Apple's Secure Enclave Processor firmware decrypted

[suicidalfranco]

 

A hacker known as xerub as posted for the world to see the decryption for Apple's SEP firmware.

For those who don't know SEP is what Apple introduced back with the iPhone when they added TouchID and it's a chip outside off the SoC that handles all sensitive data without letting the main SoC get direct access to it's content. 

Quote

 It runs its own operating system (SEPOS) which includes a kernel, drivers, services, and applications. 

For as much as we know from what Apple tells the pubilc the one piece if info that is stored in the SE is the users fingerprint sensor and it also process everything related with TouchID. 

Quote

 Communication between the processor and the Touch ID sensor takes place over a serial peripheral interface bus. The processor forwards the data to the Secure Enclave but can’t read it. It’s encrypted and authenticated with a session key that is negotiated using the device’s shared key that is provisioned for the Touch ID sensor and the Secure Enclave. The session key exchange uses AES key wrapping with both sides providing a random key that establishes the session key and uses AES-CCM transport encryption

As of August 17 2017 Xerub's decryption key is available to the world and:

Quote

You can use img4lib to decrypt the firmware and xerub's SEP firmware split tool to process.

Frankly, Apple can deemed itself reeeeeeeeeeeeally lucky that this guy decided to make it public, hopefully they'll release a fix before it goes wildfire like what happened when eternalBlue got released to the public.

 

source: http://www.iclarified.com/62025/hacker-decrypts-apples-secure-enclave-processor-sep-firmware

[Mira Yurizaki]

7 minutes ago, suicidalfranco said:

Frankly, Apple can deemed itself reeeeeeeeeeeeally lucky that this guy decided to make it public, hopefully they'll release a fix before it goes wildfire like what happened when eternalBlue got released to the public.

I imagining more that Apple is going to take him to court for exposing "trade secrets" or some other BS.

 

Because that's how you should totally treat white hats /s

[suicidalfranco]

Just now, M.Yurizaki said:

I imagining more that Apple is going to take him to court for exposing "trade secrets" or some other BS.

 

Because that's how you should totally treat white hats /s

yeah, probably xD. Also source added, forgot when i posted

[SpaceGhostC2C]

Enclave is not happy. Expect retaliation.

 

Spoiler

 

[Commodus]

30 minutes ago, M.Yurizaki said:

I imagining more that Apple is going to take him to court for exposing "trade secrets" or some other BS.

 

Because that's how you should totally treat white hats /s

White hats don't publish exploits in public before contacting the company and giving it a chance to fix the problem (it doesn't appear that he talked to Apple first).

 

I don't think Apple will necessarily take him to court, but it probably won't be very happy with his irresponsible approach to disclosing security flaws.

[sazrocks]

6 hours ago, suicidalfranco said:

Frankly, Apple can deemed itself reeeeeeeeeeeeally lucky that this guy decided to make it public, hopefully they'll release a fix before it goes wildfire like what happened when eternalBlue got released to the public.

This exploit, although bad, is not at all like eternal blue. Eternal blue was a network exploit that allowed things like ransomware to spread, this is a local exploit and has nothing to do with viruses spreading.

5 hours ago, Commodus said:

White hats don't publish exploits in public before contacting the company and giving it a chance to fix the problem (it doesn't appear that he talked to Apple first).

 

I don't think Apple will necessarily take him to court, but it probably won't be very happy with his irresponsible approach to disclosing security flaws.

I agree. This guy is more like a gray hat.

[captain_to_fire]

8 hours ago, suicidalfranco said:

Frankly, Apple can deemed itself reeeeeeeeeeeeally lucky that this guy decided to make it public, hopefully they'll release a fix before it goes wildfire like what happened when eternalBlue got released to the public.

He could've submitted it to Apple's bug bounty program and earn money but given how Apple pays less to security researchers, it's probably better to publicize it. 

[mr moose]

8 hours ago, Commodus said:

White hats don't publish exploits in public before contacting the company and giving it a chance to fix the problem (it doesn't appear that he talked to Apple first).

 

I don't think Apple will necessarily take him to court, but it probably won't be very happy with his irresponsible approach to disclosing security flaws.

Many would argue going public straight away is more responsible.  Many companies including apple, google etc have shown they won't necessarily fix something straight away until it goes public.

