Slashdot Mirror
Key iPhone Source Code Gets Posted On GitHub (vice.com)
Jason Koebler shares a report from Motherboard: An anonymous person posted what experts say is the source code for a core component of the iPhone's operating system on GitHub, which could pave the way for hackers and security researchers to find vulnerabilities in iOS and make iPhone jailbreaks easier to achieve. The code is for "iBoot," which is the part of iOS that is responsible for ensuring a trusted boot of the operating system. It's the program that loads iOS, the very first process that runs when you turn on your iPhone. The code says it's for iOS 9, an older version of the operating system, but portions of it are likely to still be used in iOS 11. Bugs in the boot process are the most valuable ones if reported to Apple through its bounty program, which values them at a max payment of $200,000. "This is the biggest leak in history," Jonathan Levin, the author of a series of books on iOS and Mac OSX internals, told Motherboard in an online chat. "It's a huge deal." Levin, along with a second security researcher familiar with iOS, says the code appears to be the real iBoot code because it aligns with the code he reverse engineered himself.
I hope he was being silly and isn't actually dumb enough to believe this is the biggest leak in history. Jesus lol.
And yes, this corresponds with what I have reverse engineered from the iPhone, so it appears legit.
right to repair need to fight to keep this up! or apple will use this case to tell courts why we need to shut down sites with apple only doc's and tools.
The bootloader of a phone would be the biggest leak in history?
Wasn't the whole Windows code leaked? I think it was Windows 2000.
I bet the NSA posted it in retaliation for not handing over the encryption keys.
My very first thought was... Windows 2000 source code. How is iOS considered larger? In relative market dominance, when the 2k source code was released, Microsoft controlled significantly more market share than Apple does currently.
why have an article like this with no clear links to the repo? Is it a legal reason?
Shouldn't this have been leaked on Pornhub rather than Github?
#DeleteChrome
Github has a search function. Search it for 'iBoot' and you will find https://github.com/ZioShiba/iBoot
We all know that closed source is inherently inferior; at least now we can have the whole world's eyeballs on it to look for security holes and let Apple know they are there. It's not open source, but it's the next best thing. Bravo.
Well yes they need to do something about battery refunds...
apples hole was always a part of their logo, you just never got to see the worm
The pooch in this case (Apple users) are a realllly big and forgiving pooch. So there's a lot of screwing it can take. By a lot, I mean the dog is the size of a trainload of elephants who all like a good reaming, since they keep coming back for more on a daily basis.
Oh, THAT kind of leak.
You are being ripped off every second of every day, so that advertisers can help rip you off even more tomorrow.
Windows 2000 wasn't that popular. At that time most people were using 98 or ME, and the operating system they upgraded to was XP. 2000 was a relatively obscure system, respected, but no more popular than its predecessor, Windows NT 4.
That said, WIndows was closed source. Significant parts of OS X are open source. I know less of iOS is open than, say, macOS, but it'd be interesting to know how much this really adds to the understanding of how iOS works.
You are not alone. This is not normal. None of this is normal.
Windows 2000: Version NT 5.0 (business OS only, like NT 4)
Window XP: Version NT 5.1 (business and consumer OS, replacing NT/2000 and 9x)
Their kernels were remarkably similar. Their releases were very close together. XP was simply 2000 with a skin and a few updated applications, otherwise they were essentially the same OS. Regardless of the actual install base of 2000, it was the core OS internals that migrated all of the multimedia and application code from 9x to the NT kernel. It was monumental.
How about storing the core components on a ROM that cannot be overwritten unless a hardware switch is set in the ON position.
--
I'll bet you're the kind of guy that hangs round Reddit fapping off over pictures of furries and yellow-scaled wingless dragonkin
Also significant, as a result of the leak, large parts of Windows 2000 code was incorporated into the Linux kernel. This gave Linux a strong boost during a time that it was struggling against BSD.
Today, Apple has presented their newest, bestest and most proudly innovative i-product to be placed on the current market.
Introducing the iBoot. With over 12 folders and a complete set of libraries, it is the best iLeaked series product to be ever placed on the market today. With jailbreak and vulnerabilities fix coming soon from your fellow developers, so why wait to commit on the code? Git your's today on Github.com!
