Categories
Developer Hacks iOS iPad iPhone News security Software

iOS’ “iBoot” component leaked to GitHub, quickly pulled by Apple

Apple, and its legal department, do not like it when you leak source code for core components of iOS on GitHub.

This is exactly what happened, as a chunk of source code, labeled “iBoot”, which is the part of iOS that is responsible for ensuring a trusted boot of the operating system, found its way onto GitHub. In other words, it’s the program that loads iOS, the very first process that runs when you turn on your iPhone. It loads and verifies the kernel is properly signed by Apple and then executes it, much the same way that a BIOS would function.

The code says it’s for iOS 9, an older version of the operating system, but portions of it are likely to still be used in iOS 11.


Apple has traditionally been reluctant to release its source code to the public and has taken steps to keep iBoot secure and its code private. Where hackers and security researchers are concerned, bugs in the boot process are the most valuable ones if reported to Apple through its bounty program and can net a max payment of $200,000 if discovered and reported.

“This is the biggest leak in history,” Jonathan Levin, the author of a series of books on iOS and Mac OSX internals, stated in an online chat, referring to Apple’s history. “It’s a huge deal.”

The iBoot code itself is valuable in that it could be reverse engineered to run on iOS devices, thereby opening up entirely new cans of worms Apple doesn’t want to deal with. Where security is concerned, having the iBoot code out in public could allow security researchers to find vulnerabilities while hackers could have an easier time finding flaws and bugs that could allow them to crack or decrypt an iPhone. The leak could eventually allow advanced programmers to emulate iOS on non-Apple platforms.

In the past, vulnerabilities in previous versions of iBoot allowed the hacking and jailbreaking communities to use brute-force techniques to bypass the iPhone’s lock screen and decrypt user data. Newer iPhones feature a chip known as the “Secure Enclave Processor”, which has made such techniques harder to perform.

This source code first surfaced last year, posted by a Reddit user called “apple_internals” on the Jailbreak subreddit. That post didn’t get much attention since the user was new and didn’t have enough Reddit karma; the post was quickly buried. Its new availability on GitHub means it’s likely circulating widely in the underground jailbreaking community and in iOS hacking circles.

Stay tuned for additional details as they become available.

Via Motherboard, GitHub and Reddit