That’s a great diagram.
Yes, the problem was that I couldn’t get the key. I was hoping that with a bus dump I could either 1) get the UID and guess the algorithm (failed) or 2) The SoC was stupid enough to write incorrect guess count to flash (it’s not)
No, Apple really thought about this, and I’m genuinely impressed. Even with a shave it’d be very hard.
Everything which is insecure is not trusted in this system, which is a great way of doing things.
My guess is they increment the guess count before doing the hash or anything else. Thus even powering down the system at some opportune moment would not not stop the increment. The limit check can also be done before hashing. Likewise erasing the AES key. Lots of people claim that Apple erases the data. They do not, just the key in the SoC and that is done in a microsecond.
Yup. It was really engineered well. It's one of the main reasons I have an iPhone rather than an android. I have an android tablet I use primarily as a book reader, but it doesn't get any important information copied to it.
From my understanding, that algorithm is inside either the Encryption Engine sub-processor of the A6, or inside the Secure Enclave with its own dedicated Encryption processor. Either may or may not be hard-coded in the silicon. Apple ain't saying.