|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Ramrod
ramrod is an iOS command line utility that is involved in firmware update and restore procedure of iOS devices at least since iOS 6.
ramrod is contained in the ramdisk in H6SURamDisk.dmg (which is in /usr/standalone/update/ramdisk/ folder on 7.0.4 iPhone5s) and there in /usr/libexec/ramrod/. You just have to get rid of the 1st 0x1b (27) bytes to make the dmg readable.
There is not much known about its functionality or usage except that it is mentioned in ~/Library/Logs/iPhone Updater Logs (on OSX) or [Username folder]\Application Data\Apple Computer\iTunes\iPhone Updater Logs (on Windows) in case of some unsuccessful restores / updates.
0: RamrodErrorDomain/3ec: update_baseband: failed to perform next stage 1: BBUpdater/10 unable to convert ramrod error 1004 ==== end of device restore output ==== 2013-01-16 01:05:19.000 iTunes[1073:12e2b]: AMRAuthInstallDeletePersonalizedBundle 2013-01-16 01:05:19.000 iTunes[1073:12e2b]: <Restore Device 0x7f8fa705ac30>: Restore failed (result = -1) 2013-01-16 01:05:19.000 iTunes[1073:12f07]: iTunes: Restore error 4294967295
./jtool -l /Volumes/ramdisk/usr/libexec/ramrod/ramrod LC 00: LC_SEGMENT_64 Mem: 0x000000000-0x100000000 __PAGEZERO LC 01: LC_SEGMENT_64 Mem: 0x100000000-0x100104000 __TEXT 0x0000000100002e48-0x000000010009dba8 __TEXT.__text 0x000000010009dba8-0x000000010009f078 __TEXT.__stubs 0x000000010009f078-0x00000001000a0524 __TEXT.__stub_helper 0x00000001000a0524-0x00000001000b2e50 __TEXT.__gcc_except_tab__TEXT 0x00000001000b2e50-0x00000001000eb44c __TEXT.__const 0x00000001000eb44c-0x00000001001005e8 __TEXT.__cstring 0x00000001001005e8-0x0000000100103ff4 __TEXT.__unwind_info LC 02: LC_SEGMENT_64 Mem: 0x100104000-0x10011c000 __DATA 0x0000000100104000-0x00000001001041f0 __DATA.__got 0x00000001001041f0-0x0000000100104fd0 __DATA.__la_symbol_ptr 0x0000000100104fd0-0x0000000100105038 __DATA.__mod_init_func 0x0000000100105040-0x000000010010b950 __DATA.__const 0x000000010010b950-0x000000010010dfe0 __DATA.__data 0x000000010010dfe0-0x0000000100111a00 __DATA.__cfstring 0x0000000100111a00-0x0000000100111fe0 __DATA.__common 0x0000000100111fe0-0x000000010011b448 __DATA.__bss LC 03: LC_SEGMENT_64 Mem: 0x10011c000-0x100144000 __LINKEDIT LC 04: LC_DYLD_INFO_ONLY LC 05: LC_SYMTAB Symbol table is at offset 0x123890, with 1788 entries LC 06: LC_DYSYMTAB LC 07: LC_LOAD_DYLINKER /usr/lib/dyld LC 08: LC_UUID UUID: D8DC8A3E-CF0F-31C8-ADBA-2C6A1891952F LC 09: LC_VERSION_MIN_IPHONEOS Minimum iOS version: 7.0.0 LC 10: LC_SOURCE_VERSION Source Version: 1021.1.28.0.0 LC 11: LC_MAIN Entry Point: 0x5d90 (Mem: 100005d90) LC 12: LC_LOAD_DYLIB /usr/lib/libz.1.dylib LC 13: LC_LOAD_DYLIB /System/Library/Frameworks/SystemConfiguration.framework/SystemConfiguration LC 14: LC_LOAD_DYLIB /System/Library/PrivateFrameworks/IOSurface.framework/IOSurface LC 15: LC_LOAD_DYLIB /usr/lib/libIOAccessoryManager.dylib LC 16: LC_LOAD_DYLIB /System/Library/PrivateFrameworks/IOMobileFramebuffer.framework/IOMobileFramebuffer LC 17: LC_LOAD_DYLIB /System/Library/PrivateFrameworks/Bom.framework/Bom LC 18: LC_LOAD_DYLIB /System/Library/Frameworks/CoreFoundation.framework/CoreFoundation LC 19: LC_LOAD_DYLIB /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit LC 20: LC_LOAD_DYLIB /System/Library/PrivateFrameworks/MediaKit.framework/MediaKit LC 21: LC_LOAD_DYLIB /usr/lib/libMobileGestalt.dylib LC 22: LC_LOAD_DYLIB /usr/lib/libauthinstall.dylib LC 23: LC_LOAD_WEAK_DYLIB /System/Library/Frameworks/CFNetwork.framework/CFNetwork LC 24: LC_LOAD_DYLIB /usr/lib/libc++.1.dylib LC 25: LC_LOAD_DYLIB /usr/lib/libSystem.B.dylib LC 26: LC_FUNCTION_STARTS Offset: 1188768, Size: 5232 LC 27: LC_DATA_IN_CODE Offset: 1194000, Size: 0 LC 28: LC_DYLIB_CODE_SIGN_DRS Offset: 1194000, Size: 128 LC 29: LC_CODE_SIGNATURE Offset: 1287008, Size: 6480
