The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
iBoot (Bootloader)
iBoot, also referred to as “iBoot second-stage loader” in the source code, is Apple's stage 2 bootloader for all of the devices. It runs what is known as Recovery Mode. It has an interactive interface which can be used over USB or serial.
Contents
Extract and Disassemble
To extract the bootloader and disassemble using IDA, follow the following steps:
- obtain the bootloader from the iPSW. This file is in the
Firmware/all_flash
subdir, e.g.Firmware/all_flash/all_flash.n81ap.production/iBoot.n81ap.RELEASE.img3
, where the "n81ap", "k90", etc.. are for the i-Device type - run xpwntool with the proper key (from elsewhere in this Wiki)
- Make sure the decryption was successful - if it is, you should see:
"iBoot for ...., Copyright 2011, Apple Inc."
if you cat (i.e. type) the file.
- remove the img3 header - the good stuff starts at offset 0x40 (i.e. 64) - using dd (skip=1 bs=64) or some other tool
- Load in IDA. Set processor to ARM. Rebase program (Edit→Segments→Rebase Program) to 0x5FF00000 (for iBoot in iOS 5). You should see something like:
ROM:5FF00000 loc_5FF00000 ; CODE XREF: ROM:5FF00078�j ROM:5FF00000 B loc_5FF00040 ; Used for Reset - This is where we start ROM:5FF00004 ; --------------------------------------------------------------------------- ROM:5FF00004 LDR PC, =sub_5FF16FB4 ; Used for Undef ROM:5FF00008 ; --------------------------------------------------------------------------- ROM:5FF00008 LDR PC, =sub_5FF16FEC ; Used for SWI ROM:5FF0000C ; --------------------------------------------------------------------------- ROM:5FF0000C LDR PC, =sub_5FF17024 ; Used for Prefabt ROM:5FF00010 ; --------------------------------------------------------------------------- ROM:5FF00010 LDR PC, =sub_5FF17060 ; Used for DataAbt ROM:5FF00014 ; --------------------------------------------------------------------------- ROM:5FF00014 LDR PC, =loc_5FF17098 ; Used for AddrExc ROM:5FF00018 ; --------------------------------------------------------------------------- ROM:5FF00018 LDR PC, =loc_5FF16F24 ; Used for IRQ ROM:5FF0001C ; --------------------------------------------------------------------------- ROM:5FF0001C LDR PC, =sub_5FF16F6C ; Probably FIQ, need to verify this ROM:5FF00020 ; --------------------------------------------------------------------------- ROM:5FF00020 SVCPL 0xF00040 ROM:5FF00020 ; --------------------------------------------------------------------------- ROM:5FF00024 off_5FF00024 DCD sub_5FF16FB4 ; DATA XREF: ROM:5FF00004�r ROM:5FF00028 off_5FF00028 DCD sub_5FF16FEC ; DATA XREF: ROM:5FF00008�r ROM:5FF0002C off_5FF0002C DCD sub_5FF17024 ; DATA XREF: ROM:5FF0000C�r ROM:5FF00030 off_5FF00030 DCD sub_5FF17060 ; DATA XREF: ROM:5FF00010�r ROM:5FF00034 off_5FF00034 DCD loc_5FF17098 ; DATA XREF: ROM:5FF00014�r ROM:5FF00038 off_5FF00038 DCD loc_5FF16F24 ; DATA XREF: ROM:5FF00018�r ROM:5FF0003C off_5FF0003C DCD sub_5FF16F6C ; DATA XREF: ROM:5FF0001C�r ROM:5FF00040 ; --------------------------------------------------------------------------- ROM:5FF00040 ROM:5FF00040 loc_5FF00040 ; CODE XREF: ROM:loc_5FF00000�j ROM:5FF00040 ADR R0, loc_5FF00000 <-- The address we rebased to ROM:5FF00044 LDR R1, =loc_5FF00000 ROM:5FF00048 CMP R0, R1 ROM:5FF0004C CMP R0, R1 ROM:5FF00050 BEQ loc_5FF0007C ... ... ROM:5FF000E8 loc_5FF000E8 ; CODE XREF: ROM:5FF000F0�j ROM:5FF000E8 CMP R0, R1 ROM:5FF000EC STRLT R2, [R0],#4 ROM:5FF000F0 BLT loc_5FF000E8 ROM:5FF000F4 LDR R0, =(_ibootStart+1) ROM:5FF000F8 MOV LR, PC ROM:5FF000FC BX R0 ; _ibootStart ROM:5FF00100 ROM:5FF00100 loc_5FF00100 ; CODE XREF: ROM:loc_5FF00100�j ROM:5FF00100 B loc_5FF00100
Where iBootStart (not the official Apple Symbol, of course) can be seen at:
ROM:5FF00BA4 _ibootStart ; CODE XREF: ROM:5FF000FC�p ROM:5FF00BA4 ; DATA XREF: ROM:5FF000F4�o ... ROM:5FF00BA4 PUSH {R7,LR} ROM:5FF00BA6 MOV R7, SP ROM:5FF00BA8 LDR R0, =aIbootStart ; "\niBoot start\n" ROM:5FF00BAA BL loc_5FF233C4 ROM:5FF00BAE MOVS R0, #0 ROM:5FF00BB0 BL loc_5FF16E54 ROM:5FF00BB4 BL loc_5FF1570C ROM:5FF00BB8 BL loc_5FF143A8 ROM:5FF00BBC BL unk_5FF15264 ROM:5FF00BC0 LDR R0, =aMain ; "main" ..
