Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
IOS Iphone Operating Systems Privacy Security Software Apple

Key iPhone Source Code Gets Posted On GitHub (vice.com) 188

Jason Koebler shares a report from Motherboard: An anonymous person posted what experts say is the source code for a core component of the iPhone's operating system on GitHub, which could pave the way for hackers and security researchers to find vulnerabilities in iOS and make iPhone jailbreaks easier to achieve. The code is for "iBoot," which is the part of iOS that is responsible for ensuring a trusted boot of the operating system. It's the program that loads iOS, the very first process that runs when you turn on your iPhone. The code says it's for iOS 9, an older version of the operating system, but portions of it are likely to still be used in iOS 11. Bugs in the boot process are the most valuable ones if reported to Apple through its bounty program, which values them at a max payment of $200,000. "This is the biggest leak in history," Jonathan Levin, the author of a series of books on iOS and Mac OSX internals, told Motherboard in an online chat. "It's a huge deal." Levin, along with a second security researcher familiar with iOS, says the code appears to be the real iBoot code because it aligns with the code he reverse engineered himself.
This discussion has been archived. No new comments can be posted.

Key iPhone Source Code Gets Posted On GitHub

Comments Filter:
  • by Anonymous Coward on Wednesday February 07, 2018 @08:29PM (#56087033)

    I hope he was being silly and isn't actually dumb enough to believe this is the biggest leak in history. Jesus lol.

    • by darkain ( 749283 ) on Wednesday February 07, 2018 @08:34PM (#56087069) Homepage

      My very first thought was... Windows 2000 source code. How is iOS considered larger? In relative market dominance, when the 2k source code was released, Microsoft controlled significantly more market share than Apple does currently.

      • Comment removed based on user account deletion
        • by darkain ( 749283 ) on Wednesday February 07, 2018 @09:12PM (#56087217) Homepage

          Windows 2000: Version NT 5.0 (business OS only, like NT 4)
          Window XP: Version NT 5.1 (business and consumer OS, replacing NT/2000 and 9x)

          Their kernels were remarkably similar. Their releases were very close together. XP was simply 2000 with a skin and a few updated applications, otherwise they were essentially the same OS. Regardless of the actual install base of 2000, it was the core OS internals that migrated all of the multimedia and application code from 9x to the NT kernel. It was monumental.

          • by Hadlock ( 143607 )

            XP and WS2003 were remarkably similar; 2000 is probably pretty similar to 2003 but in terms of architecture and operational maturity the best example to compare to XP is WS2003.

            • Re: (Score:2, Informative)

              Comment removed based on user account deletion
              • What differences do you want to see between the desktop and server versions, other than server services DHCP, print, AD, DNS etc
                The Linux kernel and user land are pretty much the same between desktop and server maybe plus some tuning but you can go from server to desktop with a few package add/delete and back

                • What differences do you want to see between the desktop and server versions, other than server services DHCP, print, AD, DNS etc
                  The Linux kernel and user land are pretty much the same between desktop and server maybe plus some tuning but you can go from server to desktop with a few package add/delete and back

                  Exactly right. I've turned a couple of my old linux PCs into servers of various types depending, when the hardware finally got too ancient for daily desktop use. It was relatively easy and many had package managers that automated the package changes necessary for you. Heck, if you didn't mind the wasted resources/space, and wanted to leave the X server (or whichever other) and Gnome/KDE or whichever desktop you use intact, adding just a few packages will have you a server ready to configure in short order.

              • There was no Windows 2000. There was a Windows server 2000.
              • This is normal of Microsoft; taking what now is a desktop OS and bolting on features to make a Server edition,

                Examples:

                Windows 2000 --> Server 2000
                Windows XP --> Server 2003 and Server 2003 R2

                Server 2003 was slightly different and more developed than XP. Server 2003 "SP0" was roughly equivalent to XP SP1.

