[HN Gopher] Bricked iPhone 16 Can Be Restored Wirelessly Using A...
___________________________________________________________________
Bricked iPhone 16 Can Be Restored Wirelessly Using Another iPhone
Author : impish9208
Score : 46 points
Date : 2024-09-18 12:00 UTC (4 days ago)
(HTM) web link (www.macrumors.com)
(TXT) w3m dump (www.macrumors.com)
| mdaniel wrote:
| If that can be done "off grid," then I welcome it because it's
| likely a jailbreak vector
| avianlyric wrote:
| Not a chance. iOS installs are cryptographically bound to the
| hardware itself installed on. It's not possible to get an
| iPhone to boot an iOS install without an Apple server providing
| that cryptographic binding.
| 0l wrote:
| Assuming it's implemented properly, that is. The whole reason
| Jailbreaks exist is due to bugs in Apple's implementations.
| gjsman-1000 wrote:
| Almost certainly not affected; even if this new recovery
| mode had no signature verification at all, you would have
| to deal with Apple's impenetrable-since-A12 secure boot.
| mdaniel wrote:
| Well, one will observe that I said "off grid," because I was
| acutely aware of the desire for them to approve OS reinstalls
|
| I know, "but muh sekurity" and all that, but when the
| grandkids find an antique iPhone 16 in a barn somewhere, and
| want to install an iOS image upon it to see how things were
| in the old-times, I want that to be technically possible even
| after Apple shuts down the old gatekeeping servers
| explaininjs wrote:
| Curious what you want from a jailbreak at this point? It seems
| all of the old things that were actually helpful have found
| them into first party software, or at least in the sanctioned
| third party. (internet tethering, emulators, side loaded apps,
| etc.)
| fragmede wrote:
| Internet tethering is actually one that's gone backwards,
| with "unlimited" cellphone plans that are limited when
| tethering. Or plans that disable tethering even though all
| the software is there.
|
| The other thing from a jailbreak would be for it to become
| self hosting, that is, give the ability to make full blown
| iPhone ipa on an iOS device without needing a macOS device
| anywhere at all.
| explaininjs wrote:
| As someone who does a ton of networking/routing at the link
| layer for a day job, I can definitely see why they're
| taking measures to reduce bandwidth hogs - to the extent I
| might actually prefer to be on a network that has taken
| measures to reduce hogging vs one that has not.
|
| When it really truly matters, like when I have a business
| need to download huge items in remote areas, the $10/GB+
| justifies itself.
| mdaniel wrote:
| I thank goodness I haven't been subjected to (mobile) Apple
| for many years in order to speak to what they "allow" and
| don't nowadays, but the short answer is that I want to
| *fucking own* the hardware I pay fuckloads of money to
| _purchase_
|
| Also, while I was typing out the "I want f-droid.org for iOS"
| I realized there is a pragmatic answer: I want to build _and
| distribute_ apps without having to pay for the right to do
| so, not because I am stingy but because paying is
| gatekeeping. Do you know how much the Joplin devs have to pay
| Google to put this .apk link here[1]? $0
|
| 1: https://joplinapp.org/help/install/#mobile-applications
| explaininjs wrote:
| That's a web app, it's on them if they don't want to offer
| their services without requiring me to let them out of the
| web sandbox.
| mdaniel wrote:
| I presume you didn't follow the link I pointed to, which
| for sure points an .apk URL
|
| Now, if you're trying to be extra cute by saying "react
| native is a webpage with more steps," I'm not trying to
| have that fight, but I can assure you with 100%
| confidence that Joplin's apk loads without Internet
| connectivity, making it not meet _my_ definition of "a
| web app"
| Brajeshwar wrote:
| Will this not increase the economic value of stealing iPhones?
|
| Right now, in India, iPhone sales compete with used iPhones. With
| an option to unbrick phones, what methods are preventing a new
| market of "Chor-Bazaar for iPhones" (market for stolen iPhones)?
| kylehotchkiss wrote:
| I am so happy to see a chor bazaar reference here. I got one of
| my antique SLR cameras from there!
| toymin wrote:
| Pretty sure this doesn't remove Activation Lock so it shouldn't
| make a difference
| brigade wrote:
| Bricked as in doesn't boot the OS, not bricked as in unable to
| be activated.
| olliej wrote:
| No, this is not adding a new version of resetting a device,
| it's just providing a mode where if your phone is bricked you
| don't need to find a computer and cable to get back to a
| working state if you're with someone else who has an iPhone.
|
| The thing the limits the resale/theft value of an iPhone is
| activation lock - not the ability to reset the device.
| Resetting or restoring an iPhone does not remove activation
| lock, and this does not change that.
| cdchn wrote:
| India have a lot of carriers that don't care about stolen
| IMEIs?
| lofaszvanitt wrote:
| w o w
|
| what could go wrong
| olliej wrote:
| I'm not sure? what is the threat you're concerned about here?
|
| My reading of this is that it's just removed the requirement to
| use a wired connection to a laptop to restore a phone that is
| already in DFU/restore mode - I'm not sure what attack/flaw you
| get from allowing the recovery path over wifi that would not
| already be an option with the existing wired path?
| SheinhardtWigCo wrote:
| This is presumably in preparation for removing USB-C next year?
