If the Secure Enclave is intact, its possible on some early devices to read it back using a procedure I invented to guess the key based on inference and use of an SDR without directly accessing it using a directional antenna.
+
If the Secure Enclave is intact, its possible on some early devices to read it back using a procedure I invented based on https://www.theinquirer.net/inquirer/news/3012648/aes-256-encryption-keys-cracked-by-hands-off-hack to guess the key based on inference and use of an SDR without directly accessing it using a directional antenna.
This reduces the complexity to a level that a graphics card array can brute force in about 2 days of processing time.
Note that this is technically feasible but complicated.
Ideally you’d want to get a bitwise copy of the Flash chip as though encrypted it may be recoverable without this procedure depending on how computer technology advances which is why the earlier phones were obsoleted in the first place.
+
+
Its also useful if the board is intact as other components (notably the fingerprint scanner) can be used as these have a direct line to the CPU so theoretically dummy data corresponding to the user’s fingerprint can be fed in and used to TEMPEST attack the SE.
Hi, am working on a procedure to do just that.
If the Secure Enclave is intact, its possible on some early devices to read it back using a procedure I invented to guess the key based on inference and use of an SDR without directly accessing it using a directional antenna.
This reduces the complexity to a level that a graphics card array can brute force in about 2 days of processing time.
Note that this is technically feasible but complicated.
Ideally you’d want to get a bitwise copy of the Flash chip as though encrypted it may be recoverable without this procedure depending on how computer technology advances which is why the earlier phones were obsoleted in the first place.