XP and WS2003 were remarkably similar; 2000 is probably pretty similar to 2003 but in terms of architecture and operational maturity the best example to compare to XP is WS2003.
moox. for a new generation.
Jeeze dude... did an apple user hurt you somehow? This is a metaphorical pooch!
Quick, somebody find the code that degrades performance based on device age!
Allow open access to our mobile devices. I have root on any Mac/Windows/Linux system. By rights, I should have the same access on my tablets and phones.
Crazy talk, huh?
Why is all the good stuff already modded 5, when I have mod points?
I use a droid, but from what I've read Apple updates their phones pretty regularly. I'm sure Apple has a team of smart folks going over this code with a fine toothed comb, and any issues found will be patched soonish.
Now had a similar chunk 'o 'droid code ended up on github..........
Bullshit. What are you, a Russian Clinton bot or something?
"could pave the way for hackers and security researchers to 'fix' vulnerabilities in iOS"
"This source code first surfaced last year, posted by a Reddit user called “apple_internals” on the Jailbreak subreddit. That post didn’t get much attention since the user was new and didn’t have enough Reddit karma; the post was quickly buried. Its new availability on GitHub means it’s likely circulating widely in the underground jailbreaking community and in iOS hacking circles."
I highly doubt there is anything useful in this file as there's enough apple folks on reddit to analyze and fix anything that was released over a year ago.
I wonder how much of the code is different from https://github.com/PureDarwin/
There's very little a company can do to prevent a determined programmer from leaking source code. Source is easily copied, and relatively small, and a module's source has to be present in its entirety on a local machine to compile. Thumb drives are tiny and easily hidden. Programmer's machines, by nature, can't easily be locked down.
What exactly would you suggest they do to prevent leaks like this?
Irony: Agile development has too much intertia to be abandoned now.
Yes and no. XP (gold version) was much closer to 2000. 2003 was essentially built on top of XP SP1.
They should treat their programmers really nice then. And try not to hire crazy ones.
You have no clue what youâ(TM)re talking about. Windows ME was a disaster. 2000 was the first mostly stable, mostly plug and play OS Microsoft released. Windows 2000 was NT version 5.0. XP was NT version 5.1.
That is to say that XP was Windows 2000 rebranded and repackaged with a different UI and Internet based Product Activation and marketed toward consumers because the NT code base provided to be better than the bastardized 95/98/ME codebase ever was.
Windows 2000 is one of the best operating systems Microsoft ever produced. Period. End of discussion.
The kernels for those systems were similar because a great deal of them was authored by David Cutler and the engineers he brought along from DEC, previously responsible for VMS. It represented a large architectural shift from the DOS kernel and operating system previously used for Microsoft. If the theft of intellectual property involved there can be considered a leak, it might be comparable in size. It was certainly a large economic impact for DEC and Microsoft.
windows 2000 was the business edition of windows at the time and you are a retard.
The only reason i left windows 2000 at work for XP was that graphics drivers were forced into using WDM drivers which at the time were XP only.
https://github.com/apple/darwin-xnu Kernel as in us for IOS ?
So Apple's billions in the bank is because their customers are a bunch of dolts who take it straight up the ass and not because their product(s) might be useful to (or god forbid, preferred by) millions upon millions of customers?
Gee whiz!
Apple's recent gaffs have been stupendous, that's for sure. But really, other than a handful of geeks on the Internet, nobody really gives a shit.
--Android User
Beware of the Leopard.
This is normal of Microsoft; taking what now is a desktop OS and bolting on features to make a Server edition,
Examples:
Windows 2000 --> Server 2000
Windows XP --> Server 2003 and Server 2003 R2
Windows Vista --> Server 2008
Windows 7 --> Server 2008 R2
Windows 8 --> Server 2012
Windows 8.1 --> Server 2012 R2
Windows 10 --> Server 2016 (Xbox services, really, WTF????)
Speaking of Server 2016, damn, was that rushed. It was a total bolt-on to Windows 10. MS didn't even hide the fact.
Life is not for the lazy.
You remember incorrectly.