Flow of iBoot (1219 - 5.0.x)
iBoot is quite a complicated binary, which spawns several ARM tasks to enable the boot process:
- iBootStart (disassembly started above) - starts main (5FF00BCA) - which calls the main function at 5FF00C14 - main: Does the good stuff (loading the kernel, etc) starts the poweroff task (5FF00EF2) - calls (sub_5FF00FD0+1) In recovery mode (failed boot): starts command (5FF00F0A) - calls 5FF15928 starts idleoff (5FF99F2E) - calls 5FF01060
Versions
audioOS
iBoot-4076.20.8~14 11.0.2 (Build 15C25) iBoot-4076.30.40~30 11.2 beta (Build 15C4092b) iBoot-4076.30.43~18 11.2 beta 2 (Build 15C4097d) iBoot-4076.30.43~137 11.2.5 beta (Build 15D5037e) 11.2.5 beta 2 (Build 15D5046b) iBoot-4076.30.43~140 11.2.5 beta 3 (Build 15D59)
Haywire
iBoot-1537.4.18~1 6.0 (Build 10A7401) iBoot-1537.9.40~2 6.1 beta 1 (Build 10B7095) iBoot-1537.9.46~7 6.1 beta 2 (Build 10B7105) iBoot-1537.9.50~1 6.1 beta 3 (Build 10B7117) iBoot-1537.9.54~3 6.1 beta 4 (Build 10B7127) iBoot-1537.9.55~3 6.1 beta 5 (Build 10B7129) iBoot-1940.1.8~9 7.0 beta 1 (Build 11A7372p) iBoot-1940.1.35~7 7.0 beta 2 (Build 11A7400) iBoot-1940.1.46~12 7.0 beta 3 (Build 11A7414) iBoot-1940.1.66~7 7.0 beta 4 (Build 11A7435) iBoot-1940.2.1~2 7.0 beta 5 (Build 11A7449) iBoot-1940.2.1~4 7.0 (Build 11A7451) iBoot-1940.10.51~1 7.1 beta 1 (Build 11D7099) iBoot-1940.10.58~28 7.1 beta 4 (Build 11D7134) iBoot-1940.10.58~63 7.1 beta 5 (Build 11D7144) iBoot-1940.10.58~101 7.1 (Build 11D7155) iBoot-2261.1.6~1 8.0 beta 1 (Build 12A7265a) iBoot-2261.1.64~18 8.0 beta 5 (Build 12A7346a) iBoot-2261.1.66~10 8.0 (Build 12A7353a)
iOS (Apple TV (2nd and 3rd generation))
iBoot-931.44.21~1 4.0 4.1 (Build 8M89) iBoot-931.71.16~9 4.1 4.2 (Build 8C150) 4.1.1 4.2.1 (Build 8C154) iBoot-1072.33~1 4.2 beta 4.3 beta (Build 8F5148b) iBoot-1072.38~2 4.2 beta 2 4.3 beta 2 (Build 8F5153d) iBoot-1072.49~2 4.2 beta 3 4.3 beta 3 (Build 8F5166b) iBoot-1072.59~2 4.2 4.3 (Build 8F191m) 4.2.1 4.3 (Build 8F202) 4.2.2 4.3 (Build 8F305) 4.3 4.3 (Build 8F455) iBoot-1219.35.80~1 4.4 beta 5.0 beta (Build 9A5220p) iBoot-1219.40.25~4 4.4 beta 2 5.0 beta 2 (Build 9A5248d) iBoot-1219.41.11~1 4.4 beta 3 5.0 beta 3 (Build 9A5259f) iBoot-1219.43.9~3 4.4 beta 5 5.0 beta 5 (Build 9A5288d) iBoot-1219.43.18~3 4.4 beta 6 5.0 beta 6 (Build 9A5302b) iBoot-1219.43.27~1 4.4 beta 7 5.0 beta 7 (Build 9A5313e) iBoot-1219.43.32~21 4.4 5.0 (Build 9A334v) iBoot-1219.43.32~22 4.4.1 5.0 (Build 9A335a) 4.4.2 5.0 (Build 9A336a) iBoot-1219.43.32~29 4.4.3 5.0.1 (Build 9A405l) 4.4.4 5.0.1 (Build 9A406a) iBoot-1219.62.1~2 5.0 beta 2 5.1 beta 2 (Build 9B5127c) iBoot-1219.62.8~5 5.0 beta 3 5.1 beta 3 (Build 9B5141a) iBoot-1219.62.15~2 5.0 5.1 (Build 9B179b) iBoot-1537.1.60~15 5.1 beta 6.0 beta (Build 10A5316k) iBoot-1537.2.11~5 5.1 beta 2 6.0 beta 2 (Build 10A5338d) iBoot-1537.2.81~1 5.1 beta 3 6.0 beta 3 (Build 10A5355d) iBoot-1537.2.41~2 5.1 beta 4 6.0 beta 4 (Build 10A5376e) iBoot-1537.4.19~1 5.1 6.0 (Build 10A406e) iBoot-1537.4.21~3 5.1.1 6.0.1 (Build 10A831) iBoot-1537.9.40~3 5.2 beta 6.1 beta (Build 10B5095f) iBoot-1537.9.46~8 5.2 beta 2 6.1 beta 2 (Build 10B5105c) 5.2 beta 3 6.1 beta 3 (Build 10B5117d) 5.2 beta 4 6.1 beta 4 (Build 10B5126d) iBoot-1537.9.55~4 5.2 6.1 (Build 10B144b) iBoot-1537.9.55~11 5.2.1 6.1.3 (Build 10B329a) iBoot-1537.9.55~11 5.3 6.1.4 (Build 10B809) iBoot-1940.1.8~44 5.4 beta 7.0 beta (Build 11A4372q) iBoot-1940.1.35~9 5.4 beta 2 7.0 beta 2 (Build 11A4400f) iBoot-1940.1.66~9 6.0 beta 3 7.0 beta 4 (Build 11A4435d) iBoot-1940.1.75~3 6.0 beta 4 7.0 beta 5 (Build 11A4449a) iBoot-1940.1.75~93 6.0 7.0.1 (Build 11A470e) 6.0 7.0.2 (Build 11A502) iBoot-1940.3.5~1 6.0.1 7.0.3 (Build 11B511d) 6.0.2 7.0.4 (Build 11B554a) iBoot-1940.10.51~3 6.1 beta 7.1 beta (Build 11D5099e) iBoot-1940.10.57~8 6.1 beta 2 7.1 