Closed maurolacy closed 3 years ago
Thanks for the patch. I wonder if this will have any security implications that we care about? Perhaps we've already lost by trusting Apple with the firmware in the first place? What do you think?
Thanks for the patch. I wonder if this will have any security implications that we care about? Perhaps we've already lost by trusting Apple with the firmware in the first place? What do you think?
What we have to evaluate is if trusting Apple is better that trusting a malicious third party... mmm :-).
In any case, if you decide to remove the -k
, please remove the -s
too. Silent mode is not a good idea... it took me hours to realise there was a problem with the certs. The silent failure made me manually download the full archive using the browser, and start fiddling with the various compression and encapsulation formats... I learned a bit about Apple's twisted formats, but I must say that it wasn't a very useful or productive use of my time.
The way you managed to bypass all those silly encapsulations and just download, extract and convert the relevant part is impressive, by the way.
Thanks for the patch. I wonder if this will have any security implications that we care about? Perhaps we've already lost by trusting Apple with the firmware in the first place? What do you think?
What we have to evaluate is if trusting Apple is better that trusting a malicious third party... mmm :-).
In any case, if you decide to remove the
-k
, please remove the-s
too. Silent mode is not a good idea... it took me hours to realise there was a problem with the certs. The silent failure made me manually download the full archive using the browser, and start fiddling with the various compression and encapsulation formats... I learned a bit about Apple's twisted formats, but I must say that it's wasn't a very useful or productive use of my time.The way you managed to bypass all those silly encapsulations and just download, extract and convert the relevant part is impressive, by the way.
That was not my idea. I'm equally impressed :)
I'll merge this. Thanks!
Fix curl silently failing (outdated certs).
Support insecure connections, so firmware is downloaded anyway.