It would be highly unlikely and highly improper if any Windows 2000 code found its way into the Linux kernel. And it would also be instantly known by Microsoft. Copyright is still copyright, even if proprietary code leaks. I think we can safely say there was no Windows 2000 code that found its way into the kernel. Furthermore I would bet kernel developers made it their policy to not even so much as look at the leaked code.
It was this leak that really spooked Wine developers. I remember that they introduced a strict policy during this time that any person who so much looked at the leaked code was forbidden from contributing to wine to avoid copyright infringement.
Clinton bots are Ukrainian.
Yes.
Seriously, somebody posted the entire source code to Android a while back.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Isn't it time to get some new laws on the books that recognize an individual's rights to be a superuser on their own equipment?
It should be illegal to manufacture, or offer for sale any device which has a privilege level technically feasible yet unattainable. There is literally no legitimate reason our society should allow non-rootable devices to exist. It's time for the practice to end.
A government is a body of people notably ungoverned - AC
"The code says it's for iOS 9, an older version of the operating system, but portions of it are likely to still be used in iOS 11"
Impossible. Used both. iOS 9 was working fine. iOS 11 is a bug nest.
Slashdot, fix the reply notifications... You won't get away with it...
There's very little a company can do to prevent a determined programmer from leaking source code. Source is easily copied, and relatively small, and a module's source has to be present in its entirety on a local machine to compile. Thumb drives are tiny and easily hidden. Programmer's machines, by nature, can't easily be locked down.
What exactly would you suggest they do to prevent leaks like this?
What I would do is develop a Source Code Control system that put canaries into the checked-out source which are different for each login (e.g., different white spacing in comments, little bits of code reordering, local variable name substitution, etc). It wouldn't do anything to prevent a determined leak (like a snowden, or a chelsea), but perhaps put the fear of retribution into potential leakers hopefully to reduce the actual probability of a leak...
The AC doesn't "remember" squat. Don't feed the troll.
Il n'y a pas de Planet B.
That may be true, but it's also the case that there's very little anyone else can do to prevent Apple from tracing the source of the leak and providing that information to its lawyers. Theft of company property is still a crime, even if the company is Apple.
Il n'y a pas de Planet B.
I got 100 Euro that says it's APK.
I believe you meant to say, Rob "You say you're pregnant? So's my wife--guess it sucks to be you" Porter.
APK: If you don't stop this shit, I'll have to post telling people where to find your address online. Again.
Saturday
In the park
I think it was the Fourth of July...
so essentially you'd produce a source code control system that was either useless (for variable name substitutions etc) or could be easily gamed (with eg source code formatting).
Windows 2000 was the majority OS in all sdbot/agobot channels that I seent aside from xp sp0 the ddosers preferred os u bereev because of spoofed syn
This little pragma gem exists to prevent pineapples, presumably: /* This command is not used by release products other than those allowed to perform restore boot. */
#if WITH_RECOVERY_MODE && (!RELEASE_BUILD || WITH_RESTORE_BOOT)
MENU_COMMAND(setpicture, do_setpict, "set the image on the display", NULL);
#endif
https://www.eff.org/https-everywhere
What differences do you want to see between the desktop and server versions, other than server services DHCP, print, AD, DNS etc
The Linux kernel and user land are pretty much the same between desktop and server maybe plus some tuning but you can go from server to desktop with a few package add/delete and back
You have no clue what youâ(TM)re talking about. Windows ME was a disaster. 2000 was the first mostly stable, mostly plug and play OS Microsoft released.
You have no clue how the real world works.
You where "sheltered" from Microsoft's disasters, mostly by being a geek and thus having a clue, and likely because you were already working in some IT field (your enterprise's IT department) which was more likely to pay attention to the business line of Windows (WinNT 3.5, Win NT 4, Win 2000), or at least worked in a company whose IT department got business OS installed (either by ordering business line desktops from a manufacturer, or by buying license for a business OS and installing it).
Most "normal people", just "bought a computer" from the electronics shop (or worse, from the supermarket) and are completely oblivious to what a OS is, and just use whatever shit comes preinstalled on the computer (include horrible Microsoft attempts at making home-oriented OSes, bloatware packaged together by money-seeking manufacturer, extra bonus shit installed by the shop, etc.)
