Giving Mobile Security the Boot
TrustZone
TrustZone
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Validating components: SHSH<br />
• User updates/restores device<br />
• i<strong>Boot</strong> gets image (IPSW), parses it, generates request<br />
Key<br />
ApBoardID<br />
ApChipID<br />
ApECID<br />
ApProductionMode<br />
Ap<strong>Security</strong>Domain<br />
UDID<br />
HostPlatformInfo<br />
Locality<br />
VersionInfo<br />
Value<br />
From IPSW<br />
From Device<br />
Exclusive Chip ID<br />
true (unfortunately)<br />
From IPSW<br />
Unique Device Identifier<br />
iTunes host OS identifier<br />
en_US, zh_CN, etc..<br />
libauthinstall-a.b.c.d.e<br />
• iTunes POSTs to http://www.gs.apple.com<br />
• Apple signs with <strong>the</strong>ir private key.<br />
• i<strong>Boot</strong> stores in NAND firmware partition SCAB container<br />
https://www.<strong>the</strong>iphonewiki.com/wiki/SHSH_Protocol