iBoot Source Code Leaked Again, Now on the Darknet

The tech publication Bleeping Computer has reported that a group calling itself the Dark-Liberty Team has once again made the iBoot source code publicly available, this time on a .onion site in the darknet.

Background of the iBoot Leak

This story began in February 2018, when the iBoot source code was first published on GitHub. iBoot is a critical component of Apple devices, responsible for the trusted boot process of the operating system. In fact, iBoot is one of the first programs to run after a device is powered on (only Boot ROM runs before it). It locates and verifies the kernel, checking for the necessary Apple signatures, and then either hands over control to the kernel or switches the device to recovery mode.

The anonymous source who uploaded the code to GitHub claimed that the source code was from the iOS 9.3.x release, but noted that much of the code was likely still used in iOS 11. The uploader also mentioned that it would not be possible to compile the code due to missing files, but encouraged security experts and enthusiasts to study iBoot for vulnerabilities.

Apple’s Response and the DMCA Takedown

Although experts were initially skeptical about the leak, it soon became clear that the source code was authentic. Apple quickly filed a DMCA (Digital Millennium Copyright Act) complaint, after which GitHub promptly removed the disputed content.

The Darknet Publication and Its Peculiarities

As mentioned above, the iBoot source code has now been published on the darknet. However, experts have pointed out that the method of publication is rather odd: the download link leads to the MediaFire file hosting service. While Apple cannot easily file a DMCA complaint against a .onion site, they can likely have the file removed from MediaFire without much trouble.

Apple’s Official Statement

It’s worth noting that, back in early February, Apple representatives stated that this code leak should not be given too much importance:

“It appears the leak involved old, three-year-old source code, but the security of our products does not depend on the secrecy of source code. Our solutions include multiple layers of hardware and software security, and we always encourage our users to update to the latest software and take advantage of the most up-to-date protections.”