Difference between revisions of "DFU Mode"

From The iPhone Wiki
Jump to: navigation, search
m
Line 19: Line 19:
   
 
===Exiting DFU===
 
===Exiting DFU===
While in DFU, hold the power and home buttons for 30-60 seconds. When I have tested it, it has varied, so I don't know an exact length of time to hold it. Note that sometimes if you do this, when the device reboots from DFU, it will go into recovery mode for unknown reasons.
+
Option 1: While in DFU, hold the power and home buttons for 30-60 seconds. When I have tested it, it has varied, so I don't know an exact length of time to hold it. Note that sometimes if you do this, when the device reboots from DFU, it will go into recovery mode for unknown reasons.
  +
  +
Option 2: While in DFU, hold the power and home buttons for 10 seconds. Then,let go of the home button and continue to hold the power button until the apple logo appears. (This is similar to entering DFU mode, except that the power/lock button is kept pressed instead of the home button). Since nothing will appear on the screen until you are out of DFU mode, you may need to try it a few times if it does not work.
  +
  +
Note: I have not seen this (second) method posted online anywhere, and cannot confirm it, except that I have tested it multiple times on an iPod touch 2G MC-model 8GB.
  +
   
 
==Revisions==
 
==Revisions==

Revision as of 23:59, 25 October 2010

DFU or Device Firmware Upgrade mode allows the S5L8900, S5L8720 and S5L8920 to be restored from any state. It resides in the VROM and the S5L8900 variant is vulnerable to the Pwnage 2.0 exploit.

Entering / Exiting DFU

Software cannot be used to reliably enter DFU. Software methods rely on sending a signed WTF file which either calls the "real" DFU mode in bootrom or emulates it. Only ones calling the bootrom DFU is useful for exploiting bootrom (unpatchable) exploits and none exist that work for firmware 2.0 and later. If you are attempting to exploit the DFU, it is advisable to always use the hardware method. If your NOR firmware is corrupted then you have no other choice but to use the hardware method.

How to Enter True Hardware DFU

  1. Plug your device into your computer.
  2. Turn off the device.
  3. Hold Power and Home for 10 seconds
  4. Release Power, and keep holding Home
  5. Keep holding home for 4-8 seconds or until you are alerted by your computer that it has detected a device in DFU.

If the Restore Logo is present on the screen, you are in Recovery Mode, not DFU.

How to Enter DFU mode on Apple TV (2G)

  1. Plug the device into your computer using a microUSB cable.
  2. Force the device to reboot by holding down the "Menu" and "Down" buttons simultaneously for 6-7 seconds.
  3. Press "Menu" and "Play" simultaneously right after reboot, until a message pops up in iTunes, saying that it has detected an Apple TV in recovery mode.

Exiting DFU

Option 1: While in DFU, hold the power and home buttons for 30-60 seconds. When I have tested it, it has varied, so I don't know an exact length of time to hold it. Note that sometimes if you do this, when the device reboots from DFU, it will go into recovery mode for unknown reasons.

Option 2: While in DFU, hold the power and home buttons for 10 seconds. Then,let go of the home button and continue to hold the power button until the apple logo appears. (This is similar to entering DFU mode, except that the power/lock button is kept pressed instead of the home button). Since nothing will appear on the screen until you are out of DFU mode, you may need to try it a few times if it does not work.

Note: I have not seen this (second) method posted online anywhere, and cannot confirm it, except that I have tested it multiple times on an iPod touch 2G MC-model 8GB.


Revisions

S5L8900 (0x1222)

This is the device ID in the iPod Touch 1G, the iPhone, and the iPhone 3G. For more information about the protocol, see DFU 0x1222.

S5L8720, S5L8920, and WTF mode post-2.0 (0x1227)

This is the device ID in the iPod Touch 2G, the iPhone 3GS, and WTF mode. For more information on the protocol, see DFU 0x1227.