I found a pony in Apple’s iBoot source code
The source code for Apple’s bootloader was recently leaked on GitHub. Look what I found in it.
The code has since been removed from GitHub due to a DMCA complaint. iBoot is key component which ensures the devices turn on securely.
Curiously browsing through the code to admire Apple’s engineering I stumbled upon something peculiar.
In the directory
~/apps/EmbeddedIOP/ is a
main.c file. Inside this is a huge character array of hexademical ASCII values. One of the first lines in the
main function prints this array on the screen. Feeling curious to know what the result would be, I wrote a small program to print the array.
Here’s the result. Ta da! It’s a pony.
In case you haven’t read about the leak, here’s a link.
That’s all folks!
Disclaimer: This post was written with good intentions. If you are from Apple and would like me to remove it, please let me know. Thank you.
- ziVA: Zimperium's iOS Video Audio Kernel Exploit - Zimperium Mobile Security Blog
- CVE-2018-4087 PoC: Escaping the sandbox by misleading bluetoothd - Zimperium Mobile Security Blog
- GitHub - prateek147/DVIA-v2: Damn Vulnerable iOS App (DVIA) is an iOS application that is damn vulnerable. Its main goal is to provide a platform to mobile security enthusiasts/professionals or students to test their iOS penetration testing skills in a legal environment. This project is developed and maintained by @prateekg147. The vulnerabilities and solutions covered in this app are tested up to iOS 11. The current version is writen in Swift and has the following vulnerabilities.
- Apple Releases Multiple Security Updates
- New Cold Boot Attack Unlocks Disk Encryption On Nearly All Modern PCs