I wanted to share with you some details about the #TouchID security system, implemented across 2013 #iPhone 5S all the way up to 2020 iPhone SE 2nd Gen (and many #iPad and #MacBook models as well).— 🔥🌸 Giulio Zompetti (@1nsane_dev) July 29, 2020
1/ TouchID is a security system handled by Secure Enclave Professor (SEP). pic.twitter.com/wyy8zA08Fd
This is a thread on what we know about Apple’s prototyping and development process of manufactured products.— Giulio Zompetti (@1nsane_dev) January 15, 2020
1/ All info here could be incomplete/wrong/outdated. I may (or may not) update this thread in future if I have enough things to share 😁#AppleInternal #AppleCollection pic.twitter.com/G5Pk1v9rT4
@axi0mX’s #checkm8 is out and let’s you debug your device (up to A11).— Giulio Zompetti (@1nsane_dev) September 28, 2019
But how is this done?
Here is a little thread on dumping the bootrom (SecureROM) on demoted devices with Apple’s official tools.
1/ connect the cable using the correct lighting orientation and launch astris pic.twitter.com/00FSJHJVup
iPhone 4S, 5, 5S prototypes. pic.twitter.com/6UIUhzmCg7— 🔥🌸 Giulio Zompetti (@1nsane_dev) October 16, 2020
On an early prototype #iPhone 2G, the ring/silent switch is marker with a tiny bell. This etching is not present on the related production units.— 🔥🌸 Giulio Zompetti (@1nsane_dev) October 8, 2020
M68, project identifier for iPhone 2G, was codenamed “Purple” back in 2005. pic.twitter.com/miwkYHEzfw
During the DVT Prototyping stage, #FaceID is considered a potential threat.— 🔥🌸 Giulio Zompetti (@1nsane_dev) September 25, 2020
The flood illuminator is classified as Class1 as for EN 60825-1 (EU) and IEC 60825-1 (International) and therefore a #Laser Warning Label is etched on the side of the housing. #Apple #AppleCollection pic.twitter.com/kQV0TCQJ1u
Here is a prototype of the first generation #iPhone.— 🔥🌸 Giulio Zompetti (@1nsane_dev) September 7, 2020
This device lacks of the ‘iPhone’ label on the back.
Model identifier: M68.
It comes with nonUI #iOS 1.1.3 (based on Tahoe 4A86 Build), which was still called ‘OS X’ back at those times. pic.twitter.com/SOGIPY4Pny
Best unit of my whole collection.#prototype #iPod touch 3 with rear camera, a feature that wasn’t present on the related production device.#AppleInternal #Apple #AppleCollection pic.twitter.com/SeVxBvTL8w— 🔥🌸 Giulio Zompetti (@1nsane_dev) May 27, 2020
1/ It’s been a year since I started collecting rare #Apple devices. This evolved so fast, and thanks to this, I got in touch with amazing people, been in awesome places, and last but of course not least, I learnt a lot.— 🔥🌸 Giulio Zompetti (@1nsane_dev) January 14, 2020
I’m thankful for the journey up to this point. pic.twitter.com/gl5dmIMrko
Internal UI iOS 3.0 (7A187a), running on an Development Insecure N88AP (EVT Red MLB, SoC detail below) pic.twitter.com/SwoZnRPSuQ— 🔥🌸 Giulio Zompetti (@1nsane_dev) August 8, 2019
iPhone #Prototypes— 🔥🌸 Giulio Zompetti (@1nsane_dev) May 14, 2019
Models 6S Plus, 7Plus, DVT/EVT Stages.
rt if you want to see what’s different compared to production devices in a future tear down.#AppleInternal #SwitchBoard#AppleCollection pic.twitter.com/mMAiy9jxI0
Here are two amazing devices from my collection: two variants of #prototype #N94AP both from 2010.— 🔥🌸 Giulio Zompetti (@1nsane_dev) January 3, 2019
iPhone 4S (N94AP) was officially released in Oct 2011. First variant runs a nonUI #SwitchBoard build, second variant runs an Internal Build of iOS. #AppleInternal #AppleCollection pic.twitter.com/ZXyEAjMx9E
PURPLE PROVersion: 0.1.0 beta1
Platform: best on 10.14.x (all others are experimental)
iPhone: iPhone6/6Plus, iPhone6S/6SPlus, iPhoneSE (1st gen), iPhone7/7Plus, iPhone8/8Plus, X.
iPad: iPad mini 4, iPad Air 2, iPad 5, iPad 6, iPad 7, iPad Pro 10.5, iPad Pro 12.9(2nd gen).
For A10 devices, a more reliable exploit is now used.
0.1.0b1: Initial release
Introducing a brand new UI which features an editor for the informations in NAND's syscfg. The editor is powered by MagicCFG.com.
IF YOU HAVE ANY DOUBTS, PLEASE READ F.A.Q. ON THE SUPPORT PAGE
F.A.Q.Q: What's Purple?
A: An easy to use solution that will help repair shops and technicians to perform services related to NANDs of some devices, making those possible without the use of any hardware programmer.
Q: How does it work?
A: Simply connect a device in DFU mode and press the button, it will enter in a mode in which NAND data can be edited. The screen will turn on showing a solid color.
Q: What do I need to use it?
A: A Mac on 10.11.x or newer and a lightning DCSD cable.
Q: How do I solve the 'damaged, move to trash' error?
A: Please download latest release, move Purple to /Applications, open Terminal.app and type 'sudo xattr -cr /Applications/Purple\ PRO.app' without quotes. Confirm with password. This is a temporary workaround, hopefully will be fixed soon.
Q: How can I solve 'error sending exploit'?
A: This software relies on pre-written exploits (checkm8 based) which sometimes may result unreliable and fail. If you get this error, reboot the device, re-connect it in DFU mode and retry. CATALINA USERS: please install brew from brew.sh and install libusb (in terminal type 'brew install libusb' without quotes before use the actual release. This is a temporary workaround, hopefully will be fixed soon.
Q: I can't get this software to work properly.
A: This software is currently in beta stage. Many errors and bug fixes will come along with updates.
Q: Will there be a Windows/Linux version?
A: No, sorry. The exploits on which this software relies are written for macOS only.