Apple lost sauce to iPhone bootloader iBoot

Anthony Butler
Anthony Butler

Key iPhone Source Code Gets Posted Online in Biggest Leak in History
(pic 1)
<Source code for iBoot, one of the most critical iOS programs, was anonymously posted on GitHub.

<Someone just posted what experts say is the source code for a core component of the iPhone’s operating system on GitHub, which could pave the way for hackers and security researchers to find vulnerabilities in iOS and make iPhone jailbreaks easier to achieve.

<The GitHub code is labeled “iBoot,” which is the part of iOS that is responsible for ensuring a trusted boot of the operating system. In other words, it’s the program that loads iOS, the very first process that runs when you turn on your iPhone. It loads and verifies the kernel is properly signed by Apple and then executes it—it’s like the iPhone’s BIOS.

<The code says it’s for iOS 9, an older version of the operating system, but portions of it are likely to still be used in iOS 11.

<Apple has traditionally been very reluctant to release code to the public, though it has made certain parts of iOS and MacOS open source in recent years. But it has taken particular care to keep iBoot secure and its code private; bugs in the boot process are the most valuable ones if reported to Apple through its bounty program, which values them at a max payment of $200,000.

<“This is the biggest leak in history,” Jonathan Levin, the author of a series of books on iOS and Mac OSX internals, told me in an online chat. “It’s a huge deal.”
(pic 2)

<Levin said the code appears to be the real iBoot code because it aligns with code he reverse engineered himself. A second security researcher familiar with iOS also said they believe the code is real. We don’t know who is behind the leak. Apple did not respond to a request for comment.

<Having access to the source code of iBoot gives iOS security researchers a better chance to find vulnerabilities that could lead to compromising or jailbreaking the device, Levin said. That means hackers could have an easier time finding flaws and bugs that could allow them to crack or decrypt an iPhone. And, perhaps, this leak could eventually allow advanced programmers to emulate iOS on non Apple platforms.

<Vulnerabilities in previous versions of iBoot allowed jailbreakers and hackers to brute-force their way through the iPhone’s lock screen and decrypt a user’s data. But newer iPhones have a chip called the Secure Enclave Processor, which has hardened the security of the device.

<For regular users, Levin added, this means that tethered jailbreaks, which require the phone to be connected to a computer when booting, could soon be back. These jailbreaks used to be relatively easy to pull off and were common, but are now extremely hard to come by on up-to-date iOS devices, which have advanced security mechanisms that make it hard for even highly skilled researchers from even looking for bugs, as they need to first jailbreak the device before beginning to probe the device.

<It’s these security improvements that have have effectively killed the once popular jailbreak community. Nowadays, finding bugs and vulnerabilities in iOS is something that requires a significant amount of time and resources, making the resulting exploits incredibly valuable. That’s why the jailbreaking community gets excited for any leak of source code or any exploit that gets released publicly.

<This source code first surfaced last year, posted by a Reddit user called “apple_internals” on the Jailbreak subreddit. That post didn’t get much attention since the user was new and didn’t have enough Reddit karma; the post was quickly buried. Its new availability on GitHub means it’s likely circulating widely in the underground jailbreaking community and in iOS hacking circles.

<“iBoot is the one component Apple has been holding on to, still encrypting its 64 bit image,” Levin said. “And now it’s wide open in source code form.”

motherboard.vice.com/en_us/article/a34g9j/iphone-source-code-iboot-ios-leak
web.archive.org/web/20180208021221/https://motherboard.vice.com/en_us/article/a34g9j/iphone-source-code-iboot-ios-leak

get sauce before baleetion:
git clone github.com/ZioShiba/iBoot.git

or download it from:
github.com/ZioShiba/iBoot/archive/master.zip

Other urls found in this thread:

github.com/ZioShiba/iBoot/archive/master.zip
my.mixtape.moe/fytdmd.zip
defectivebydesign.org/apple
opensource.apple.com/.
web.archive.org/web/20180208023033/https://my.mixtape.moe/fytdmd.zip
youtube.com/watch?v=dQw4w9WgXcQ
0xacab.org/sizeofcat/iBoot
anonfiles.cc/file/9cabee76c151557497d038769fec8f04
github.com/PUNISHMENT-POSSE/Apple-iOS-9-Source-Code

Gavin Garcia
Gavin Garcia

github.com/ZioShiba/iBoot/archive/master.zip
Alternative download when GitHub nukes it: my.mixtape.moe/fytdmd.zip

(sage for self-reply)