[LAwLz]

Hard to say how significant these news are.

The key for the firmware being posted won't in and of itself make anything less secure. They still need to find exploits to take advantage of. It's just that now finding exploits might be a bit easier. That's of course under the assumption that agencies like the NSA or other people with malicious intentions didn't already have these keys.

 

14 hours ago, mr moose said:

Many would argue going public straight away is more responsible.  Many companies including apple, google etc have shown they won't necessarily fix something straight away until it goes public.

Many might argue that, but they would be wrong.

There are established ways of dealing with security holes.

1. You contact the developers.
2. You set a deadline.
3. You give them time to respond and fix the issue.
4. You discuss the issue with them. Do they need more info? Do they need more time? Questions like that, if necessary.
5. If they fail to meet the deadline then you release it to the public.

 

The publishing of a security hole is a last resort, and it is meant to make sure companies don't ignore issues.

Publishing straight away certainly puts pressure on the developers, but it does so for the wrong reasons. It seems like he didn't even give Apple a chance.

 

But I don't think there is anything to Apple to patch in this case. They might be able to change the keys in future updates but those keys could potentially be found the same way these were found.

[EPENEX]

It would have been more responsible for him to message Apple directly about this.

[mr moose]

1 hour ago, LAwLz said:

Hard to say how significant these news are.

The key for the firmware being posted won't in and of itself make anything less secure. They still need to find exploits to take advantage of. It's just that now finding exploits might be a bit easier. That's of course under the assumption that agencies like the NSA or other people with malicious intentions didn't already have these keys.

 

Many might argue that, but they would be wrong.

1. There are established ways of dealing with security holes.
2. You contact the developers.
3. You set a deadline.
4. You give them time to respond and fix the issue.
5. You discuss the issue with them. Do they need more info? Do they need more time? Questions like that, if necessary.
6. If they fail to meet the deadline then you release it to the public.

 

The publishing of a security hole is a last resort, and it is meant to make sure companies don't ignore issues.

Publishing straight away certainly puts pressure on the developers, but it does so for the wrong reasons. It seems like he didn't even give Apple a chance.

 

But I don't think there is anything to Apple to patch in this case. They might be able to change the keys in future updates but those keys could potentially be found the same way these were found.

Yes there are established ways of dealing with things, there are established ways for dealing with lots of things,  This doesn't mean people don't get jaded when those established methods are ignored.

 

https://www.cultofmac.com/132610/it-took-apple-3-years-to-fix-an-itunes-flaw-that-allowed-government-police-to-spy-on-you/

 

When this happens people lose faith in the "established" methods and go straight to release and let PR be their motivation.

 

[ZackBarletto]

I would try to contact apple directly with this at first so not just anyone can use it. Then if they take no action id release it to the public to gather support and hopefully make the change.

 

I see a few already had this idea

[captain_to_fire]

6 minutes ago, VegetableStu said:

Xerub claimed it's theoretically possible that the decryption key could be used to watch the SEP do its work, which could potentially allow hackers to reverse-engineer its process and gain access to its contents, including passwords and fingerprint data. However, he admitted that a lot of additional work would need to go into exploiting the decrypted firmware.

But given the fact that this isn't a zero day exploit in the wild, I won't be that concerned since I'm sure Apple has been alerted and probably making a firmware patch at the moment or they're tweaking some things for the next A12 chip to make it harder to hack.

[Commodus]

11 hours ago, mr moose said:

Many would argue going public straight away is more responsible.  Many companies including apple, google etc have shown they won't necessarily fix something straight away until it goes public.

That's debatable, I'd say.  There have been instances where someone published an unpatched exploit without telling anyone and malware popped up days before the patch was ready.

 

I'd say this: a real white hat should at least make a good faith effort to notify the company.  Send them a report and give them a chance to acknowledge that they got it.  Don't just assume the company will ignore you.

[BuckGup]

Obviously this isn't good but man credit to apple for having such great security measures 

[dalekphalm]

23 hours ago, M.Yurizaki said:

I imagining more that Apple is going to take him to court for exposing "trade secrets" or some other BS.

 

Because that's how you should totally treat white hats /s

 

5 hours ago, mr moose said:

Yes there are established ways of dealing with things, there are established ways for dealing with lots of things,  This doesn't mean people don't get jaded when those established methods are ignored.

