|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Restore Process"
Posixninja (talk | contribs) (Undo revision 5509 by 1337urmompois0n (Talk)) |
|||
| Line 1: | Line 1: | ||
| + | == 1.1.4 > 2.0 Restore == |
||
| + | This restore was performed, logged and dumped by scotty2. It was originally in a manifesto made while cracking the img3 format, so it may be typed up a little oddly |
||
| + | === The Process === |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| + | # iTunes maps iBEC (WTF.m68ap.RELEASE.dfu) at 0x90000000. |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| + | # iBoot decrypts it, as it is an Img2 file, then runs it. |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| + | # iBEC does a check to see if it is mapped at 0x18000000, and if it is not, it remaps itself there. |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| + | # Sometime at the beginning of the iBEC's routine, it gives the iPhone whatever it needs to decrypt Img3 files, as you will obviously guess by reading the rest of these |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| + | # iTunes sends iBEC the kernelcache and the ramdisk. Both in Img3 format. |
||
| − | |||
| + | # iBEC decrypts ramdisk and kernelcache then boots kernelcache. |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| + | # The ramdisk/kernel then copy the rootfs over, then flash the new devicetree, iBEC, iBSS, and iBoot. |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| + | # After the rootfs and the img3 files, it will flash over the baseband and friends. |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | |||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | |||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | |||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | |||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | |||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | |||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | |||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | |||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | |||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | |||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | |||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | Haxed by 1337Urmom at The Pois0nhack team |
||
| − | v |
||
Latest revision as of 07:26, 7 November 2009
1.1.4 > 2.0 Restore
This restore was performed, logged and dumped by scotty2. It was originally in a manifesto made while cracking the img3 format, so it may be typed up a little oddly
The Process
- iTunes maps iBEC (WTF.m68ap.RELEASE.dfu) at 0x90000000.
- iBoot decrypts it, as it is an Img2 file, then runs it.
- iBEC does a check to see if it is mapped at 0x18000000, and if it is not, it remaps itself there.
- Sometime at the beginning of the iBEC's routine, it gives the iPhone whatever it needs to decrypt Img3 files, as you will obviously guess by reading the rest of these
- iTunes sends iBEC the kernelcache and the ramdisk. Both in Img3 format.
- iBEC decrypts ramdisk and kernelcache then boots kernelcache.
- The ramdisk/kernel then copy the rootfs over, then flash the new devicetree, iBEC, iBSS, and iBoot.
- After the rootfs and the img3 files, it will flash over the baseband and friends.
