• General
  • Exploit of device after first unlock to obtain data that isn't at rest

evalda you were absolutely right

Hathaway_Noa They can bypass secure element by booting into the fastboot mode when the phone has been previously in AFU, after that they dump the RAM since the RAM hasn't been cleared yet and bruteforce the keys giving them a password.

It's weird that they are able to brute force the password like that because of 2 reasons:

  1. A flagship device with an SE also comes with a hardware inline crypto engine (ICE) that stores data encryption keys during the runtime of the OS. So they may see plain text data in the RAM dump but seeing keys in memory goes against the the purpose of having an ICE.

  2. Let's assume they can see sub-keys in memory dump. But this alone is not enough to brute force the credentials. It is because they need to decrypt the Synthetic Password first which is only possible with the active cooperation of Weaver and Strongbox Keymaster.

    I think the Synthetic Password is being kept in plain-text in the memory dump which I think is accidental because once its participation to decrypt CE keys completes during BFU to AFU state transition, it's no longer required by the LockSettingsService so it should be released from the memory.

GrapheneOS It could be used to flash another verified boot, enable debugging features, etc.

Is this prevented in GrapheneOS? And if not, what are the implications of a adversary messing with this stuff? Will it be reverted on reboot, or presist until I factory reset the device?

2 months later
a month later