If device was subject to brute force pin attempt and auto reboot was enabled to a low time like 4 hours would the time between pin attempt be put back to zero if it reboots during brute force attack ?
Could the attacker reboot the device during brute force attack to get around attempt time out ?
Brute force login attempt question
If (!) there was a way for somebody to bruteforce the phone they would not even need to enter the OS itself, they would find a way to extract the keys from the phone and bruteforce them bypassing any kind of security element.
- Edited
OP's question is interesting. Can anyone definitively answer?
Hathaway_Noa
I find this statement confusing.
If the actor has extracted the keys, there is no need for brute force.
What did I miss?
- Edited
I asked a similar question. There's a immutable timer while the phone is running.
Specifically, I asked about network time possibly interfering with the auto reboot timer.
On that basis, I think that's interrupting with a reboot would not affect the brute force rate limiting. It's not based on boot time but rather previous unsuccessful attempts. Which doesn't appear to reset on boot.
Ok i just tried it on my second device got to a 30 second time out , rebooted and entered wrong pin and its still at 30 second timeout .
This is good
Skyway If device was subject to brute force pin attempt and auto reboot was enabled to a low time like 4 hours would the time between pin attempt be put back to zero if it reboots during brute force attack ?
Like what you just tested, PIN throttling does not reset on a device reboot.
Rate-limiting of authentication is managed by a separate internal timer / the secure element rather than the operating system. The time remaining is returned to the operating system when the weaver status from where secrets are stored (Titan M/M2 in this case) is queried. For comparison, this behaviour also happens with iPhones when the PIN is throttled.
https://grapheneos.org/faq#encryption
https://android.googlesource.com/platform/hardware/interfaces/+/refs/heads/master/weaver/1.0/IWeaver.hal
[deleted]
Hathaway_Noa
Can you contact me with this one time link https://simplex.chat/invitation#/?v=2-5&smp=smp%3A%2F%2F0YuTwO05YJWS8rkjn9eLJDjQhFKvIYd8d4xG8X1blIU%3D%40smp8.simplex.im%2FXKSU2bUPll6Kyrks0wp2a3yzXH2XBc3r%23%2F%3Fv%3D1-2%26dh%3DMCowBQYDK2VuAyEA6j3HC-wii6PVj0U_aWniJBOVyzxDUsh3xX2pzmUON1s%253D%26srv%3Dbeccx4yfxxbvyhqypaavemqurytl6hozr47wfc7uuecacjqdvwpw2xid.onion&e2e=v%3D2-3%26x3dh%3DMEIwBQYDK2VvAzkAWDMcwTy5l8H8SnmvrYOm391_xyYK4LZ8D0JDyco8XZpzA57565DpMLaWW7_WVtseNSTW1hLlQ60%3D%2CMEIwBQYDK2VvAzkAbitEiOgq831atfuT4xiNZ1eBYp2ppp29Tin6h4qBhAdCDBboPZCdDnCBDUuayh1zHMjsx_oJha8%3D