There seem also plugins for ramrod avaible:
./jtool -l /Volumes/ramdisk/usr/libexec/ramrod/plugins/patchd.ramrod LC 00: LC_SEGMENT_64 Mem: 0x000000000-0x1c000 __TEXT 0x0000000000002660-0x0000000000012868 __TEXT.__text 0x0000000000012868-0x0000000000013588 __TEXT.__stubs 0x0000000000013588-0x00000000000142c0 __TEXT.__stub_helper 0x00000000000142c0-0x0000000000014750 __TEXT.__const 0x0000000000014750-0x000000000001bfae __TEXT.__cstring 0x000000000001bfae-0x000000000001bff6 __TEXT.__unwind_info LC 01: LC_SEGMENT_64 Mem: 0x00001c000-0x24000 __DATA 0x000000000001c000-0x000000000001c190 __DATA.__got 0x000000000001c190-0x000000000001ca50 __DATA.__la_symbol_ptr 0x000000000001ca50-0x000000000001cbf8 __DATA.__const 0x000000000001cbf8-0x0000000000021058 __DATA.__cfstring 0x0000000000021060-0x00000000000210ad __DATA.__data 0x00000000000210b0-0x0000000000021608 __DATA.__bss LC 02: LC_SEGMENT_64 Mem: 0x000024000-0x2e000 __LINKEDIT LC 03: LC_DYLD_INFO_ONLY LC 04: LC_SYMTAB Symbol table is at offset 0x26d18, with 510 entries LC 05: LC_DYSYMTAB LC 06: LC_UUID UUID: B157237E-1517-3E83-AB87-130ADAE58E62 LC 07: LC_VERSION_MIN_IPHONEOS Minimum iOS version: 7.0.0 LC 08: LC_SOURCE_VERSION Source Version: 275.1.0.0.0 LC 09: LC_LOAD_DYLIB /usr/lib/libauthinstall.dylib LC 10: LC_LOAD_DYLIB /usr/lib/libMobileGestalt.dylib LC 11: LC_LOAD_DYLIB /usr/lib/libz.1.dylib LC 12: LC_LOAD_DYLIB /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit LC 13: LC_LOAD_DYLIB /System/Library/PrivateFrameworks/Bom.framework/Bom LC 14: LC_LOAD_DYLIB /System/Library/Frameworks/Security.framework/Security LC 15: LC_LOAD_DYLIB /System/Library/PrivateFrameworks/AppleFSCompression.framework/AppleFSCompression LC 16: LC_LOAD_DYLIB /System/Library/Frameworks/CoreFoundation.framework/CoreFoundation LC 17: LC_LOAD_DYLIB /usr/lib/libbz2.1.0.dylib LC 18: LC_LOAD_DYLIB /usr/lib/libSystem.B.dylib LC 19: LC_FUNCTION_STARTS Offset: 158664, Size: 232 LC 20: LC_DATA_IN_CODE Offset: 158896, Size: 0 LC 21: LC_DYLIB_CODE_SIGN_DRS Offset: 158896, Size: 104 LC 22: LC_CODE_SIGNATURE Offset: 181088, Size: 1072
Using ramrod via ssh:
./ramrod dyld: Library not loaded: /System/Library/PrivateFrameworks/MediaKit.framework/MediaKit Referenced from: /private/var/root/ramrod/./ramrod Reason: image not found Trace/BPT trap: 5 ./ramrod entering set_boot_stage unable to open /dev/klog: Resource busy inverting UI colordisplay-scale = 2 display-rotation = 0 found applelogo at /usr/share/progressui/applelogo@2x.tga found display: primary display: 640 x 1136 unable to open plugins directory: No such file or directory ramrod: unable to load plugins ramrod exited with status 1 - rebooting No IOFlashController instance found executing /usr/sbin/nvram executing /sbin/reboot reboot in progress, hanging
If you manage to get ramrod working properly in SSH, this is the output:
