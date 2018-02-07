Slashdot is powered by your submissions, so send in your scoop

 


Key iPhone Source Code Gets Posted On GitHub (vice.com)

Posted by BeauHD
Jason Koebler shares a report from Motherboard: An anonymous person posted what experts say is the source code for a core component of the iPhone's operating system on GitHub, which could pave the way for hackers and security researchers to find vulnerabilities in iOS and make iPhone jailbreaks easier to achieve. The code is for "iBoot," which is the part of iOS that is responsible for ensuring a trusted boot of the operating system. It's the program that loads iOS, the very first process that runs when you turn on your iPhone. The code says it's for iOS 9, an older version of the operating system, but portions of it are likely to still be used in iOS 11. Bugs in the boot process are the most valuable ones if reported to Apple through its bounty program, which values them at a max payment of $200,000. "This is the biggest leak in history," Jonathan Levin, the author of a series of books on iOS and Mac OSX internals, told Motherboard in an online chat. "It's a huge deal." Levin, along with a second security researcher familiar with iOS, says the code appears to be the real iBoot code because it aligns with the code he reverse engineered himself.

Key iPhone Source Code Gets Posted On GitHub

  • "This is the biggest leak in history," - Get bent! (Score:2, Interesting)

    by Anonymous Coward

    I hope he was being silly and isn't actually dumb enough to believe this is the biggest leak in history. Jesus lol.

    • Re: (Score:2, Informative)

      by darkain ( 749283 )

      My very first thought was... Windows 2000 source code. How is iOS considered larger? In relative market dominance, when the 2k source code was released, Microsoft controlled significantly more market share than Apple does currently.

      • Windows 2000 wasn't that popular. At that time most people were using 98 or ME, and the operating system they upgraded to was XP. 2000 was a relatively obscure system, respected, but no more popular than its predecessor, Windows NT 4.

        That said, WIndows was closed source. Significant parts of OS X are open source. I know less of iOS is open than, say, macOS, but it'd be interesting to know how much this really adds to the understanding of how iOS works.

        • Re:"This is the biggest leak in history," - Get be (Score:4, Insightful)

          by darkain ( 749283 ) on Wednesday February 07, 2018 @09:12PM (#56087217) Homepage

          Windows 2000: Version NT 5.0 (business OS only, like NT 4)
          Window XP: Version NT 5.1 (business and consumer OS, replacing NT/2000 and 9x)

          Their kernels were remarkably similar. Their releases were very close together. XP was simply 2000 with a skin and a few updated applications, otherwise they were essentially the same OS. Regardless of the actual install base of 2000, it was the core OS internals that migrated all of the multimedia and application code from 9x to the NT kernel. It was monumental.

          • Re: (Score:2)

            by Hadlock ( 143607 )

            XP and WS2003 were remarkably similar; 2000 is probably pretty similar to 2003 but in terms of architecture and operational maturity the best example to compare to XP is WS2003.

            • This is normal of Microsoft; taking what now is a desktop OS and bolting on features to make a Server edition,

              Examples:

              Windows 2000 --> Server 2000
              Windows XP --> Server 2003 and Server 2003 R2
              Windows Vista --> Server 2008
              Windows 7 --> Server 2008 R2
              Windows 8 --> Server 2012
              Windows 8.1 --> Server 2012 R2
              Windows 10 --> Server 2016 (Xbox services, really, WTF????)

              Speaking of Server 2016, damn, was that rushed. It was a total bolt-on to Windows 10. MS didn't even hide the fact.

          • The kernels for those systems were similar because a great deal of them was authored by David Cutler and the engineers he brought along from DEC, previously responsible for VMS. It represented a large architectural shift from the DOS kernel and operating system previously used for Microsoft. If the theft of intellectual property involved there can be considered a leak, it might be comparable in size. It was certainly a large economic impact for DEC and Microsoft.

  • ... on the pooch screwing. How much can a pooch take?

