ADM-201 dump PMP dumps pdf SSCP exam materials CBAP exam sample questions

为什么1970年1月1日会让你的iPhone变砖 – 译学馆
未登录,请登录后再发表信息
最新评论 (0)
播放视频

为什么1970年1月1日会让你的iPhone变砖

Why 1/1/1970 Bricks Your iPhone

今天我要做个iPhone手机的程序漏洞视频
I wasn’t going to do another video about iPhone bugs,
传的沸沸扬扬的1970年失灵很有趣
but the 1970 glitch that’s been going round is interesting —
因为这很可能是一个我之前没有做过的发现 总之
because it’s probably a type of exploit I haven’t covered before. In short:
它其实就是Unix时间戳造成的一个整数下溢问题
it is almost certainly an integer underflow caused by the Unix epoch.
如果你明白这些术语 你也就不用看这个视频了
And if you understand those terms, you don’t need this video.
其他人系好安全带 我们要开车了
Everyone else: buckle up, ‘cos here we go.
对于电脑来说1970年的1月1号是个特殊的日子 回到上世纪70年代
January 1, 1970 is a special day for computers. Back in the 70s,
Unix系统和其分支系统才刚刚被设计出来
when the UNIX system and all its friends were being originally designed,
程序员需要用一种简单的方式来表达日期和时间
the programmers needed a simple way to represent dates and times,
然而他们从没处理过这种尴尬的人造事物 像天数 小时和分钟
without having to deal with all those awkward human things like days and hours and minutes.
他们需要一个会自己计算日期的时钟
They just needed a ticking clock that it was easy to do arithmetic on.
最简单的就是用一个整数
And the simplest way to do that is just a number, an integer,
来代表从1970年1月1号开始流逝的时间
representing how many seconds had elapsed since January 1, 1970.
我们现在仍旧在使用这个方法
And we’re still using that. All over the place,
基本上每台电脑都是这样的设定
in pretty much every computer everywhere.
一般来说 这是储存日期和时间最好的办法
It’s generally the best way to store dates and times,
因为它忽略了时区和会刺激人类的事物
because it ignores time zones and irritating human things like that.
我之前做过这样的视频 所以我不会详述
Now, I’ve done videos about it before, so I won’t dwell on it,
但你所需知道的是
but all you need to know for this is that midnight
1970年1月1号的开始那个午夜——
at the start of January 1, 1970 —
这个日期数值是0
the date in question — is zero.
那是事情原因的第一个线索 第二个线索:
That’s the first clue to what’s going on. Clue number two:
这只发生在现在的64位的iPhone手机上
it only happens on modern, 64-bit iPhones.
64位指的是数字是如何储存在数字处理器上的
Now 64-bit refers to how numbers are stored on the processor.
你现在用的是64位二进制
You’ve got 64 binary digits to play with,
而以前是用32位二进制
instead of the old 32, which means you can…
因此你可以处理更大额的数字
well, you can deal with bigger numbers,
用最基本的处理器等级
down at the really basic processor level,
不需要用很复杂的编程技巧
without having to resort to fancy programming tricks.
这改变了手机和它的操作系统模式
Changing the phone, and its operating system,
然而从32位二进制系统到64位二进制系统需要很大的努力
from that old 32-bit system to 64 requires some work, though,
所以两者在代码上还是有细微差异的
so there’ll be subtle differences in the code between the two.
然后 在某个地方 就出现漏洞了
And somewhere, this bug slipped in.
向你展示64位二进制有点棘手
Now, showing you 64 bits on screen is a bit tricky,
所以我会用4进制来演示这是怎么工作的
so let’s just use four bits to demonstrate how this works.
0000是0
0000 is 0.
然后你用二进制总计
Then you count up in base 2, in binary,
1234 直到15
1, 2, 3, 4, until you get to 15.
4进制可以储存大量的数字
Biggest number you can store in four bits.
你不能比那个数得更多
You can not count higher than that.
但如果你这么做了 会发生什么呢?
But what happens if you try? Well,
然后就会产生所谓的整数溢出
then you get what’s called an integer overflow.
过了15,数又变为0了。(4位的二进制只能存储0到15这16个数,16的二进制为10000)
After 15 comes… 0.
它转了一圈又回到了原点 像一个
It wraps round and you start again, like an old,
汽车上一个老式类似情况的里程表
analogue odometer on a car. Now,
如果你只有4进制 当然
if you’ve only got four bits, sure,
那有一个问题 :如果你到了六十四进制
that’s going to be a problem: if you’ve got 64, well,
你会遇到麻烦了
you’re only going to get into trouble
当你数过了1500万的3次方 它可能是完好的
