Weapons-grade KEXT loading and unprofessional competition

Yesterday evening a link was shared on Twitter that lead to a posting in a forum on OS X and iOS internals. The posting contained a question about kernel extension (KEXT) loading on the iOS platform. The answer was more or less that iOS is a very locked down platform and trying to load a KEXT will result in the kernel erroring out with the message that the feature is unimplemented. So far so good. But the answer continued to claim that software bringing KEXT loading back to iOS would be weapons-grade/0-day caliber.

B) You can patch back the kextloading portion. But that’s a bit out of scope for this answer (not to mention weapon-grade/0-day caliber, so you’ll excuse for keeping quiet on this)

This kind of answer is bad, really bad. We are living in times were security research is threatened by export regulations that try to classify every day work objects of security researchers as dual-use or weapons technology. In these times we really cannot have people running around claiming that even loading a kernel extension to add new features to a running kernel is weapons technology. So naturally I was tweeting about this with the well deserved #WTF hash-tag.

What happens next could be best described as an all out attack from the Twitter Account @Technologeeks that is the company account of Jonathan Levin who wrote the forum posting. It started with a slandering tweet claiming that I would only share information for money and then would whine if people actually make use of that info.

At least he GETS a response. That’s more than “I kn0w, will teach y0u f0r $$$, and y0u can never use it 0r I will whine incessantly”

The ironical thing here is that when this initial unprovoked attack from @Technologeeks happened the guy who originally asked the question about KEXT loading already had an answer from me, because he asked me the same question by e-mail. He also had access to the iOS kext loader that I use in my trainings for debugging purposes, etc. Anyway the proper response for this all out attack on me from a competing company (they also sell OS X trainings) was to call the person a jerk.

What happened next was even more surreal. The @technologeeks Twitter account immediately invoked Godwins law and switched to nazi-slang by saying:

All Hail Esser!B)u r l33t.We (and everyone)sucks.All vulns/0days (c) über alle! So quit following us(&try to be a bit polite)

As a german this is not surprising, because sooner or later in an internet discussion someone will bring up nazis or nazi terminology to describe “germans”. Anyway at this point I was more or less explaining that people should be aware that these attacks were coming from a company that also offers OS X trainings. So these attacks were coming from a direct competitor.

At this point I was not really interested in this nonsense anymore until I was made aware of Jonathan Levin continuing the attacks in his private forum, as you can read here:

Responding to that with “#WTF” as he did, and then calling me (via our team handle) a “jerk” (in an apparently by now deleted tweet) is childish and insulting, and so the reaction was harsh. When Mr. Esser accused us further of slandering him and stealing his courses, which is an outright *lie* (there was not a single tweet to that extent or anything which even mentioned him up to this morning) , the situation escalated further. It’s one thing to behave in a rude, childish manner. It’s quite another to spread lies.

But let it be perfectly clear – Our methods @Technologeeks are pure, and we never once tried to denigrate, steal customers, steal material, slander him, or any of the propaganda and entirely false accusations that he is spreading to his devout throng of followers. Heck, I never even met the guy (and not sure I want to after this!).

This statement is outrageous and I am only writing this blog post here at all, because the Twitter account keeps repeating similar nonsense over and over again.

  • the tweet in which I called the person attacking me a jerk was never deleted – and why would I
  • at no point in time anyone accused them of stealing our courses – this is a made up story to make me look bad
  • it is slander to claim attendees of our trainings are not allowed to use what they learn
  • when this kind of slander comes from the competition I will defend myself against it
  • there is nothing “pure” in your methods when you accuse your competition of things that never happened
  • and it is just bad bad taste and makes you a horrible human being when you use nazi terminology to attack someone who disagrees with you

Anyway all of this blog posting would not have been necessary if Jonathan Levin had handled the unprofessional behaviour of whoever is in charge of the @Technologeeks account and had actually extended a real apology that is not wrapped into more wrong claims. Also instead of just shutting up, they keep pointing the finger in my direction on their Twitter account.

So long. I wish you all a nice weekend and I will announce some new OS X and iOS kernel  internals for security researcher training very soon.