they claim was gathered from
the phone or whether they just quietly let it slide into history and hope
everyone forgets about it - I'm betting the latter.

~~~
eric_h
<conspiracy theory> Apple releases latest version of iOS (which requires
everyone who installs it to type in their passphrase, for both the phone and
iCloud, again), and the FBI backs off on demanding that Apple write FBiOS for
them.

Maybe Apple got hit with an NSL and were actually required to backdoor their
products? Now Apple is delivering the full encryption keys to interested
parties? </conspiracy theory>

I know it's silly, but the coincidence of the release of iOS 9.3 and the FBI
backing off from its position was striking.

The more reasonable theory is, of course, that the FBI realized that they
overstepped their boundaries and put a tool they've used for decades _ex
parte_ at risk of being taken away from them by butting heads with a
determined adversary.

~~~
adamcw
I'd find the timing scarier if the beta for 9.3 hadn't been going for a while
before this all came up, and we were already right around the number of
releases they always do before an GM build is ready.

------
cjensen
For embedded devices which run code off of ROMs, there are "romulators" [1]
which emulate ROMs. They can be fitted into the ROM socket to work just like a
ROM except that you can reload it at-will without burning a new ROM. Makes it
very easy to recompile and try a new set of code.

Is there nothing like this for Flash memory?

[1]
[https://secure.transtronics.com/I-PKTROM.htm](https://secure.transtronics.com/I-PKTROM.htm)

------
vox_mollis
_The one that is the most tight lipped is, of course, the one people are
paying the most attention to. I’m not at liberty to specify who_

Is this some bastardized take-off of responsible disclosure? Why the
hesitation in naming the suspected firm?

------
_pmf_
> We know the FBI hasn’t been reaching out to independent researchers, and so
> this likely isn’t some fly-by-night jailbreak exploit out of left field. If
> respected security researchers can’t talk to FBI, there’s no way a jailbreak
> crew is going to be allowed to either.

There are thousands to ten of thousands commercial forensic companies
(domestic and international; not including Shenzhen one-man shops) that can
de-package a chip and hook into the ARM AHB.

------
mosburger
Doesn't this kind of circumvention around encryption violate the DMCA?

(Yes, I know, gov't agencies are probably exempt from DMCA enforcement and/or
the FBI doesn't really care if they're violating it anyway).

~~~
ikeboy
DMCA is about copyright. Breaking encryption has nothing to do with it except
insofar as the encryption is protecting copyrighted data.

~~~
rconti
I think parent is referring to access control circumvention under the DMCA:
[https://en.wikipedia.org/wiki/Anti-
circumvention#United_Stat...](https://en.wikipedia.org/wiki/Anti-
circumvention#United_States)

~~~
ikeboy
>No person shall circumvent a technological measure that effectively controls
access to a work protected under this title

Which, as I said, refers to encryption protecting copyrighted works as a means
of control.

~~~
mosburger
Is it possible that Farook had some copyrighted material on his phone?

~~~
ikeboy
I think that's irrelevant. The encryption needs to be a means of control like
DRM, not just copyrighted material that happens to be encrypted.

Edit:

>a technological measure "effectively controls access to a work" if the
measure, in the ordinary course of its operation, requires the application of
information, or a process or a treatment, with the authority of the copyright
owner, to gain access to the work.

So encryption that doesn't depend on the authority of a copyright owner isn't
affected.

------
thesz
His reasoning made me think about JTAG.

JTAG can be used to inject test data into device. Basically you put data into
device flip-flops (registers) by shifting a long series of bits into special
port. Then you perform a single step (computation of a function) and read
resulting state from registers back.

I think it is possible to inject PIN attempts into device and prevent device
(by resetting it instead of performing step) to write over the key. Or even
simpler - I think it is possible to read the key from device by JTAG
operations.

~~~
magila
Apple surely disables JTAG ports on shipping devices, this has been standard
practice on security critical hardware for years.

------
thelucky41
My Take is that they circumvented the existing protection against brute
forcing. The iPhone does this by implementing a countdown timer that prevents
trying more than a few passcodes before the time between tries becomes
unreasonable. If you can speed up the clock, then you can cut down on the
timer. There may be other methods to shorten the time as well.

~~~
habosa
I think I read that it takes 80ms just to run the decryption algorithm on the
iPhone, so while having unlimited retries would get them in _eventually_ it
will not speed up the brute force attack.

~~~
jontas
Assuming it is a 4 digit numeric passcode, that's only 10,000 possible
combinations. At 80ms each (let's round up to 100ms to be conservative) that's
only ~17 minutes. Even if it is a 6 digit pin we're only talking about ~28
hours (if they use a single, serial process).

~~~
habosa
That is true. _Most_ people use a 4-digit or 6-digit numeric password and
that's what the FBI is betting on when they ask to remove the brute force
restrictions.

However Apple allows something like a 35-char max with numbers and letters so
in the worst case they will never crack it.

~~~
jontas
I don't know if it is correct but I've seen it mentioned elsewhere in this
thread that the passcode they need is 4 digits.

------
DonGateley
One thing I think we can count on is that now that there has been a retreat we
will never hear another word about this from FBI or NSA. And probably from
Apple.

------
sixothree
Wouldn't these hacking techniques be completely illegal for a corporation to
sell?

------
tiredwired
Maybe the guy that changed the password remembered what he changed it to.

~~~
ctdonath
The iCloud password was changed (and yes they know what to). Now the iPhone &
iCloud won't - that is, can't - access any data until the 4-digit passcode is
entered on the phone, which will self-destruct if 10 wrong codes are entered.

After they enter the 4-digit passcode, _then_ they can enter the new iCloud
password.

------
ezoe
NAND mirroring technique this article describe is just absurd.

It would be more believable to me that FBI will try to steal the Apple's
secret signing key or to bribe the Apple engineers in two weeks.

~~~
ctdonath
For a government agency tasked with _enforcing_ the law, it's absurd to
contend they would _steal_ and _bribe_ to acquire evidence (victimizing one of
the world's biggest & richest corporations, involving the "crown jewels"
and/or significant engineering efforts, in the process).

NAND mirroring is hard, but not impossible. (Whether the FBI can do it may be
approaching absurd.)

~~~
tzs
Is it actually hard? See this discussion just a day or two ago of services in
China that are doing iPhone memory upgrades for cheap [1]. This involves
desoldering the NAND, copying its contents to a bigger NAND, and soldering the
bigger NAND into the phone.

[1]
[https://news.ycombinator.com/item?id=11331044](https://news.ycombinator.com/item?id=11331044)

~~~
ctdonath
Actually doing it may be easy for those familiar with the details.

Doing it with legally-provable assurance that you won't permanently screw it
up, and proving chain-of-custody issues along the way, is hard.

------
lunchTime42
There is a passcode that is really tough to replicate- behaviour - aka
habbits. Every day, you travell down the same road, meet the same people (okay
as your cellphone the same cellphones, wifi-stations). This habbit is like a
fingerprint, as in, there are very few people who have the exact same browsing
behaviour. If you could extract a fingerprint from that information, you have
a sort of biometric identifier that is at least hard to come bye.

Problem- every holiday your phone thinks youre a phonethief

~~~
andromeduck
Seems like that would be the incredibly difficult to train, incredibly
invasive and by the time it detected the user probably wasn't you or you
weren't nearby to considerable confidence you could have been compromised
already.

I think that kind of approach would be better handled by implants or wearables
like watches with super long battery life but Bluetooth tokens already so most
of that with half the invasiveness.