    • The pooch in this case (Apple users) are a realllly big and forgiving pooch. So there's a lot of screwing it can take. By a lot, I mean the dog is the size of a trainload of elephants who all like a good reaming, since they keep coming back for more on a daily basis.

      • Jeeze dude... did an apple user hurt you somehow? This is a metaphorical pooch!

      • So Apple's billions in the bank is because their customers are a bunch of dolts who take it straight up the ass and not because their product(s) might be useful to (or god forbid, preferred by) millions upon millions of customers?

        Gee whiz!

        Apple's recent gaffs have been stupendous, that's for sure. But really, other than a handful of geeks on the Internet, nobody really gives a shit.

        --Android User

    • There's very little a company can do to prevent a determined programmer from leaking source code. Source is easily copied, and relatively small, and a module's source has to be present in its entirety on a local machine to compile. Thumb drives are tiny and easily hidden. Programmer's machines, by nature, can't easily be locked down.

      What exactly would you suggest they do to prevent leaks like this?

  • right to repair need to fight to keep this up! or apple will use this case to tell courts why we need to shut down sites with apple only doc's and tools.

  • biggest leak in history (Score:3)

    by fred6666 ( 4718031 ) on Wednesday February 07, 2018 @08:33PM (#56087065)

    The bootloader of a phone would be the biggest leak in history?
    Wasn't the whole Windows code leaked? I think it was Windows 2000.

  • why have an article like this with no clear links to the repo? Is it a legal reason?

    • Re: (Score:1)

      by Anonymous Coward

      https://github.com/ZioShiba/iBoot

    • Lazy (Score:1)

      by Anonymous Coward

      Github has a search function. Search it for 'iBoot' and you will find https://github.com/ZioShiba/iBoot

  • Shouldn't this have been leaked on Pornhub rather than Github?

  • No real issue here (Score:1)

    by Anonymous Coward
    We all know that closed source is inherently inferior; at least now we can have the whole world's eyeballs on it to look for security holes and let Apple know they are there. It's not open source, but it's the next best thing. Bravo.
  • How about storing the core components on a ROM that cannot be overwritten unless a hardware switch is set in the ON position.
    --

    I'll bet you're the kind of guy that hangs round Reddit fapping off over pictures of furries and yellow-scaled wingless dragonkin

    • Re: (Score:2)

      by AHuxley ( 892839 )
      Depends who is collecting? NSA/GCHQ ? FBI? State, city police with a federal task force budget. State, city police with much less to buy contractor support with.

    • I'll bet you're the kind of guy that hangs round Reddit fapping off over pictures of furries and yellow-scaled wingless dragonkin.

      Link?

  • Today, Apple has presented their newest, bestest and most proudly innovative i-product to be placed on the current market.

    Introducing the iBoot. With over 12 folders and a complete set of libraries, it is the best iLeaked series product to be ever placed on the market today. With jailbreak and vulnerabilities fix coming soon from your fellow developers, so why wait to commit on the code? Git your's today on Github.com!

  • Quick, somebody find the code that degrades performance based on device age!

  • Allow open access to our mobile devices. I have root on any Mac/Windows/Linux system. By rights, I should have the same access on my tablets and phones.

    Crazy talk, huh?

    • I have root on any Mac/Windows/Linux system.

      Unless you turn off System Integrity Protection on your Mac, though, you're still blocked from accessing certain things...

  • I use a droid, but from what I've read Apple updates their phones pretty regularly. I'm sure Apple has a team of smart folks going over this code with a fine toothed comb, and any issues found will be patched soonish.

    Now had a similar chunk 'o 'droid code ended up on github..........

    • I'm sure Apple has a team of smart folks going over this code with a fine toothed comb, and any issues found will be fixed soonish.

      To be honest, since this code came from apple, I'd be quite suprised indeed if it was never checked for issues.

  • I wonder how much of the code is different from https://github.com/PureDarwin/ [github.com]

