"According to the 2011 document describing the Jamboree presentations on Apple's processor, the researchers asserted that extracting the GID key could also allow them to look for other potential gateways into Apple devices. The second focused on a "method to physically extract the GID key.'"( The first document and the second one.) Such a tactic is known as a "side channel" attack. Careful analysis of that information could be used to extract the encryption key. One was focused on non-invasively obtaining it by studying the electromagnetic emissions of - and the amount of power used by - the iPhone’s processor while encryption is being performed. "At the 2011 Jamboree conference, there were two separate presentations on hacking the GID key on Apple’s processors.
#Gid downloader how to
Research into AES key extraction using side-channel analysis, done from 2010 to 2012: developing new technology for efficient side-channel analysis - using a tool from Quo Vadis Labs.Īccording to this March 2015 article in The Intercept based on documents provided by Edward Snowden, the CIA has been particularly interested in figuring out how to extract GID keys as part of their efforts to get access to modifying iOS to insert spy software and to research further vulnerabilities: See Decrypting Firmwares#S5L8900.Ī hypothetical way to extract this key could be to perform some sort of side-channel attack (see also Talk:GID Key for more speculation about potential attacks).Ī presentation from May/June 2011 that explains a variety of attacks aiming to get this kind of information out of a chip: Fault attacks on secure chips: from glitch to flash (Part 1) and Side-channel attacks: new directions and horizons (Part 2). In iOS 3.0GM/3.0, a pseudo GID Key was used, which allowed getting firmware decryption keys for these firmwares without the device and with tools such as GitKeys or OpenSSL. iOS 7.0 introduced the IM4P File Format and IMG4 File Format for A7 and newer devices. With the introduction of IMG3 in iOS 2.0, iOS started using KBAGs instead of the 0x837 key. On S5L8900, the GID key was used to generate AES Key 0x837, used as the encryption key for IMG2 files. The UID and GID are also not available via JTAG or other debugging interfaces." Integrating these keys into the silicon helps prevent them from being tampered with or bypassed, or accessed outside the AES engine. The GID is common to all processors in a class of devices (for example, all devices using the Apple A8 processor), and is used as an additional level of protection when delivering system software during installation and restore. The UID is unique to each device and is not recorded by Apple or any of its suppliers. No software or firmware can read them directly they can see only the results of encryption or decryption operations performed using them.
"The device’s unique ID (UID) and a device group ID (GID) are AES 256-bit keys fused (UID) or compiled (GID) into the application processor during manufacturing. On S5L8960 and later processors, the Secure Enclave has it's own GID that is separate from the AP's which is used to encrypt the SEP Firmware before delivery to the end user.Īpple explains GID keys in its official iOS security guide (page 9, chapter "Encryption and Data Protection"), along with UID keys: This key is different on each processor model ( system on a chip) - in other words, the S5L8900 (chip for iPhone 3G for example) has a different key compared to the S5L8930 (A4 chip for iPhone 4, iPod touch (4th generation), etc.). This is one component of the iOS security system, which also includes SHSH signatures. The GID key is part of how iOS encrypts software on the device ( more explanation). The GID key ( Group ID key) is a 256-bit AES key shared by all devices with the same application processor.
0 kommentar(er)