Owen Fisher
Owen Fisher

A snippet of code thats isolated from higher os functions which in addition uses a hardware root of trust to ensure code integrity is leaked

Easton Jackson
Easton Jackson

implying layers upon layers necessarily means better security
falling for buzzworded security marketing technobabble
Hello (((Apple)))! Scared the goyim are waking up? For those of you out there who aren't shilling macfags, have a read: defectivebydesign.org/apple

Christian Allen
Christian Allen

So this basically means we can just straight up compile our own bootloaders to enable root user in iOS

Or alternatively, it means we can port Android to Apple devices

Elijah Parker
Elijah Parker

A snippet of code thats isolated from higher os functions
It doesn't matter what level of abstraction is used between the ROM-resident bootloader and the iOS bootloader, iBoot supersedes iOS init which means we can inject payloads into the OS before any security features are loaded and supersede them

Charles Perry
Charles Perry

Part of the project is licensed under the MPLv1.1. This means that the source for the licensed code should have been distributed with the iphone / downloadable from opensource.apple.com/.
Unfortunately, the MPL license allows you to statically link with proprietary code so the rest of the iBoot remains proprietary.

Colton Gray
Colton Gray

It is my greatest regret that I never got to ask Steve Jobs "Hi Steve, how's Lisa?". I'm glad he's dead, but I'm not glad he's gone.

Jackson Torres
Jackson Torres

That post didn’t get much attention since the user was new and didn’t have enough Reddit karma; the post was quickly buried.
rofl what a shit forum.

Colton Brown
Colton Brown

Reddit really is the worse

Lucas Nguyen
Lucas Nguyen

Open Sauce is big threat to my proprietary solutions peons
oh no

Liam Lee
Liam Lee

# Check for spaces in critical paths - we can't handle that
Did anyone look through this? Anything interesting? Sure are a lot of files.

Camden Nelson
Camden Nelson

No raunchy comments it seems

lib/heap/heap.c: /* just in case some idiotic user modifies winfo, update loop iterator before calling */

Gabriel Nguyen
Gabriel Nguyen

Repository unavailable due to DMCA takedown.

This repository is currently disabled due to a DMCA takedown notice. We have disabled public access to the repository. The notice has been publicly posted.

If you are the repository owner, and you believe that your repository was disabled as a result of mistake or misidentification, you have the right to file a counter notice and have the repository reinstated. Our help articles provide more details on our DMCA takedown policy and how to file a counter notice. If you have any questions about the process or the risks in filing a counter notice, we suggest that you consult with a lawyer.

Benjamin Jones
Benjamin Jones

good luck getting it to boot after changing it. Secure enclave initiates iboot.

Blake Thomas
Blake Thomas

Literally the 2nd post has a backup you dumb nigger

Henry Carter
Henry Carter


iBoot-master$ grep -ir slave|wc
77 602 8195

This is highly problematic

Lucas Gray
Lucas Gray

Nice looking C code, tho.

Ryder Perez
Ryder Perez

you could make jailbreaks for days with this shit.
Those fags won't even let you post it because
i-i-i-it's p-p-piracy
like goddamn.

Dylan Smith
Dylan Smith

Isn't it ironical that internet chans are famous for hating jews, blacks, women, latinX, trannies and anyone who isn't a fucking white male*, yet is more egalitarian with regards to whom is posting the content than reddit, faceberg, twatter and tumblr. In fact, we don't care who you are, as long as what you say is somewhat relevant. That is unlike reddit, where a revelation can (as it has happened in this incident) go unnoticed for several months because OP was not a karma whore. This should act as a reminder that chan hatred of reddit is well-founded and not just some retarded internet turf war.

*Just like South Africa once made a bunch of Japanese emissaries honorary whites for a stay, SJWs consider asian men honorary whites.

(pic related: freedom of speech is more than not being thrown in the slammer for speaking your mind)

Hudson Long
Hudson Long

xd

Zachary Hall
Zachary Hall

The fact that it's a bootloading and not the OS means you could use it to port other OSs to the iPhone.

Joseph Garcia
Joseph Garcia

as long as what you say is somewhat relevant.

Then /pol/cancers come and and shit up the threads because they can't stand other people getting along.

Colton Myers
Colton Myers

I think it's still 2005 and I'm on 4chan

Seriously, Holla Forums has done its best to get rid of that old idea like Shii wrote about. Most people here are fucking SomethingAwful-level teenage shitheads.

Julian Ross
Julian Ross

It's also ironic that forums where people can post anonymously and get an equal voice without filter always leans right-wing with the aforementioned qualities in your post. Whereas a left-wing forum requires arbitrary moral regulation of discussion lest you get labeled for wrongthink.

