|
Quote:
just dulls the pain for a bit)
Yes
I'm sure/hope tomorrow everithing is ok again. Thank youe. Bruno
modified 19-Jan-21 21:04pm.
|
|
|
|
|
0x01AA wrote: And she did it, before some years, because of a very heavy disability caused by a Virus infection
Sorry to hear about your wife. It sucks and only time will help though it will never go away.
0x01AA wrote: And I'm the same idiot like @Michael-Martin to try to solve that with beer
I never said it will help or solve it. only dull the pain and somehting I do every year for the anniversary of the death of my Mum and younger Sister (dead 18 years in just under 8 months).
0x01AA wrote: [Edit]
Sorry that I wrote this here, but it will soon be the anniversary. I will not do again.
Don't apologise and come back each year and post while you remember and have a drink.
Michael Martin
Australia
"I controlled my laughter and simple said "No,I am very busy,so I can't write any code for you". The moment they heard this all the smiling face turned into a sad looking face and one of them farted. So I had to leave the place as soon as possible."
- Mr.Prakash One Fine Saturday. 24/04/2004
|
|
|
|
|
Spot on!
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|
|
Thank you
What will burden me forever: I helped her with her suicide (switzerland....., Organisation "Exit"...). Meanwhile very questionable for me. To late
modified 19-Jan-21 21:04pm.
|
|
|
|
|
Kudos to your wife for the bravery to make the choice and to you for helping her get through it. May she go to a better place.
It broke my heart having to put a much loved dog to sleep, I can't imagine the pain of helping your wife.
Never underestimate the power of human stupidity
RAH
|
|
|
|
|
Maybe this sounds very strange now. Same I thought first about your comparison the situation with your dog… but there is really a big difference.
I’m/was not able to put my horse and also my cat to get them sleep (forever). This because it would be only my decision…
My wife has taken the decision by herself (and unfortunately I helped here on this, I still feel guilty about it...). And yes you are very very right, it is a very bravery decision, which I think I never would take, because I'm too cowardly.
Bruno
modified 19-Jan-21 21:04pm.
|
|
|
|
|
So sorry to hear that - there aren't any words I can find to make it feel better: just remember the good times you had together. And don't be sorry you wrote here - what are friends for but to help and support each other through the black days?
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|
|
One shouldn't need to apologize for grieving.
Even if the scars remain it does eventually heal the wounds.
So have a and a today and a or three in the morning.
I'll hoist one tonight in memory of those we miss.
|
|
|
|
|
I think it's fine for you to post what you posted here and I don't know what to say other than I am sorry for your loss
“That which can be asserted without evidence, can be dismissed without evidence.”
― Christopher Hitchens
|
|
|
|
|
Think about what your wife may want you to do. I guess she doesnt want you to drink to much.
Press F1 for help or google it.
Greetings from Germany
|
|
|
|
|
That is completely right....not to drink that much....
But the time with her (very well ) organized Suizid: according to Exit 10 Min. in our case about 20h. I do not see another Option than kill my brain with alcohol at the moment sorry for that...
modified 19-Jan-21 21:04pm.
|
|
|
|
|
|
The more love there was, the more it hurts.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
Peace be with you ... now.
«In art as in science there is no delight without the detail ... Let me repeat that unless these are thoroughly understood and remembered, all “general ideas” (so easily acquired, so profitably resold) must necessarily remain but worn passports allowing their bearers short cuts from one area of ignorance to another.» Vladimir Nabokov, commentary on translation of “Eugene Onegin.”
|
|
|
|
|
Are you a healer, a magician?
I read your words (again and again) and I feel liberated .....
Thank you for this
Bruno
modified 19-Jan-21 21:04pm.
|
|
|
|
|
Maybe it's me, but I am pretty confident the FBI is on the completely wrong track with this iPhone business.
As I understand it they want Apple to create a customized version of iOS that disables the "self-destruct", reduces the artificially inflated time-interval between passcode attempts, and would allow the passcodes to be attempted electronically rather than through the touch screen.
Even if the FBI got what it wanted, the attempts would still be made via the iPhone itself, using its single 1.3GHz A6 chip. According to Apple, however, there is a minimum of 80 ms required between attempts by virtue of a large iteration count. The most logical conclusion is that they're taking the PID plus the passcode, running it through a SHA algorithm 10,000 or so times (probably more depending on the CPU speed), and using the result to encrypt/decrypt a permanent 256-bit AES key which actually gets you to the data.
With a 6-digit passcode, assuming just uppercase letters, lowercase letters, and 0-9, there are 56.8 billion possible combinations (62^6), which given the unavoidable 80 ms delay would take the iPhone 5C 4.5 billion seconds, or 144 years to complete. So in the worst case scenario, what the FBI is asking for may well wind up being useless.
Of course if the passcodes are just numeric, or 4 characters instead of 6, that changes things dramatically. A 4 digit numeric passcode would only take 22 hours for example. I tried but cannot find details on what kind of passcode the scumbag terrorists were using. But let's assume for the sake of argument it is something small enough to crack in a reasonable amount of time, even on the iPhone 5C.
