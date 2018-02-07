Key iPhone Source Code Gets Posted On GitHub (vice.com) 122
Jason Koebler shares a report from Motherboard: An anonymous person posted what experts say is the source code for a core component of the iPhone's operating system on GitHub, which could pave the way for hackers and security researchers to find vulnerabilities in iOS and make iPhone jailbreaks easier to achieve. The code is for "iBoot," which is the part of iOS that is responsible for ensuring a trusted boot of the operating system. It's the program that loads iOS, the very first process that runs when you turn on your iPhone. The code says it's for iOS 9, an older version of the operating system, but portions of it are likely to still be used in iOS 11. Bugs in the boot process are the most valuable ones if reported to Apple through its bounty program, which values them at a max payment of $200,000. "This is the biggest leak in history," Jonathan Levin, the author of a series of books on iOS and Mac OSX internals, told Motherboard in an online chat. "It's a huge deal." Levin, along with a second security researcher familiar with iOS, says the code appears to be the real iBoot code because it aligns with the code he reverse engineered himself.
I hope he was being silly and isn't actually dumb enough to believe this is the biggest leak in history. Jesus lol.
My very first thought was... Windows 2000 source code. How is iOS considered larger? In relative market dominance, when the 2k source code was released, Microsoft controlled significantly more market share than Apple does currently.
Windows 2000 wasn't that popular. At that time most people were using 98 or ME, and the operating system they upgraded to was XP. 2000 was a relatively obscure system, respected, but no more popular than its predecessor, Windows NT 4.
That said, WIndows was closed source. Significant parts of OS X are open source. I know less of iOS is open than, say, macOS, but it'd be interesting to know how much this really adds to the understanding of how iOS works.
Windows 2000: Version NT 5.0 (business OS only, like NT 4)
Window XP: Version NT 5.1 (business and consumer OS, replacing NT/2000 and 9x)
Their kernels were remarkably similar. Their releases were very close together. XP was simply 2000 with a skin and a few updated applications, otherwise they were essentially the same OS. Regardless of the actual install base of 2000, it was the core OS internals that migrated all of the multimedia and application code from 9x to the NT kernel. It was monumental.
XP and WS2003 were remarkably similar; 2000 is probably pretty similar to 2003 but in terms of architecture and operational maturity the best example to compare to XP is WS2003.
This is normal of Microsoft; taking what now is a desktop OS and bolting on features to make a Server edition,
Examples:
Windows 2000 --> Server 2000
Windows XP --> Server 2003 and Server 2003 R2
Windows Vista --> Server 2008
Windows 7 --> Server 2008 R2
Windows 8 --> Server 2012
Windows 8.1 --> Server 2012 R2
Windows 10 --> Server 2016 (Xbox services, really, WTF????)
Speaking of Server 2016, damn, was that rushed. It was a total bolt-on to Windows 10. MS didn't even hide the fact.
What differences do you want to see between the desktop and server versions, other than server services DHCP, print, AD, DNS etc
The Linux kernel and user land are pretty much the same between desktop and server maybe plus some tuning but you can go from server to desktop with a few package add/delete and back
What differences do you want to see between the desktop and server versions, other than server services DHCP, print, AD, DNS etc
The Linux kernel and user land are pretty much the same between desktop and server maybe plus some tuning but you can go from server to desktop with a few package add/delete and back
Exactly right. I've turned a couple of my old linux PCs into servers of various types depending, when the hardware finally got too ancient for daily desktop use. It was relatively easy and many had package managers that automated the package changes necessary for you. Heck, if you didn't mind the wasted resources/space, and wanted to leave the X server (or whichever other) and Gnome/KDE or whichever desktop you use intact, adding just a few packages will have you a server ready to configure in short order.
The kernels for those systems were similar because a great deal of them was authored by David Cutler and the engineers he brought along from DEC, previously responsible for VMS. It represented a large architectural shift from the DOS kernel and operating system previously used for Microsoft. If the theft of intellectual property involved there can be considered a leak, it might be comparable in size. It was certainly a large economic impact for DEC and Microsoft.