                When "Windows XP Professional x64 Edition" for x86-64 bit processors was released, it was actually based on Server 2003, and had the same service pack level as Server 2003, not WindowsXP.

                Other than that Microsoft kept NT Client and Server at identical kernels.

          • The kernels for those systems were similar because a great deal of them was authored by David Cutler and the engineers he brought along from DEC, previously responsible for VMS. It represented a large architectural shift from the DOS kernel and operating system previously used for Microsoft. If the theft of intellectual property involved there can be considered a leak, it might be comparable in size. It was certainly a large economic impact for DEC and Microsoft.

        • You have no clue what youâ(TM)re talking about. Windows ME was a disaster. 2000 was the first mostly stable, mostly plug and play OS Microsoft released. Windows 2000 was NT version 5.0. XP was NT version 5.1.

          That is to say that XP was Windows 2000 rebranded and repackaged with a different UI and Internet based Product Activation and marketed toward consumers because the NT code base provided to be better than the bastardized 95/98/ME codebase ever was.

          Windows 2000 is one of the best operating systems M

          • You have no clue what youâ(TM)re talking about. Windows ME was a disaster. 2000 was the first mostly stable, mostly plug and play OS Microsoft released.

            You have no clue how the real world works.

            You where "sheltered" from Microsoft's disasters, mostly by being a geek and thus having a clue, and likely because you were already working in some IT field (your enterprise's IT department) which was more likely to pay attention to the business line of Windows (WinNT 3.5, Win NT 4, Win 2000), or at least worked in a company whose IT department got business OS installed (either by ordering business line desktops from a manufacturer, or by buying license for a busin

        • Windows 2000 wasn't that popular. At that time most people were using 98 or ME, and the operating system they upgraded to was XP. 2000 was a relatively obscure system, respected, but no more popular than its predecessor, Windows NT 4.

          That said, WIndows was closed source. Significant parts of OS X are open source. I know less of iOS is open than, say, macOS, but it'd be interesting to know how much this really adds to the understanding of how iOS works.

          Windows 2000 source code was leaked in 2004. At that point XP and Server 2003 were the flagship products, though there was a very good chance that vulnerabilities found in 2000 were still relevant.

          Microsoft doesn’t completely rewrite their OS for every new version, they start with the source from a previous version. Consider “WannaCry”: Microsoft released patches for Windows XP through Windows 10. Consider that for every security patch, there’s usually a release for every supported v

      • by Anonymous Coward

        Also significant, as a result of the leak, large parts of Windows 2000 code was incorporated into the Linux kernel. This gave Linux a strong boost during a time that it was struggling against BSD.

        • by caseih ( 160668 )

          You remember incorrectly.

          It would be highly unlikely and highly improper if any Windows 2000 code found its way into the Linux kernel. And it would also be instantly known by Microsoft. Copyright is still copyright, even if proprietary code leaks. I think we can safely say there was no Windows 2000 code that found its way into the kernel. Furthermore I would bet kernel developers made it their policy to not even so much as look at the leaked code.

          It was this leak that really spooked Wine developers. I r

      • by pjt33 ( 739471 )

        My first thought was, "You must be kidding". My second thought was, "Who said that?"

        the author of a series of books on iOS and Mac OSX internals

        Explanation found. As far as the quoted individual is concerned, if it wasn't Apple it doesn't count.

      • by neoRUR ( 674398 )

        There was another quite big leak in 2003 of the Value Half-Life 2 Source Engine Code, the whole engine, that was quite a big thing.

        http://www.eurogamer.net/artic... [eurogamer.net]

        https://kotaku.com/that-time-a... [kotaku.com]

  • right to repair need to fight to keep this up! or apple will use this case to tell courts why we need to shut down sites with apple only doc's and tools.

  • by fred6666 ( 4718031 ) on Wednesday February 07, 2018 @08:33PM (#56087065)

    The bootloader of a phone would be the biggest leak in history?
    Wasn't the whole Windows code leaked? I think it was Windows 2000.

