メインコンテンツにスキップ

2019年3月に発売されたA12 Bionic チップ、10.5インチスクリーンのiPad Air です。

40回答 すべてを表示

The Nand on cellular iPad is dead. Is it doomed?

It is an iPad Air3 Cellular model.

After replacing the nand chip, the ipad works normally. However, since the existing nand chip is completely dead, there is no way to extract the serial, Wi-Fi, and Bluetooth Mac addresses. (I tried the nand programmer, but I couldn't query any Mac addresses. The chip is completely dead.) Sadly, I don't even have a Mac address written down before, so there is no way to know it.

+For devices A12 and above, I understand that Mac Address is also stored in AP, and I was wondering if there is a way to extract it.

この質問に回答する 同じ問題があります

この質問は役に立ちましたか?

スコア 1
6 件のコメント

Why is the nand chip dead?

さんによる

@hampter idk...

さんによる

@wellbinn ok thats fine, why did you replace the last one?

さんによる

@hampter probably because it died?

さんによる

@hampter It was someone else's device, so I don't know its history. It was already broken when I got it. DFU recovery failed, so I tried various things to repair it, and after replacing the NAND, I succeeded in recovering iPadOS.

When I put the original NAND I extracted into the v1s pro programmer, it says it needs to be formatted. However, even after formatting, it outputs a message asking me to format it again.

When I try syscfg queries, they all fail. The only output is the NAND capacity and model name. Of course, I also tried NAND reball, but that didn't work either.

さんによる

1以上のコメントを表示

コメントを追加

3件の回答

最も参考になった回答

In theory there are decryption keys to these adresses stored in apples "secure enclave" there could be a way to exploit and read some of this information

You could also see if your home wifi router logs the devices Mac adresses that have been formerly connected to to.

If you have any previously paired Bluetooth devices they may also have unencypted Mac adresses cashed internally. I don't know enough about the Bluetooth protocol to be certain but from what I understand it's not very secure and there are certainly plenty of tools to diagnose and dedug Bluetooth communication.

See what a memory dump of any previously paired device yields.

In theory to the best of my knowledge it possible to find the information you need.

A custom solution and a lot of research and hardware hacking would be in order to fix this in practice.

So it's probably doomed unless you are really really good at hardware hacking.

You may be able to jailbreak the ipad, there is some 0day unpatchable hardware level exploits on a lot of apple devices. There are entire companies dedicated to breaking into and extracting information from smartphones to extract data for law enforcement and courts of law.

このアンサーは役に立ちましたか?

スコア 3

1件のコメント:

Thank you for your answer.

It's been broken since I first received the device, so this ipad only has a history of wired to itunes in recovery mode. Sad.

さんによる

コメントを追加

You can use a nand programmer p13 from JC for example and put a compatible nand in the programmer and format nand for a ipad air 3 and write/unbind wifi. Then solder Nand back on to Ipad and update firmware in dfu mode.

Try to activate the device over wifi and you will not bypass activation.

Remove nand from ipad and put it in nand programmer again and QueryCode//Unbind and choose fast mode. Wait untill process is done and you have the old serial wifi and bluetooth.

このアンサーは役に立ちましたか?

スコア 1

3 件のコメント:

I already own JC's NAND programmer. However, iPad Air 3 is an A12 chip, and starting with A12, AP also has a WIFI MAC address registered, so if you inject another MAC address into the NAND, activation is not possible. (Actually, I've already tested it with a different MAC address. I get an activation error.)

And as far as I know, even if the chip is less than A11, the cellular model cannot be activated only by WIFI/BT MAC change.

さんによる

yes bur you are not supposed to pass activate with wrong serial and bt/wifi rather Get the original serial and Mac adresses by connecting to the act. server with the wrong serial/bt/wifi. After you try activate the a12+ iPad it will send information from and back to iPad. With that info you can obtain the original serial, bt and wifi from p13 reader with quary option on the new nand.

さんによる

Does it mean that the Apple activation server has a serial address and a bt/wifi address?

But how can I read it? I'm trying to activate it but nothing shows up except an error message...You told me to query NAND after the activation attempt, but will the server's mac address data come into NAND if I try to activate it with the wrong serial?

さんによる

コメントを追加

While I’m no expert on iPad NAND programming I think your best bet is finding a junker to swap out the NAND. Basically the chip is to far gone to salvage the needed data, a still good NAND from a compatible system even if it’s addresses are different should work.

このアンサーは役に立ちましたか?

スコア 0

3 件のコメント:

It is my understanding that Apple devices A12~A13 have the Wi-Fi/BT mac address hardcoded into the AP. Even when replacing the nand, it cannot be activated unless the original mac address is written to the nand. Rather, starting with A14, MAC addresses are stored only in APs, so it doesn't matter if existing NANDs are damaged.

さんによる

@wellbinn - That doesn’t make sense, it would either be programmed within the Apple/Universal Scientific Industrial USI 339S00551 Wi-Fi/Bluetooth Module or held within the NAND. If it was programmed then the chips markings should give you a clue. The more elegant way is to use the NAND in a protected cell area.

さんによる

@danj But there's no way to read syscfg in this broken nand. I've tried several ways, but the programmer still hasn't been able to query syscfg in nand.

さんによる

コメントを追加

回答を追加する

wellbinnn さん、ありがとうございました!
統計データ:

過去 24時間: 21

過去 7 日: 30

過去 30 日: 101

今までの合計 101