New Hardware Key for iPad 3 Passcode Verification or Is It Just Masking?

June 8th, 2012 by Andrey Belenko
Category: «Cryptography», «Security», «Software»

Few days ago we have updated our iOS Forensic Toolkit to version 1.15 which includes some bugfixes and improvements and, most notably, supports passcode recovery on the new iPad (also known as iPad 3). There are no significant changes from the practical point of view (i.e. the process of passcode recovery is still exactly the same), but there is something new under the hood. So if you’re interested in iOS security and how stuff works, please read on.

Earlier in May a new jailbreak has been released, and it was the first public jailbreak that worked with the new iPad. It allowed us to investigate iPad 3 security in little more details and to test our iOS forensic tools on this new hardware. [N.B. jailbreaking is generally bad for security so please do this only if you really understand all the implications].

During our testing we came across a problem – we couldn’t recover a passcode protecting the device, although the very same code worked perfectly on all devices from iPhone 3G up to iPhone 4S and iPad 2. We began investigating deeper and it turned out that iPad 3 was now using new hardware key for passcode verification (you can find more information about hardware keys in particular and content protection in general in an excellent document recently released by Apple, and in one of the Apple’s patents, e.g. this one).

The new hardware key is called UniquePlus or UIDplus (key number 2001 or 0x7D1) and its existence is not exactly news. It is referenced in all kernels starting around iOS 5.0 and we have mentioned its existence and involvement in passcode verification during our “Evolution of iOS Data Protection and iPhone Forensics: from iPhone OS to iOS 5” (jump to page 39) talk on BlackHat back in December 2011. However, although this key was referenced in iOS kernels, it wasn’t actually used in iPhone 4S or in iPad 2. We have first seen this key being used in the new iPad.

But new key wasn’t the only new thing. It turned out that Apple is using this key with a new encryption mode. We aren’t quite sure what this mode is, but it looks like a ECB mode with some sort of (key or data) masking. Before that Apple has been using hardware AES in CBC mode. It is also quite possible that UID and UIDplus map to the same hardware key and masking is the only thing that makes them (look) different.

Apart from those changes to passcode verification, we haven’t noticed any other significant modifications to iOS Data Protection, meaning that our customers can use iOS Forensic Toolkit to acquire and decrypt filesystem images, extract and decrypt keychain records and recover passcode with all devices, including iPad 3 (if it has been jailbroken already).