[saurik]

It is a lot of work, but I wouldn't say it is exactly difficult... I never bothered to automate it, and so I didn't finish the one I was doing, but I was under the impression that Pod2G's team (which used a photo of me doing it a bit on a blackboard in their presentation) did, however?

https://blog.quarkslab.com/resources/2013-10-17_imessage-pri...

You just don't need to is the thing (if you are in a position to not care about copyright law; I did care, sadly): you can almost always just lift the code--with all its obfuscation intact--and run it in isolation on your input, which more directly undermines the entire premise of the technique.

[astrange]

That presentation seems confused since PRISM is not "a mass surveillance program" or "an alliance with American firms", it's a database the government puts the results of subpoenas in. Of course, the protocol is still weak to an evil key server.

Well, the obfustication is still pretty good if it's 9 years ahead of attacks.

[mlyle]

> That presentation seems confused since PRISM is not "a mass surveillance program" or "an alliance with American firms", it's a database the government puts the results of subpoenas in.

I feel like this is a terrible mischaracterization of PRISM, even if it is almost true. The NSA deployed hardware (following demand letters) to service providers and collected large swaths of traffic based on various types of keyword and attribute matches. This was then put in a big searchable database.

[astrange]

That's XKeyscore, not PRISM (sorry that sounds like a nitpick…). But no NSA program ever involved secret cooperation from Apple or Google; that's why they were spying on Google datacenter traffic by tapping it. Why telecom companies did cooperate seems like a cultural question.

(Remember they both said explicitly said they never cooperated, and it's illegal for companies to lie to you, or for the government to make them lie to you. If they were lying, you can sue them for securities fraud. They can refuse to answer questions, of course, which is the usual approach when they don't want to talk about something, but that's quite different from explicit denials.)

[mlyle]

https://upload.wikimedia.org/wikipedia/commons/d/d9/Prism-sl...

> But no NSA program ever involved secret cooperation from Apple or Google

This isn't true. PRISM collection involved demands to internet companies ordered by secret courts under section 702 of FISA. XKeyScore involved secret cooperation from telcos.

I invite you to review some of the documents curated by the Washington Post in response to the Snowden disclosures.

https://www.washingtonpost.com/wp-srv/special/politics/prism...

Your argument seems like it's just parroting the DNI's factsheet, which is known to whitewash the programs involved (and is even more charitable to the program than the DNI's own factsheet).