No real reason that I could see, although to be fair the video does have subtitles meaning I could watch it without headphones. Or, y’know, read it. Like a news article.
This does not brick your iPhone. It makes it temporarily unusable as it was originally designed but it does not brick your iPhone. Bricking a device implies becoming permanently unusable.
Basically, all dates are electronically stored as the number of seconds since the epoch (1/1/70). Unsigned integers can only be positive, so if you try and calculate a negative integer (without catching it in your code), it wraps round to the maximum value, which for a 64-bit integer is large, to put it mildly.
The video doesn’t explain (or know) why this happened but assuming some calculation involving the current system time, they end up with the year 292277026596 (according to the video). The video also doesn’t explain/know why this crashes the system but apparently it does.
1 Like
iPhones default to syncing against cellular, not NTP. But if someone set it to use time.apple.com then you could use DNS poisoning and send an evil response from a malicious time.apple.com (assuming the user turned on NTP and didn’t change it to their preferred NTP pool/server). Not sure if the iOS ntp client would ignore a sync that far off from the default (the Mac OS X client would), gently sync, or hop.
3 Likes
From the Apple support page
If you changed the date to May 1970 or earlier and can’t restart your iPhone, iPad, or iPod touch
Manually changing the date to May 1970 or earlier can prevent your iOS device from turning on after a restart.
An upcoming software update will prevent this issue from affecting iOS devices. If you have this issue, contact Apple Support.
It is rather hard to update software on a device that won’t turn on, in this case you need to open the phone to disconnect the battery. It may not be hard to fix but it probably invalidates your warranty, which I can understand some people would not be happy about.
The device fits the definition of being bricked.
2 Likes
I’d say it implies unusable and requiring more complex method of reviving, when the revival is possible. That’s called “unbricking”.
I think the clock that Apple OSes use is based on Apple Epoch time, which is 1/1/2000 UTC, and is represented by a double floating point value in seconds so it handles underflow and overflow quite well, many hundreds of centuries both ways. I believe that the underlying BSD implementation sits on top of this – if you ask for UNIX Epoch time it takes the current Apple time and subtracts 30 years, and converts it to a 64-bit integer.
(There might be an even lower level, kernel based clock which would be a signed 64 bit integer, but would not be susceptible to underflow or overflow)
I have 2 hypotheses of why it crashes: 1. there’s some security feature (cellular authentication?) that requires the clock be set to within a reasonable range of external clocks (cell towers) for “normal” (non-crash) operation. 2. the phone’s calendar daemon attempts to calculate it’s to-do list and chokes on some integer overflow because it wasn’t really designed to calculate the past 40 year’s worth of recurring events.
Signed,
someone who knows just enough about Apple OS internals to make wildly inaccurate statements.
2 Likes
ahhh , yes , there is always reason to assume that users will enter any and all arbitrary dates , and indeed any and all possible numbers and strings and unicode and ascii and ebdic into any field at any time !! of any length !!
1 Like
I thought stratum 0 is defined as non-networked reference time source (say a DCF77 radio clock) and stratum 1 is the lowest (highest?) level reachable via the network.
so @shaddack’s GPS receiver is stratum 0, the arduino connected directly to the receiver stratum 1 and every othe NTP server querying the arduino stratum 2.
3 Likes
Reading ntp.org’s reference (the birthplace of NTP is just a few miles from where I sit) I stand corrected! I forgot (or possibly never noticed) that GPS receivers are considered valid reference clocks. And apparently nowadays you can get rack-mountable atomic clocks on the open market anyway.
When I said canonical stratum zero, I meant the devices that replaced the old Atomichrons at the Naval Surface Warfare Center. I guess that’s no longer a useful distinction, though.
2 Likes
It’s sad that “I’m a scientist and build my own atomic clock” has no stratum 1 identifier in the RFC. I propose MAD.
I was incorrect, too : ) skimming the RFC stratum 0 is defined as “undefined”, as a non-networked time source has no meaning within the constraints of the network time protocol.
3 Likes
No. It’s in the 2U half depth SKB rackmount case along with the DNS and RADIUS servers and the firewall. (It’s my bug-out network. If I have to relocate in a hurry they, and the laptop can be out and gone in under 3 min. Setup takes the same.)
6 Likes
If you’ve compromised a popular DNS there’s a hell of a lot worse you’re going to be doing with it than temporarily disabling iPhones with some lame NTP sploit.
It’s sort of like worrying that a terrorist gang that comes into possession of a cache of automatic weapons will use them to wake people up slightly earlier than they wanted.
6 Likes
Why not both: disable iPhones AND redirect all network traffic to the server(s) of your choosing?
From an evil hacker’s point of view, it’s win-win and twice as fun.
2 Likes
Thank you for that- I still don’t really get it but whatevs, if I’m gonna bend my brain to understand something it’s gonna be how lightguns work on cathode ray tube tellies.
Hey, I still don’t understand how vinyl records work.
The CRT image, when grossly slowed down, is a bright spot traveling the screen (with some considerable afterglow behind that exponentially decays).
Aim a photodiode at a small area of the screen (for simplicity say a small piece of one scan line), and you get a pulse from its output - with timing offset from the vertical sync pulse that equals vertical distance from top, and offset from horizontal sync that equals the distance from the left.
(In reality you get a burst of a few pulses as the optics will see more scanlines than just one.)
Typically there is a spiral groove, with the sound encoded as minor left-right and depth changes (for stereo). The needle travels in the groove, sensors on it (piezo or electromagnetic) are sensing its movements (the inertia of the pickup is holding it in the middle of the groove while the low-mass needle on a cantilever is following the groove including the aberrations that encode the sound). The path differences between the pickup head and the needle are directly taken from the head sensors, amplified (and equalized to correct for the higher frequency attenuation of the recording method), and sent to the speakers.
4 Likes
This topic was automatically closed after 5 days. New replies are no longer allowed.
