|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Decrypting Firmwares"
m (3.x firmware moved to Ramdisk Decryption: Why do we need 3 of these pages??) |
|||
| Line 1: | Line 1: | ||
| + | ==1.x== |
||
| − | Ramdisk on 3.x firmware (currently beta release) is a simple [http://www.theiphonewiki.com/wiki/index.php?title=IMG3_File_Format img3 file], that you can decrypt using [http://code.google.com/p/img3decrypt/ img3decrypt] or [http://github.com/planetbeing/xpwn/tree/master xpwntool]. So you must download one of these utilities. For easier access, put them in '''/usr/local/bin''' |
||
| + | If you want to decrypt 1.x iPhone ramdisk you must remove some trash from the beginning of them. You can do this in Terminal.app (on Mac OS X you can find them in /Applications/Utilities/). |
||
| + | |||
| + | Unzip firmware image (change extension .ipsw to .zip and double click on archive) and find restore ramdisk. In Terminal.app enter simple command: |
||
| + | |||
| + | ''dd if=restore_ramdisk.dmg of=restore_ramdisk.stripped.dmg bs=512 skip=4 count=37464 conv=sync'' |
||
| + | |||
| + | Where '''restore_ramdisk.dmg''' is image of restore ramdisk (for example 1.0 iPhone firmware restore ramdisk is 694-5259-38.dmg), and '''restore_ramdisk.stripped.dmg''' is 'decrypted' image, that you can mount and explore from Finder. |
||
| + | |||
| + | Note: If after mounting stripped ramdisk you see errors, ignore them. |
||
| + | |||
| + | ==2.x+== |
||
| + | The ramdisk on both 2.x and 3.x firmwares is a simple [http://www.theiphonewiki.com/wiki/index.php?title=IMG3_File_Format img3 file], that you can decrypt using [http://code.google.com/p/img3decrypt/ img3decrypt] or [http://github.com/planetbeing/xpwn/tree/master xpwntool]. You must download one of these utilities. For easier access, put them in '''/usr/local/bin''' |
||
In Terminal.app enter: |
In Terminal.app enter: |
||
Revision as of 14:15, 12 April 2009
1.x
If you want to decrypt 1.x iPhone ramdisk you must remove some trash from the beginning of them. You can do this in Terminal.app (on Mac OS X you can find them in /Applications/Utilities/).
Unzip firmware image (change extension .ipsw to .zip and double click on archive) and find restore ramdisk. In Terminal.app enter simple command:
dd if=restore_ramdisk.dmg of=restore_ramdisk.stripped.dmg bs=512 skip=4 count=37464 conv=sync
Where restore_ramdisk.dmg is image of restore ramdisk (for example 1.0 iPhone firmware restore ramdisk is 694-5259-38.dmg), and restore_ramdisk.stripped.dmg is 'decrypted' image, that you can mount and explore from Finder.
Note: If after mounting stripped ramdisk you see errors, ignore them.
2.x+
The ramdisk on both 2.x and 3.x firmwares is a simple img3 file, that you can decrypt using img3decrypt or xpwntool. You must download one of these utilities. For easier access, put them in /usr/local/bin
In Terminal.app enter:
img3decrypt e restore_ramdisk.dmg restore_ramdisk_decrypted.dmg Ramdisk_IV Ramdisk_Key
Where restore_ramdisk.dmg is image of restore ramdisk (for example 3.0 beta 1 iPhone GSM firmware restore ramdisk is 018-4793-1.dmg), and restore_ramdisk_decrypted.dmg is decrypted image, that you can mount and explore from Finder. Ramdisk_IV and Ramdisk_Key is a decrypted keys that you can find in vfdecrypt page or in Info.plist from PwnageTool FirmwareBundles folder (when Dev Team include support for this firmware).
