HackerTrans
TopNewTrendsCommentsPastAskShowJobs

Eriksrocks

no profile record

comments

Eriksrocks
·3 ปีที่แล้ว·discuss
Interesting. I assume this is mostly used to "wash" stolen devices to make them appear legitimate for resale? I'm surprised Apple designed the hardware to allow this without any sort of authentication.
Eriksrocks
·3 ปีที่แล้ว·discuss
You can't "dump" a TPM. That's the whole point. They are designed such that the cryptographic secrets they hold (including ones loaded at manufacturing) are unrecoverable without an electron microscope and nation-state level resources (and even then, it would be extremely difficult if not impossible on modern process nodes).
Eriksrocks
·3 ปีที่แล้ว·discuss
My (very limited) understanding is that this "validation data" is related to the certificate generation (see [0]). So if the app isn't emulating this on device, and instead calling out to a Beeper server that is hosting the Apple binary, is this a potential security risk? Is it possible to use the data that gets sent off device to derive the client encryption key? If so, that would be a huge security hole in this implementation, completely negating their claim of maintaining secure E2E encryption.

[0]: https://www.reddit.com/r/beeper/comments/18duom1/is_beeper_m...
Eriksrocks
·8 ปีที่แล้ว·discuss
Is this datasheet available outside of CSDN? Do you by chance have a copy you would be willing to share?
Eriksrocks
·8 ปีที่แล้ว·discuss
This would hardly fit the description of a chip "smaller than a grain of rice", though.