The source code of the Apple iOS iBoot Bootloader leaked online

Pierluigi Paganini February 09, 2018

The source code for Apple iOS iBoot secure bootloader has been leaked to GitHub, now we will try to understand why this component is so important for the iOS architecture.

The iBoot is the component loaded in the early stages of the boot sequence and it is tasked with loading the kernel, it is stored in a boot ROM chip.

“This is the first step in the chain of trust where each step ensures that the next is signed by Apple.” states Apple describing the iBoot.

The leaked code is related to iOS 9, but experts believe it could still present in the latest iOS 11.

Apple promptly reacted to the data leak asking to remove the content for a violation of the Digital Millennium Copyright Act (DMCA).

“This repository is currently disabled due to a DMCA takedown notice. We have disabled public access to the repository. The notice has been publicly posted.” reads the notice on the GitHub repository.

“Reproduction of Apple’s “iBoot” source code, which is responsible for ensuring trusted boot operation of Apple’s iOS software. The “iBoot” source code is proprietary and it includes Apple’s copyright notice. It is not open-source.”

iBoot dala leak

The data leak is considered very dangerous because hackers and security experts can analyze the code searching for security vulnerabilities that could be triggered to compromise the iBoot.

Even is the code cannot be modified, the exploit of a flaw could allow loading other components compromising the overall security of the architecture.

The boot sequence is:

Bootrom → Low Level Bootloader → iBoot → Device tree → Kernel.

The Jailbreak consists of compromising one of the above phases, typically the kernel one.

Newer iPhones have an ARM-based coprocessor that enhances iOS security, so-called Secure Enclave Processor, it makes impossible the access to the code to conduct reverse engineering of the code.

But now the iBoot code has been leaked online and experts can analyze it.

The jailbreak could allow removing security restrictions making it possible to install third-party software and packages, also code that is not authorized by Apple and therefore not signed by the IT giant.

Compromising the iBoot could theoretically allow loading any malicious code in the boot phase or a tainted kernel.

Apple tried to downplay the issue saying that it implements a layered model of security

“Old source code from three years ago appears to have been leaked, but by design the security of our products doesn’t depend on the secrecy of our source code. There are many layers of hardware and software protections built into our products, and we always encourage customers to update to the newest software releases to benefit from the latest protection,” reads a statement issued by Apple.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – iBoot, Apple)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment