April 01, 2016
MPE source code ID'ed as key to encryption
In a news item that appeared in our inbox early this morning, the researchers at the website darkstuff.com report they have identified the key algorithm for iPhone cracking software to be code from the 1980 release of Q-MIT, a version of MPE. The iPhone seized as part of an FBI investigation was finally cracked this week. But the US government agency only reported that an outside party provided the needed tool, after Apple refused to build such software.
The specific identity of the third party firm has been clouded in secrecy. But the DarkStuff experts say they've done a reverse trace of the signature packets from the FBI notice uploaded to CERT and found links that identify Software House, a firm incorporated in the 1980s which purchased open market source code for MPE V. The bankruptcy trustee of Software House, when contacted for confirmation, would not admit or deny the company's involvement in the iPhone hack.
A terse statement shared with the NewsWire simply said, "Millions of lines of SPL make up MPE, and this code was sold legally to Software House. The software does many things, including operations far ahead of their time." HP sold MPE V source for $500 for the early part of the 1980s, but 3000 customers could never get the vendor to do the same for MPE/iX.
Lore in the 3000 community points to D. David Brown, an MPE guru who ran a consulting business for clients off the grid and off the books, as the leading light to developing the key. An MPE expert who recently helped in the simh emulation of Classic HP 3000s confirmed that Brown's work used HP engineering of the time in a way the vendor never intended. Simh only creates a virtualized CISC HP 3000 running under Linux, so MPE V is the only OS that can be used in simh.
"Lots of commented-out code in there," said the MPE expert, who didn't want to be named for this story. "Parts of MPE got written during the era of phone hacking. Those guys were true rebels, and I mean in a 2600-style of ethics. It's possible that Brown just stumbled on this while he was looking for DEL/3000 stubs in MPE."
The FBI reported this week that its third party also plans to utilize the iPhone cracker in two other cases that are still under investigation. Air-gapped protocols were apparently needed to make the MPE source able to scour the iPhone's contents, using a NAND overwrite. The air gapping pointed the DarkStuff experts toward the HP 3000, a server whose initial MPE designs were years ahead of state-of-the art engineering. "Heck, the whole HP 3000 was air-gapped for the first half of its MPE life," said Winston Rather at DarkMatter. "It's a clever choice, hiding the key in plain sight."
Use our search engine to find 20 years
of HP 3000 news and articles
The comments to this entry are closed.