Sunday, July 13, 2008

iPhone Dev-Team Says Geohot Using Stolen Code

The iPhone Dev-Team says Geohot is using stolen code to provoke them into an early release of PwnageTool.

In a lengthy posting on why its best not to rush the release of the jailbreak the iPhone Dev-Team writes that Geohot was kicked off the team for not abiding by their rules. Apparently, Geohots first hardware hack was a result of some of their tools. Now they believe one of their team members has leaked a copy of their exploit to Geohot and that George is using the exploit to provoke them into releasing PwnageTool.

Read More

Over the last year we’ve discovered some interesting things about the software used in the iPhone. These “hacks” , “exploits” and “techniques”, or whatever you want to call them, are valuable - not only from a financial perspective (so scummy people can sell unlocking software) but also from a strategic point of view. Think of it like a game of poker, showing your hand too early would certainly make you lose “the game”.

The majority of iPhone users are not technical - they want an easy, one-stop, simple application that will allow them to quickly and painlessly unlock their phone. If we were to release a crummy command-line based tool that does the immediate job that everyone is screaming for, we’d only end up in the following situation:

1) The technique is released to the world and people use this technique to quickly create GUI apps that they charge cash-money for, or re-release something hacky and horrible that bricks lots of devices, or for example disables the WiFi that then causes more stress that ultimately comes back to us

2) The technique is exposed to the vendor, allowing them to locate and repair the security hole. Sometimes these security holes span product versions, for example: between the first generation and second generation iPhone. In such a case releasing the knowledge in the middle of the product development cycle is pointless and risks the “usefulness” of the technique - especially if there are existing hacks/techniques that work just fine.

The iPhone DevTeam is comprised of a group of people who work together over IRC from various parts of the world. This distributed method of working happens 24 hours a day with people performing tasks in the time that best suits their time-zones. It is a completely self-managing, self-regulating and member-funded organization. Most of us have never met face-to-face and we rarely know real names - in fact, we would more than likely not recognize each other if we walk past one another on the street. Despite this we follow a strict “hacker code”: ground rules by which we all abide.

Perhaps the foremost of these rules is management of knowledge. We keep certain information private, restricted to members of the team only (to help with points 1 and 2 above), and members are entrusted to make sure this secrecy is consistently enforced. This makes the team. Only when there is a majority vote from the team do we make any announcement or release.

So now we come onto Geohot, the self appointed media frontman for last year’s iPhone hacks. Geohot actually worked with us a month or so before the media-circus that he led. Geohot is certainly a bright guy, but he couldn’t abide by rules that I described in the last paragraph and because of this he was asked to leave the team. Of course like any hacker Geohot continued on for his goal.

Using some of our techniques and tools (and some of his) and using his own brain power (and that of an unnamed Russian) he was able to release his hardware hack and demonstrate the first unlocked iPhone to the world, he has also demonstrated other things during the last year and some of those releases have helped us with our work.

We thought that Geohot would have matured somewhat in the last year, but this clearly isn’t the case, as sadly one of the team members has leaked a copy of our exploit to Geohot and he is now using this to provoke us into making an early release :-(

So finally, just in case some of you were wondering, we’re not sitting on this tool because we’re full of ourselves or stuck up our own asses. We’re not sitting on it cause we like to see you writhe. We are testing it to make sure it’s as glitch-free as we can make it. We want to avoid releasing something that turns expensive phones into pretty looking paperweights. Don’t you agree it’s worth the wait?

If others want to feel like they’re in control by posting all-knowing entries on their blogs, we can’t stop that, but the new PwnageTool will be released when it’s ready, and not a moment later.

No comments: