Difference between revisions of "GID Key"

From The iPhone Wiki
Jump to: navigation, search
(more explanation)
(updating up to current devices, etc)
Line 1: Line 1:
 
The '''GID key''' (device group ID key) is the AES 256-bit key shared by all devices with the same application processor. (AES 256-bit refers to the [https://en.wikipedia.org/wiki/Advanced_Encryption_Standard Advanced Encryption Standard], a particular specification for encryption.) The GID key is part of how iOS encrypts software on the device.
 
The '''GID key''' (device group ID key) is the AES 256-bit key shared by all devices with the same application processor. (AES 256-bit refers to the [https://en.wikipedia.org/wiki/Advanced_Encryption_Standard Advanced Encryption Standard], a particular specification for encryption.) The GID key is part of how iOS encrypts software on the device.
   
This key differs between each [https://en.wikipedia.org/wiki/System_on_a_chip SoC (System on a Chip)] - in other words, the [[S5L8900]] (chip for iPhone 3G for example) has a different key from the [[S5L8930]] (A4 chip for iPhone 4, iPod touch 4g, etc.).
+
This key is different on each [https://en.wikipedia.org/wiki/System_on_a_chip SoC (System on a Chip)] - in other words, the [[S5L8900]] (chip for iPhone 3G for example) has a different key compared to the [[S5L8930]] (A4 chip for iPhone 4, iPod touch 4g, etc.).
   
 
Apple explains GID keys in its official [https://www.apple.com/br/privacy/docs/iOS_Security_Guide_Oct_2014.pdf iOS security guide] (page 9, chapter "Encryption and Data Protection"):
 
Apple explains GID keys in its official [https://www.apple.com/br/privacy/docs/iOS_Security_Guide_Oct_2014.pdf iOS security guide] (page 9, chapter "Encryption and Data Protection"):
Line 7: Line 7:
 
restore. Integrating these keys into the silicon helps prevent them from being tampered with or bypassed, or accessed outside the AES engine. The UID and GID are also not available via JTAG or other debugging interfaces."</blockquote>
 
restore. Integrating these keys into the silicon helps prevent them from being tampered with or bypassed, or accessed outside the AES engine. The UID and GID are also not available via JTAG or other debugging interfaces."</blockquote>
   
On [[S5L8900]], the GID key was used to generate [[AES Keys#Key 0x837|AES Key 0x837]], used as the encryption key for [[S5L File Formats#IMG2|IMG2 files]]. With the introduction of [[IMG3 File Format|IMG3]] in iOS 2.0, [[KBAG]]s are now used instead of the 0x837 key.
+
On [[S5L8900]], the GID key was used to generate [[AES Keys#Key 0x837|AES Key 0x837]], used as the encryption key for [[S5L File Formats#IMG2|IMG2 files]]. With the introduction of [[IMG3 File Format|IMG3]] in iOS 2.0, iOS started using [[KBAG]]s instead of the 0x837 key. iOS 7.0.1 introduced the [[IM4P File Format]] and [[IMG4 File Format]] for [[A7]] and newer devices.
   
 
In [[iOS]] 3.0GM/3.0, a pseudo GID Key was used. This allowed getting [[Firmware Keys|firmware decryption keys]] for only these firmwares without the device and with tools such as GitKeys or OpenSSL.
 
In [[iOS]] 3.0GM/3.0, a pseudo GID Key was used. This allowed getting [[Firmware Keys|firmware decryption keys]] for only these firmwares without the device and with tools such as GitKeys or OpenSSL.
Line 26: Line 26:
 
<blockquote>"According to the 2011 document describing the Jamboree presentations on Apple’s processor, the researchers asserted that extracting the GID key could also allow them to look for other potential gateways into Apple devices. “If successful, it would enable decryption and analysis of the boot firmware for vulnerabilities, and development of associated exploits across the entire A4-based product-line, which includes the iPhone 4, the iPod touch and the iPad.”"</blockquote>
 
<blockquote>"According to the 2011 document describing the Jamboree presentations on Apple’s processor, the researchers asserted that extracting the GID key could also allow them to look for other potential gateways into Apple devices. “If successful, it would enable decryption and analysis of the boot firmware for vulnerabilities, and development of associated exploits across the entire A4-based product-line, which includes the iPhone 4, the iPod touch and the iPad.”"</blockquote>
   
== Related projects ==
+
== Related tools ==
 
* [https://github.com/planetbeing/xpwn/tree/master/crypto crypto by planetbeing] - "This package allows you to directly access the iPhone's AES engine from userland. You may encrypt and decrypt with the UID and GID keys, as well as any custom keys you provide."
 