So most people "just endured" Windows ME because this despicable shit is what came pre-installed on most home computers. Windows 2000 was a business-oriented OS that didn't come preinstalled on these, and most people did have a clue to go a separately buy it.
Windows 2000 was NT version 5.0. XP was NT version 5.1.
That is to say that XP was Windows 2000 rebranded and repackaged with a different UI and Internet based Product Activation and marketed toward consumers because the NT code base provided to be better than the bastardized 95/98/ME codebase ever was.
If you followed magazine back then, the initial plan of Microsoft was to make a "Windows 2000 Home" - they actually didn't want to make any 9x Windows after 98, they new really well that the weird infrastructure of bolting a semi-modern OS over an MS-DOS base layer wasn't a brilliant long term strategy.
It just took them more time than expected to develop it successfully and for the market to evolve to the point where they can accept without any problem a NT-based windows with no MS-DOS layer (they only managed it by the time of Win XP),
and decided to fill-in the time in between with attempt to stretch the longevity of the 9x serie (98SE was a successfull successor of 98, WinME was a rushed "oh my god, 2000 Home isn't ready, we must quickly make a fill-in" with frankenstein-bolted bits on it in an attempt to keep it modern).
Windows 2000 is one of the best operating systems Microsoft ever produced. Period. End of discussion.
Well if you use "Microsoft ever produced." as a benchmark, you're setting the bar extremely low.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
...because, have you ever actually tried to download and build it? You need a supercomputer.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
This boot loader consists of:
13 python tool files (what, not Swift Apple?)
ONE objective-C file (a test program)
16 C++ files which seem to be library related
767 C files + 1196 C .h header files.
C dying? I don't think so.
Programmer's machines, by nature, can't easily be locked down.
Nonsense! They most certainly can! Programmers aren't IT. They don't even need Administrator for testing in most cases, and when they do, they can do it in a VM.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
What differences do you want to see between the desktop and server versions, other than server services DHCP, print, AD, DNS etc
The Linux kernel and user land are pretty much the same between desktop and server maybe plus some tuning but you can go from server to desktop with a few package add/delete and back
Exactly right. I've turned a couple of my old linux PCs into servers of various types depending, when the hardware finally got too ancient for daily desktop use. It was relatively easy and many had package managers that automated the package changes necessary for you. Heck, if you didn't mind the wasted resources/space, and wanted to leave the X server (or whichever other) and Gnome/KDE or whichever desktop you use intact, adding just a few packages will have you a server ready to configure in short order.
When I've turned an old box into a server that's how it typically would go; Boot it up, open the package manager and install the server packages needed, configure and test it, then often after all that I'll leave it working for a while with the desktop intact both in case I have to tweak something that crops up in the first week or so, and also after all that crap I just don't feel like digging back in to strip the OS down right away as long as the extra bloat isn't slowing things too badly.
As to TFA and the iPhone source code leak, one would hope that US TLAs would take the chaos that's sure to result as an object lesson regarding "TLA crypto backdoors" or any similar nonsense regarding private sector security., but alas, I fear they don't want to learn anything that might interfere with expanding their power and control as they desire.
Strat
Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
It should be illegal to manufacture, or offer for sale any device which has a privilege level technically feasible yet unattainable.
On the other hand, due to how things are licensed, it would be illegal for a device to allow someone to emit on frequencies for which that individual doesn't hold a license.
You, as a end-user don't hold a license to operate on licensed 3G/4G frequencies, so you can't hack these.
The manufacturer of your phone and the service provider you use are the one hold the license permitting them to emit on these frequencies so they get to decide what you phone does, because they have to comply to some regulations.
For some phone (looking at Qualcom, champions of "let's make the modem act as the SoC's northbridge") it's quite difficult to achieve without locking out the user.
(Other more open-source friendly phone tend to lock away the closer portion into separate and segregated islets, that only talk using serial+network protocols. See Purism's upcoming Librem 5 and the Pyra handheld console as an recent examples)
The GPS has the same kind of problems : import/export law in the US forbid the commerce of device that can have a high precision at both a high altitude and a high speed (to avoid off-the-shelf parts being used to build missile targeting computers).