beta 2 (Build 11D5115d) iBoot-1940.10.58~11 6.1 beta 3 7.1 beta 3 (Build 11D5127c) iBoot-1940.10.58~32 6.1 beta 4 7.1 beta 4 (Build 11D5134c) iBoot-1940.10.58~70 6.1 beta 5 7.1 beta 5 (Build 11D5145e) iBoot-1940.10.58~115 6.1 7.1 (Build 11D167) iBoot-1940.10.58~122 6.1.1 7.1.1 (Build 11D201c) iBoot-1940.10.58~132 6.2 7.1.2 (Build 11D257c) 6.2.1 7.1.2 (Build 12A365b) iBoot-2261.1.31~21 7.0 beta 8.0 beta (Build 12A4297e) iBoot-2261.1.46~31 7.0 beta 2 8.0 beta 3 (Build 12A4318c) iBoot-2261.1.57~43 7.0 beta 3 8.0 beta 4 (Build 12A4331d) iBoot-2261.1.64~28 7.0 beta 4 8.0 beta 5 (Build 12A4345d) iBoot-2261.1.67~8 7.0 GM 8.0 GM (Build 12A365b) 7.0 8.0 (Build 12A365b) iBoot-2261.3.31~3 7.0.1 beta 8.1 beta (Build 12B401) iBoot-2261.3.31~9 7.0.1 beta 2 8.1 beta 2 (Build 12B407) iBoot-2261.3.32~2 7.0.1 8.1 (Build 12B410a) iBoot-2261.3.33~13 7.0.2 beta 8.1.1 beta (Build 12B432) iBoot-2261.3.33~14 7.0.2 8.1.1 (Build 12B435) iBoot-2261.3.33~39 7.0.3 8.1.3 (Build 12B446) iBoot-2261.?.??~?? 7.1 beta 8.2 beta 5 (Build 12D5480a) iBoot-2261.5.64~15 7.1 8.2 (Build 12D508) iBoot-2261.20.18~14 7.1 beta 2 8.3 beta 2 (Build 12F5037c) iBoot-2261.20.20~9 7.1 beta 3 8.3 beta 4 (Build 12F61) iBoot-2261.20.20~14 7.2 8.3 (Build 12F69) iBoot-2261.30.37~79 7.2.1 8.4.1 (Build 12H523) iBoot-2261.30.37~87 7.2.2 8.4.2 (Build 12H606)
iOS (iPad, iPhone, iPod touch)
iBoot-99 1.0 beta (Build 1A420) [Unreleased] iBoot-159 1.0 (Build 1A543a) 1.0.1 (Build 1C25) 1.0.2 (Build 1C28) iBoot-204 1.1 (Build 3A100 & 3A101) 1.1.1 (Build 3A109a) iBoot-204.0.2 1.1.1 (Build 3A110a) iBoot-204.2.9 1.1.2 (Build 3B48b) iBoot-204.3.14 1.1.3 (Build 4A93) 1.1.4 (Build 4A102) iBoot-204.3.16 1.1.5 (Build 4B1) ? 1.2 beta (Build 5A147p) iBoot-294 2.0 beta 2 (Build 5A225c) iBoot-304 2.0 beta 3 (Build 5A240d) iBoot-311 2.0 beta 4 (Build 5A258f) ? 2.0 beta 5 (Build 5A274d) ? 2.0 beta 6 Pre-release (Build 5A292g) ? 2.0 beta 6 Final (Build 5A308) ? 2.0b7 (Build 5A331) iBoot-320.19 2.0b8 (GM) (Build 5A345) iBoot-320.20 2.0 (Build 5A347) 2.0.1 (Build 5B108) 2.0.2 (Build 5C1) ? 2.1 beta (Build 5F90) iBoot-385.22 2.1 (Build 5F137) 2.1.1 (Build 5F138) ? 2.2 beta (Build 5G29) iBoot-385.49 2.2 (Build 5G77 & 5G77a) 2.2.1 (Build 5H11 & 5H11a) iBoot-573.1 3.0 beta (Build 7A238j) iBoot-594.2~1 3.0 beta 2 (Build 7A259g) iBoot-596.6~3 3.0 beta 3 (Build 7A280f) iBoot-596.16~2 3.0 beta 4 (Build 7A300g) iBoot-596.20~1 3.0 beta 5 (Build 7A312g) iBoot-596.24~1 3.0 (Build 7A341) 3.0.1 (Build 7A400) iBoot-636.26~2 3.1 beta (Build 7C97d) iBoot-636.35~1 3.1 beta 2 (Build 7C106c) iBoot-636.47~1 3.1 beta 3 (Build 7C116a) iBoot-636.65~2 3.1 (Build 7C144) iBoot-636.66~1 3.1.1 (Build 7C145 & 7C146) iBoot-636.66~5 3.1.2 (Build 7D11) iBoot-636.66.33~4 3.1.3 (Build 7E18) iBoot-817.28~18 3.2 (Build 7B367) iBoot-817.29~2 3.2.1 (Build 7B405) 3.2.2 (Build 7B500) iBoot-822.2.1 4.0 beta (Build 8A2180g) [Unreleased] iBoot-872~12 4.0 beta (Build 8A230m) iBoot-889.3~2 4.0 beta 2 (Build 8A248c) iBoot-889.12~2 4.0 beta 3 (Build 8A260b) iBoot-889.19~1 4.0 beta 4 (Build 8A274b) iBoot-889.24~4 4.0 GM (Build 8A293) 4.0 (Build 8A293) 4.0.1 (Build 8A306) 4.0.2 (Build 8A400) iBoot-931.18.1~1 4.1 beta (Build 8B5080c) iBoot-931.18.15~2 4.1 beta 2 (Build 8B5091b) iBoot-931.18.27~1 4.1 (Build 8B117 & 8B118) iBoot-931.67~2 4.2 beta (Build 8C5091e) iBoot-931.71.80~1 4.2 beta 2 (Build 8C5101c) iBoot-931.71.13~3 4.2 beta 3 (Build 8C5115c) iBoot-931.71.16~9 4.2 GM (Build 8C134) 4.2 GM (Build 8C134b) 4.2.1 GM (Build 8C148) 4.2.1 (Build 8C148 & 8C148a) iBoot-931.72.14~6 4.2.5 (Build 8E128) 4.2.6 (Build 8E200) 4.2.7 (Build 8E303) 4.2.8 (Build 8E401) iBoot-931.72.14~10 4.2.9 (Build 8E501) 4.2.10 (Build 8E600) iBoot-1072.33~1 4.3 beta (Build 8F5148b) iBoot-1072.38~2 4.3 beta 2 (Build 8F5153d) iBoot-1072.49~2 4.3 beta 3 (Build 