* [https://github.com/planetbeing/xpwn/tree/master/crypto crypto by planetbeing] - "This package allows you to directly access the iPhone's AES engine from userland. You may encrypt and decrypt with the UID and GID keys, as well as any custom keys you provide."
 
* [https://code.google.com/p/iphone-dataprotection/ iphone-dataprotection] - wiki includes a list of [https://code.google.com/p/iphone-dataprotection/wiki/EncryptionKeys types of encryption keys used for data protection], including a chart of key hierarchy on iPhone 4.
 
* [https://code.google.com/p/iphone-dataprotection/ iphone-dataprotection] - wiki includes a list of [https://code.google.com/p/iphone-dataprotection/wiki/EncryptionKeys types of encryption keys used for data protection], including a chart of key hierarchy on iPhone 4.

Revision as of 09:21, 10 March 2015

The GID key (device group ID key) is the AES 256-bit key shared by all devices with the same application processor. (AES 256-bit refers to the Advanced Encryption Standard, a particular specification for encryption.) The GID key is part of how iOS encrypts software on the device.

This key is different on each SoC (System on a Chip) - in other words, the S5L8900 (chip for iPhone 3G for example) has a different key compared to the S5L8930 (A4 chip for iPhone 4, iPod touch 4g, etc.).

Apple explains GID keys in its official iOS security guide (page 9, chapter "Encryption and Data Protection"):

"The device’s unique ID (UID) and a device group ID (GID) are AES 256-bit keys fused (UID) or compiled (GID) into the application processor during manufacturing. No software or firmware can read them directly; they can see only the results of encryption or decryption operations performed using them. The UID is unique to each device and is not recorded by Apple or any of its suppliers. The GID is common to all processors in a class of devices (for example, all devices using the Apple A8 processor), and is used as an additional level of protection when delivering system software during installation and restore. Integrating these keys into the silicon helps prevent them from being tampered with or bypassed, or accessed outside the AES engine. The UID and GID are also not available via JTAG or other debugging interfaces."

On S5L8900, the GID key was used to generate AES Key 0x837, used as the encryption key for IMG2 files. With the introduction of IMG3 in iOS 2.0, iOS started using KBAGs instead of the 0x837 key. iOS 7.0.1 introduced the IM4P File Format and IMG4 File Format for A7 and newer devices.

In iOS 3.0GM/3.0, a pseudo GID Key was used. This allowed getting firmware decryption keys for only these firmwares without the device and with tools such as GitKeys or OpenSSL.

Potential attacks

A hypothetical way to extract this key could be to perform some sort of side channel attack (see also Talk:GID Key for speculation about potential attacks):

CIA research into attacks

According to this March 2015 article based on documents provided by Edward Snowden, the CIA has been particularly interested in figuring out how to extract GID keys as part of their efforts to get access to modifying iOS to insert spy software and to research further vulnerabilities:

"At the 2011 Jamboree conference, there were two separate presentations on hacking the GID key on Apple’s processors. One was focused on non-invasively obtaining it by studying the electromagnetic emissions of — and the amount of power used by — the iPhone’s processor while encryption is being performed. Careful analysis of that information could be used to extract the encryption key. Such a tactic is known as a “side channel” attack. The second focused on a “method to physically extract the GID key.”

"According to the 2011 document describing the Jamboree presentations on Apple’s processor, the researchers asserted that extracting the GID key could also allow them to look for other potential gateways into Apple devices. “If successful, it would enable decryption and analysis of the boot firmware for vulnerabilities, and development of associated exploits across the entire A4-based product-line, which includes the iPhone 4, the iPod touch and the iPad.”"

Related tools