john Profile picture
9 Jun, 21 tweets, 5 min read
As promised, here’s my little thread with (bad) ruminations of mine about Tatsu Auth Debug and KIS or Why Those Keys & Dumps Are So Valuable

Important: I have never touched any of the devices mentioned below myself. So I can only interpret the data their actual owners sent me…
…thus, the information in this thread may turn out partially or completely WRONG. Proceed with reading on your own risk!
So a certain source of prototypes contacted me to ask help with A14 prototypes - they couldn’t JTAG into them. Astris was showing standard error message telling that debugging is not supported
My first advice was to use the latest available to that moment Kanzi FW (0.99) and enable KIS:

astrisctl kis 1
What’s KIS? Apparently some new Apple’s debugging protocol to replace (or supplement?) SWD. As I mentioned above, I don’t have a personal access to dev-fused A14 devices, so I couldn’t sniff it on physical level
Anyway, after enabling KIS first we tried to reconnect the DVT iPhone 12 (CPRV 10 or 11, CPFM 01). And pow! The output changed!
Long before the A14 release I’ve started to hear stories about the debug authentication coming to Apple’s SoCs. Probably to stop people like me leaking ROMs and decrypting production firmware. And here it is!
Now let’s try to connect an EVT (probably even pre-EVT) (CPRV & CPFM both 00). Omg! It works!
Now we can do whatever with the device - dump SecureROM/SEPROM, decrypt KBAGs and etc.
Now let’s try with disabled Internet to find out if it requires auth. Oh no! Doesn’t work
So apparently auth is already here with A14 rev 00 (KIS is still enabled - it’s important), but Apple allows it! It also means that debug auth:

1) Can be passed outside of Apple (actually a good old is used)
2) Apparently is basically a black/white list, so as long it’s in the white list (or outside of the black list) you can debug it without Apple Connect account or something like this
Also means that either you pass or not pass the auth, Apple will have your IP! But apparently they either don’t check logs or just do not care - the (pre-) EVT device was whitelisted for a long time, and maybe still is
But the time goes, and new things leak. One of those things was Kanzi FW 1.26. There’re quite many changes, but that’s a different story. The (pre-) EVT device owner got it pretty quickly too
And wow! Debug auth is now requested in SWD mode too (this is DVT)!

(That scary red text about Koba though. And it also decreases the tckrate to 1 MHz)
Here’s what KobaSWD looks like, btw (basically glorified Kanzi - and I’m not just about its exterior design)
Let’s try with the (pre-) EVT device now. The same warning, but it works. The owner reported they tried the same without the Internet connected and it worked too! So maybe that’s why debug auth is enabled with KIS on Apple’s side - because it’s pointless to disable anyway?
1) A14 of revisions 10/11 are likely useless toys (they are pretty common)
2) A14 of revision 00 (I’ve only seen one) + Kanzi with FW 1.26 (or better Koba) is the way to go
3) A15 and later are probably useless in any revision
Now that Koba and the (pre-) EVT device are a little bit nearer to me, you can expect more information in the future - at the very least would be nice to sniff whatever happens between Astris and TAD. But for today, that would be all!
Credits/Thanks to:
1) The source who probably doesn’t want to be named
2) @1nsane_dev
Quick update on this: apparently KIS works without the auth on CPRV 00 A14 too - just got another report

• • •

Missing some Tweet in this thread? You can try to force a refresh

Keep Current with john

john Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!


Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @nyan_satan

29 May
Here is my little thread about yet another bug I found in A6 bootrom (and probably any other that boots from H2FMI PPN NAND)

As always, absolutely useless on its own
Look at this picture. The bootrom has just read LLB from a bootpage and is now ready to create a Memz structure out of it. Address - 0x10000000, size - 0x24C00, flags - IMAGE_OPTION_LOCAL_STORAGE
Since the size was 0x24C00, we expect to see nothing on range of 0x10024C00 - 0x10060000 (the end of load area), right? Wrong!
Read 19 tweets
5 Jul 20
As promised, here’s my little thread about my experience of repairing 1st-gen KongSWD (all-white)
Although that’s most likely not your case if you got such a cable, but I did manage to break firmware on mine completely. So let’s start with restoring it
Both generations of Kong make use of NXP LPC1768 MCU (Cortex-M3) (along with Xilinx Spartan 6 FPGA, by the way), that can be reflashed over SWD Image
Read 18 tweets
5 Feb 20
Here is my little thread about bugs I’ve found in Image3 parsers of various SecureROMs (well, A4 and A6)

None of them are exploitable, but all of them can cause a crash and/or denial-of-service

Why am I posting this? Just for lulz and from hopelessness

1) memsetting the whole address space

That’s only for A4 (and maybe lower)

Back in February 2019, someone told me about “SHSH tag length underflow”, that allows “arbitrary memset”. The person failed to tell me which ROM it’s for
But for A4 ROM I found something similar. Look at this line of code:… Image
Read 23 tweets
8 Oct 19
@chronic 1/ there’s no such bootloader as BSS, there’s iBSS (iBoot Single Stage) instead

2/ LLB cannot enter recovery mode, it enters DFU-like mode

3/ boot-command upgrade makes it boot new iBEC, not iBSS

4/ SecureROM versions do NOT match iBoot version at the time of device release
@chronic 5/ there’s console on production iBoot too, although very limited

6/ there’re more iBoot flags than he shows

7/ demotion to 01 is enough to get JTAG (I’d even say SWD). Demotion of Security status isn’t even possible according to @s1guza

@chronic @s1guza 8/8 limera1n isn’t the only bootrom exploit of the past times. There also were Pwnage 1/2, steaks4uce, 24kpwn, SHAtter and alloc8

That was just brief view, by the way
Read 4 tweets
17 Aug 19
Here is my little thread about Power NVRAM — another persistent key-value storage, located right on PMU chip. Only talking about iBoot context
Modifying certain key there allows to enable debug UART on any boot loader (including DFU ones) very early and without touching normal NVRAM

Both keys and values are unsigned 8-bit integers

Now let’s talk about known keys and values for them:
Read 17 tweets
27 Jul 19
Here is my little thread about Lightning video adapters – also known as Haywire – which are actually computers that feature Apple Secure Boot and run Darwin kernel
There’re 2 kinds of Haywire:

1. Lightning Digital AV Adapter (b137ap/iAccy1,1) – Lightning to HDMI adapter, supports both video and audio
2. Lightning to VGA Adapter (b165ap/iAccy1,2) – doesn’t support audio output for obvious reason
Read 20 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!