    • Re: (Score:2, Funny)

      by FFOMelchior ( 979131 )
      Snippet of leaked Windows 2000 code:

      if (true)
      Crash();
    • Wasn't the whole Windows code leaked? I think it was Windows 2000.

      Yeah, but nobody wanted to get any on them.

      Numerous parties have access to the Windows 2000 source code. Governments, corporations... Apple has not intentionally given the code to iBoot to anyone. And virtually all iOS devices are facing the public internet most of the time. Most Windows 2000 machines were corporate, and any corporation which doesn't firewall deserves to fail. Any corporation which doesn't firewall windows deserves to fail twice.

      • Most Windows 2000 machines were corporate, and any corporation which doesn't firewall deserves to fail. Any corporation which doesn't firewall windows deserves to fail twice.

        XP and Server 2003 were based on 2000 code. The 2000 code was leaked in 2004. It's very likely code for 2000 could be used to develop vulnerabilities that would affect XP.

    • Presumably he's talking about the impact, not the size. What did people do with the Windows source code? The governments that had the resources to look for security exploits in a codebase that large already had it, and everyone else was using binary fuzzing tools and didn't care about the source code. In contrast, this is the core of the trusted computing base for an iOS device: it's the thing that ensures that everything loaded subsequently is what the user expects. That said, it doesn't sound like it
      • I am pretty sure that outdated boot loader code will have pretty low impact. It could even have been open source like OS X kernel.

  • Link? (Score:5, Insightful)

    by johnsnails ( 1715452 ) on Wednesday February 07, 2018 @08:38PM (#56087083)
    why have an article like this with no clear links to the repo? Is it a legal reason?
    • Re:Link? (Score:5, Informative)

      by Anonymous Coward on Wednesday February 07, 2018 @08:43PM (#56087109)

      https://github.com/ZioShiba/iBoot

      • Re: (Score:1, Informative)

        by Anonymous Coward

        MENU_COMMAND_DEVELOPMENT(eload, do_eload, "tftp via ethernet from hardcoded inst
        all server", NULL);

                        env_set("serverip", "17.202.24.178", 0);
                        snprintf(cmdbuf, 128, "tftp getscript scripts/%s/%s.%s\n",

        LUL

        drivers/power/hdqgauge/hdqgauge.c is an interesting read too regarding batterygate.

    • by Anonymous Coward

      Github has a search function. Search it for 'iBoot' and you will find https://github.com/ZioShiba/iBoot

  • by 93 Escort Wagon ( 326346 ) on Wednesday February 07, 2018 @08:41PM (#56087097)

    Shouldn't this have been leaked on Pornhub rather than Github?

  • by Anonymous Coward
    We all know that closed source is inherently inferior; at least now we can have the whole world's eyeballs on it to look for security holes and let Apple know they are there. It's not open source, but it's the next best thing. Bravo.
  • How about storing the core components on a ROM that cannot be overwritten unless a hardware switch is set in the ON position.
    --

    I'll bet you're the kind of guy that hangs round Reddit fapping off over pictures of furries and yellow-scaled wingless dragonkin
    • by AHuxley ( 892839 )
      Depends who is collecting? NSA/GCHQ ? FBI? State, city police with a federal task force budget. State, city police with much less to buy contractor support with.
    • I'll bet you're the kind of guy that hangs round Reddit fapping off over pictures of furries and yellow-scaled wingless dragonkin.

      Link?

    • B/c the core components may need to be updated in certain circumstances.... such as when the source code for your bootloader leaks and gets exploited six ways to Sunday.

      • @StikyPad [slashdot.org]: "B/c the core components may need to be updated in certain circumstances.... such as when the source code for your bootloader leaks and gets exploited six ways to Sunday."

        Then I'll set the switch to read/write boot into update mode, update the core, then reboot back into normal mode. For normal operation you don't need write access to any core components. Which is simpler, try and protect the boot sequence from malicious compromise or set the core to read-only-memory.
  • Today, Apple has presented their newest, bestest and most proudly innovative i-product to be placed on the current market.

