https://github.com/h1x0rz3r0/iBoot

IBoot is one of the key source codes for iOS, marked as “iBoot” on GitHub. It ensures that the operating system can be trusted to boot. In other words, it is the program that loads iOS, it is the first process that starts the iPhone running, it loads and verifies that the kernel is properly signed by Apple, and then executes, It’s like the iPhone BIOS.

This code works on iOS 9, but some of the code may still be used in iOS 11.

While some of the code for iOS and macOS has been gradually open source in recent years, Apple has been very reluctant to open source to the public in nature. And Apple has paid attention to the security of the iBoot and the privacy of its code, offering a bounty of up to $200,000 to anyone who reports bugs during the startup process.

“This is the biggest bug in iOS history, and it’s going to be a big deal,” said Jonathan Levin, author of a series of books on iOS and Mac OSX interiors.

Levin says the code appears to be genuine iBoot code because it is consistent with his own reverse-engineered code. Another security researcher familiar with iOS also said they believe the code is genuine, but they don’t know who is leaking it and Apple has so far not responded.

By accessing iBoot’s source code, iOS security researchers can better find vulnerabilities that could lead to a device breach or jailbreak, Levin said. That means hackers can more easily find vulnerabilities and bugs that allow them to crack or decrypt iphones. Perhaps this leak could end up allowing senior programmers to emulate iOS on non-Apple platforms.

A bug in previous versions of the iBoot allowed crackers and hackers to decrypt a user’s data through the iPhone’s lock screen. But the new iPhone has a chip called The Secure Enclave Processor that makes the device more Secure.

For the average user, this means jailbreaking is easier, Levin added. These jailbreaks used to be relatively easy to implement and common, but now it’s very difficult to use the latest iOS devices, which have advanced security mechanisms that make it difficult for even highly skilled researchers to find bugs because they need to jailbreak the device before they can even start probing it.

These security improvements have effectively killed the once popular jailbreak community in its infancy. Now, finding bugs and bugs in iOS takes a lot of time and resources, so the resulting bugs are very valuable. That’s why the jailbreak community gets excited about leaks of source code or any publicly released vulnerabilities.

The source code first appeared last year, posted by a Reddit user named apple_internals on the Jailbreak subreddit. The post didn’t get much attention because the user was new and there wasn’t enough Reddit Karma; The post sank quickly. But its reappearance on GitHub means it could be widely circulated in the underground jailbreak community and the iOS hacking community.

“IBoot is a component that Apple has been insisting on, and they’re still encrypting its 64-bit code,” Levin said. Now it’s available as source code.”

https://motherboard.vice.com/en_us/article/a34g9j/iphone-source-code-iboot-ios-leak

Mobile development front

Mobile Frontier is InfoQ’s vertical community focused on mobile development technology. Please email your submission to [email protected], marked “Mobile Development Front Submission”.

Video, 3 d, machine learning, algorithm engineering, IOT, intelligent new proposition is put forward, such as the hardware enriched the contents of the ecology and the content of the form to the stability of the traditional development mode and online has brought new challenges, and open a monster APP move ecological also makes more and more mobile developers begin to surrounding ecological development. QCon Beijing 2018 will select some topics to share with you, hoping that you can see the direction of new mobile technology development.

The conference is 20% off for registration. If you have any questions, please feel free to consult Hanna, ticket manager, tel: 15110019061, wechat: QCON-0410.