HackerTrans
トップ新着トレンドコメント過去質問紹介求人

Eriksrocks

no profile record

コメント

Eriksrocks
·3 年前·議論
Interesting. I assume this is mostly used to "wash" stolen devices to make them appear legitimate for resale? I'm surprised Apple designed the hardware to allow this without any sort of authentication.
Eriksrocks
·3 年前·議論
You can't "dump" a TPM. That's the whole point. They are designed such that the cryptographic secrets they hold (including ones loaded at manufacturing) are unrecoverable without an electron microscope and nation-state level resources (and even then, it would be extremely difficult if not impossible on modern process nodes).
Eriksrocks
·3 年前·議論
My (very limited) understanding is that this "validation data" is related to the certificate generation (see [0]). So if the app isn't emulating this on device, and instead calling out to a Beeper server that is hosting the Apple binary, is this a potential security risk? Is it possible to use the data that gets sent off device to derive the client encryption key? If so, that would be a huge security hole in this implementation, completely negating their claim of maintaining secure E2E encryption.

[0]: https://www.reddit.com/r/beeper/comments/18duom1/is_beeper_m...
Eriksrocks
·8 年前·議論
Is this datasheet available outside of CSDN? Do you by chance have a copy you would be willing to share?
Eriksrocks
·8 年前·議論
This would hardly fit the description of a chip "smaller than a grain of rice", though.