    Introducing the iBoot. With over 12 folders and a complete set of libraries, it is the best iLeaked series product to be ever placed on the market today. With jailbreak and vulnerabilities fix coming soon from your fellow developers, so why wait to commit on the code? Git your's today on Github.com!

  • Quick, somebody find the code that degrades performance based on device age!

  • by JeffElkins ( 977243 ) on Wednesday February 07, 2018 @09:40PM (#56087307)

    Allow open access to our mobile devices. I have root on any Mac/Windows/Linux system. By rights, I should have the same access on my tablets and phones.

    Crazy talk, huh?

    • I have root on any Mac/Windows/Linux system.

      Unless you turn off System Integrity Protection on your Mac, though, you're still blocked from accessing certain things...

  • I use a droid, but from what I've read Apple updates their phones pretty regularly. I'm sure Apple has a team of smart folks going over this code with a fine toothed comb, and any issues found will be patched soonish.

    Now had a similar chunk 'o 'droid code ended up on github..........
    • I'm sure Apple has a team of smart folks going over this code with a fine toothed comb, and any issues found will be fixed soonish.

      To be honest, since this code came from apple, I'd be quite suprised indeed if it was never checked for issues.

  • by Anonymous Coward

    "This source code first surfaced last year, posted by a Reddit user called “apple_internals” on the Jailbreak subreddit. That post didn’t get much attention since the user was new and didn’t have enough Reddit karma; the post was quickly buried. Its new availability on GitHub means it’s likely circulating widely in the underground jailbreaking community and in iOS hacking circles."

    I highly doubt there is anything useful in this file as there's enough apple folks on reddit to an

  • I wonder how much of the code is different from https://github.com/PureDarwin/ [github.com]
  • by bill_mcgonigle ( 4333 ) * on Thursday February 08, 2018 @12:19AM (#56087761) Homepage Journal

    Seriously, somebody posted the entire source code [android.com] to Android a while back.

  • Comment removed (Score:5, Insightful)

    by account_deleted ( 4530225 ) on Thursday February 08, 2018 @01:07AM (#56087853)
    Comment removed based on user account deletion
    • Re:Isn't it time? (Score:4, Informative)

      by cmseagle ( 1195671 ) on Thursday February 08, 2018 @05:23AM (#56088287)

      There is literally no legitimate reason

      Tinkering with some devices can kill people. Cars, for example. I don't want to be driving down the highway at 80mph next to the amateur who rooted his car's ECM, bypassing safety features in order squeeze out a few extra horsepower, probably following the steps of a Youtube video tutorial.

      • So you're willing to trade Safety for Freedom? You deserve neither.
        • I'm also willing to trade my freedom to shout "Fire!" in a crowded theater in exchange for the safety of not dying in a stampede. No freedom is absolute. That's the philosophy underpinning modern Western society going back to Hobbes and Locke. Individuals sacrifice their natural right to absolute freedom in exchange for the safety and stability that comes with living in a society where people aren't free to rob and murder each other.

          Besides, the Ben Franklin quote you're paraphrasing doesn't mean what you [npr.org]

      • by Anonymous Coward

        >Tinkering with some devices can kill people. Cars, for example. I don't want to be driving down the highway at 80mph next to the amateur who rooted his car's ECM, bypassing safety features in order squeeze out a few extra horsepower, probably following the steps of a Youtube video tutorial.

        I and many others do that, it's perfectly legal to do it (as it should) and I drive such a car, right next to you.

        If I end up killing myself or others (unlikely because car tinkerers are actually knowledgeable because

      • by Anonymous Coward

        You do realize this already happens, right? People install modifiable ECUs into cars all the time for the purpose of getting more horsepower. It's been around for ages at this point.