You can't enforce that on an unlocked phone
(unless the GPS is a separate chip that only talks over a serial line).
etc.
Each time, putting such a separate chip has an impact on the cost of the whole device (more component) and an impact on the battery life (a modem acting as a northbridge, means it can directly send audio to the codec or to the bluetooth chip, without any required work by the main CPU. It's possible to have a conversation while the OS is in suspended mode).
So few constructors will go through the extra step and requirement to build such phones.
Or you could go with a signing infrastructure where the firmware of the modem and the GPS could be user replaceable, but you tivoize them so only legal-abiding firmware can be used.
Which require extra efforts to make the signing infrastructure for specific pieces of firmware, instead of having the whole phone lockable as a giant monolithic bloc).
etc.
Abiding to these law require efforts, and locking the whole damn thing is the cheap lazy solution and most clueless consumer won't know any better anyway.
So why should manufacturer care?
There are quite a lot of legal reasons to keep phone locked even before entering into the "protecting dumb users from themselves" territory (making sure only "secure" curated software is ever executable on the phone).
I'm not saying that it make mandatory to lock 100% of all phones (There are still manufacturer who make unlock-able phone that are legal to sell).
I'm just saying that it might make it more difficult for a manufacturer and "lock the damn shit" is simpler and lazier.
(And then there are all the potential profits of controlling and selling software for phones.
Stupid excuses on ground of "piracy" and MPAA/RIAA, etc)
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
the biggest leak in history. Jesus lol.
Leaking the identity of the 'son of god' to the Pharisees by Judas Iscariot seems to have been a big leak in retrospect (helped causing two families of major religions to form that still exist in present days), but I'm not entirely sure that was the biggest leak in history either... And some may actually argue it wasn't history at all...
IÃ(TM)m an Android user too!
There were some kernel changes that broke driver compatibility, I remember this because I was still on 2K when NVIDIA dropped driver support for it and I upgraded when games started acting wonky with the old drivers.
Sounds like another instance of the NuPrometheus League which struck Apple in the 90’s. The FBI’s aggressive investigation was the impetus behind the brewing of the Electronic Frontier Foundation. The caper was never resolved.
And graphics drivers aren't nearly as important in a business setting as are kernel stability, networking, and security.
If you were focuses on graphics, you were a candidate for XP because of that alone. If you were connecting to a PDC and using shares, you wanted 2K. At least your IT staff did, it was significantly more stable than XP, whether because Microsoft limited the networking code in XP or not.
deleting the extra space after periods so i can stay relevant, yeah.
My first thought was, "You must be kidding". My second thought was, "Who said that?"
Explanation found. As far as the quoted individual is concerned, if it wasn't Apple it doesn't count.
Unfortunately apple never learns from anything.
And don't forget when Linus leaked Linux 1.0. That fuckup made him famous, almost as much as leaking Linux 2.2!
Be the fastest. If they had published this source code a few years ago, nobody would care that someone else published another identical branch.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Any TLA comments in there?
This, plus the bug bounty has a good chance of making the boot process more secure.
But since most devices spend their time running instead of booting, will it affect much at all?
So you'd create a source control system with the inability to do diffs, merges, and resolves? All I'd have to do to get around it would be to randomly apply the same fingerprints you mention.
Typical angst /. poster nothing of importance here.
There was no Windows 2000. There was a Windows server 2000.
There was a Windows 2000 Professional operating system for desktop... i have a VM with it installed right now.
Windows 2000 Professional begs to differ, though it was a stripped down version of Server, rather than Server being a bolted up version of Pro.
Vintage computer games and RPG books available. Email me if you're interested.
I think you may be mis-remembering this. The WINE project definitely got a boost by analyzing the code, but even they didn't do any direct importing of code. I reads that they were quite nervous that contributed code might pop up from someone that include direct source code and them not realizing that and then getting sued.
