GrapheneOS Thanks for your reply! I have another question. Even if iOS devices are locked with a complicated passcode rather than a PIN, when these are in AFU, can they still break into the phone regardless of the locking method ?
Cellebrite Premium July 2024 documentation
racoondog Yes, when the device is in AFU, they can get nearly 100% of the data without a brute force. The only exception is that the tiny portion of data that's meant to be at rest while locked (which is opt-in and even Signal doesn't use it) can't always be obtained. It's not meant to be possible to ever obtain it but in practice they can get it due to at least one bug.
GrapheneOS Oh, I see. I've decided to completely switch from my iPhone to GOS. Thank you for explaining!
GrapheneOS Does this portion of memory which should be locked while at rest also exist on Android?
Whatnoww It's available as a feature of the hardware keystore and it's up to apps to use that API for an additional layer of disk encryption. Android is going to be providing APIs for an iOS style data class available only while the device is unlocked and hopefully it's implemented better. We can harden it if it fails to hold up properly to attacks.
2 months later
GrapheneOS where can I look up how to read this matrixes? I understand bfu/afu and a few other things but is there a full guide/explanation somewhere?
GrapheneOS what does everything to the right next to the phone manufacturer mean? Theine with all these numbers?
UserresU The intended purpose is adding a PIN to confirm fingerprint unlock. It is not a primary unlock method, which wouldn't be reasonable.
UserresU There's information throughout the thread. Which part do you need more info about?
Quotesquestioner Are you referring to the SoC column for iPhones? That refers to their System on a Chip, i.e. the CPU, GPU, MMU, etc. It's already implied by the device model but they may have added it to help explain why there would be differences between certain generations.
GrapheneOS yes i mean SoC and the other stuff that is on the right to it. My english is insufissient for describing sheets. Is there mabe a video, that explains the charts in detail?
15 days later
Chat Logs of Cellebrite/Graykey/etc. Users/Staff
Might be relevant.
https://discuss.privacyguides.net/t/chat-logs-of-cellebrite-graykey-etc-users-staff/21374
8 days later
- Edited
GrapheneOS
Is brute force possible in AFU? It seems there's no secure element throttling in AFU. I tried multiple failed password login and it still allows me to try.
What's the Pixel titan throttling policy? like how many times of failed tries before first cooldown period? Is there a max number of failed tries?
- Edited
Upstate1618 follow this link and scroll down. You'll find a table with that info: https://grapheneos.org/faq#encryption
Upstate1618 Is brute force possible in AFU? It seems there's no secure element throttling in AFU.
No and there is. Maybe you tried with a short PIN? If I recall correctly, the guesses have to be over a certain length. Maybe 4 or more digits? Don't remember for sure.
To try the throttling, you need to input a valid PIN (4 or more digits) and it needs to be a different PIN each time. It won't throttle if you keep inputting 1111, for example. This is a new change.
The throttling thresholds seem to have also changed slightly, so we'll need to update the docs. You'll hit the first throttle after 10 failed attempted, if I recall correctly.
9 days later
Hi! Thanks for sharing this.
Are they able to read and access the user data afu or bfu on standard Android on Google pixel with Titan M2, if they don't have the passcode? Or can they only extract the encrypted version of the user data? Can they also extract the data bfu?
13 days later
Hello, do you know if Apple has taken over the same restart feature as GrapheneOS?
