←back to thread

Reverse Engineering iOS 18 Inactivity Reboot

(naehrdine.blogspot.com)
511 points moonsword | 4 comments | 17 Nov 24 21:50 UTC | HN request time: 0.521s | source
Show context
thrdbndndn ◴[18 Nov 24 01:27 UTC] No.42168908[source]
Two questions:

1. surely unconditionally rebooting locked iPhones every 3 days would cause issues in certain legit use cases?

2. If I read the article correctly, it reboots to re-enter "Before First Unlock" state for security. Why can't it just go into this state without rebooting?

Bonus question: my Android phone would ask for my passcode (can't unlock with fingerprint or face) if it thinks it might be left unattended (a few hours without moving etc.), just like after rebooting. Is it different from "Before First Unlock" state? (I understand Android's "Before First Unlock" state could be fundamentally different from iPhone's to begin with).

replies(7): >>42168981 #>>42169169 #>>42169203 #>>42169266 #>>42169304 #>>42170569 #>>42171458 #
diggan ◴[18 Nov 24 02:23 UTC] No.42169169[source]
> it reboots to re-enter "Before First Unlock" state for security. Why can't it just go into this state without rebooting?

I think the reason is to make sure anything from RAM is wiped completely clean. Things like the password should be stored in the Secure Enclave (which encryption keys stored in RAM are derived from) but a reboot would wipe that too + any other sensitive data that might be still in memory.

As an extra bonus, I suppose iOS does integrity checks on boot too, so could be a way to trigger that also. Seems to me like a reboot is a "better safe than sorry" approach which isn't that bad approach.

replies(1): >>42170129 #
1. gizmo686 ◴[18 Nov 24 06:06 UTC] No.42170129[source]
Reboots don't typically wipe RAM. Although wiping ram is relatively easy if you are early enough in the boot process (or late enough in the shutdown process).
replies(3): >>42171294 #>>42171332 #>>42173620 #
2. bayindirh ◴[18 Nov 24 10:48 UTC] No.42171294[source]
With ASLR and tons of activity happening during the boot process, it's almost guaranteed that you'll damage the keys you need. Plus, we don't know how shutdown processes are done. It might be wiping the keys clean before resetting the processor.
3. johncolanduoni ◴[18 Nov 24 10:56 UTC] No.42171332[source]
I'd expect that the RAM encryption key is regenerated each boot, so the RAM should be effectively wiped when the key from the previous boot is deleted from the memory controller.
4. diggan ◴[18 Nov 24 15:59 UTC] No.42173620[source]
> Reboots don't typically wipe RAM.

Typically yeah, I think you're right. But I seem to recall reading that iOS does some special stuff when shutting down/booting related to RAM but of course now I cannot find any source backing this up :/