8F5166b) iBoot-1072.58~4 4.3 GM (Build 8F190) 4.3 (Build 8F190) iBoot-1072.59~2 4.3 (Build 8F191) 4.3.1 (Build 8G4) iBoot-1072.61~2 4.3.2 (Build 8H7 & 8H8) 4.3.3 (Build 8J2 & 8J3) iBoot-1072.61~6 4.3.4 (Build 8K2) 4.3.5 (Build 8L1) iBoot-1219.35.80~1 5.0 beta (Build 9A5220p) iBoot-1219.40.25~4 5.0 beta 2 (Build 9A5248d) iBoot-1219.41.11~1 5.0 beta 3 (Build 9A5259f) iBoot-1219.42.8~1 5.0 beta 4 (Build 9A5274d) iBoot-1219.43.9~3 5.0 beta 5 (Build 9A5288d) iBoot-1219.43.18~3 5.0 beta 6 (Build 9A5302b) iBoot-1219.43.27~1 5.0 beta 7 (Build 9A5313e) iBoot-1219.43.32~15 5.0 GM (Build 9A332) [Unreleased] 5.0 GM (Build 9A334) 5.0 (Build 9A334) iBoot-1219.43.32~27 5.0.1 beta (Build 9A402) iBoot-1219.43.32~29 5.0.1 beta 2 (Build 9A404) 5.0.1 (Build 9A405 & 9A406) iBoot-1219.61.19~6 5.1 beta (Build 9B5117b) iBoot-1219.62.1~2 5.1 beta 2 (Build 9B5127c) iBoot-1219.62.8~5 5.1 beta 3 (Build 9B5141a) iBoot-1219.62.15 5.1 (Build 9B176) iBoot-1219.62.15~2 5.1 (Build 9B179b) 5.1.1 (Build 9B206) iBoot-1537.1.60~15 6.0 beta (Build 10A5316k) iBoot-1537.2.11~5 6.0 beta 2 (Build 10A5338d) iBoot-1537.2.81~1 6.0 beta 3 (Build 10A5355d) iBoot-1537.2.41~2 6.0 beta 4 (Build 10A5376e) iBoot-1537.4.18~2 6.0 GM (Build 10A403) 6.0 (Build 10A403) iBoot-1537.4.19~1 6.0 (Build 10A405 & 10A406) iBoot-1537.4.20~1 6.0 (Build 10A407) iBoot-1537.4.21~3 6.0.1 (Build 10A523 & 10A525) iBoot-1537.4.21~2 6.0.1 (Build 10A8426) 6.0.2 (Build 10A8500) iBoot-1537.4.21~3 6.0.2 (Build 10A550 & 10A551) iBoot-1537.9.40~3 6.1 beta (Build 10B5095f) iBoot-1537.9.46~8 6.1 beta 2 (Build 10B5105c) iBoot-1537.9.50~2 6.1 beta 3 (Build 10B5117b) iBoot-1537.9.54~4 6.1 beta 4 (Build 10B5126b) iBoot-1537.9.55~4 6.1 beta 5 (Build 10B141, 10B142, 10B143 & 10B144) 6.1 (Build 10B141, 10B142, 10B143 & 10B144) 6.1.1 beta (Build 10B311) 6.1.1 (Build 10B145) 6.1.2 (Build 10B146 & 10B147) iBoot-1537.9.55~11 6.1.3 beta 2 (Build 10B318) 6.1.3 beta 2 (Build 10B318a) 6.1.3 (Build 10B329) 6.1.4 (Build 10B350) 6.1.5 (Build 10B400) 6.1.6 (Build 10B500) iBoot-1940.1.8~44 7.0 beta (Build 11A4372q) iBoot-1940.1.35~9 7.0 beta 2 (Build 11A4400f) iBoot-1940.1.46.1.1~1 7.0 beta 3 (Build 11A4414e) iBoot-1940.1.66~9 7.0 beta 4 (Build 11A4435d) iBoot-1940.1.75~3 7.0 beta 5 (Build 11A4449a) 7.0 beta 6 (Build 11A4449d) iBoot-1940.1.75~20 7.0 GM (Build 11A465) 7.0 (Build 11A465 & 11A466) iBoot-1940.1.75~93 7.0.1 (Build 11A470a) 7.0.2 (Build 11A501) iBoot-1940.3.5~1 7.0.3 (Build 11B511) 7.0.4 (Build 11B554a) 7.0.5 (Build 11B601) 7.0.6 (Build 11B651) iBoot-1940.10.51~3 7.1 beta (Build 11D5099e) iBoot-1940.10.57~8 7.1 beta 2 (Build 11D5115d) iBoot-1940.10.58~11 7.1 beta 3 (Build 11D5127c) iBoot-1940.10.58~32 7.1 beta 4 (Build 11D5134c) iBoot-1940.10.58~70 7.1 beta 5 (Build 11D5145e) iBoot-1940.10.58~115 7.1 (Build 11D167 & 11D169) iBoot-1940.10.58~122 7.1.1 (Build 11D201) iBoot-1940.10.58~132 7.1.2 (Build 11D257) iBoot-2261.1.6.0.1~45 8.0 beta (Build 12A4265u) iBoot-2261.1.31~21 8.0 beta 2 (Build 12A4297e) iBoot-2261.1.46~31 8.0 beta 3 (Build 12A4318c) iBoot-2261.1.57~43 8.0 beta 4 (Build 12A4331d) iBoot-2261.1.64~28 8.0 beta 5 (Build 12A4345d) iBoot-2261.1.67~8 8.0 GM (Build 12A365) 8.0 (Build 12A365 & 12A366) iBoot-2261.1.68~1 8.0.1 (Build 12A402) 8.0.2 (Build 12A405) iBoot-2261.3.31~3 8.1 beta (Build 12B401) iBoot-2261.3.31~9 8.1 beta 2 (Build 12B407) iBoot-2261.3.32~2 8.1 (Build 12B410 & 12B411) iBoot-2261.3.33~13 8.1.1 beta (Build 12B432) iBoot-2261.3.33~14 8.1.1 (Build 12B435 & 12B436) 8.1.2 (Build 12B440) iBoot-2261.3.33~39 8.1.3 (Build 12B446) iBoot-2261.5.34~3 8.2 beta (Build 12D436) iBoot-2261.5.41~10 8.2 beta 2 (Build 12D445d) iBoot-2261.5.47~1 8.2 beta 3 (Build 12D5452a) iBoot-2261.5.54~3 8.2 beta 4 (Build 12D5461b) iBoot-2261.5.58~25 8.2 beta 5 (Build 12D5480a) iBoot-2261.5.64~15 8.2 (Build 