Difference between revisions of "NonUI builds"

From The iPhone Wiki
Jump to: navigation, search
(Minor revisions, added a bit of info, references)
Line 2: Line 2:
 
{{see also|Beta Firmware|Internal OTA Updates}}
 
{{see also|Beta Firmware|Internal OTA Updates}}
 
<div class="toclimit-3">{{float toc|left}}</div>
 
<div class="toclimit-3">{{float toc|left}}</div>
This is a documented list of known '''factory firmwares''', used by Apple workers in California to do engineering tests on prototype devices and also by factory workers on production ones during manufacturing. Factory firmwares are based on production iOS ones, but adapted for internal engineering tests, development and debugging. {{clear}}
+
This is a documented list of known '''factory firmwares''', used by Apple workers in California to do engineering tests on prototype devices and also by factory workers on production ones during manufacturing. Factory firmwares are based on production iOS ones, but adapted for internal engineering tests, development and debugging.
  +
{{see also|Prototypes}}
  +
{{clear}}
 
[[File:newsblogo.png|thumb|125px|right|"Skankwerk" logo on 7.x and up]]
 
[[File:newsblogo.png|thumb|125px|right|"Skankwerk" logo on 7.x and up]]
 
[[File:oldswblogo.png|thumb|125px|left|"Skankwerk" logo on 6.x and below]]
 
[[File:oldswblogo.png|thumb|125px|left|"Skankwerk" logo on 6.x and below]]
Line 8: Line 10:
 
[[File:oldswblogodevice.jpg|thumb|125px|left|Prototype showing Skankwerk logo during boot]]
 
[[File:oldswblogodevice.jpg|thumb|125px|left|Prototype showing Skankwerk logo during boot]]
 
They are also known as "NonUI (No User Interface)" builds, probably because most applications are command line ones. The SpringBoard replacement, named SwitchBoard, allow launching a GUI of some of those applications. Unlike production iOS firmwares, factory ones have the following differences:
 
They are also known as "NonUI (No User Interface)" builds, probably because most applications are command line ones. The SpringBoard replacement, named SwitchBoard, allow launching a GUI of some of those applications. Unlike production iOS firmwares, factory ones have the following differences:
* DEVELOPMENT Fused bootloaders in \Firmware\dfu\ and \Firmware\all_flash\all_flash.[board codename].factoryfa\.
+
* DEVELOPMENT/DEBUG fused bootloaders in \Firmware\dfu\ and \Firmware\all_flash\all_flash.[board codename].factoryfa\.
* DEVELOPMENT Fused kernel cache with more symbols, and with individual kexts in /System/Library/Extensions
+
* DEVELOPMENT/DEBUG fused [[kernelcache]] with more symbols, and with individual kexts in /System/Library/Extensions
 
* Skankwerk (gear) logo image file in \Firmware\all_flash\all_flash.[board codename].factoryfa\.
 
* Skankwerk (gear) logo image file in \Firmware\all_flash\all_flash.[board codename].factoryfa\.
 
* /AppleInternal folder, which the hierarchy inside get priority over hierarchy in /.
 
* /AppleInternal folder, which the hierarchy inside get priority over hierarchy in /.
 
* No SpringBoard, requires the use of daemons to launch [[SwitchBoard.app]] as a multi-app launcher instead.
 
* No SpringBoard, requires the use of daemons to launch [[SwitchBoard.app]] as a multi-app launcher instead.
 
* /usr and subfolders contain many UNIX command line utilities.
 
* /usr and subfolders contain many UNIX command line utilities.
* SSH daemon is pre-installed - as dropbear
+
* SSH daemon is pre-installed - as dropbear, can be connected to over the usb protocol
 
* Boot loader passes arguments to kernel (unlike RELEASE boot loaders as of iOS 5.0) which makes it easy to disable AMFI
 
* Boot loader passes arguments to kernel (unlike RELEASE boot loaders as of iOS 5.0) which makes it easy to disable AMFI
 
* It has some Private Frameworks in /System/Library/PrivateFrameworks for internal GUI apps and command line utilities.
 
* It has some Private Frameworks in /System/Library/PrivateFrameworks for internal GUI apps and command line utilities.
* Most internal applications require the use of SkankKit to produce special layers such as text on the framebuffer.
+
* Most internal applications require the use of SkankKit (replacement for UIKit in nonUI firmwares) to produce special layers such as text on the framebuffer.
Unlike regular iOS Firmwares, factory ones are distributed in both IPSWs and "restore bundles". Those are unzipped IPSW files which can be restored on devices using internal restore software such as [[PurpleRestore]]. Release and factory firmwares "restore bundles" have the same packaging structure (bootloaders, kernel, restore ramdisk, update ramdisk and root filesystem).
+
Unlike regular iOS Firmwares, factory ones are distributed in both IPSWs and "restore bundles". These bundles are unzipped IPSW files which can be restored on devices using internal restore software such as [[PurpleRestore]]. Release and factory firmware "restore bundles" have the same packaging structure (bootloaders, kernel, restore ramdisk, update ramdisk and root filesystem).
 
