Fix Your Stuff Community Store

Apple's March 2019 refresh of its iPad Air tablet, sporting an A12 Bionic processor and a 10.5" screen.

40 Questions View all

Options

The Nand on cellular iPad is dead. Is it doomed?

It is an iPad Air3 Cellular model.

After replacing the nand chip, the ipad works normally. However, since the existing nand chip is completely dead, there is no way to extract the serial, Wi-Fi, and Bluetooth Mac addresses. (I tried the nand programmer, but I couldn't query any Mac addresses. The chip is completely dead.) Sadly, I don't even have a Mac address written down before, so there is no way to know it.

+For devices A12 and above, I understand that Mac Address is also stored in AP, and I was wondering if there is a way to extract it.

Answer this question I have this problem too

Is this a good question?

Yes No
Score 1
6 Comments

Why is the nand chip dead?

by

@wellbinn ok thats fine, why did you replace the last one?

by

@hampter probably because it died?

by

@hampter It was someone else's device, so I don't know its history. It was already broken when I got it. DFU recovery failed, so I tried various things to repair it, and after replacing the NAND, I succeeded in recovering iPadOS.

When I put the original NAND I extracted into the v1s pro programmer, it says it needs to be formatted. However, even after formatting, it outputs a message asking me to format it again.

When I try syscfg queries, they all fail. The only output is the NAND capacity and model name. Of course, I also tried NAND reball, but that didn't work either.

by

Show 1 more comment

Add a comment

2 Answers

Filter by:
Most Helpful Newest Oldest
Most Helpful Answer

Options

In theory there are decryption keys to these adresses stored in apples "secure enclave" there could be a way to exploit and read some of this information

You could also see if your home wifi router logs the devices Mac adresses that have been formerly connected to to.

If you have any previously paired Bluetooth devices they may also have unencypted Mac adresses cashed internally. I don't know enough about the Bluetooth protocol to be certain but from what I understand it's not very secure and there are certainly plenty of tools to diagnose and dedug Bluetooth communication.

See what a memory dump of any previously paired device yields.

In theory to the best of my knowledge it possible to find the information you need.

A custom solution and a lot of research and hardware hacking would be in order to fix this in practice.

So it's probably doomed unless you are really really good at hardware hacking.

You may be able to jailbreak the ipad, there is some 0day unpatchable hardware level exploits on a lot of apple devices. There are entire companies dedicated to breaking into and extracting information from smartphones to extract data for law enforcement and courts of law.

Was this answer helpful?

Yes No
Score 3

1 Comment:

Thank you for your answer.

It's been broken since I first received the device, so this ipad only has a history of wired to itunes in recovery mode. Sad.

by

Add a comment

Options

You can use a nand programmer p13 from JC for example and put a compatible nand in the programmer and format nand for a ipad air 3 and write/unbind wifi. Then solder Nand back on to Ipad and update firmware in dfu mode.

Try to activate the device over wifi and you will not bypass activation.

Remove nand from ipad and put it in nand programmer again and QueryCode//Unbind and choose fast mode. Wait untill process is done and you have the old serial wifi and bluetooth.

Was this answer helpful?

Yes No
Score 0

1 Comment:

I already own JC's NAND programmer. However, iPad Air 3 is an A12 chip, and starting with A12, AP also has a WIFI MAC address registered, so if you inject another MAC address into the NAND, activation is not possible. (Actually, I've already tested it with a different MAC address. I get an activation error.)

And as far as I know, even if the chip is less than A11, the cellular model cannot be activated only by WIFI/BT MAC change.

by

Add a comment

Add your answer

wellbinnn will be eternally grateful.
View Statistics:

Past 24 Hours: 1

Past 7 Days: 8

Past 30 Days: 69

All Time: 69