You have no clue what youâ(TM)re talking about. Windows ME was a disaster. 2000 was the first mostly stable, mostly plug and play OS Microsoft released. Windows 2000 was NT version 5.0. XP was NT version 5.1.
That is to say that XP was Windows 2000 rebranded and repackaged with a different UI and Internet based Product Activation and marketed toward consumers because the NT code base provided to be better than the bastardized 95/98/ME codebase ever was.
You have no clue what youâ(TM)re talking about. Windows ME was a disaster. 2000 was the first mostly stable, mostly plug and play OS Microsoft released.
You have no clue how the real world works.
You where "sheltered" from Microsoft's disasters, mostly by being a geek and thus having a clue, and likely because you were already working in some IT field (your enterprise's IT department) which was more likely to pay attention to the business line of Windows (WinNT 3.5, Win NT 4, Win 2000), or at least worked in a company whose IT department got business OS installed (either by ordering business line desktops from a manufacturer, or by buying license for a busin
You remember incorrectly.
It would be highly unlikely and highly improper if any Windows 2000 code found its way into the Linux kernel. And it would also be instantly known by Microsoft. Copyright is still copyright, even if proprietary code leaks. I think we can safely say there was no Windows 2000 code that found its way into the kernel. Furthermore I would bet kernel developers made it their policy to not even so much as look at the leaked code.
It was this leak that really spooked Wine developers. I r
The AC doesn't "remember" squat. Don't feed the troll.
Gee whiz!
Apple's recent gaffs have been stupendous, that's for sure. But really, other than a handful of geeks on the Internet, nobody really gives a shit.
--Android User
There's very little a company can do to prevent a determined programmer from leaking source code. Source is easily copied, and relatively small, and a module's source has to be present in its entirety on a local machine to compile. Thumb drives are tiny and easily hidden. Programmer's machines, by nature, can't easily be locked down.
What exactly would you suggest they do to prevent leaks like this?
They should treat their programmers really nice then. And try not to hire crazy ones.
There's very little a company can do to prevent a determined programmer from leaking source code. Source is easily copied, and relatively small, and a module's source has to be present in its entirety on a local machine to compile. Thumb drives are tiny and easily hidden. Programmer's machines, by nature, can't easily be locked down.
What exactly would you suggest they do to prevent leaks like this?
What I would do is develop a Source Code Control system that put canaries into the checked-out source which are different for each login (e.g., different white spacing in comments, little bits of code reordering, local variable name substitution, etc). It wouldn't do anything to prevent a determined leak (like a snowden, or a chelsea), but perhaps put the fear of retribution into potential leakers hopefully to reduce the actual probability of a leak...
That may be true, but it's also the case that there's very little anyone else can do to prevent Apple from tracing the source of the leak and providing that information to its lawyers. Theft of company property is still a crime, even if the company is Apple.
Programmer's machines, by nature, can't easily be locked down.
Nonsense! They most certainly can! Programmers aren't IT. They don't even need Administrator for testing in most cases, and when they do, they can do it in a VM.
right to repair need to fight to keep this up! (Score:1)
right to repair need to fight to keep this up! or apple will use this case to tell courts why we need to shut down sites with apple only doc's and tools.
biggest leak in history (Score:3)
The bootloader of a phone would be the biggest leak in history?
Wasn't the whole Windows code leaked? I think it was Windows 2000.
if (true)
Crash();
You forgot to put that inside an infinite loop.
Wasn't the whole Windows code leaked? I think it was Windows 2000.
Yeah, but nobody wanted to get any on them.
Numerous parties have access to the Windows 2000 source code. Governments, corporations... Apple has not intentionally given the code to iBoot to anyone. And virtually all iOS devices are facing the public internet most of the time. Most Windows 2000 machines were corporate, and any corporation which doesn't firewall deserves to fail. Any corporation which doesn't firewall windows deserves to fail twice.
