Presentation topic:

Using a magic wand to break the iPhone’s last security barrier

Presentation description:

In this talk, tihmstar will present his newest research on attacking the iPhone’s hardware AES crypto core through an EM-sidechannel in order to retrieve the hardware fused GID and UID keys.
The GID key is used to decrypt firmware updates. By extracting it, you can decrypt past and future firmwares without using a physical device as oracle.
The UID key is used for user data encryption. By extracting it, you can offline bruteforce the iPhone PIN code (which protects the data) using a GPU cluster.
For example you can break an 8 digit numeric PIN in just 27 minutes using a single GPU, compared to 92 days it would take to crack it on device. This scales linearly with the number of GPUs you use.

The talk walks the audience from start to finish through my adventure of researching the AES engine and blackbox reverse engineering the properties of the hardware implementation by recording electro magnetic signals generated during AES encryption.
The full approach is detailed from a software, hardware and mathematical perspective.
Encountered problems are outlined and their solutions are discussed in the presentation.
Furthermore, a brief introduction (with a simple explanation) into the theoretical background is given and several tricks are presented on how to use statistical tools for blackbox reversing an unknown hardware crypto implementation.

While the attack is performed on a fairly old device (iPhone4) due to the fact that this was the latest device with a bootrom exploit (limera1n) at the time when the research started (this was before checkm8 was around),
the principles, methods and gained knowledge can also be applied to more modern devices. (and in fact has been already!)

The audience will get an insight on how crypto EM-sidechannels are performed, what requirements need to be met, what the theory behind the attack is and get a knowledge base to start from in case they want to perform such an attack themselves.
Due to the release of the new checkm8 BootROM exploit, similar research can be performed on newer devices up to iPhone X.
The methods and code presented apply 1:1 to iPhone4s and iPhone5, with all sourcecode being already publicly available.
Never device require slight modification to the payloads, but the principles are the same.