What did ! want from ! ? 

No content

Disclaimer All the information is my interpretation of the iOS Security Guide 

Effaceable Storage • how to truly erase something from an SSD? (source: http:/ /lwn.net) • Apple's solution: small chunk of memory not subject to wear leveling 

Metadata • encrypted with random key created on install • not for confidentiality • in Effaceable Storage • ! • ✅ FBI knows that one 

Files The content of a file is encrypted with a per-file key, which is wrapped with a class key and stored in a file’s metadata — iOS Security Guide FBI needs the file key ( ) 1. ✅ — the file they want to decrypt 2. ✅ — the file system key 3. ❌ — the mysterious class key 

Class Key The class key is protected with the hardware UID and, for some classes, the user’s passcode. — iOS Security Guide • hardware UID: AES 256-bit key fused into the application processor • No software or firmware can read them directly • see only the results of encryption or decryption operations performed by dedicated AES engines 

Class Key, contd. 1. ❌ ❌ — !" 2. # 3. ❌ 4. , , ..., ? 10000 possibilities — !$ 5. how to we access the AES engine? 

iOS Kernel* ✅ ✅ ❌ So the only protection* is that the FBI can't easily run code in kernel mode. *) on older devices (up until iPhone 5C) 

So why !"? 

Ways to get around it • jail break • prevent SSD from being erased & try • crypto vulnerability • acid + focussed ion beam ? • reboot early & try ? • ??? 

Thank you! ! Questions❓ @johannesweiss ! 

Links • iOS Security Guide — https:/ /goo.gl/DJvK0F — https:/ / www.apple.com/business/docs/iOSSecurityGuide.pdf • Crypto Stack Question — http:/ /goo.gl/4oN1rY — http:/ / crypto.stackexchange.com/questions/32886/why-does-the-fbi- ask-apple-for-help-to-decrypt-an-iphone