Just to add some context to this - @ghidraninja has managed to gain SWD access to the nRF52832 system-on-chip on the AirTags. This has internal flash that stores the firmware of the device.

@colinoflynn had already pulled the external SPI flash chip contents. https://twitter.com/ghidraninja/status/1391148503196438529

The CPUID matches for the nRF52832. It's a commodity part that is used in a lot of BLE devices. There are known bypasses for the security on the nRF52 series:

https://limitedresults.com/2020/06/nrf52-debug-resurrection-approtect-bypass/

However, it wouldn't surprise me to find that @ghidraninja found another way.

We can tell it's a good read as they display 16 words from address 0x0, the first is the initial stack point (in RAM at 0x20000400) and the next the reset vector (flash, at 0x000008e9).

Recovering the firmware from the AirTags will lead to understanding how they are working in much greater depth.

The bootloader and firmware update mechanisms can be examined to see if there are any OTA exploitable issues.

Getting an active, working SWD session on one of these devices allows dynamic analysis as well.

It may be that any private keys stored on the device were in this flash. We don't know yet.

There's also the chance the Apple U1 transceiver chip contains key material, or some kind of secure element like functionality.

The U1 has a QR type code on the top of it. Which means it could be an individualised part with interesting stuff on it.

So it's important to put this great work into context. It's a break in a security control, sure. But it's not game over for the AirTags.

Apple know what they are doing. They design a lot of hardware. They can make their own silicon.

It's hard to imagine that they didn't realise the nRF52 series were vulnerable.

It's also hard to imagine that their threat model didn't include people like @ghidraninja