{{clear}}
 
{{clear}}
 
= Some interesting facts about factory firmwares =
 
= Some interesting facts about factory firmwares =
Line 24: Line 26:
 
Production iOS 1.x to 6.x skeuomorphism design is also present on 1.x to 6.x factory firmwares, but seems really more excessive than production ones. For example, the "skankwerk" boot logo represents a real gear and many GUI icons are realistic or simply photos of real life things (especially in [[Operator]]). For newer versions, production iOS 7.x to 9.x flat design is mostly used in 7.x to 9.x factory firmwares. For example, the new "skankwerk" boot logo is a flat, simple white gear. Some newer internal applications like Earthbound also use a "flat" design.
 
Production iOS 1.x to 6.x skeuomorphism design is also present on 1.x to 6.x factory firmwares, but seems really more excessive than production ones. For example, the "skankwerk" boot logo represents a real gear and many GUI icons are realistic or simply photos of real life things (especially in [[Operator]]). For newer versions, production iOS 7.x to 9.x flat design is mostly used in 7.x to 9.x factory firmwares. For example, the new "skankwerk" boot logo is a flat, simple white gear. Some newer internal applications like Earthbound also use a "flat" design.
 
* '''Other:''' The "skank" word is used to name multiple elements of factory firmwares. For example, there is "skankphone", "skankbattery" (the green battery shown in SwitchBoard), "skankwerk" logo, "skankkit" framework, "purpleskank" (used by BurnIn) and most likely others. The "skank" word seems to be a reference to "Skunkworks" projects, which are secrecy projects that are usually innovative. Read more about "Skunkworks" on [https://en.wikipedia.org/wiki/Skunkworks_project Wikipedia].
 
* '''Other:''' The "skank" word is used to name multiple elements of factory firmwares. For example, there is "skankphone", "skankbattery" (the green battery shown in SwitchBoard), "skankwerk" logo, "skankkit" framework, "purpleskank" (used by BurnIn) and most likely others. The "skank" word seems to be a reference to "Skunkworks" projects, which are secrecy projects that are usually innovative. Read more about "Skunkworks" on [https://en.wikipedia.org/wiki/Skunkworks_project Wikipedia].
 
 
== [[M68AP|iPhone]] ==
 
== [[M68AP|iPhone]] ==
 
{| class="wikitable"
 
{| class="wikitable"

Revision as of 14:45, 30 August 2018

This article discusses software internally used by Apple.

Acquiring a copy without Apple's consent is illegal and may result in being scammed.
Engaging in illegal activity is not condoned. This information is provided for educational purposes only.

This is a documented list of known factory firmwares, used by Apple workers in California to do engineering tests on prototype devices and also by factory workers on production ones during manufacturing. Factory firmwares are based on production iOS ones, but adapted for internal engineering tests, development and debugging.

See also: Prototypes
"Skankwerk" logo on 7.x and up
"Skankwerk" logo on 6.x and below
Prototype showing Skankwerk logo during boot
Prototype showing Skankwerk logo during boot

They are also known as "NonUI (No User Interface)" builds, probably because most applications are command line ones. The SpringBoard replacement, named SwitchBoard, allow launching a GUI of some of those applications. Unlike production iOS firmwares, factory ones have the following differences:

  • DEVELOPMENT/DEBUG fused bootloaders in \Firmware\dfu\ and \Firmware\all_flash\all_flash.[board codename].factoryfa\.
  • DEVELOPMENT/DEBUG fused kernelcache with more symbols, and with individual kexts in /System/Library/Extensions
  • Skankwerk (gear) logo image file in \Firmware\all_flash\all_flash.[board codename].factoryfa\.
  • /AppleInternal folder, which the hierarchy inside get priority over hierarchy in /.
  • No SpringBoard, requires the use of daemons to launch SwitchBoard.app as a multi-app launcher instead.
  • /usr and subfolders contain many UNIX command line utilities.
  • SSH daemon is pre-installed - as dropbear, can be connected to over the usb protocol
  • Boot loader passes arguments to kernel (unlike RELEASE boot loaders as of iOS 5.0) which makes it easy to disable AMFI
  • It has some Private Frameworks in /System/Library/PrivateFrameworks for internal GUI apps and command line utilities.
  • Most internal applications require the use of SkankKit (replacement for UIKit in nonUI firmwares) to produce special layers such as text on the framebuffer.

Unlike regular iOS Firmwares, factory ones are distributed in both IPSWs and "restore bundles". These bundles are unzipped IPSW files which can be restored on devices using internal restore software such as PurpleRestore. Release and factory firmware "restore bundles" have the same packaging structure (bootloaders, kernel, restore ramdisk, update ramdisk and root filesystem).

Some interesting facts about factory firmwares

  • Design: Apple seems to use the same GUI design from the production firmware to the factory one.

Production iOS 1.x to 6.x skeuomorphism design is also present on 1.x to 6.x factory firmwares, but seems really more excessive than production ones. For example, the "skankwerk" boot logo represents a real gear and many GUI icons are realistic or simply photos of real life things (especially in Operator). For newer versions, production iOS 7.x to 9.x flat design is mostly used in 7.x to 9.x factory firmwares. For example, the new "skankwerk" boot logo is a flat, simple white gear. Some newer internal applications like Earthbound also use a "flat" design.