Jaxson Harris
Jaxson Harris

muh /pol/
Damn I thought this was cuckchan for a second

Cooper Parker
Cooper Parker

Ignore him. He's the same poster that brings up the /pol/ boogeyman in every thread for no reason or proper context

Jaxon Peterson
Jaxon Peterson

my.mixtape.moe/fytdmd.zip
Backup here: web.archive.org/web/20180208023033/https://my.mixtape.moe/fytdmd.zip
And magnet link here: magnet:?xt=urn:btih:b750642359d6330ef9e26ea78b503f7110a081b5&dn=iBoot.zip&tr=udp%3A%2F%2Ftracker.leechers-paradise.org%3A6969&tr=udp%3A%2F%2Fzer0day.ch%3A1337&tr=udp%3A%2F%2Fopen.demonii.com%3A1337&tr=udp%3A%2F%2Ftracker.coppersurfer.tk%3A6969&tr=udp%3A%2F%2Fexodus.desync.com%3A6969

Isaiah Brown
Isaiah Brown

I rarely check archives of cuckchan for a certain thread that never came here, and it's fucking cancer
Any vaguely right wing comment has people whining about muh /pol/

Jason Barnes
Jason Barnes

let's duplicate the future of forums thread
I blame lack of class awareness
We need more manarchists and less discord trannies on the hard left imageboards, otherwise Nazbol is doomed
same with ancaps compared to brownshirts

Andrew Fisher
Andrew Fisher

Is "Shlomo" your first or second name?
/auschwitz/index.html

Carter Flores
Carter Flores

Seriously, Holla Forums has done its best to get rid of that old idea like Shii wrote about
Explain? I've read a bunch of Shii's stuff, but I'm not sure what you're referring to.

Henry Phillips
Henry Phillips

Hey /leftypol/, what if I told you nobody here actually cares about your politics and we all collectively cringe whenever you reveal your power level through posts like this?

Isaiah Butler
Isaiah Butler

DMCA'd.
Does anyone have the sauce?

Jayden Richardson
Jayden Richardson

here u go fam: youtube.com/watch?v=dQw4w9WgXcQ

Cooper Howard
Cooper Howard

Shit, it's been years since I got Rickrolled.

Easton Hall
Easton Hall

alternative download here:

Jose Sanchez
Jose Sanchez

Here's another mirror just for good measure
0xacab.org/sizeofcat/iBoot

good luck getting it to boot after changing it. Secure enclave initiates iboot.
What does that mean? I always thought "secure enclave" is just a marketing buzzword, whats preventing you from modifying this? In what way would you go about it?

The comments are not as sterile and lifeless as i would've thought coming from Apple

Nathan Brooks
Nathan Brooks

While we are on that subject.
I just lost the game

Angel Garcia
Angel Garcia

YOU MOTHERFUCKER

Adam Ward
Adam Ward

It means that those scene groups dedicated to reverse engineering this thing to get in to phone just drowned in an aquarium of their of semen.

Lincoln Cruz
Lincoln Cruz

everyone ITT is a faggot, no exceptions.

Brayden Perez
Brayden Perez

no exceptions
Not even you

Blake Smith
Blake Smith

especially not even me

Adam Collins
Adam Collins

<Someone just posted what experts say is the source code for a core component of the iPhone’s operating system on GitHub, which could pave the way for hackers and security researchers to find vulnerabilities in iOS
But don't open souce cucks claim that open source improves security? They always pretend as if the fact that everyone can find flaws in openly accessible code didn't exist.

Charles Mitchell
Charles Mitchell

And now we have access to flaws that wouldn't exist in open source because they would have been seen and patched :^)

Ian Lewis
Ian Lewis

You do realize that it's WAY easier for one person to plant a needle in a haystack than for a thousand other people to find it? And that's just the tip of the iceberg, I'm not even getting into things like obfuscated or underhanded code etc. Saying that open source is inherently secure because everyone can access the source is like saying that nobody can hide anything in a jungle that anyone can enter and search through. If you deploy an army to scrutinize the jungle you'll sure find it eventually. Except there is no army which constantly scrutinizes all of open source code. It might have been a plausible concept twenty years a go but surely not now when the amount of code has grown by many orders of magnitude and is still growing.
<tl;dr
Open source being a guarantee of secure software is a fallacy. Closed source in the hands of a trusted third party is conceptually much more secure, because no attacker can insert malicious code at will, nor can he find flaws for him to exploit at will (problem is that it's really difficult to find an actually trusthworthy third party these days).

