Nov 21, 2009

Inside Apple iPhone

image

iPhone Processor

  • Application Processor (Differs in iPhone, iPhone 3G and 3GS)
  • Baseband Processor (Modem – Again differs with versions)
  • Both of these processor belongs to ARM category

image

Application Processor

1st Generation iPhone

  • Makes use of Samsung S5L8900 processor
  • It holds a clock speed of 620MHz (downclocked to 412MHz)

2nd Generation iPhone (3G)

  • Makes use of Samsung S5L8900 processor
  • It has a clock speed of 835MHz (downclocked to 412MHz)

3rd Generation iPhone (3GS)

  • Makes use of Samsung S5L8920 processor
  • It has a clock speed of 835MHz (downclocked to 600MHz) ARM1176JZF + 100MHz PowerVR SGX 530 graphics core + VPU

Application Processor – Functions

  • Inter communication over UART and i25 channels
  • Separate security measures for each system
  • Execute Mac iPhone OS with integrated security and validation
  • Interacts with baseband processor over secured channels
  • Controls various IC’s like Power management IC, Audio codec, camera sensors, display module, touch modules etc

Baseband Processor – Functions

  • Controls all communication system on the phone
  • Controls WIFI, bluetooth and GSM system
  • Runs its own nucleus encrypted firmware on it thus ensuring the security over communications
  • Effectively communicates with Application processor directly over secured channels
  • 1st generation and 2nd generation iphone uses Infineon S-Gold 2 baseband processor
  • 3rd generation uses Infineon X-Gold 608 baseband processor

iPhone’s Basic Design

iPhone OS architecture is largely OS X

  • Kernel is XNU
  • Basically XNU code compiled for ARM
  • Kernel cannot be modified or re-ported
  • Encrypted using IMG3 container

Spring Board

  • This is the shell
  • User can interact with iphone through springboard
  • Controlled by core libraries

Lockdownd service

  • Handles communication with the computer
  • Services like syncing and AFC
  • Activates iPhone through itunes
  • SSL tunnel between sockets on the computer and the iPhone
  • Lockdownd is more of a daemon

Security Design of an iPhone

Two important Storage Chip  - [NAND Flash disk , NOR device]

  • iPhone OS runs on a NAND flash disk
  • Appears as normal block device to user land
  • Uses Samsung’s “Whimory” FTL
  • OS runs on a read – only System partition (/) and Writable user partition (/Private/Var)
  • Only logical distinctions on top of FTL
  • FTL is the Flash Translation Layer
  • NOR device is completely protected and cannot be written without apple’s signature
  • Signatures are checked in the kernel

Third party applications and installed onto user partition

All executables must be signed by apple

  • Signatures and hashes stored in segments in the Mach –O format
  • Signatures are only checked on startup

Applications runs as the “Mobile” user

  • A “Mobile” user cannot alter the file system

Code signing

  • Signatures are checked in the kernel
  • Must alter kernel in order to run the unsigned applications
  • Signatures are only checked during the startup
  • To modify the system partition “Root” access is needed

Kernel Capabilities and Boot Validations

  • Kernel is stored on the System partition, with all kexts concatenated on Mach –O form
  • Kernel cannot be altered even though user gets access to modify the files on the system partition
  • System partition is a large binary block
  • Kernel is stored on the System partition, with all kexts concatenated on Mach –O form
  • Kernel cannot be altered even though user gets access to modify the files on the system partition
  • System partition is a large binary block

iBoot and other Boot functions

iBoot is analogous to an OpenFirmware boot

  • Loads device tree from NOR
  • Populates the device tree
  • Allows different components to be loaded from different vendors
  • Loads kernel from NAND FTL and executes it

iBoot checks the signature on everything

  • Kernel, device tree, drivers, ram disk, system disk, logos etc
  • Initially iBoot checks the signature of the kernel, then it starts verifying the signature of rest of the OS
  • Device tree differs from iphone, iphone 2G and iphone 3GS

What caused an iPhone to be hacked?