Link?
https://github.com/ZioShiba/iBoot
https://github.com/ZioShiba/iBoot
Lazy (Score:1)
Github has a search function. Search it for 'iBoot' and you will find https://github.com/ZioShiba/iBoot
ANNNNNNNNNNddd.. It's gone!
Re: (Score:2)
No real issue here
Big leak huh?
Oh, THAT kind of leak.
How to secure the iPhone's operating system
The "ROM" where cryptographic keys are stored is actually a special type of flash memory. It's more accurate to say "Write Once Memory".
... but that doesn't sound very cool. WOM WOM WOM...
WORM - Write Once Read Many
Link?
Link?
B/c the core components may need to be updated in certain circumstances.... such as when the source code for your bootloader leaks and gets exploited six ways to Sunday.
Apple Product
Quick
Quick, somebody find the code that degrades performance based on device age!
Here's an idea
Allow open access to our mobile devices. I have root on any Mac/Windows/Linux system. By rights, I should have the same access on my tablets and phones.

Crazy talk, huh?
Crazy talk, huh?
I have root on any Mac/Windows/Linux system.
Unless you turn off System Integrity Protection on your Mac, though, you're still blocked from accessing certain things...
It's still a minor change to disable SIP, and it's completely documented... no jailbreak required.
File under BFD
Now had a similar chunk 'o 'droid code ended up on github..........
I'm sure Apple has a team of smart folks going over this code with a fine toothed comb, and any issues found will be fixed soonish.
To be honest, since this code came from apple, I'd be quite suprised indeed if it was never checked for issues.
Differences between IOS and Darwin
Android Leak Bigger
Seriously, somebody posted the entire source code to Android a while back.
And yet it is still secure
...because, have you ever actually tried to download and build it? You need a supercomputer.
Isn't it time?
Isn't it time to get some new laws on the books that recognize an individual's rights to be a superuser on their own equipment?
It should be illegal to manufacture, or offer for sale any device which has a privilege level technically feasible yet unattainable. There is literally no legitimate reason our society should allow non-rootable devices to exist. It's time for the practice to end.
A lot of devices are sold on the 'cheap razor, expensive blades' model. Having the government mandate people getting root would effectively make this model non viable.
It would also stop a model where people get cheap but temporary access to IP, ie the Tivo model because if they could get root they could rip the IP.
Re: (Score:2)
Tinkering with some devices can kill people. Cars, for example. I don't want to be driving down the highway at 80mph next to the amateur who rooted his car's ECM, bypassing safety features in order squeeze out a few extra horsepower, probably following the steps of a Youtube video tutorial.
Complex contradictory laws
It should be illegal to manufacture, or offer for sale any device which has a privilege level technically feasible yet unattainable.
On the other hand, due to how things are licensed, it would be illegal for a device to allow someone to emit on frequencies for which that individual doesn't hold a license.
You, as a end-user don't hold a license to operate on licensed 3G/4G frequencies, so you can't hack these.
The manufacturer of your phone and the service provider you use are the one hold the license permitting them to emit on these frequencies so they get to decide what you phone does, because they have to comply to some regulations.
For
Code still in iOS 11?
Impossible. Used both. iOS 9 was working fine. iOS 11 is a bug nest.
Ceci n'est pas un ananas
This little pragma gem exists to prevent pineapples [instructables.com], presumably:
/* This command is not used by release products other than those allowed to perform restore boot. */
#if WITH_RECOVERY_MODE && (!RELEASE_BUILD || WITH_RESTORE_BOOT)
MENU_COMMAND(setpicture, do_setpict, "set the image on the display", NULL);
#endif
Whoever said C is dying needs to re-evaluate
This boot loader consists of:
13 python tool files (what, not Swift Apple?)
ONE objective-C file (a test program)
16 C++ files which seem to be library related
767 C files + 1196 C
C dying? I don't think so.
And yes, this corresponds with what I have reverse engineered from the iPhone, so it appears legit.