@amal , could/would/do you hand out the master key for an apex flex for having full access?
The master key for the APEX is only known to fidesmo, that’s a requirement for them to have a chance of supporting payment in the future.
But there is the FlexSecure which is the same chip but without fidesmo and default key
4 Likes
I see what you want to do, I wanted to develop an applet, but then realized if I get the master key I can edit my implant and any other apex too which is inconvenient for other apex users.
i would assume that fidesmo generates an unique key per chip
I hope so but I think they generate the unique keys based on that master key
Each ISD key is unique per device.
Could law enforcement gain access to private keys stored on the Apex Flex via getting either the master key or the unique key from Fidesmo?
That depends on who you’re talking about I suppose. If you’re referring to united states local or state police I seriously doubt they could compel a foreign company to release anything. If you piss off the feds then they might be able to make something happen, legally speaking.
Even if the agencies had received access to the Fidesmo ISD key, they still would have to somehow force you to scan your chip with their device. The private keys don’t just leave the chip on their own once you know the key.
Also, extracting the secret keys is really, really hard even if you know the ISD key. You either would have to use backdoors or zero-day exploits unpublished by NXP (assuming these even exist, which I doubt), or cut open the chip and use a raster electron microscope.
3 Likes