12D508) iBoot-2261.20.16~6 8.3 beta (Build 12F5027d) iBoot-2261.20.18~14 8.3 beta 2 (Build 12F5037c) iBoot-2261.20.19~16 8.3 beta 3 (Build 12F5047f) iBoot-2261.20.20~9 8.3 beta 4 (Build 12F61) iBoot-2261.20.20~14 8.3 (Build 12F69) iBoot-2261.30.33~16 8.4 beta (Build 12H4074d) iBoot-2261.30.34~8 8.4 beta 2 (Build 12H4086d) iBoot-2261.30.35~21 8.4 beta 3 (Build 12H4098c) iBoot-2261.30.37~17 8.4 beta 4 (Build 12H4125a) iBoot-2261.30.37~34 8.4 (Build 12H143) iBoot-2261.30.37~39 8.4.1 beta (Build 12H304) iBoot-2261.30.37~55 8.4.1 beta 2 (Build 12H318) iBoot-2261.30.37~58 8.4.1 (Build 12H321) iBoot-2817.0.0.1.2~2 9.0 beta (Build 13A4254v) iBoot-2817.1.41.1.1~1 9.0 beta 2 (Build 13A4280e) iBoot-2817.1.55~10 9.0 beta 3 (Build 13A4293g) iBoot-2817.1.73~9 9.0 beta 4 (Build 13A4305g) iBoot-2817.1.89~3 9.0 beta 5 (Build 13A4325c) iBoot-2817.1.93~1 9.0 GM (Build 13A340) iBoot-2817.1.93~1 9.0 (Build 13A340, 13A342, 13A343 & 13A344) iBoot-2817.1.94~1 9.0.1 (Build 13A404) 9.0.1 (Build 13A405) 9.0.2 (Build 13A452) iBoot-2817.10.26~8 9.1 beta (Build 13B5110e) iBoot-2817.10.29~16 9.1 beta 2 (Build 13B5119e) iBoot-2817.10.34~1 9.1 beta 3 (Build 13B5130b) iBoot-2817.10.34~7 9.1 beta 4 (Build 13B136) 9.1 beta 5 (Build 13B137 & 13B139) 9.1 (Build 13B143) iBoot-2817.10.35~1 9.1 (Build 13B144) iBoot-2817.20.21~5 9.2 beta (Build 13C5055d) iBoot-2817.20.24~4 9.2 beta 2 (Build 13C5060d) iBoot-2817.20.26~3 9.2 beta 3 (Build 13C71) 9.2 beta 4 (Build 13C75) 9.2 (Build 13C75) 9.2.1 beta (Build 13D11) 9.2.1 beta 2 (Build 13D14) 9.2.1 (Build 13D15 & 13D20) iBoot-2817.40.91~21 9.3 beta (Build 13E5181d) 9.3 beta 1.1 (Build 13E5181f) iBoot-2817.40.97~26 9.3 beta 2 (Build 13E5191d) iBoot-2817.40.102~26 9.3 beta 3 (Build 13E5200d) iBoot-2817.40.104~56 9.3 beta 4 (Build 13E5214d) iBoot-2817.40.106~16 9.3 beta 5 (Build 13E5225a) 9.3 beta 6 (Build 13E5231a) 9.3 beta 7 (Build 13E5233a) 9.3 beta 7 (Build 13E5234a) iBoot-2817.40.106~2 9.3 (Build 13E233, 13E234, 13E236 & 13E237) iBoot-2817.50.1~16 9.3.2 beta (Build 13F51a) iBoot-2817.50.2~2 9.3.2 beta 2 (Build 13F61) 9.3.2 beta 3 (Build 13F65) iBoot-2817.50.3~1 9.3.2 beta 4 (Build 13F68) 9.3.2 (Build 13F69 & 13F72) 9.3.3 beta (Build 13G12) iBoot-2817.60.1~1 9.3.3 beta 2 (Build 13G21) iBoot-2817.60.2~2 9.3.3 beta 3 (Build 13G29) 9.3.3 beta 4 (Build 13G33) 9.3.3 beta 5 (Build 13G34) 9.3.3 (Build 13G34) 9.3.4 (Build 13G35) 9.3.5 (Build 13G36) iBoot-3393~52 10.0 beta (Build 14A5261v) iBoot-3406.1.46~11 10.0 beta 2 (Build 14A5297c) iBoot-3406.1.59~66 10.0 beta 3 (Build 14A5309d) iBoot-3406.1.68~82 10.0 beta 4 (Build 14A5322e) iBoot-3406.1.77~16 10.0 beta 5 (Build 14A5335b) 10.0 beta 6 (Build 14A5341a) 10.0 beta 7 (Build 14A5345a) 10.0 beta 8 (Build 14A5346a) iBoot-3406.1.79~1 10.0.1 GM (Build 14A403) 10.0.1 (Build 14A403) 10.0.2 (Build 14A456) 10.0.3 (Build 14A551) iBoot-3406.20.16~118 10.1 beta (Build 14B55c) iBoot-3406.20.16~161 10.1 beta 2 (Build 14B67) 10.1 beta 3 (Build 14B71) 10.1 beta 4 (Build 14B72) 10.1 beta 4 (Build 14B72b) 10.1 beta 5 (Build 14B72c) 10.1 (Build 14B72 & 14B72c) 10.1.1 (Build 14B100 & 14B150) iBoot-3406.30.8~10 10.2 beta (Build 14C5062e) iBoot-3406.30.8~373 10.2 beta 2 (Build 14C5069c) iBoot-3406.30.8~503 10.2 beta 3 (Build 14C5077b) iBoot-3406.30.8~497 10.2 beta 4 (Build 14C82) 10.2 beta 5 (Build 14C89) 10.2 beta 6 (Build 14C90) 10.2 beta 6 (Build 14C91) 10.2 beta 7 (Build 14C92) 10.2 (Build 14C92) 10.2.1 beta (Build 14D10) iBoot-3406.42.1~1 10.2.1 beta 2 (Build 14D15) iBoot-3406.42.5~1 10.2.1 beta 3 (Build 14D23) 10.2.1 beta 4 (Build 14D27) 10.2.1 (Build 14D27) iBoot-3406.50.223~16 10.3 beta (Build 14E5230e) iBoot-3406.50.229~9 10.3 beta 2 (Build 14E5239e) iBoot-3406.50.236~77 10.3 beta 3 (Build 14E5249d) iBoot-3406.50.243~9 10.3 beta 4 (Build 14E5260b) iBoot-3406.50.244~4 10.3 beta 5 (Build 