#if TARGET_DISPLAY_D520
// This mess is dictated by Update Merge Personalities for N71
// See also Implement compatible field updates for N66 doppler prox
// See also XXX new radar here
if (FindNode(0, "arm-io/spi2/multi-touch", &node)) {
uint32_t display_type = iphone8_get_display_type();
propName = "compatible";
if (FindProperty(node, &propName, &propData, &propSize)) {
if (display_type == IPHONE8_DISPLAY_ID_N71_P1) {
strlcpy(propData, "multi-touch,t162", propSize);
} else if (display_type == IPHONE8_DISPLAY_ID_N71_P1_MUON) {
strlcpy(propData, "multi-touch,t162", propSize);
} else if (display_type == IPHONE8_DISPLAY_ID_N71) {
strlcpy(propData, "multi-touch,n71", propSize);
} else if (display_type == IPHONE8_DISPLAY_ID_N71_TOF_PROX) {
strlcpy(propData, "multi-touch,n71,2", propSize);
} else {
panic("Unknown/unsupported display 0x%x", display_type);
}
}
}
#endif
https://0xacab.org/sizeofcat/i...
There was also Windows 2000 Professional which was the "workstation" version.
https://en.wikipedia.org/wiki/Windows_2000#Editions
"Two families of major religions"? What's the other one besides Christianity?
Why is it the Slashdot janitors' job to fix Apple's broken default setting?
Yes there was. I remember when my company upgraded my lap top to it from Win98. It was a revelation and it is still my favourite version of Windows.
All I want is a secure system where it's easy to do anything I want. Is that too much to ask ~~ Randall Munroe
Now that was the biggest leak in history.
Part 1... Check.
https://apple.slashdot.org/sto...
Jews?
ESAD COMMIE FAGGOT
There was another quite big leak in 2003 of the Value Half-Life 2 Source Engine Code, the whole engine, that was quite a big thing.
http://www.eurogamer.net/artic...
https://kotaku.com/that-time-a...
Windows 2000 wasn't that popular. At that time most people were using 98 or ME, and the operating system they upgraded to was XP. 2000 was a relatively obscure system, respected, but no more popular than its predecessor, Windows NT 4.
That said, WIndows was closed source. Significant parts of OS X are open source. I know less of iOS is open than, say, macOS, but it'd be interesting to know how much this really adds to the understanding of how iOS works.
Windows 2000 source code was leaked in 2004. At that point XP and Server 2003 were the flagship products, though there was a very good chance that vulnerabilities found in 2000 were still relevant.
Microsoft doesn’t completely rewrite their OS for every new version, they start with the source from a previous version. Consider “WannaCry”: Microsoft released patches for Windows XP through Windows 10. Consider that for every security patch, there’s usually a release for every supported version of Windows (with lots of patches still written and released for XP for users with service contracts, or running patched as POS2009, or as Embedded).
XP/2003 were only minor upgrades to 2000. Even though there was fairly significant refactoring for Vista/2008, many vulnerabilities are common between the platforms.
In 2006, there was Security bulletin “MS06-015”, a vulnerability in Windows Explorer which impacted Windows 98, ME, 2000, XP, and Server 2003, though Microsoft elected to not patch Windows 9x due to the work required (and the product going EOL shortly).
This is normal of Microsoft; taking what now is a desktop OS and bolting on features to make a Server edition,
Examples:
Windows 2000 --> Server 2000
Windows XP --> Server 2003 and Server 2003 R2
Server 2003 was slightly different and more developed than XP. Server 2003 "SP0" was roughly equivalent to XP SP1.
When "Windows XP Professional x64 Edition" for x86-64 bit processors was released, it was actually based on Server 2003, and had the same service pack level as Server 2003, not WindowsXP.
Other than that Microsoft kept NT Client and Server at identical kernels.
Because it only happens on this site. Find me another one where it happens.
Only the State obtains its revenue by coercion. - Murray Rothbard
Dunno about ages but I did this on a friends car long enough ago that to change the injection tables I had to peal back a sticker on a UV erasable EPROM before re-loading. Before that it would have been tuning an analogue paid controller and before that it would have been adjusting a carburetor. No one thinks of that as weird because end users often had to do it.
refactor the law, its bloated, confusing and unmaintainable.
Pid controller. Autocorrect is even worse than an automatic transmission.
refactor the law, its bloated, confusing and unmaintainable.
You can also try using these iPhone secret codes to explore more of iphone :D
https://apkarena.net/