This knowledge base released by MiniTool team introduces you with a rare and advanced data backup technology – NAND mirroring. It becomes well-known thanks to the practice by U.S. FBI. Read the following content to learn the step-by-step instruction of NAND mirroring.
What Is NAND Mirroring?
Typically, NAND mirroring is a kind of hardware-based technology used to break mobile devices’ security that takes advantage of NAND flash memory chips to perform encryption.
This term becomes popular when it is suggested that NAND mirroring is how the United States Federal Bureau of Investigation (FBI) breaks into the mobile phone of Syed Rizwan Farook, one of the perpetrators of a 2015 terrorist attack in San Bernardino, California.
How Does iPhone Nand Mirroring Work?
NAND mirroring is commonly associated with Apple’s iPhone 5C whose encryption security is in the NAND chip itself. That makes it impossible to hack the encryption separate from the chip.
If you try to input the correct encryption password but fail more than ten times, the encryption security of the iPhone will make the NAND chip useless. In general, it will prevent the chip from reading or writing data.
NAND Mirroring iPhone Steps
- De-soldering and removing the NAND flash memory chip from the mainboard of the mobile device.
- Place the chip in a separate device that allows the chip to be mirrored or cloned onto another chip. That can be a set of identical yet empty NAND chips or a field-programmable gate array (FPGA) chip. If you use the identical NAND chip, you need to prepare multiple better tens of chips and mirrored them with the original chip.
- No matter which type of chip you select, the mirrored chip will be placed into a separate device connected to the original device’s NAND chip socket. Thus, it seems that the original NAND chip is installed.
- Then, NAND mirroring software on the external device will run a series of password attempts until the security feature is triggered and the NAND-mirroring chip is rendered useless.
- If you use the identical chip, just replace the useless chip with another mirrored chip and try again until you finally find the right personal identification number (PIN) and unlock the phone. If you use the FPGA NAND chip, you don’t need to replace the physical chip but just re-mirror the current chip and try again.
Identical NAND Chip vs FPGA NAND Chip
For identical NAND chips, the current useless mirror is discarded and a new mirror chip is placed in for another 10 attempts at guessing the password. Whereas for an FPGA chip, it is mirrored again and the process of making 10 guesses begins once more.
The advantage of the FPGA is that it does not require to be physically swapped every time the 10-attempt limitation is reached. It simply needs to be re-mirrored. While the advantage of identical NAND mirroring chips is that they are much cheaper than FPGA chips.
The Possibility of NAND Mirroring
Since the FBI hasn’t confirmed how it managed to get access to Syed Rizwan Farook’s iPhone 5C, there isn’t evidence that NAND mirroring has worked in the field.
In the wake of all the speculation after the FBI announced that it did have access to the mobile phone, Dr. Sergei Skorobogatov, a senior research associate in the security group at the Computer Laboratory at the University of Cambridge, demonstrated that NAND mirroring is possible by adopting brute force guessing technology to break 4-digit password security on an iPhone 5C in 40 hours.
What’s more, in a research paper published by Skorobogatov, he estimated that it will cost hundreds of hours to break a 6-digit PIN on an iPhone. Anyhow, NAND mirroring is possible.
Potential Risks of NAND Mirroring
Although NAND-mirroring is possible, it runs the risk of destroying the device. Therefore, if you haven’t got your data backed up or transferred off the smartphone before performing NAND mirroring, you will lose all of them.