| teruakohatu wrote:
| The latest AirPods have usb-c, with the higher tier also
| including wireless charging. If there was ever a device
| category to remove usb-c it would be AirPods (which would still
| be a terrible idea)
| derefr wrote:
| I would argue the opposite: AirPods are a pure "client"
| device -- they need to be connected to _by_ something, they
| don 't connect _to_ something; and they have no display,
| input method, or other means to initiate /change Bluetooth
| pairing, if the state of the firmware somehow gets in a
| mucked-up state and they need to be flashed. The only
| possible way to recover broken AirPods is via tethered
| recovery.
|
| An iPhone is the opposite: both a "client" and a "host", with
| plenty of options (in theory) for interactively initiating
| and configuring a wireless recovery boot. Almost capable
| enough (again, in theory) to be used for standalone debugging
| of its own hardware faults (like you'd do with a PC using a
| live USB image.) For 99% of faults, an iPhone _should_ be
| capable of non-tethered recovery -- if Apple would just write
| the firmware so as to enable that.
|
| And the other 1% of the time, you've probably got at least
| one failed critical hardware component preventing early boot.
| At which point "flashing the OS" would be the least of your
| concern; and instead, you'd just take the thing into the
| Genius Bar, and they'd open it up, and then either tap into
| an _interior_ debugging interface (as presumably they 'll
| leave the lightning debug pins exposed as something like JTAG
| pads); or they'd temporarily swap the mainboard out into an
| "everything but the mainboard" recovery harness, flash it
| there, and then stick it back into the phone. At which point
| they could then use the recovered base firmware's recovery
| mode to QC the rest of the hardware!
| ssl-3 wrote:
| > I would argue the opposite: AirPods are a pure "client"
| device -- they need to be connected to by something, they
| don't connect to something; and they have no display, input
| method, or other means to initiate/change Bluetooth
| pairing, if the state of the firmware somehow gets in a
| mucked-up state and they need to be flashed. The only
| possible way to recover broken AirPods is via tethered
| recovery.
|
| Huh?
|
| The charging case (which is an integral part of the system
| known as "Airpods") has a display (LED indicator) and an
| input method (a pushbutton).
| ShadowRegent wrote:
| I'm not so sure. One of the potential benefits of removing
| ports from the iPhone is improved water resistance
| (personally, I'd still rather have the port). I don't foresee
| going swimming with my AirPods case.
| cdchn wrote:
| I think a big part of the reason (maybe the only reason?) they
| went to USB-C is because they were legally compelled to by
| European regulations, not sure if they can then about-face on
| that just by removing the port.
| GeekyBear wrote:
| Needing to connect an iDevice that wouldn't boot to a PC or Mac
| in order to restore a factory OS image wasn't exactly a high bar
| to get over, but this does give you another option for recovery.
| brianpan wrote:
| As a former hardware engineer, if it can be restored wirelessly
| or otherwise, it's not a brick yet. Keep trying, you'll get
| there! ;)
| trash_cat wrote:
| semi-brick
| fragmede wrote:
| Keep trying to de-dramaticize language, you'll get there!
|
| Seriously though, the last time I truely bricked something was
| because I overwrote the bootloader on a chip that had no other
| way to flash, and it was an all-in-one, so I couldn't solder to
| the chip and reprogram it directly. Now that was a brick. A
| board that I can still solder to a chip and bus pirate my way
| to victory, isn't a brick. Being able to do so wirelessly? psh.
|
| Edit: I'm remembering now, that hardware was an Apple keyboard.
| I wanted to flash the firmware so I could have capslock be left
| Ctrl in hardware, but I flashed the wrong thing and then could
| not flash an updated image to it.
| ChocolateGod wrote:
| > Apple's latest devices apparently come equipped with a
| dedicated recovery partition
|
| Didn't they always have this, minus the wireless functionality,
| isn't that the entire point of DFU/Recovery Mode?
| mdaniel wrote:
| Well, pedantically DFU allows injecting _someone else 's_
| recovery partition, usually from a computer over USB but
| probably from Apple's CDN if they have the equivalent of
| macOS's "Internet Recovery." What I'm _guessing_ this change
| provides is that the iPhone itself carries a recovery
| partition, and based on the language allows pseudo-AirDrop-ing
| it to someone else
| alliao wrote:
| this is the sort of functionality that only appears when the pain
| in the retail is felt by the corp. though can't say I think it's
| a good idea though.. feels like a free rein for state level
| adversaries...
| bpye wrote:
| Presumably the signing requirements are the same as the normal
| USB DFU process?
| 1-6 wrote:
| Imagine the ramifications of this. I'm not a technician for any
| secret agents but I can see how this will make black hat
| attendees very excited.
| tsujamin wrote:
| Yeah that they are confident enough in their chain of trust to
| allow this says a lot I think
| supportengineer wrote:
| Not bricked if it can be fixed.
| irobeth wrote:
| Locked iPhone owned by law enforcement target will accept remote
| firmware push from trusted device?
| olliej wrote:
| It _sounds_ like this is just the standard restore path, only
| now it can be done wirelessly. Restore/DFU is an erase all
| content path - there are some cases where restore can avoid
| erasing the old data, but that path requires the device pin,
| and if you know the pin, then you definitionally don't need to
| jump through any hoops to unlock the device.
___________________________________________________________________
(page generated 2024-09-22 23:00 UTC)