<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Sat, Mar 19, 2016 at 7:04 AM, Henry Baker <span dir="ltr"><<a href="mailto:hbaker1@pipeline.com" target="_blank">hbaker1@pipeline.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><span class="">At 03:45 PM 3/18/2016, Michael Kjörling wrote:<br>
>And of course, the presence of any "fiddlable" sections implies that there is data in the firmware that doesn't really do anything at all.<br>
><br>
>You can't go around flipping bits in highly specific machine code or even data used by it and expect nothing to happen; it has to be a portion that just sits around unused</span></blockquote><div>..... </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
BTW, the hash *includes* the hash of the previous firmware, so neither Apple -- nor anyone else -- can develop multiple firmwares in *parallel*.<br></blockquote><div><br>Some layers of crypto, checksums and integrity may have been overlooked in this Applesauce, iTunes.</div><div><br></div><div>In the case of Apple I suspect there are two perhaps three checksums to give attention to.<br>There is the hardware set of keys in the phone that allow the hardware to load the bits and decrypt</div><div>the data in question. This is the last step and if buggered the data is lost. Then there are</div><div>OS integrity bit checks to verify the system and trigger a reload ASAP from the mother ship.<br>These may make fiddling idle bits an unworkable strategy for additional hacks. </div><div>The overlooked third set involves the external tool to load the bits that may involve multiple checks and signatures. </div><div>In this case iTunes would be the tool to load the new software, I assume an OTA download is </div><div>out of the question ;-) iTunes downloads and checks the image in ways that iTunes knows and </div><div>ways that are not documented in the public phone security model documentation. </div><div><br>Google quickly found <a href="http://foo.com">foo.com</a><br>"In its earnings report, Apple showed that its "Services" division -- made </div><div>up of the iTunes Store, App Store, and Apple Pay -- increased revenue </div><div>by 9% year over year to $5 billion".<span style="font-size:16px;line-height:19.2px"><br></span><br>So one component of the ask is to compromise or modify a version of iTunes to allow a</div><div>side loaded binary file to be accepted, identified as newer than and pass download</div><div>related unpack checks and signatures.<br><br>iTunes can modify software on all Apple portable devices (iPhones, iPads, iPod,</div><div>all except the MACs).<br><br>Given that iTunes is a 5 billion dollar revenue stream, it is also an equal or larger cash</div><div>flow issue to the movie and music industry.</div><div><br></div><div>If this is not the definition of unreasonable I am curious where the line to unreasonable</div><div>lives. </div><div><br></div><div>From my bleacher seat, this seems punitive in an extra legal way. <br><br>One observation is the bigger boys like Apple have seen departmental</div><div>budgets grow as law enforcement and FISA warrants are serviced. Secrets </div><div>like these make it difficult or impossible for executive and necessary corporate </div><div>oversight. I suspect the internals of global law enforcement related services are largely</div><div>invisible to auditors and fiscal oversight. Trust me the bill is <$XXXXXXXXXXXXXX.00></div><div><br></div><div>So simply fiddling some bits in an object to satisfy a check sum check seems insufficient.<br><br>Interesting...</div><div><br><br></div><div><br></div></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"> T o m M i t c h e l l</div></div>
</div></div>