 

https://www.cultofmac.com/132610/it-took-apple-3-years-to-fix-an-itunes-flaw-that-allowed-government-police-to-spy-on-you/

 

When this happens people lose faith in the "established" methods and go straight to release and let PR be their motivation.

 

As others have covered, I personally feel that releasing the information immediately is ethically wrong. You're potentially exposing millions of people to a potential vulnerability and Apple may not be able to create a fix before some black hat exploits it.

 

Just because some developers ignore the warning doesn't mean a damn thing.

 

The existing standard practice already includes a procedure for when they ignore you: After a set deadline, you release the info publicly. That way, Apple has already seen the info, and (in theory) could have a patch ready or at least in progress before the info is released.

 

I don't care that some hacker is jaded because Apple took 3 years to fix an iTunes flaw or Microsoft sometimes doesn't release patches before a deadline passes. That does not give them moral authority to release the info before even giving them the chance to patch it first.

 

Anyone who does that is not a White Hat hacker. And if they claim to be, they're lying - either to you, or to themselves.

[Mira Yurizaki]

2 minutes ago, dalekphalm said:

The existing standard practice already includes a procedure for when they ignore you: After a set deadline, you release the info publicly. That way, Apple has already seen the info, and (in theory) could have a patch ready or at least in progress before the info is released.

But then you get into the question of what gives you the moral authority to impose an arbitrary deadline sufficient enough to get a fix out? You may as well be pointing a gun to the company's head and go "fix this now or I'll expose your secrets"

[dalekphalm]

1 minute ago, M.Yurizaki said:

But then you get into the question of what gives you the moral authority to impose an arbitrary deadline sufficient enough to get a fix out? You may as well be pointing a gun to the company's head and go "fix this now or I'll expose your secrets"

That's why, if you look at @LAwLz post, generally you work WITH the developer to find out if they need more time, etc.

 

The whole point is that these systems need to be flexible. A bug in Notepad might take a few days to patch. A bug in the kernel might take months to properly patch without fucking up other things in the process.

 

Yes, the deadline is arbitrary - but hopefully you as the white hat hacker have developer experience enough to set a reasonable deadline, and the dev can even suggest a deadline or ask for an extension.

 

Or just go through the Apple Bounty program - though I imagine that's less desirable because I bet there is a clause that states you cannot make the info public if you take the money.

[LAwLz]

Before this thread gets any more derailed I just want to tell everyone that this is not a security hole.

There was nothing for the developer to report to Apple in order to give them time to patch it.

What he did was basically release the source code for the security enclave. Apple couldn't "patch the source code" to make it not have the same effect once this would be released.

 

 

3 minutes ago, M.Yurizaki said:

But then you get into the question of what gives you the moral authority to impose an arbitrary deadline sufficient enough to get a fix out? You may as well be pointing a gun to the company's head and go "fix this now or I'll expose your secrets"

That's the point. You want to put a gun to their heads so that they are forced to fix the issue in a timely manner.

Having an unpatched exploit publicly released is bad for everyone. People are vulnerable and the company did not have any time to react.

Having an exploit a secret forever is bad as well because the company might feel like there is no hurry in getting it fixed, but at the same time, there is a risk that someone is out there using the security hole.

 

That's why it is important to keep a gun to their heads. It prevents both situation 1 and 2.

[mr moose]

7 hours ago, Commodus said:

That's debatable, I'd say.  There have been instances where someone published an unpatched exploit without telling anyone and malware popped up days before the patch was ready.

 

I'd say this: a real white hat should at least make a good faith effort to notify the company.  Send them a report and give them a chance to acknowledge that they got it.  Don't just assume the company will ignore you.

It's not really a debate, there are people who think that going public is more responsible. They think it because their opinions are formed through their experiences, not yours.

4 hours ago, dalekphalm said:

 

As others have covered, I personally feel that releasing the information immediately is ethically wrong. You're potentially exposing millions of people to a potential vulnerability and Apple may not be able to create a fix before some black hat exploits it.

 

Just because some developers ignore the warning doesn't mean a damn thing.

 

The existing standard practice already includes a procedure for when they ignore you: After a set deadline, you release the info publicly. That way, Apple has already seen the info, and (in theory) could have a patch ready or at least in progress before the info is released.

