Research project: Security Analysis of Apple iPhone 5c

iPhone 5c NAND mirroring attack: proof-of-concept

The original NAND Flash memory chip from iPhone 5c was successfully cloned using inexpensive tools. Multiple cloned chips can be used to bring the passcode retry counter to its original state. That way a 4-digit passcode can be guessed in less than 1 day.

The full research paper titled "The bumpy road towards iPhone 5c NAND mirroring" was published on 14 September 2016. Here is the link to it:
Sergei Skorobogatov: The bumpy road towards iPhone 5c NAND mirroring. arXiv:1609.04327, September 2016

The demonstration video of the NAND mirroring is available on YouTube.

The process of desoldering the NAND Flash chip is now on YouTube. Everyone can see how simple it is even for iPhone 7.

If anyone is in doubt that the iPhone 7 is still fully working after the NAND chip was wired back, please see this video on YouTube.

Please also read our Security Group Blog Light Blue Touchpaper.

Sergei Skorobogatov <Sergei.Skorobogatov (at)>
last modified 26-09-2016 --