        • Dunno about ages but I did this on a friends car long enough ago that to change the injection tables I had to peal back a sticker on a UV erasable EPROM before re-loading. Before that it would have been tuning an analogue paid controller and before that it would have been adjusting a carburetor. No one thinks of that as weird because end users often had to do it.

    • It should be illegal to manufacture, or offer for sale any device which has a privilege level technically feasible yet unattainable.

      On the other hand, due to how things are licensed, it would be illegal for a device to allow someone to emit on frequencies for which that individual doesn't hold a license.
      You, as a end-user don't hold a license to operate on licensed 3G/4G frequencies, so you can't hack these.
      The manufacturer of your phone and the service provider you use are the one hold the license permitting them to emit on these frequencies so they get to decide what you phone does, because they have to comply to some regulations.

      For

    • by AmiMoJo ( 196126 )

      Sometimes there are good reasons to stop people updating code. Cellular modems is a good example - the cell network is shared and only functions because all devices connected to it behave. If people could mod their phone's to hog bandwidth at the expense of other users, it wouldn't be a good thing.

      On the other hand there is no reason for the main OS to be open.

    • by Ed_1024 ( 744566 )

      "It should be illegal to manufacture, or offer for sale any device which has a privilege level technically feasible yet unattainable. There is literally no legitimate reason our society should allow non-rootable devices to exist. It's time for the practice to end."

      Hmm. I can see where you are coming from in terms of "rights" but, personally, I would like to retain the option to buy a device that wasnt accessible/rootable at deep levels by myself because that would make it much more difficult for a third par

    • Isn't it time to get some new laws on the books that recognize an individual's rights to be a superuser on their own equipment?

      It should be illegal to manufacture, or offer for sale any device which has a privilege level technically feasible yet unattainable. There is literally no legitimate reason our society should allow non-rootable devices to exist. It's time for the practice to end.

      "Your honor, this device was not sold to the customer. Apple retains full ownership of the device, as per the EULA he agreed to. The receipt provided is for a license to utilize the device, charged as a one-time fee."

      And that's how that's done.

      Don't get me wrong, I fully agree with you, but the OEM remaining the owner is the loophole used to get around this problem.

    • Isn't it time to get some new laws on the books that recognize an individual's rights to be a superuser on their own equipment?

      Not necessarily. You can rent or lease equipment.

      What needs to happen is a clear legal delineation between a purchase agreement and a lease agreement. If you buy your phone, you should have full superuser rights to it, the ability to repair it without the manufacturing designing in pitfalls to coerce you into buying a new replacement instead, the ability to change or modify th

  • by hcs_$reboot ( 1536101 ) on Thursday February 08, 2018 @01:14AM (#56087873)
    "The code says it's for iOS 9, an older version of the operating system, but portions of it are likely to still be used in iOS 11"
    Impossible. Used both. iOS 9 was working fine. iOS 11 is a bug nest.
  • This little pragma gem exists to prevent pineapples [instructables.com], presumably: /* This command is not used by release products other than those allowed to perform restore boot. */
    #if WITH_RECOVERY_MODE && (!RELEASE_BUILD || WITH_RESTORE_BOOT)
    MENU_COMMAND(setpicture, do_setpict, "set the image on the display", NULL);
    #endif

  • by Viol8 ( 599362 ) on Thursday February 08, 2018 @05:24AM (#56088289) Homepage

    This boot loader consists of:

    13 python tool files (what, not Swift Apple?)
    ONE objective-C file (a test program)
    16 C++ files which seem to be library related

    767 C files + 1196 C .h header files.

    C dying? I don't think so.

    • C is the correct choice if your goal is to implement an operating system. That's what C is FOR. That's why it was invented, a bunch of hackers needed to implement the UNIX operating system and created a language to do it.
  • by Anonymous Coward
  • You can also try using these iPhone secret codes [techuncle.net] to explore more of iphone :D

A computer lets you make more mistakes faster than any other invention, with the possible exceptions of handguns and Tequilla. -- Mitch Ratcliffe

Working...