./ramrod entering set_boot_stage display-scale = 2 display-rotation = 0 found applelogo at /usr/share/progressui/applelogo@2x.tga found display: primary display: 640 x 960 patchd: ramrod_register_plugin(3254): built Jun 11 2014 20:21:41. Searching for NAND service Found NAND service: IOFlashStoragePartition NAND initialized. Waiting for devnode. entering ramrod_probe_media device partitioning scheme is GPT device supports boot-from-NAND nand device is already partitioned executing /usr/sbin/nvram patchd: ramrod_register_plugin(3274): nvram variable 'enable-remap-mode' cleared loaded plugin: patchd plugin contains 1 handlers patchd_patch (AUTONOMOUS HANDLER) skipping USB initialization patchd: patch(2443): Started patchd. Searching for NAND service Found NAND service: IOFlashStoragePartition NAND initialized. Waiting for devnode. entering ramrod_probe_media patchd: run_fake_media_progress(2264): starting fake media progress device partitioning scheme is GPT patchd: patch(2475): internal media ready. patchd: patch(2476): 0 seconds elapsed so far executing /usr/sbin/nvram patchd: patch(2491): nvram variable 'boot-command' cleared. ramrod_roll_media_keys: data_partition = /dev/disk0s1s2 ramrod_roll_media_keys: storage_media = /dev/disk0s1 ramrod_roll_media_keys: data_partition_name = disk0s1s2 ramrod_roll_media_keys: data_partition_uuid = INSERT_UID_HERE_ lwvm: Key already rolled ! executing /usr/sbin/nvram patchd: patch(2507): no baseband updater debug args present executing /sbin/fsck_hfs fsck_hfs: pread(10, 0x27dcc024, 4096, 1560576): Invalid argument patchd: patchdProgressCallback(2208): progress: 5% Offset 1024 length 512: 0000: 4858 0005 8000 2000 4846 534a 0000 0009 |HX......HFSJ....| 0010: cfbe cd9f d19c 0a66 0000 0000 cfbf 300f |.......f......0.| 0020: 0000 8f58 0000 4311 0000 2000 0002 84ca |...X..C.........| 0030: 0000 5ecb 0002 4f1c 0001 0000 0001 0000 |......O.........| 0040: 0000 f673 0000 7613 0000 0000 0000 0001 |...s..v.........| 0050: 0000 0000 0000 0000 0000 0000 0000 0000 |................| 0060: 0000 0000 0000 0000 8521 4c87 8382 7761 |..........L...wa| 0070: 0000 0000 0001 0000 0000 8000 0000 0008 |................| 0080: 0000 0001 0000 0008 0000 0000 0000 0000 |................| 0090: 0000 0000 0000 0000 0000 0000 0000 0000 |................| . . . 00c0: 0000 0000 0040 0000 0040 0000 0000 0200 |................| 00d0: 0000 040a 0000 0200 0000 0000 0000 0000 |................| 00e0: 0000 0000 0000 0000 0000 0000 0000 0000 |................| . . . 0110: 0000 0000 0180 0000 0040 0000 0000 0c00 |................| 0120: 0000 270a 0000 0300 0000 8688 0000 0300 |................| 0130: 0001 ba9b 0000 0300 0002 42fc 0000 0300 |..........B.....| 0140: 0000 0000 0000 0000 0000 0000 0000 0000 |................| . . . 0160: 0000 0000 01e0 0000 0040 0000 0000 0f00 |................| 0170: 0000 060a 0000 0600 0001 ad54 0000 0300 |...........T....| 0180: 0001 d5e0 0000 0300 0002 5d0d 0000 0300 |................| 0190: 0000 0000 0000 0000 0000 0000 0000 0000 |................| . . . 01f0: 0000 0000 0000 0000 0000 0000 0000 0000 |................| ** /dev/rdisk0s1s1 (NO WRITE) Executing fsck_hfs (version hfs-277.10.5). ** Verifying volume when it is mounted with write access. Journal need to be replayed but volume is read-only ** Checking Journaled HFS Plus volume. ** Detected a case-sensitive volume. The volume name is Sochi11D257.N92OS ** Checking extents overflow file. ** Checking catalog file. ** Checking multi-linked files. ** Checking catalog hierarchy. ** Checking extended attributes file. ** Checking volume bitmap. ** Checking volume information. ** The volume Sochi11D257.N92OS was found corrupt and needs to be repaired. fsck failed on /dev/disk0s1s1 patchd: mount_all_filesystems(1990): system partition should already be mounted executing /sbin/fsck_hfs fsck_hfs: pread(10, 0x27d6f024, 4096, 2613248): Invalid argument Offset 1024 length 512: 0000: 4858 0005 c000 2000 4846 534a 0000 000d |HX......HFSJ....