 

I don't care that some hacker is jaded because Apple took 3 years to fix an iTunes flaw or Microsoft sometimes doesn't release patches before a deadline passes. That does not give them moral authority to release the info before even giving them the chance to patch it first.

 

Anyone who does that is not a White Hat hacker. And if they claim to be, they're lying - either to you, or to themselves.

 

The color of the hat does not change how some people view these companies.   It is not exactly fair of us to sit here and judge this guy as being unethical/irresponsible when in his experience companies like apple have already been acting in a similarly unethical and irresponsible way.  

 

For him the gloves are off so to speak.

[Bananasplit_00]

On 2017-08-22 at 7:32 PM, M.Yurizaki said:

I imagining more that Apple is going to take him to court for exposing "trade secrets" or some other BS.

 

Because that's how you should totally treat white hats /s

more of a grey hat, didnt tell Apple before makeing it public, but didnt himself use it for anything bad. just posted it on the web for bragging rights.

[dalekphalm]

5 hours ago, mr moose said:

It's not really a debate, there are people who think that going public is more responsible. They think it because their opinions are formed through their experiences, not yours.

 

The color of the hat does not change how some people view these companies.   It is not exactly fair of us to sit here and judge this guy as being unethical/irresponsible when in his experience companies like apple have already been acting in a similarly unethical and irresponsible way.  

 

For him the gloves are off so to speak.

I disagree strongly. Sure, he might already view Apple as some evil company that doesn't listen to benevolent hackers who find exploits, etc.

 

But that does not change the fact that he did not even try. He put the public at risk (however hypothetical that risk is) without giving Apple any warning or time to do something about it (Even if that "something" is design new hardware for the next iteration).

 

Now, fortunately, the risk to the public seems pretty small - but personally, yes, I'm definitely going to sit here and judge him in my proverbial armchair.

[mr moose]

1 hour ago, dalekphalm said:

I disagree strongly. Sure, he might already view Apple as some evil company that doesn't listen to benevolent hackers who find exploits, etc.

 

But that does not change the fact that he did not even try. He put the public at risk (however hypothetical that risk is) without giving Apple any warning or time to do something about it (Even if that "something" is design new hardware for the next iteration).

 

Now, fortunately, the risk to the public seems pretty small - but personally, yes, I'm definitely going to sit here and judge him in my proverbial armchair.

All I am saying is that that could well be the reason he didn't even try,  for all we know he may have been part of some larger group who kept getting the bum steer and this was the final straw.   Don't tell me there aren't businesses or groups out there that have done you a disservice to the point were you wouldn't give them the time of day?  There are one or two on my list that I wouldn't bother giving them the opportunity to fix there errors.

 

 

 

[Jito463]

41 minutes ago, mr moose said:

All I am saying is that that could well be the reason he didn't even try,  for all we know he may have been part of some larger group who kept getting the bum steer and this was the final straw.   Don't tell me there aren't businesses or groups out there that have done you a disservice to the point were you wouldn't give them the time of day?  There are one or two on my list that I wouldn't bother giving them the opportunity to fix there errors.

Could be?  May have been?  That's an awful lot of speculation.  Perchance, could he have been an individual or part of a group that absolutely loathes Apple and wants to make them look bad?  That's no less speculative than what you've posted.

 

Frankly, I'm not an Apple person, so I have no bone in this fight.  However, attributing motives to an individual, based purely on speculation, seems an illogical and irrational thing to do.  Not to mention a complete waste of time and effort.

[mr moose]

3 minutes ago, Jito463 said:

Could be?  May have been?  That's an awful lot of speculation.  Perchance, could he have been an individual or part of a group that absolutely loathes Apple and wants to make them look bad?  That's no less speculative than what you've posted.

 

Frankly, I'm not an Apple person, so I have no bone in this fight.  However, attributing motives to an individual, based purely on speculation, seems an illogical and irrational thing to do.  Not to mention a complete waste of time and effort.

That's exactly my point.  Everyone is lambasting him for not doing things the "right" way.  I am merely pointing out maybe he is tired of doing things the right way because these companies don't respond appropriately anyway.  

 

Maybe he wasn't breast fed as a baby and he has daddy issues.  who knows.