14E5269a) 10.3 beta 6 (Build 14E5273a) 10.3 beta 7 (Build 14E5277a) iBoot-3406.50.244~1 10.3 (Build 14E277) 10.3.1 (Build 14E304) iBoot-3406.60.7~9 10.3.2 beta (Build 14F5065b) iBoot-3406.60.10~10 10.3.2 beta 2 (Build 14F5075a) iBoot-3406.60.10~25 10.3.2 beta 3 (Build 14F5080a) iBoot-3406.60.10~40 10.3.2 beta 4 (Build 14F5086a) 10.3.2 beta 5 (Build 14F5089a) iBoot-3406.60.10~39 10.3.2 (Build 14F89, 14F90 & 14F91) iBoot-3406.60.10~38 10.3.2 (Build 14F8089) iBoot-3406.60.10~64 10.3.3 beta (Build 14G5028a) 10.3.3 beta 2 (Build 14G5037b) iBoot-3406.60.10~74 10.3.3 beta 3 (Build 14G5047a) 10.3.3 beta 4 (Build 14G5053a) 10.3.3 beta 5 (Build 14G5057a) iBoot-3406.60.10~70 10.3.3 beta 6 (Build 14G57 & 14G58) 10.3.3 (Build 14G60) iBoot-3974~299 11.0 beta (Build 15A5278f) iBoot-4051~60 11.0 beta 2 (Build 15A5304i & 15A5304h) iBoot-4076.1.9~24 11.0 beta 3 (Build 15A5318g) iBoot-4076.1.22~32 11.0 beta 4 (Build 15A5327g) iBoot-4076.1.39~22 11.0 beta 5 (Build 15A5341f) iBoot-4076.1.43~178 11.0 beta 6 (Build 15A5354b) iBoot-4076.1.44~40 11.0 beta 7 (Build 15A5362a) 11.0 beta 8 (Build 15A5368a) 11.0 beta 9 (Build 15A5370a) iBoot-4076.1.44~197 11.0 beta 10 (Build 15A5372a) iBoot-4076.1.44~40 11.0 GM (Build 15A372) 11.0 (Build 15A372) iBoot-4076.1.44~197 11.0.1 (Build 15A402 & 15A403) 11.0.2 (Build 15A421) 11.0.3 (Build 15A432) iBoot-4076.20.45~8 11.1 beta (Build 15B5066f) iBoot-4076.20.47~5 11.1 beta 2 (Build 15B5078e) iBoot-4076.20.48~5 11.1 beta 3 (Build 15B5086a) iBoot-4076.20.48~1 11.1 beta 4 (Build 15B92) 11.1 beta 5 (Build 15B93) 11.1 (Build 15B93 & 15B101) 11.1.1 (Build 15B150) 11.1.2 (Build 15B202) iBoot-4076.30.40~29 11.2 beta (Build 15C5092b) iBoot-4076.30.43~19 11.2 beta 2 (Build 15C5097d) iBoot-4076.30.43~80 11.2 beta 3 (Build 15C5107a) 11.2 beta 4 (Build 15C5110b) 11.2 beta 5 (Build 15C5111a) iBoot-4076.30.43~76 11.2 beta 6 (Build 15C114) 11.2 (Build 15C114) 11.2.1 (Build 15C153) 11.2.2 (Build 15C202) iBoot-4076.30.43~137 11.2.5 beta (Build 15D5037e) 11.2.5 beta 2 (Build 15D5046b) 11.2.5 beta 3 (Build 15D5049a) 11.2.5 beta 4 (Build 15D5054a) 11.2.5 beta 5 (Build 15D5057a) 11.2.5 beta 6 (Build 15D5059a) iBoot-4076.30.43~140 11.2.5 beta 7 (Build 15D60) 11.2.5 (Build 15D60) 11.2.6 (Build 15D100) iBoot-4076.50.114~5 11.3 beta (Build 15E5167f) iBoot-4076.50.120.100.1~2 11.3 beta 2 (Build 15E5178f)
tvOS
iBoot-2817.10.22~26 9.0 beta (Build 13T5347l) iBoot-2817.10.29~9 9.0 beta 2 (Build 13T5365h) iBoot-2817.10.34~5 9.0 beta 3 (Build 13T5379f) iBoot-2817.12.1~1 9.0 GM (Build 13T396) 9.0 (Build 13T396) 9.0.1 (Build 13T402) iBoot-2817.20.24~5 9.1 beta (Build 13U5061d) iBoot-2817.20.26~2 9.1 beta 2 (Build 13U5069b) iBoot-2817.20.26~7 9.1 beta 3 (Build 13U5077a) iBoot-2817.20.26~1 9.1 (Build 13U85) iBoot-2817.20.26~8 9.1.1 beta (Build 13U713) 9.1.1 (Build 13U717) iBoot-2817.40.91~19 9.2 beta (Build 13Y5179e) iBoot-2817.40.97~10 9.2 beta 2 (Build 13Y5189e) iBoot-2817.40.102~14 9.2 beta 3 (Build 13Y5198c) iBoot-2817.40.104~50 9.2 beta 4 (Build 13Y5210d) iBoot-2817.40.106~15 9.2 beta 5 (Build 13Y5220c) iBoot-2817.40.106~15 9.2 beta 6 (Build 13Y5232a) iBoot-2817.40.106~18 9.2 (Build 13Y234) iBoot-2817.50.1~20 9.2.1 beta (Build 13Y5752a) iBoot-2817.50.2~1 9.2.1 beta 2 Pre-release (Build 13Y763b) 9.2.1 beta 2 (Build 13Y763c) 9.2.1 beta 3 (Build 13Y768) 9.2.1 beta 4 (Build 13Y772) 9.2.1 (Build 13Y772) iBoot-2817.50.2~11 9.2.2 beta (Build 13Y807) iBoot-2817.60.1~2 9.2.2 beta 2 (Build 13Y816) iBoot-2817.60.2~1 9.2.2 beta 3 (Build 13Y823) 9.2.2 beta 4 (Build 13Y824) 9.2.2 beta 5 (Build 13Y825) 9.2.2 (Build 13Y825) iBoot-3393~157 10.0 beta (Build 14T5253s) iBoot-3406.1.46~9 10.0 beta 2 (Build 14T5284d) iBoot-3406.1.59~57 10.0 beta 3 (Build 14T5296d) iBoot-3406.1.68~85 10.0 beta 4 (Build 14T5308d) iBoot-3406.1.77~19 10.0 beta 5 (Build 