Difference between revisions of "Restore Mode"

From The iPhone Wiki
Jump to: navigation, search
m (Linking to personalization)
 
(27 intermediate revisions by 11 users not shown)
Line 1: Line 1:
  +
[[File:Small_iphone_restore.JPG|thumb|150px|iPhone during iTunes restore.]]
This is the mode the Apple ramdisk enters to restore the iPhone.
 
  +
[[File:aTV3_restore.JPG|thumb|150px|AppleTV during iTunes restore.]]
  +
'''Restore Mode''' is the mode that an [[iDevice]] enters to run a [[ramdisk]].
   
  +
== Restore Procedure ==
==Exploits==
 
  +
{{see also|iPhone Restore Procedure}}
The original jailbreaks were done by booting the mode into restore mode and copying an /etc/fstab and afcd plist from the user partition.
 
  +
# "Preparing (iDevice type) for the restore." (Get the device [[Recovery Mode|from userland to iBoot]] or from [[DFU Mode]] to [[iBSS]])
  +
# "[[SHSH Protocol|Verifying (iDevice type) restore]] with Apple" (or [[Cydia Server|Cydia]] or [[TinyUmbrella]]).
  +
# Preparing the firmware for the restore.
  +
# "Preparing <iDevice type> for the restore." (See [[Personalization]])
  +
# "Restoring <iDevice type> software." ([[ASR]] RESTORE)
  +
# "Verifying <iDevice type> software." ([[ASR]] VERIFY)
  +
# "Restoring <iDevice type> firmware." (The rest of the restore process isn't reported to the host computer in real-time. This includes the restore of the [[NOR]]/[[NAND|boot partition]] image, the installation of the baseband firmware, ...)
   
==Implementations==
+
== Files used ==
  +
{{see also|IPSW File Format}}
*[[itunesmobiledevice.dll]]
 
  +
The [[/|firmware]] is the biggest [[Apple Disk Image|disk image]] file in the IPSW and contains all files for the root partition. The [[ramdisk]]s are the smaller disk images, and in the case of the [[M68AP|iPhone]], [[N82AP|iPhone 3G]], [[N88AP|iPhone 3GS]], and [[K66AP|iPad]], the [[Baseband Firmware|baseband]] also. The firmware images are stored in the <code>./firmware/all_flash</code> path (relative to the root of the IPSW) and are eventually sent to the device after [[PROD|device-specific customization]], if applicable.
*[http://lpahome.com/geohot/gshell.rar gshell]
 
  +
  +
== Exploits ==
  +
The original jailbreaks were done by booting the phone into restore mode and copying an [[/private/etc/fstab|fstab]]<sup>[<nowiki/>[[wikipedia:fstab|WP]]<nowiki/>]</sup> and [[/System/Library/Lockdown/Services.plist|afcd plist]] from the [[/private/var/root|user partition]] to the [[/|root partition]]. This was done by using the [[cp (iBoot command)|<code>cp</code> iBoot command]], a command which had access to the whole filesystem.
  +
  +
== See Also ==
  +
* [[MobileDevice Library]] (<code>iTunesMobileDevice.dll</code>)
  +
* [[DFU Mode]]
  +
* [[/private/etc/fstab]]
  +
* [[Ramdisk]]
  +
  +
== External Links ==
  +
* [http://lpahome.com/geohot/gshell.rar gshell]
  +
* Wikipedia on [[wikipedia:fstab|fstab]]
   
 
[[Category:Jailbreaks]]
 
[[Category:Jailbreaks]]
  +
[[Category:Protocols (S5L)]]
  +
[[Category:Jailbreaking]]

Latest revision as of 00:58, 25 February 2020

iPhone during iTunes restore.
AppleTV during iTunes restore.

Restore Mode is the mode that an iDevice enters to run a ramdisk.

Restore Procedure

  1. "Preparing (iDevice type) for the restore." (Get the device from userland to iBoot or from DFU Mode to iBSS)
  2. "Verifying (iDevice type) restore with Apple" (or Cydia or TinyUmbrella).
  3. Preparing the firmware for the restore.
  4. "Preparing <iDevice type> for the restore." (See Personalization)
  5. "Restoring <iDevice type> software." (ASR RESTORE)
  6. "Verifying <iDevice type> software." (ASR VERIFY)
  7. "Restoring <iDevice type> firmware." (The rest of the restore process isn't reported to the host computer in real-time. This includes the restore of the NOR/boot partition image, the installation of the baseband firmware, ...)

Files used

See also: IPSW File Format

The firmware is the biggest disk image file in the IPSW and contains all files for the root partition. The ramdisks are the smaller disk images, and in the case of the iPhone, iPhone 3G, iPhone 3GS, and iPad, the baseband also. The firmware images are stored in the ./firmware/all_flash path (relative to the root of the IPSW) and are eventually sent to the device after device-specific customization, if applicable.

Exploits

The original jailbreaks were done by booting the phone into restore mode and copying an fstab[WP] and afcd plist from the user partition to the root partition. This was done by using the cp iBoot command, a command which had access to the whole filesystem.

See Also

External Links