Hypothetically speaking, were I designing a password validation
algorithm, I might include a little pause between iterations, say a
second. That wouldn't even be noticeable to the legitimate user. Your
brute force algorithm would get through the first billion in about 31
years, give or take.
This is NOT about the data on that particular phone.
If the govt wants the data on that phone, they probably already have it
or have ways to get it without Apple's help.
Offer $ 1million and a white hat hacker could do it in a day.
This is about a bigger battle between the govt and high tech.
The govt wants Apple to SUBMIT.
The govt chose this particular case to make an issue becasue the govt thinks they can use this particular case to sway public opinion about giving up more freedoms.
On Monday, February 22, 2016 at 9:16:45 AM UTC-5, firstname.lastname@example.org wrote:
According to you and your opinion, of course. Do you really think the
govt is going to go into court next week and commit perjury? The court
order, what the govt is asking for, is very specific and very limited.
On Monday, February 22, 2016 at 9:37:08 AM UTC-5, Micky wrote:
It's no big secret about how to do it. The phone has a CPU running
an OS that includes the pwd checking. Presumably that OS is in a
flash memory chip together with the user data. You hook up a logic
analyzer to the address and data bus connecting the two. Now you
can follow the code that is being executed, disassemble it, see the
data being moved to and from memory. You watch which code section
gets executed when you attempt a password, figure out how that section
of code works, then figure out how to modify the sections you want.
You would also copy the flash memory, either while it's in the phone
or else by removing it. Once copied, you now can do the above
work on multiple phones, if you screw up, you can replicate it on
an unlimited number of new phones, etc. You then replace the OS
portion of the flash with your new version and put it into a phone.
Of course all the above is a lot easier and less risky if you have
the source code and are sure about how the phone internals actually
work. That's why they want Apple to do it.
On Monday, February 22, 2016 at 10:37:06 AM UTC-5, trader_4 wrote:
So you do agree with me, the govt could hack this phone without Apples help as could some number of 17 year old wizzes.
The govt is using this case becasue it involves terrorism to stick it too Apple....
becasue Apple is not cooperating with the govt on other encryption and perhaps tax issues.
On Monday, February 22, 2016 at 4:53:06 PM UTC-5, email@example.com wrote:
Yes, I think the federal govt could do it, but it would be orders of
magnitude harder for them to do it, take a lot longer, than if Apple
does it. Apple has the code and knows 100% how it works.
I did previously raise the idea of the govt offering $100K to anyone
that can show them how to do it and asked how would Apple like that?
I don't see it as "sticking it to Apple" any more than it's sticking
it to the phone company with a court order for them to provide
assistance to tap a phone, trace calls, determine where a murderer's
cell phone is right now, etc.
Tax issue is bogus. Hard to believe there is a vast conspiracy against
Apple. But Apple not cooperating on other encryption issues is probably
legitimate, to some extent. But, bizarrely, Tim Cook is asking for
Congress to get involved, hold a discussion, etc. Congress would have
to do a lot more than hold discussions. And there is a good probability
that any laws that they do pass, would be far less to Apples liking than
the request to do a couple of specific things to this one phone.
Basically, Tim Cook is a big liar. He's making accusations that are
totally not in evidence. For example, the govt has even said that
Apple can have this one phone, keep it, just do what the govt wants
and give the FBI remote access to it to pound away with their passcode
attempts. How does that translates into the govt is asking us to build
a backdoor into our products?
On Monday, February 22, 2016 at 9:37:31 PM UTC-5, Micky wrote:
I haven't done it to reverse engineer the code, but I've had logic
analyzers connected to microprocessors to see what's happening,
what code it's executing at the moment, etc. It's very routine.
Logic analyzers when told the target CPU can even turn the code
into assembly language, so you see the native instructions instead
of hex numbers.
Retired now. I'm an electrical engineer, most of my career was with a
semiconductor manufacturer that changed the world.
my guess is the FBI already has everything they can get off this phone
and we are looking at Kubiki theater to lull the guys on the other end
into some sense of safety. (meanwhile polishing Apple's image) At
least that is it how a smart intelligence agency would handle it.
So far, I have not heard anybody observe that if the cops had bent over
backwards not to kill the perpetrators and managed to take them alive
that they would probably have a lot more information - including the
password to the phone.
I would think that there is extremely-high intelligence value in taking
people like that alive instead of going along with what seems like their
usual wishes to "be martyred".
And I am hearing that being martyred may not be all it's cracked up to
========================================================================After getting nailed by the U.S. Seal team, Osama makes his way to the
There, he is greeted by George Washington.
"How dare you attack the nation I helped conceive!" yells Mr.
Washington, slapping Osama in the face.
Patrick Henry comes up from behind.
"You wanted to end the Americans' liberty, so they gave you death!"
Henry punches Osama on the nose.
James Madison comes up next, and says "This is why I allowed the Federal
government to provide for the common defense!" He drops a large weight
on Osama's knee.