14T5321a) 10.0 beta 6 (Build 14T5327a) 10.0 beta 7 (Build 14T5327a) iBoot-3406.1.77~13 10.0 GM (Build 14T330) 10.0 (Build 14T330) iBoot-3406.20.16~117 10.0.1 beta (Build 14U54) 10.0.1 beta 2 (Build 14U66) 10.0.1 beta 3 (Build 14U69) 10.0.1 beta 4 (Build 14U71) 10.0.1 (Build 14U71 & 14U100) iBoot-3406.30.8~11 10.1 beta (Build 14U5565b) iBoot-3406.30.8~374 10.1 beta 2 (Build 14U5574b) iBoot-3406.30.8~501 10.1 beta 3 (Build 14U5582b) iBoot-3406.30.8~493 10.1 beta 4 (Build 14U588) 10.1 beta 5 (Build 14U593) 10.1 (Build 14U593) 10.1.1 beta (Build 14U707) 10.1.1 beta 2 (Build 14U711) 10.1.1 (Build 14U712a) iBoot-3406.50.223~18 10.2 beta (Build 14W5222d) iBoot-3406.50.229~12 10.2 beta 2 (Build 14W5231d) iBoot-3406.50.236~71 10.2 beta 3 (Build 14W5241c) iBoot-3406.53.1~1 10.2 beta 4 (Build 14W5252c) iBoot-3406.53.2~2 10.2 beta 5 (Build 14W5260a) 10.2 beta 6 (Build 14W5264a) iBoot-3406.53.2~1 10.2 (Build 14W265) iBoot-3406.60.7~17 10.2.1 beta (Build 14W5563b) iBoot-3406.60.10~11 10.2.1 beta 2 (Build 14W5573a) iBoot-3406.60.10~29 10.2.1 beta 3 (Build 14W5578b) iBoot-3406.60.10~42 10.2.1 beta 4 (Build 14W5583a) iBoot-3406.60.10~35 10.2.1 beta 5 (Build 14W585) 10.2.1 (Build 14W585a) iBoot-3406.60.10~55 10.2.2 beta (Build 14W5726a) 10.2.2 beta 2 (Build 14W5735a) 10.2.2 beta 3 (Build 14W5745a) 10.2.2 beta 4 (Build 14W5751b) iBoot-3406.60.10~76 10.2.2 beta 5 (Build 14W754) 10.2.2 (Build 14W756) iBoot-3974~291 11.0 beta (Build 15J5284e & 15J5284g) iBoot-4051~54 11.0 beta 2 (Build 15J5310e & 15J5310h) iBoot-4076.1.9~34 11.0 beta 3 (Build 15J5324f) iBoot-4076.1.22~28 11.0 beta 4 (Build 15J5333f) iBoot-4076.1.39.3.1~1 11.0 beta 5 (Build 15J5347f) iBoot-4076.3.1~11 11.0 beta 6 (Build 15J5360b) iBoot-4076.3.2~2 11.0 beta 7 (Build 15J5369a) 11.0 beta 8 (Build 15J5374a) 11.0 beta 9 (Build 15J5378a) iBoot-4076.3.3~1 11.0 beta 10 (Build 15J5380a) iBoot-4076.3.3~2 11.0 GM (Build 15J381) 11.0 (Build 15J381) iBoot-4076.20.45~10 11.1 beta (Build 15J5559d) iBoot-4076.20.47~3 11.1 beta 2 (Build 15J5571d) iBoot-4076.20.48~4 11.1 beta 3 (Build 15J5580a) 11.1 beta 4 (Build 15J5582a) iBoot-4076.20.48~2 11.1 (Build 15J582) iBoot-4076.30.40~22 11.2 beta (Build 15K5085b) iBoot-4076.30.43~14 11.2 beta 2 (Build 15K5090c) iBoot-4076.30.43~81 11.2 beta 3 (Build 15K5099a) 11.2 beta 4 (Build 15K102a) 11.2 beta 5 (Build 15K5105a) iBoot-4076.30.43~75 11.2 (Build 15K106) 11.2.1 (Build 15K152) iBoot-4076.30.43~138 11.2.5 beta (Build 15K5531d) 11.2.5 beta 2 (Build 15K5539b) 11.2.5 beta 3 (Build 15K5544a) 11.2.5 beta 4 (Build 15K5544b) 11.2.5 beta 5 (Build 15K5549a) 11.2.5 beta 6 (Build 15K5552a) iBoot-4076.30.43~143 11.2.5 (Build 15K552) 11.2.6 (Build 15K600) iBoot-4076.50.114~7 11.3 beta (Build 15L5164e) iBoot-4076.50.119~180 11.3 beta 2 (Build 15L5175d)
watchOS
iBoot-2261.5.64~16 1.0 (Build 12S507) iBoot-2261.5.64~49 1.0.1 (Build 12S632) iBoot-2817.0.0.2.1~1 2.0 beta 2 (Build 13S5255c) iBoot-2817.2.2~2 2.0 (Build 13S344) 2.0.1 (Build 13S428) iBoot-2817.20.25~4 2.1 (Build 13S661) iBoot-2817.40.91~18 2.2 beta (Build 13V5098e) iBoot-2817.40.97~24 2.2 beta 2 (Build 13V5108c) iBoot-2817.40.102~24 2.2 beta 3 (Build 13V5117c) iBoot-2817.40.104~51 2.2 beta 4 (Build 13V5129c) iBoot-2817.40.106~17 2.2 beta 5 (Build 13V5141a) 2.2 beta 6 (Build 13V5143a) iBoot-2817.40.106~4 2.2 (Build 13V144) iBoot-2817.40.106~32 2.2.1 beta (Build 13V413) 2.2.1 beta 2 (Build 13V420) 2.2.1 (Build 13V420) 2.2.2 beta (Build 13V601) 2.2.2 (Build 13V604) iBoot-3393~42 3.0 beta (Build 14S5247t) iBoot-3406.1.46~10 3.0 beta 2 (Build 14S5278d) iBoot-3406.1.59~63 3.0 beta 3 (Build 14S5290d) iBoot-3406.1.68~84 3.0 beta 4 (Build 14S5302d) iBoot-3406.1.77~18 3.0 beta 5 (Build 14S5315a) iBoot-3406.4.1~2 3.0 beta 6 (Build 14S5321a) iBoot-3406.4.3~2 3.0 GM (Build 14S5321a) 3.0 (Build 