Interesting. I assume this is mostly used to "wash" stolen devices to make them appear legitimate for resale? I'm surprised Apple designed the hardware to allow this without any sort of authentication.

You can't "dump" a TPM. That's the whole point. They are designed such that the cryptographic secrets they hold (including ones loaded at manufacturing) are unrecoverable without an electron microscope and nation-state level resources (and even then, it would be extremely difficult if not impossible on modern process nodes).

> You can't "dump" a TPM.

> unrecoverable without an electron microscope and nation-state level resources (and even then, it would be extremely difficult if not impossible on modern process nodes).

Oh, so you can. It's only a matter of time.

Even with an electron microscope you wouldn't extract a root key it would just be a device key which they would then ban.

There's plenty that one would be able to do with a device key before it is banned.

My (very limited) understanding is that this "validation data" is related to the certificate generation (see [0]). So if the app isn't emulating this on device, and instead calling out to a Beeper server that is hosting the Apple binary, is this a potential security risk? Is it possible to use the data that gets sent off device to derive the client encryption key? If so, that would be a huge security hole in this implementation, completely negating their claim of maintaining secure E2E encryption.

[0]: https://www.reddit.com/r/beeper/comments/18duom1/is_beeper_m...

I didn't implement all the IDS stuff, but I am pretty sure the certificate is not used at all to derive keys for anything related to iMessage. I think it is used to attest that the device running it is running Apple software, and it may generate keys to make that an identifier to Apple (probably also because the user may not have any Apple account, so they have to generate another identifier for that purpose).

Sure, if you consider 3,200 feet as "measured in feet" [1]. Anything can technically be measured in feet. When you said that I assumed you meant they were like 20-30 feet thick, not over half a mile.

[1] http://coolcosmos.ipac.caltech.edu/ask/108-How-large-are-Sat....

From a NASA website[0]: Saturn’s rings are incredibly thin. The main rings are generally only about 30 feet (10 meters) thick, though parts of the main and other rings can be more than a mile, or several kilometers, thick.

[0] https://hubblesite.org/quick-facts/all-quick-facts

That's still pretty damn thin, relative to the size of the rings. An interesting quote from your link:

"If you had a model of Saturn that was a meter stick wide (3 feet), its rings would be about 10,000 times thinner than a razor blade!"

Is this datasheet available outside of CSDN? Do you by chance have a copy you would be willing to share?

This would hardly fit the description of a chip "smaller than a grain of rice", though.

I know this isn't what you are looking for, but generally I've found that playing around with Typecast.com for just a few minutes gets me to something that I like and that fits whatever site I'm designing for. Pick a few fonts from the Popular fonts category, and play around until you find something that you like.