Osama is subject to similar beatings from John Randolph of Roanoke,
James Monroe, and 65 other people who have the same love for liberty and
As he writhes on the ground, Thomas Jefferson picks him up to hurl him
back toward the gate where he is to be judged.
As Osama awaits his journey to his final very hot destination, he
screams "This is not what I was promised!"
An angel replies "I told you there would be 72 Virginians waiting for
you. What did you think I said?"
On Sat, 20 Feb 2016 09:11:26 -0800 (PST), trader_4
All we know is what we've heard in the media. From what I've heard it
sounded like to do what the FBI wants Apple would need to rewrite IOS
and then "update" that phone with the new version that won't overwrite
after 10 attempts. The FBI says "just this phone" but you know it
won't end with this phone, there will always be one more phone and
then one more after that and another and another.
Once Apple writes the new IOS it WILL wind up "out there" because at
some point someone will steal it or the people at apple who wrote the
new IOS will sell that knowledge. Once that new IOS gets out it means
EVERY stolen apple phone can easily be hacked by anyone who put the
new IOS on the phones they steal.
This is not about "encryption", it's about purposely making a
reasonably secure OS much insecure against brute force break ins. The
current (real) IOS overwrites the phone after 10 failed attempts, the
FBI IOS won't overwrite the phone.
There is also the question of why APPLE should be made a slave to work
the gvt wants them to do. Apple doesn't own the phone. Apple has no
interest in breaking into the phone. Apple's only connection to the
phone is that they manufactured it.
Imagine if you were a locksmith who made essentially pick proof locks
and the gvt came to you and said there was a house with one of your
locks installed on it that they wanted to break into. Do you think
the gvt should have the right to tell you that whether or not you
wished to pick that lock that YOU DON'T OWN that you must invest your
time, labor and smarts to figure out a way to pick your nearly
unpickable lock? And if you don't like what they gvt feels like paying
your for your effort you can sue them. And that after you have done
so your market for your locks will be cut by 30% because new buyers
will think "why pay top dollar for what used to be a secure lock when
thieves will like steal the newly developed lock pick for it. Instead
I'll go buy one that hasn't been shown to be pickable.
On Saturday, February 20, 2016 at 8:37:12 PM UTC-5, >>>Ashton Crusher wrote:
That argument doesn't hold much water. The new code in Apples
possession isn't much worse than the source code for the existing
phones that it was derived from. If that gets out, then hackers
can do what the govt is asking Apple to do and a whole lot more.
With the source code, it's easy to find the section of code that
deals with the 10 strikes, etc. If Apple can protect it's existing
OS code, surely they can protect one more derivative.
It's not clear how easy it would be. For starters, to get the new
code into the phone likely required removing the flash memory chip,
separating the user data from the OS portion, then reloading it
with the new OS version. Apple could also remove phone functionality
from the new version they produce, so that it would not operate
as a normal cell phone, eliminating the possibility of a stolen
phone being turned into a working one.
Which is only a problem if that special code version leaves Apples
hands. A reasonable compromise would seem to be for the work to
only be done at Apple, with the FBI assisting.
The govts argument will be that this isn't much different than
the govt, with a warrant, asking a phone company to retrieve all
the calls made from a phone. Or asking a bank to pull up all
archival records on a bank account. Or asking the phone company
to help tap a phone. Or asking Sears to search their records for
all the Winchester model xyz rifles they've sold in the last 5
years. Or asking a safe company to help unlock a new safe.
All of those require manpower, even more so 50 years ago
when it was all done manually.
It would be interesting to see if in the long history of court
orders there have been cases like that where the company refused.
My guess is that almost all would comply and help law enforcement.
Hard to imagine that the govt hasn't gotten help in opening safes
for example. Did some refuse, it go to court? IDK. But I agree
this one area may be the only leg Apple has to try to stand on.
In which case, the govt can simply go back to court and demand
Apple give them the source code so they can do the labor part.
It's hard to imagine a court is going to find that unreasonable
in a terrorism case, involving national security.
It's funny that in the long history of locks, safes, encrypted
phones, etc, this is apparently the first time this has come up.
If it has, so far no one has a case to site. I'm sure Apple must
be desperately searching. My guess is that it hasn't come up
before because other companies recognize the need to cooperate
with legitimate law enforcement requests and have complied.
Way back years ago, when I was working, team of guys tried to crack and
gain access to the Kernel of Multics OS at USAF academy system which had
security rating of B2 something like that. It took 6 months. OS is man
made, man can break it no matter what. Just a matter of how difficult it
is. I don't know what is highest security rating out there now.
fwiw, I picked up 'The Girl in the Spider's Web' at the library
yesterday and Apple gets mentioned as the phone not to have if you're a
serious hacker. That must have been a tidbit the author picked up
someplace since he seems clueless. Stringing together buzzwords like
Linux, root, zero-day, Active Directory, and so forth in an attempt fro
realism doesn't work well. Whether the attempt to continue Larsson's
series works remains to be seen.
HomeOwnersHub.com is a website for homeowners and building and maintenance pros. It is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.