14S5321a) iBoot-3406.20.16~116 3.1 beta (Build 14S452) 3.1 beta 2 (Build 14S464) 3.1 beta 3 (Build 14S471) 3.1 (Build 14S471) iBoot-3406.30.8~13 3.1.1 beta (Build 14S5862d) iBoot-3406.30.8~375 3.1.1 beta 2 (Build 14S5869b) iBoot-3406.30.8~504 3.1.1 beta 3 (Build 14S5875b) iBoot-3406.30.8~502 3.1.1 beta 4 (Build 14S879) 3.1.1 beta 5 (Build 14S883) 3.1.1 (Build 14S883) 3.1.3 beta (Build 14S958) 3.1.3 beta 2 (Build 14S959) 3.1.3 (Build 14S960) iBoot-3406.50.223~19 3.2 beta (Build 14V5205d) iBoot-3406.50.229~10 3.2 beta 2 (Build 14V5214d) iBoot-3406.50.236~76 3.2 beta 3 (Build 14V5224d) iBoot-3406.54.1~2 3.2 beta 4 (Build 14V5235b) iBoot-3406.54.2~2 3.2 beta 5 (Build 14V5243a) 3.2 beta 6 (Build 14V5245a) iBoot-3406.54.2~1 3.2 (Build 14V249) iBoot-3406.60.7~16 3.2.2 beta (Build 14V5465b) iBoot-3406.60.10~8 3.2.2 beta 2 (Build 14V5475a) iBoot-3406.60.10~27 3.2.2 beta 3 (Build 14V5480a) iBoot-3406.60.10~44 3.2.2 beta 4 (Build 14V5485a) iBoot-3406.60.10~43 3.2.2 (Build 14V485) iBoot-3406.60.10~49 3.2.3 beta (Build 14V5726a) 3.2.3 beta 2 (Build 14V5734a) iBoot-3406.60.10~49 3.2.3 beta 3 (Build 14V5744a) 3.2.3 beta 4 (Build 14V5751a) iBoot-3406.60.10~77 3.2.3 (Build 14V753) iBoot-3974~307 4.0 beta (Build 15R5281f) iBoot-4051~240 4.0 beta 2 (Build 15R5307f) iBoot-4076.1.9~31 4.0 beta 3 (Build 15R5321h) iBoot-4076.1.22~43 4.0 beta 4 (Build 15R5331g) iBoot-4076.1.39~24 4.0 beta 5 (Build 15R5345g) iBoot-4076.1.43~190 4.0 beta 6 (Build 15R5357b) 4.0 beta 7 (Build 15R5365a) 4.0 beta 8 (Build 15R5371a) iBoot-4076.1.43~186 4.0 GM (Build 15R372) 4.0 (Build 15R372) 4.0.1 (Build 15R654) iBoot-4076.20.45~11 4.1 beta (Build 15R5823c) iBoot-4076.20.47~6 4.1 beta 2 (Build 15R5835d) iBoot-4076.20.48~6 4.1 beta 3 (Build 15R5843a) iBoot-4076.20.48~3 4.1 beta 4 (Build 15R846) 4.1 (Build 15R846) iBoot-4076.30.40~25 4.2 beta (Build 15S5085b) iBoot-4076.30.43~16 4.2 beta 2 (Build 15S5090c) 4.2 beta 3 (Build 15S5100a) 4.2 beta 4 (Build 15S5102b) iBoot-4076.30.43~2 4.2 (Build 15S102) iBoot-4076.30.43~135 4.2.2 beta (Build 15S5530d) 4.2.2 beta 2 (Build 15S5534a) 4.2.2 beta 3 (Build 15S5536a) 4.2.2 beta 4 (Build 15S5540a) iBoot-4076.30.43~134 4.2.2 beta 5 (Build 15S542) 4.2.2 (Build 15S542) 4.2.3 (Build 15S600b) iBoot-4076.50.114~52 4.3 beta (Build 15T5165e) iBoot-4076.50.119~179 4.3 beta 2 (Build 15T5176c)
Exploits
On 1st February, 2014, iH8sn0w found a very powerful iBoot exploit that allows any iDevice with an A5 or A5X chip to be jailbroken, regardless of the iOS version. He used it mainly to grab AES decryption keys. However, according to this tweet from winocm, the exploit will never go public. Once he cleans it up a bit, the decryption keys will be available here. He mentioned here that it will work on A6 and A7 chips soon, but it will require some minor modifications.
Commands used as an exploit vector
- diags: Until 2.0 beta 6, the diags command would jump to code at the address provided to it. For example, if you sent "diags 0x9000000", it would directly jump to the code at 0x9000000. There is now a check that only allows engineering devices to utilize this backdoor.
- arm7_go: For firmware 2.1.1, the iPod touch (2nd generation) iBoot contains the ARM7 Go command, which could be used to run a payload on the ARM7 in the device.
OpeniBoot
There is an open source version of iBoot designed so that custom kernels can be run on the iPhone/iPod/iPad. You can check out the source here. It is VERY useful if you are ever reversing iBoot and do not feel like finding out what certain hardware registers are yourself. OpeniBoot currently supports all S5l8900, S5l8720, S5l8920 and S5l8930 devices. More info can be found about OpeniBoot and Linux on these devices on the iDroid-Project website.
Remappings
// N88 (3GS) 0x4FF00000 => 0x0 0x40000000 => 0xC0000000