  • Other: The "skank" word is used to name multiple elements of factory firmwares. For example, there is "skankphone", "skankbattery" (the green battery shown in SwitchBoard), "skankwerk" logo, "skankkit" framework, "purpleskank" (used by BurnIn) and most likely others. The "skank" word seems to be a reference to "Skunkworks" projects, which are secrecy projects that are usually innovative. Read more about "Skunkworks" on Wikipedia.

iPhone

Version Build Codename Baseband Comments
1.0 1A420 Alpine 03.06.01_G[1] Originally available here, but was soon taken down.
4A57 04.02.13_G -
1.1.2 3B48 04.02.13_G -
1.1.3 4A102a Alpine 04.04.05_G -

iPhone 3G

Version Build Codename Baseband Comments
4.0 8A2130h ApexNanshan ? -
8A2180g ApexNanshan 05.12.01 -

iPhone 3GS

Version Build Codename Baseband Comments
3.1b 7C108b Sierra? ? -
7C144 Northstar? ? -
4.0 8A2130h ApexNanshan ? -
8A2180g ApexNanshan 05.12.01 -
5.1 9B3145a HoodooYabuli ? -
9B3176b HoodooYabuli ? -
9B3176n HoodooYabuli 05.16.05 -
6.0 10A316 Sundance 05.16.06 -

iPhone 4

Version Build Codename Baseband Comments
4.0 8A133 Apex? 01.32.01 -
8A2062a Apex? ? -
8A2130h ApexNanshan ? -
8A2180g ApexNanshan 01.42.01 -
5.1 9B3145a HoodooYabuli ? -
9B3176b HoodooYabuli ? -
9B3176n HoodooYabuli 04.12.01 -
6.0 10A316 Sundance 04.12.02 -

iPhone 4S

Version Build Codename Baseband Comments
5.1 9B3145a HoodooYabuli ? -
9B3176b HoodooYabuli ? -
9B3176n HoodooYabuli 1.0.10 -
6.0 10A23941a SundanceNanshan 2.0.0.2 -

iPhone 5

Version Build Codename Baseband Comments
6.0 10A23110z Sundance? ? -
10A23941s Sundance? ? -
10A316 Sundance 1.7.00 -

iPhone 5c

Version Build Codename Baseband Comments
7.0 11A93840l Sochi? ? -
7.1 11D31620l Sochi? ? -

iPhone 5s

Version Build Codename Baseband Comments
7.0 11A24580o InnsbruckNanshan 1.00.05 -
11A24581c InnsbruckNanshan ? -
11A93840f Innsbruck? ? Originally found on a Macrumors post.

iPhone 6

Version Build Codename Baseband Comments
8.0 12A22121a Okemo? ? -
12A93311h Okemo? 1.00.01 -
12A93650o OkemoAni 1.00.05 This build is pretty obscure, but it is in the wild.
12A93651a OkemoAni 1.00.05 -
12A93651b OkemoAni 1.00.05 -

iPhone 6s

Version Build Codename Baseband Comments
9.0 13A22120w Monarch? ? -
13A93051l MonarchAni 0.37.08_DEBUG -
13A93420d Monarch? ? -
13A93420m Monarch? 1.00.05 -

iPhone 7

Version Build Codename Baseband Comments
10.0 14A22580n Whitetail? ? -
14A22881a Whitetail? ? -
14A92340t Whitetail? ? -
14A93012r WhitetailAni ? -
14A93013a WhitetailAni ? -

iPhone 8

Version Build Codename Baseband Comments
11.0 15A93261h TigrisAni 00.34.09-DEBUG -

iPhone X

Version Build Codename Baseband Comments
11.0 15A783601y TigrisAni? ? -

iPad

Version Build Codename Baseband Comments
3.2 7B3341e Wildcat? ? -
7B5286a Wildcat? ? Found by SonnyDickson, documented on 9to5mac

iPad 2

Version Build Codename Baseband Comments
4.3 8F3178a Durango? ? -
8F3191d Durango? ? -

iPad mini

Version Build Codename Baseband Comments
6.0 10A63970m SundanceTaosTianshan ? -
10A63970v SundanceTaosTianshan ? -
10A63971b SundanceTaosTianshan ? -

iPad mini 2

Version Build Codename Baseband Comments
7.0.3 11B64940j InnsbruckTaos? ? -

iPad mini 4

Version Build Codename Baseband Comments
8.4 12H60160o Donner? ? -
9.0 13A62950o Monarch? ? -

iPad Air

Version Build Codename Baseband Comments
7.0.1 11B34640l Innsbruck? ? -

iPod touch (3rd generation)

Version Build Codename Baseband Comments
3.1 7C1023e Inferno? ? -
7C1095a Inferno? ? -
7C144 Northstar? ? -

iPod touch (4th generation)

Version Build Codename Baseband Comments
5.1 9B3145a HoodooYabuli ? -
9B3176b HoodooYabuli ? -
9B3176n HoodooYabuli ? -