BOOT SEQUENCE OR SIGNATURE CHECKS IN IPHONE (1ST GEN)

  • All user land applications are signature checked by kernel
  • Kernel is signature checked by iBoot
  • iBoot is signature checked by Low Level Bootloader
  • LLB is NOT signature checked by Bootrom, which eventually cause an iPhone to be hacked
  • One has to find an easy way to flash our own Bootloader onto NOR
  • However iPhone 3G and iPhone 3GS has the Low Level Bootloader signature checked by the bootrom

Protections on iPhone File system

All data is encrypted by keys derived from a hardware AES key

  • Keys cannot be read
  • Cannot skip the signature checks without keys

File system is encrypted with “FileVault”

  • FileVault key is stored in Ramdisk, which is encrypted with the hardware key
  • Expected SHA1 hash for the filesystem is also stored on the encrypted and signed ramdisk, thus preventing its alteration
  • Unsigned ramdisk cannot be executed or will not be recognized as SHA1 hash is different

Signature checks Flowchart

image

  • iPhone is secured with various signatures as long as this chain isn’t broken

image

Baseband Hardware/Architecture

  • 1st Generation and iPhone 3G uses X-Gold 2 Infineon Chipset
  • iPhone 3GS uses S-Gold Infineon chipset
  • Boot Process is entirely separate from S5L (Application processor)
  • Connected to Application processor via UART, some GPIOs, I2S, and some DMA
  • Controls all radio peripherals
  • Unique X-Gold and NOR chip IDs
  • iPhone 3G and 3GS holds a GPS module
  • Nucleus OS is the firmware on the Baseband
  • (U)SIM support, speech and data via I2S
  • Bootloader and bootrom is present like the application processor
  • First few sectors in NOR is the boot loader
  • Specific header with two entry points (Normal and service mode)
  • This also includes a special modes called as Trusted Device Mode which is a complicated one
  • Bootloader NOR Sectors in 1st Gen phones are “Locked down” in NOR via GPIO pin
  • Baseband firmware is RSA checked

Baseband Firmware Updates Process

Produces signed secpack (Basically security packets)

  • Secpack defines which NOR addresses are allowed to be written or erased
  • Holds the RSA signature of the main firmware
  • Secpack is signed by apple and holds many other signatures

Later it sends firmware and EEPROM parameter blocks

EEP and FLS are the firmware files produced by Apple in order to flash the baseband

Baseband - Chain Of Trust

  • Tables describing which MNC/MCC iphone is locked to and conditions of the lock based on the IMEI which Is signed with RSA key
  • RSA encrypted S-Gold and NOR dependant token stored TEA-Encrypted with SIM unlock code
  • Need to enter SIM unlock code (NCK) in order to unlock the baseband to open it to all carriers
  • Tables holds the details whether the phone is locked or not
  • While verifying the firmware if the signature is bad, Bootloader displays Spinning Wheel of Death forever

Security initiatives in iPhone versions

  • iPhone 1st generation’s bootloader was not signature checked by bootrom and hence it was easily hackable
  • iPhone 3G and 3GS had its bootloader signature checked by the bootrom and its merely impossible to run an unsigned code in the bootloader
  • Additionally iPhone 3GS had a firmware downgrade proof system, in which firmware’s signature was validated by Apple’s server and thus ensuring that only latest firmware is used to flash the iPhone 3GS
  • Firmware integrity check is done by iTunes for a 3GS via Apple server

1 comments:

lilstevie said...

this article is a little old, but i feel there is an inaccuracy that should be pointed out, iphone 3G does not have the LLB checked by the bootrom, ipod touch 2nd gen was the first device to have its LLB checked by securom,

Text Widget

Copyright © Vinay's Blog | Powered by Blogger

Design by | Blogger Theme by