There's still a compelling technical argument (leaving aside the legal and constitutional issues) for why the FBI's request is overbroad: with only modest help from Apple, they could wage the brute force attack themselves. Apple almost certainly has the capability of extracting the encrypted data from the storage device, and of extracting the PID off of the chip. I realize this would be an extremely delicate and risky process for a hacker who doesn't have the exact specs at hand, but are we really to believe Apple doesn't have the ability to do this safely and relatively easily? And if they do, this strikes me as a very reasonable thing to order Apple to do, especially when the owner of the phone supports doing so.
The only other piece of information needed would then be the precise hashing procedure employed by iOS - information which can hardly be considered a trade secret considering almost everyone uses the same algorithms and similar procedures for these sorts of locks, and which could likely be reverse engineered with relative ease anyway (if it hasn't been already). Clearly this would be fair game for a subpoena, even in a civil case, let alone a criminal one.
With that, the FBI could just take the data and try to decrypt it by brute force on their own machines and maybe 100 lines of code. With a GPU farm, the likes of which we all know the government has access to, even the 144 years for the 6-character case sensitive alphanumeric code could be brought down by a couple orders of magnitude. But most importantly, it would obviate the FBI's overreaching request and pretty much moot Apple's opposition. It truly would be a "one shot" thing as there would be no risk of some new piece of software leaking its way onto the Internet for others to exploit. It would be analogous to forcing a bank to let the police into the vault and telling them what kind of lock protects the safety deposit box.
Of course, I suspect neither side has any interest in this course of action. The FBI would almost certainly prefer a permanent iPhone skeleton key - even if it's controlled by Apple - for future cases and seems to be using the compelling facts of this case as its best chance to get it. Apple on the other hand no doubt benefits from the positive publicity of standing up for its customers, and is not about to volunteer a more reasonable way for the government to get what it wants when (and this is my personal opinion) it is likely to win in the courts because of the government's overreaching.
(I am a lawyer, incidentally, and the reason I think they should win legally is pretty much what they said in their response to the court - the government can't make them write code. That sort of thing is prohibited by the 13th amendment, among others. The only time I'm aware of that the government can draft a company into its service is during a genuine war, where it's a question of resources, and at minimum Congress would have to authorize it and compensate for it).
Those are just my $0.02 anyway. Would love to hear if there are opposing views or if any of my assumptions are wrong.
Peter
|
|
|
|
|
0) Nice post. I agree with much of it.
1) Gird yourself. A few of the Apple haters here will likely swarm.
2) The "compelling facts of this case" are part of the national narrative of fear stoked by our government and media. Lions and tigers and terrorists, oh my!
3) One area that isn't getting much press is the forensic rules that are likely to play out if/when the FBI's requested backdoor is used to unlock a living defendants iPhone. At trial his/her defense attorney will demand access to the source code of the backdoor so "experts" can decide if the data was corrupted. Might as well publish the hack in an article here at CP.
There are two types of people in this world: those that pronounce GIF with a soft G, and those who do not deserve to speak words, ever.
|
|
|
|
|
Mike Mullikin wrote: One area that isn't getting much press is the forensic rules that are likely to play out if/when the FBI's requested backdoor is used to unlock a living defendants iPhone. At trial his/her defense attorney will demand access to the source code of the backdoor so "experts" can decide if the data was corrupted. Might as well publish the hack in an article here at CP.
Interesting point. If the defendant were alive, I believe they could be compelled to unlock the phone pursuant to a valid search warrant, and if they refused, be jailed for contempt. One would also hope that the government had enough evidence to convict the person without data from the phone, and if they didn't, they probably have no business hacking the phone anyway.
But of course, if the government needed the data for other reasons - like a perceived imminent threat to the public - they may well use the tool. In that case I hope they'd be smart enough not to try to use whatever they find on the phone in a court case, because you're right, if they did, the defense would have a valid argument for being able to inspect every detail of "GovtOS". My understanding is they generally try not to actually use the evidence from their best sources in public court cases for precisely this reason. As long as they only use the phone data for leads and not directly to incriminate a particular person, I think they'd be able to keep the tool away from scrutiny.
|
|
|
|
|
I already considered much of what you've said here. Granted, I don't know enough about Apple's internals to have gone into as much detail as you have.
To me it certainly seems perfectly reasonable to extract the encrypted data and whatever other relevant pieces (the PID) needed to do an offline brute force of the data.