| 0010: d185 a4fc d19c 0b1d 0000 0000 d185 a4fc |................| 0020: 0000 28de 0000 0986 0000 2000 000c 5336 |..............S6| 0030: 000a 746b 0005 40b1 0001 0000 0001 0000 |..tk............| 0040: 0000 9299 0003 dcd0 0000 0000 0000 0001 |................| 0050: 0000 0000 0000 0000 0000 0000 0000 0000 |................| 0060: 0000 0000 0000 0000 ce83 809b c82e 6eac |..............n.| 0070: 0000 0000 0001 a000 0001 8000 0000 000d |................| 0080: 0000 0001 0000 000c 0000 0a0e 0000 0001 |................| 0090: 0000 0000 0000 0000 0000 0000 0000 0000 |................| . . . 00c0: 0000 0000 0040 0000 0040 0000 0000 0200 |................| 00d0: 0000 040e 0000 0200 0000 0000 0000 0000 |................| 00e0: 0000 0000 0000 0000 0000 0000 0000 0000 |................| . . . 0110: 0000 0000 0080 0000 0080 0000 0000 0400 |................| 0120: 0000 320e 0000 0400 0000 0000 0000 0000 |..2.............| 0130: 0000 0000 0000 0000 0000 0000 0000 0000 |................| . . . 0160: 0000 0000 0080 0000 0080 0000 0000 0400 |................| 0170: 0000 060e 0000 0400 0000 0000 0000 0000 |................| 0180: 0000 0000 0000 0000 0000 0000 0000 0000 |................| . . . 01f0: 0000 0000 0000 0000 0000 0000 0000 0000 |................| ** /dev/rdisk0s1s2 (NO WRITE) Executing fsck_hfs (version hfs-277.10.5). ** Verifying volume when it is mounted with write access. Journal need to be replayed but volume is read-only ** Checking Journaled HFS Plus volume. ** Detected a case-sensitive volume. The volume name is Data ** Checking extents overflow file. ** Checking catalog file. ** Checking multi-linked files. ** Checking catalog hierarchy. ** Checking extended attributes file. ** Checking volume bitmap. ** Checking volume information. ** The volume Data was found corrupt and needs to be repaired. fsck failed on /dev/disk0s1s2 patchd: mount_all_filesystems(2005): data partition should already be mounted patchd: patch(2536): system and data partition mounted. patchd: patch(2537): 28 seconds elapsed so far patchd: patch(2539): disks mounted. patchd: patchdProgressCallback(2208): progress: 10% patchd: patch(2546): done waiting for fake media progress thread. patchd: patch(2566): could not load patchd options from '/mnt1/var/MobileSoftwareUpdate/Update.plist'. errno=2. executing /usr/sbin/nvram patchd: patch(3184): nvram variable 'ramrod-display-width' cleared. executing /usr/sbin/nvram patchd: patch(3194): nvram variable 'ramrod-display-height' cleared. executing /usr/sbin/nvram patchd: patch(3204): nvram variable 'ramrod-display-rate' cleared. executing /usr/sbin/nvram patchd: patch(3216): nvram variable 'auto-boot' reset. patchd: patch(3223): attempting to dump update log patchd: entering checkForRestoreLogFile patchd: found restore log (size = 495) patchd: write_update_log(2230): writing log file: /mnt1/restore.log patchd: patch(3232): disks unmounted. patchd: patch(3235): 50 seconds elapsed in patchd ramrod exited with status 1 - rebooting device supports boot-from-NAND nand device is already partitioned executing /usr/sbin/nvram executing /sbin/reboot
