|Home » Industry Watch
Apple Locking Down 10.15?
As yet unconfirmed but...
ISENGAARD (Rixstep) — It's as yet unconfirmed, but someone 'in the know' is reporting - and waiting on confirmation - that Apple plan to lock down their desktop OS for version 10.15 later this year.
Specifically, that 10.15 will require a developer ID certificate. And that there'll be no way around it anymore.
Mac Developer Program Update
On 24 April 2010 - nine years ago - we published 'Mac Developer Program Update', a ruse to force Steve Jobs to allay suspicion that he was planning to do just that.
And it worked.
Earlier research had made it patently clear that so-called 'code-signing' was a bluff on the desktop: that, despite the orneriness of the launch services, it was child's play to remove references to cryptographic seals in the executable headers, enabling the software to run anywhere. Steve had been known to lie on occasion, but the guess was he wouldn't want to lie about this.
And he didn't. But his successors don't seem to care as much.
Already in his tenure, we've seen Apple brazenly go for a 30% cut on sales ('but we leave 70% to you') and prior approval to get anything up and running on their mobile devices. And their mobile kernel does insist on cryptographic seals.
This is of course untenable. But you'll never hear a fanboy complain. They'll gleefully debate the pros and cons of a new rule, but they will never question the idea of the rules themselves. Heaven forbid.
Apple's platforms are no longer free. Steve argued this with customers, saying that his rules gave customers freedom from stuff, whilst the others insisted they had a right to a freedom to stuff. Most famously, Mark Pilgrim lamented in his famous screed 'Tinkerer's Sunset'.
'Once upon a time, Apple made the machines that made me who I am. I became who I am by tinkering. Now it seems they're doing everything in their power to stop my kids from finding that sense of wonder. Apple declared war on the tinkerers of the world.'
Yet since at least 18 February 2009, the pieces have been moving on the chessboard. The iPhone was announced in early 2007. Three successive point updates revealed, through the never-ending crash logs, that everything was running as root, with the two passwords 'alpine' and 'dottie'. Then suddenly things changed with point update #4, and so here we are today.
Again, the revelation is simple: an executable can't object to a flawed seal if it doesn't know it's there. And automating the process described here will always work - unless the OS kernel (the application launcher) insists on finding a valid seal beforehand.
Which of course Steve Jobs wouldn't permit. But that was then and this is now.
Apple declared war on the tinkerers of the world.
- Mark Pilgrim
Given adequate preparation and linkage editing tools, it should be possible to remove code-signing from any Apple executable with the greatest of ease. And given the fact that someone made this code-sign tool to add gunk to binaries, it should follow that someone can create a tool that removes it.
- Rixstep Forum 18 February 2009
Just don't forget that Steve Jobs denied it all. He gave you his word. And you trusted him, didn't you?
- 'The Steve Gambit' 20 October 2010
The Steve Gambit
Hacking Code Sign
Mac Developer Program Update
Stockholm/London-based Rixstep are a constellation of programmers and support staff from Radsoft Laboratories who tired of Windows vulnerabilities, Linux driver issues, and cursing x86 hardware all day long. Rixstep have many years of experience behind their efforts, with teaching and consulting credentials from the likes of British Aerospace, General Electric, Lockheed Martin, Lloyds TSB, SAAB Defence Systems, British Broadcasting Corporation, Barclays Bank, IBM, Microsoft, and Sony/Ericsson.
Rixstep and Radsoft products are or have been in use by Sweden's Royal Mail, Sony/Ericsson, the US Department of Defense, the offices of the US Supreme Court, the Government of Western Australia, the German Federal Police, Verizon Wireless, Los Alamos National Laboratory, Microsoft Corporation, the New York Times, Apple Inc, Oxford University, and hundreds of research institutes around the globe. See here.
All Content and Software Copyright © Rixstep. All Rights Reserved.