Hacker News new | past | comments | ask | show | jobs | submit login

It doesn't matter that the UID is incorporated into the key. If you have a copy of the flash then you can restore the device to its current state, at which point you can brute-force the PIN. The only way this could not work is if the A6 has some non-volatile storage on-chip and it is used to prevent this kind of replay attack, but AFAIK this is not the case.



I think it does have non-volatile on-chip storage, which is used to store a randomly generated key that is encrypted with the key derived from the PIN and UID. It is that randomly generated key that is used to encrypt flash data.

I cannot find documentation to verify this. I presume the people down voting you do, but unfortunately they've chosen to down vote instead of being useful and posting a link. (The only link I've seen is for A7 and later systems)


What you describe would not defeat a brute-force attack on the PIN using a duplicate flash. The only way NV-storage on the A6 chip would do that is if it stored the attempt counter there.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: