I wanted to share with you some details about the #TouchID security system, implemented across 2013 #iPhone 5S all the way up to 2020 iPhone SE 2nd Gen (and many #iPad and #MacBook models as well).
1/ TouchID is a security system handled by Secure Enclave Professor (SEP).
2/ it has seen improvements over the years.
Technically speaking, TouchID is nothing more than an under-glass Camera that captures pictures of the finger used to unlock the device. The metal ring around the button is capable of detecting the finger.
3/ Apple is probably working on a solution to move it under display.
Left: under display TouchID patent (Apple)
Right: Touch ID original patent
This is a thread on what we know about Apple’s prototyping and development process of manufactured products.
1/ All info here could be incomplete/wrong/outdated. I may (or may not) update this thread in future if I have enough things to share 😁 #AppleInternal#AppleCollection
2/ First of all, by digging into Apple’s internal assets, we almost immediately come across acronyms like EVT, DVT, PVT, OQC, DOE.
So what do those stand for?
Let’s take a few steps back.
In the industry environment, these process follow some sort of a standardized path:
3/ At Apple, a Golden Line is set up, consisting in a prototype assembly that serves as a reference for all other lines that are set up after it.
This line is to be considered as a template, which develops up to its ‘perfection’ and gets locked right after.
@axi0mX’s #checkm8 is out and let’s you debug your device (up to A11).
But how is this done?
Here is a little thread on dumping the bootrom (SecureROM) on demoted devices with Apple’s official tools.
1/ connect the cable using the correct lighting orientation and launch astris
2/ select the CPU you want to work on (in this case, we’ll select CPU0) and halt it.
As result, astris will provide the output containing the selected CPU’s registers with their content.
We can now use the debugger to copy the content from the memory region
3/ use the command ‘save’ followed by the destination filename on the host, the address of the SecureROM and the size of the desired region to be copied (512kb are enough)