[Cryptography] Apple GovtOS/FBiOS & Proof of Work
Henry Baker
hbaker1 at pipeline.com
Sat Mar 19 10:04:14 EDT 2016
At 03:45 PM 3/18/2016, Michael Kjörling wrote:
>And of course, the presence of any "fiddlable" sections implies that there is data in the firmware that doesn't really do anything at all.
>
>You can't go around flipping bits in highly specific machine code or even data used by it and expect nothing to happen; it has to be a portion that just sits around unused.
The way crypto hash functions work is that all bit flips in the input cause bit flips in the output. If not, Bingo! -- you have a collision, and your hash function has to be thrown away.
So all you need is a reasonably long "fiddle" string in the input file somewhere that you flip bits randomly (or some other strategy) until you achieve a hash output that meets the requirements for firmware loading. This fiddle string is still so short as to be negligible compared with the size of the firmware itself.
BTW, the hash *includes* the hash of the previous firmware, so neither Apple -- nor anyone else -- can develop multiple firmwares in *parallel*.
More information about the cryptography
mailing list