when you’ve counted up past 15 quintillion. It’ll probably be fine.
除非 如果你给可以存储的最大数字加一
Except. If the largest number you can store, plus one,
回到了零……
comes back as zero…
如果你用0-1得到了什么
what do you get if you do zero minus one?
嗯,那就被叫做整数的下溢。
Well, that’s called an integer underflow.
你不能再这种格式中存储(表示)负数
You can’t store negative numbers in this format.
如果你让数字小于零 你不会得到-1
If you can drop the number below 0, you won’t end up with -1,
最终它绕了一圈得到它的最大值
you’ll end up with it wrapping around to its maximum value.
这是为什么在视频游戏文明的最初版本中
That’s why, in the original version of the video game Civilisation,
Gandhi是个dick
Gandhi was a dick.
他以一个冒犯性的分数 一 开始
He started out with an aggression score of 1.
而在游戏中 它减了更多
And later in the game, it’d drop further,
而没有人编写程序检查它减到了零以下
and no-one wrote code to check it didn’t drop below zero.
所以反而它转了一圈到了可能的最大值
So instead, it wrapped around, became the maximum possible,
所以突然甘地向所有人宣战了
and suddenly Gandhi started declaring war on everyone.
谢天谢地只是在视频游戏中
Thankfully, only in a video game.
现在有一个这样的版本允许负数
Now. There is a version of this format where negative numbers are allowed,
但如果苹果用了它 好
but if Apple were using that, well,
他们可能没有这种问题
they probably wouldn’t have this problem.
毕竟你为什么要有一个负数时间值呢
After all, why would you ever have a negative time value?
不可能有任何人打算
It’s not like anyone’s ever going to do something like
将他们的iPhone时间调到1970年以前
set their iPhone clock back to earlier than 1970(!)
然后你会注意到你其实不能
And you’ll note that you actually can’t.
如果你转回来
If you scroll all the way back,
日历停在了1970年1月1日的零点
the calendar stops at January 1, 1970, at zero,
因为苹果设计人员不允许
because someone at Apple went,
那是个坏主意
no, hang on. That’s a bad idea.
那会造成一个问题
That could cause a problem.
所以他们设置了Unix时间 就像他所称的 零点
So they set the Unix epoch, as it’s called, the zero time,
作为界限
as the limit.
但如果你把你的手机时间调到接近零点的时候
But if you do set you phone’s time to near zero,
编码中的某些地方 有一个检查机制
then somewhere else in the code, there’s a check —
可能它试着进行电池时间计算
maybe it tries to do a battery time calculation,
可能它只是计算最后一次唤醒是什么时候
maybe it just runs the math on when the last call was, or…
好吧 它现在是没有人知道的
well, it’s something that no-one’s worked out yet.
但是不管那个检查机制是怎么工作
But whatever that check does,
他在1970年1月1日之前的一个时间就停止了
it ends up with a time before January 1, 1970,
那应该是一个副整数
which just should be a negative integer…
除非它不是
except it’s not.
它绕了一整圈
It’s wrapped all the way round,
它给了你比宇宙预期寿命
it’s giving you a date twenty times longer
长出20倍的数据
than the expected lifespan of the universe.
而且我怀疑它可能不会一直那样显示数据
And I suspect it may not deal with displaying that date all that well.
但无论它怎么样 他产生了一般称为“非法行为”
But whatever it is, it causes what’s formally known as ‘undocumented behaviour’
私下里叫做死机
and informally known as a crash.
现在我该说 像我经常尝试
Now, I should say that, like always when I try and
并毁掉一个苹果产品的bug时 这是我的推测:
break down a bug in an Apple product, this is speculation:
他们不可能曾经证明究竟什么会发生
it’s unlikely they’ll ever confirm exactly what happened,
而可能比这个更狡猾一点
and it was probably a bit more subtle than this.
而有另一种二进制整数——
And there is another type of binary integer —
叫做带符号整数——
it’s called a signed integer —
可以处理负数
that does handle negative numbers…
但那是另一个故事了
but that’s a story for another time.
甚至这不是导致它的具体原因
Even if this isn’t exactly what caused it?
好吧 希望这会阻止你不要犯同样错误
Well, hopefully it’ll stop you making the same mistake
在你今后的编程中
in your code in future.
谢谢 我只是做了点微小的工作
[Translating these subtitles? Add your name here!]

发表评论

译制信息
视频概述
听录译者

收集自网络

翻译译者

收集自网络

审核员

自动通过审核

视频来源

https://www.youtube.com/watch?v=MVI87HzfskQ

相关推荐