圣诞节Antid0te发布将迫使苹果采用ASLR技术

　　之前iPhone中文网曾经发布了一篇文章，讲述的是黑客Stefan Esser将要发布一款基于ASLR技术的安全工具Antid0te，以便提升越狱后iPhone的系统安全性的新闻。现在发布已经提上日程，但并不像传言中的那样在昨天发布，而可能是在圣诞节附近发布，这在他的官方网站antid0te.com上已经有了明确的说明。

　　如果看官对添加ASLR到iPhone感兴趣，可以看一下Stefan Esser发布的PDF说明文档。查看一下MobileSafari使用ASLR技术之后和之前的GDB输出对比。如果本段链接无法打开，还可以在文章最后的下载地址中下载这三个文档（一个PDF，两个txt）。

　　Stefan Esser还在他的网站上给出了一些常识性问题的答案，为方便阅读，现由iPhone中文网小编为您拙译如下：

　　When will it be released?

　　何时发布？

Media wrongly reported an antid0te release date of 14th December. However this date was never announced from my side. Antid0te will be released once it is ready which should be around 24th of December.

　　媒体错误的报道了antid0te的发布时间（12月14日），然而真正的发布时间将在12月24日左右，也就是圣诞节附近。

　　Is it a new jailbreak?

　　这玩意儿是新的越狱吗？

Media wrongly reported that antid0te is a new jailbreak. However this is wrong. Antid0te will be a tool that you can use together with the pwnagetool, redsn0w and maybe greenpois0n jailbreaks.

　　又是媒体错误的报道（恩，起码咱们iPhone中文网没有犯这个错误）。Antid0te是一个越狱后才可以使用的安全工具，可能会与pwnagetool、redsn0w甚至greenpois0n配合使用。

　　Will you burn another exploit?

　　你会使用另外一个漏洞吗？

No! Antid0te will be a tool used with already jailbroken iPhones. So there is no additional exploit used.

　　必须不会！Antid0te是在已经越狱后的iPhone上使用的，所以根本不需要其它的漏洞。

　　What devices and firmware is antid0te compatible to?

　　Antid0te将会适用于什么设备和什么固件？

For now all devices are supported at iOS 4.2.1. iPad 3.x will never be supported. Support for iPhone 4 at iOS 4.1 and iPod 4G at iOS 4.1 should be released, too. There most probably will be no support for iPhone 3G and iPod 2G at anything lower than 4.2.1 because their jailbreak is already untethered.

　　就目前为止，Antid0te将支持iOS 4.2.1固件的所有设备和iPad 3.x固件，支持iPhone 4的iOS 4.1固件和iPod touch 4G的iOS 4.1固件的Antid0te也会发布。支持iPhone 3G和iPod touch 2G的iOS 4.2.1固件以下的Antid0te可能不会发布，因为iPhone 3G和iPod touch 2G已经完美越狱了。

　　Will antid0te make my iPhone unhackable?

　　Antid0te会让iPhone无法破解吗？

There is no such thing as unhackability. Antid0te will add ASLR to your iPhone. ASLR basicly means that the program libraries, the dynamic linker, the program stack and for some selected binaries also the main binary are loaded at different (random) addresses in memory. This makes the process of exploitation a lot harder. In the general case this means that instead of one security hole the attacker needs atleast another security hole that allows him to determine/leak the memory addresses on your iPhone. Therefore antid0te increases the cost (time, money, resources) for an attacker to write a successfull exploit.

　　Antid0te会添加ASLR到iPhone，ASLR意味着程序的库、动态链接、程序堆栈和一些被选择的可执行二元码将使用随机的内存地址。这可能会导致漏洞的使用和挖掘有一定的困难，也就是说以后至少要有一个另外的漏洞才可能执行恶意程序。因此，Antid0te会让黑客们耗费更多的时间、金钱和其它资源。

　　Isn't ASLR broken?

　　ASLR可能被突破吗？

If you have read somewhere (like in the theregister.com article comments) that ASLR is broken and can be easily bypassed, you must know that these comments are written by people that maybe have heard/read some things about exploitation but never attempted to actually write a real world exploit. Among real security researchers these comments usually cause a lot of amusement. It is well known that DEP/NX without ASLR and ASLR without DEP/NX are not optimal protections but in combination they are the best exploit mitigation available at the moment. And the iPhone already has DEP/NX in place, so adding ASLR is about time.

　　如果你在一些网站和评论里面听说ASLR可以轻易被破解，那我打赌你一定没有亲身经历过，至少没有尝试过找到一个真实的漏洞。当然在安全研究砖家的口水仗中经常会有一些主观的评论，关于DEP/NX和ASLR之间不能不说的故事，它们的组合非常不错，至少在目前来讲，是比较牢固的，目前iPhone已经使用了DEP/NX安全技术，所以添加ASLR只是时间问题。

　　Will Antid0te destroy the possibility of future jailbreaks?

　　Antid0te杜绝今后越狱的可能吗？

Well first of all antid0te by itself will be installed AFTER you jailbreak your device, so that it does not affect the jailbreaking process at all. However in the long run the existence of antid0te might trigger Apple to finally add ASLR to factory iPhones. However Apple's current iOS 3/4 design decisions make adding ASLR a not so simple task. Therefore it will take them some time to achieve that. I strongly suspect 2011 to become the year of wide spread mobile phone malware/worms. So Apple will have to add it at some point. However only time will tell. So yes, if antid0te causes a faster ASLR release for factory iPhones it will make jailbreaking harder in the future. However I strongly believe that a more secure factory iPhone is more important than a somewhat easier jailbreaking process.

　　首先，Antid0te是在越狱之后才在系统中安装的，所以他不会影响到任何的越狱进程。但是从长远来看，Antid0te的存在势必会让苹果添加原生的ASLR技术。不过，在苹果的iOS 3和iOS 4中添加ASLR技术并不是一件容易的事情，所以在此之前，还会有一段时间来研究。在2011年随着移动终端的普及一些病毒和木马的爆发也在所难免，所以苹果一定会考虑到这一点，剩余的只有时间问题。

　　所以，我的回答是肯定的。如果Antid0te引发了一轮原生ASLR技术的添加，那么未来iPhone的越狱肯定会更加困难。但正如前面所说的，一部更加安全iPhone难道不比傻瓜式的越狱技术更重要吗？

　　文章中涉及到的资料可以在这里下载：http://dl.dbank.com/c0acaaepkr