In astonishing turn of events code for iBoot, the part of iOS that is responsible for ensuring a trusted boot of the OS has been posted on GitHub. MotherBoard, which first reported about the code dubs iBoot the iPhone’s BIOS that is essentially the very first process that runs when you turn on the iPhone or iPad.
The posting of this code on a public forum is a significant event, as it can lead both hackers and researchers to find vulnerabilities in iOS and even help in making iOS jailbreaks of current and future iOS versions possible. The code in question belongs to iOS 9 however researchers believe that many portions of this code are in use today and are still part of iOS 11.
Apple takes the security of iBoot code very seriously and has not shared it with public. In fact the Apple’s bounty program offers a maximum payment of $200,000 to researchers and white hat hackers who discover and report bugs related to this particular part of iOS.
This is the SRC for 9.x. Even though you can’t compile it due to missing files, you can mess with the source code and find vulnerabilities as a security researcher. It also contains the bootrom source code for certain devices…
— Apple External (@Apple_External) February 6, 2018
There are doubts about the legitimacy of this code, however Jonathan Levin who has published several books on iOS and macOS internals believes it is legit and this leak is a ‘huge deal’. He notes that this does appear to be the real iBoot code as it aligns with the code he has reverse engineered himself. MotherBoard confirmed with another unnamed security researcher who also believes in the legitimacy of the code.
While this leak can be helpful in finding exploits and development of the jailbreak, it can also pave the way for programmers to emulate iOS on non-Apple hardware.