David Clark
David Clark

Easier finding is a two-edged sword but open source also allows much easier fixing of bugs by anyone. Try getting support for your ten-year-old router or operating system, or patching a bug out of a binary blob.

William Nguyen
William Nguyen

# APPS is a shortcut for APPLICATIONS, combine if you're dumb enough to specify both
lmao, this guy is literally berating everyone in the makefile comments

Adrian King
Adrian King

Fellow Dashchan user of good taste

Dylan Watson
Dylan Watson

tomorrow

Adrian Ramirez
Adrian Ramirez

not tomorrow
Keep using Normie, Satan.

Cooper Thompson
Cooper Thompson

RIP in peace the poor bastard who leaked this.
HIS NAME WAS SETH RICH

Robert Gonzalez
Robert Gonzalez

Your argument goes against your own position and relies on untrusted users making changes to a repository without being reviewed. In open source you have control over the repository if you are a part of the team. Untrusted users have to make requests. Everyone can see those requests.
Proprietary software has no way to guarantee it hasn't been back doored. There's no access to the code so you just have to put your trust in someone else who could easily put in hundreds of back doors without you ever knowing. Proprietary software in large companies is worked on by thousands of people typically all code monkeys from India who accidentally or intentionally insert bugs in to the code all the time. This code is rarely reviewed and the important thing is the bottom line if it boots or not.

Asher Nelson
Asher Nelson

Latest Iphone source code release
People within Apple released the most basic code, central to the Iphone's existence, to Github in unencrypted form anyone could read. This is the code the NSA puts their bugs in, and now, no doubt, there are droves of programmers going over the code to reveal exactly how bad it is compromised. The exact operating system the code was for is IOS 9, which is a recent version, but not the latest IOS 11. 9 is probably good enough to tell all.
The media is focusing on how this can be used to jail break phones, but the real issue here (that they would never talk about) is the fact that you can bet foreign governments are combing their way through the Iphone's source code to see exactly where the NSA put their back doors in, and where the back doors might lead to.

This clearly demonstrates the risk companies face when they cooperate with intelligence agencies to produce products that are penetrable for some people, and not others. All it takes is someone who cares about the public more than they care about their job and the deep state to blow the whole thing wide open. Obviously the linked article does not say this will pull the pants off the NSA yet again and instead stays on the sideline talking about jail breaking phones - but who would expect them to tell the public what is really going on with this?

The code that has been released is the exact code that allows them to keep the phone's microphone and camera on when it is turned off. It is the code that will allow the NSA or others to plant "evidence" on your phone, or read everything on it in the background, without you ever noticing. It is the code that will allow them to place specialized software on your phone without you ever knowing or seeing it, in case they want to add features to their spying abilities, such as applications that would cause the phone to continue recording it's location via GPS while you are out of reach of any cell tower, and then, when you are back in reach, send them a map of everywhere you went, what you said, and what you saw. Out of box the phone probably does not have that ability simply because it would be risky when it ate memory space in the phone - astute users might notice, so the NSA would only use such applications in special cases.

Obviously they are not going to tell the public about this in any way that would really allow the public to know what is going on, but they can't stop the Russians, Iranians, and whoever else from getting a boost in their state security.

Apple’s Core iOS Source Code Leaked

iBoot_BootROM_iBSS_iBSS_iLLB_Source_Codes.rar

Apple iOS 9 Source Code.zip (12.84 MB)

anonfiles.cc/file/9cabee76c151557497d038769fec8f04

Jayden James
Jayden James

listen here niggers, if you're on a Mac I'd suggest you put it elsewhere - Linux, Windows, idgaf .. but you know those fucking negroes are going to put some shit in an update to search for this code on your machines.

Jaxon Parker
Jaxon Parker

So would this be good to bypass an iCloud sign in? Found an iPad Mini and getting through the authorization is a bitch.

Grayson White
Grayson White

Apple-iOS-9-Source-Code

github.com/PUNISHMENT-POSSE/Apple-iOS-9-Source-Code

Ryan Green
Ryan Green

Give it back, Jamal.

Matthew Roberts
Matthew Roberts

I cast Ressurection

If I wanted to read and understand what this leaked iBoot is, I would learn Swift and Objective-C and research the tech sheets for devices released with iOS 9?

Michael Jones
Michael Jones

cracks your path

Landon Howard
Landon Howard

Apple and NeXT were pretty good prior to 2006 or so.

After they set the standard for mobile, they just kind of gave up and went 100% into the normie market, kinda like Microsoft but years before.