The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Restore Process"
ChronicDev (talk | contribs) (→1.1.4 > 2.0 Restore) |
Posixninja (talk | contribs) (Undo revision 5509 by 1337urmompois0n (Talk)) |
||
(2 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
== 1.1.4 > 2.0 Restore == |
== 1.1.4 > 2.0 Restore == |
||
− | This restore was performed, logged and dumped by scotty2 |
+ | This restore was performed, logged and dumped by scotty2. It was originally in a manifesto made while cracking the img3 format, so it may be typed up a little oddly |
=== The Process === |
=== The Process === |
Latest revision as of 07:26, 7 November 2009
1.1.4 > 2.0 Restore
This restore was performed, logged and dumped by scotty2. It was originally in a manifesto made while cracking the img3 format, so it may be typed up a little oddly
The Process
- iTunes maps iBEC (WTF.m68ap.RELEASE.dfu) at 0x90000000.
- iBoot decrypts it, as it is an Img2 file, then runs it.
- iBEC does a check to see if it is mapped at 0x18000000, and if it is not, it remaps itself there.
- Sometime at the beginning of the iBEC's routine, it gives the iPhone whatever it needs to decrypt Img3 files, as you will obviously guess by reading the rest of these
- iTunes sends iBEC the kernelcache and the ramdisk. Both in Img3 format.
- iBEC decrypts ramdisk and kernelcache then boots kernelcache.
- The ramdisk/kernel then copy the rootfs over, then flash the new devicetree, iBEC, iBSS, and iBoot.
- After the rootfs and the img3 files, it will flash over the baseband and friends.