The only counter argument I can fathom is that the FBI thinks it will be faster to do it the way they want, and "time is of the essence." Of course I would argue that at this point, the data is so old that they aren't going to find much of use anyway, so the time element of getting the decrypted data isn't terribly important.
|
|
|
|
|
Peter Moore - Chicago wrote: Apple almost certainly has the capability of extracting the encrypted data from the storage device
Why? What would be the purpose of such a procedure? Back-ups are automatically made to iCloud (and the contents of these are already in the FBI's hands) so there is no need for data ever to be extracted directly from the chip. In any case it has been Apple policy since 2014 to manufacture phones which even they cannot hack, crack or otherwise abuse precisely so they cannot be compelled by FBI or terrorists (not that there's much difference between the two at times) at gunpoint or otherwise to compromise security of a user. So there's no reason to believe that they are not telling the God's honest when they say this is not possible in this or any other case and the only route is to 'update' the OS to allow an infinite number of monkeys to try to guess the password.
I am not a number. I am a ... no, wait!
|
|
|
|
|
Has Apple actually said that the "only route is to 'update' the OS?" I thought that came from the government's IT expert, not from Apple. Apple has - accurately - stated that they cannot decrypt the phone except by brute force, but I am not aware of Apple claiming that they do not have the technical ability to read the encrypted storage, and extract the PID, using physical extraction. Can you point me to where they've said that?
Assuming they have not made that claim, my answer to your question of "Why" is simply that they designed the system; they know exactly where the components are and how to access them.
It's been awhile since I've tinkered with chips in college, but I do know that any hardware that can be accessed by code can also be accessed physically. The right chips would need to be be identified, de-soldered off the motherboard (a delicate but perfectly possible procedure), placed on a breadboard, and then accessed with a general purpose programmable controller. All of this can be done in a fairly straightforward fashion with knowledge of the design. Apple could clearly be compelled - lawfully and constitutionally - to divulge the information needed. But since the FBI hasn't asked for what I'm suggesting, Apple is understandably not going to volunteer it.
I'm not suggesting either side is lying. I actually agree with Apple's stance given the ridiculous over-breadth of the order. I think the government's technical ignorance is what's to blame and Apple has no obligation to volunteer a better solution that the government isn't asking for.
|
|
|
|
|
The crucial point, as I understand it, is that the encryption key is not part of the data or OS but is hardwired in the chip in a way that cannot be read. As the individual keys are constructed independently from any chip identification methods Apple simply does not know what the encryption key on any phone is and has no way of reconstructing it. So whilst you can transfer data from the chip it is only ever in encrypted form and you cannot bring the encryption key with it. You would therefore be faced with brute forcing the 256 bit encryption key which is effectively impossible ...
Quote: If every atom on earth (about 1.3 * 10^50 atoms) was a computer that could try ten billion keys a second, it would still take about 2.84 billion years
So, yes, whether or not Apple have actually said this publicly, modifying the OS to allow brute forcing the 4 digit PIN really is the only feasible route to such useful data as there may be (or, let's face it, probably isn't!) on the phone.
I am not a number. I am a ... no, wait!
|
|
|
|
|
9082365 wrote: The crucial point, as I understand it, is that the encryption key is not part of the data or OS but is hardwired in the chip in a way that cannot be read.
I guess that last part is assumption that I'm questioning. I don't know that it cannot be read and I'm trying to find where and if Apple's actually said that. They do say the UID is "fused ... into the application processor." I'd like to know a little more about what that means exactly.
According to this article, the UID (sorry I've been calling it the PID) is actually encoded in binary somewhere on the chip's physical structure, which makes sense, and could be examined with a microscope. The author doesn't cite any sources for this, but if he's right, it seems like a perfectly viable option particularly if Apple were on hand to tell the government exactly where to look and what they needed to know to perform the procedure safely.
I'm not saying it would be easy or not labor intensive - but the "GovtOS" option is no easier, and the burden SHOULD be on the government anyway, not the innocent third party. Moreover, this method leaves no risk of easy repetition (it'll take precisely as much effort to do this to the next phone as it would to the current one) and doesn't unconstitutionally compel Apple to create a hacking device for the government to use whenever it pleases. In the end all it would require Apple to do is provide INFORMATION, which the law does permit the government to obtain.
|
|
|
|
|
Most experts seem to be saying that in older models there is a theoretical possibility of retrieving the UID from the chip but only using an electron scanning microscope and accepting a strong possibility of damaging the chip or destroying the UID in the process which makes it effectively a non starter. In newer models the chip is constructed specifically to exclude any possibility at all. Apple's reluctance to actually make the exact details public is, of course, totally understandable so we are left to rely on reports from those hackers (both white and black hatters) who have tried. So far I've not been able to find anyone who thinks it can be done with any guarantee of success.
I am not a number. I am a ... no, wait!
|
|
|
|
|
Well, ok, but you seem to still be overlooking my main assumption: Apple being involved. There's a huge difference between hacking without guidance, and having the designer of the device give you the information that would enable you to find the precise location of the UID and read it.
My argument is not that the FBI should try this themselves (as others have suggested). It's that they should be asking the court to compel Apple to divulge its knowledge and provide reasonable assistance to the FBI while making the attempt. This is a better legal solution, and maybe a better technological solution (depending on what kind of passcode is at issue), than the one ordered.
|
|
|
|
|