The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
image3maker (Internal Tool)
This article discusses software internally used by Apple. Acquiring a copy without Apple's consent is illegal and may result in being scammed. |
Original author(s) | Apple Inc. |
---|---|
Developer(s) | Apple Inc. |
Operating system | OS X |
Size | 77,760 bytes [APP] |
Available in | English |
Type | ? |
License | Closed source |
image3maker is an Apple internal tool used to create img3 firmware files. It's implemented in mostly C with its symbols stripped. There is an open source version by the same name, Image3maker.
From the disassembly, it appears that the Key and IV are generated via /dev/random. The GID key is loaded in from a plist at /usr/local/standalone/firmware/platform_keys.plist in order to encrypt the KEY/IV fields within the KBAG (referred to as "Keybag").
Usage
The usage information from running the binary.
Usage: image3maker [options] image3maker: Modes: image3maker: --create Create a new image3 file image3maker: --update Update an existing image3 file image3maker: --hashForSigning Generate and print the SHA-1 hash of the signable area image3maker: --signWithData Sign with supplied data image3maker: --finalizeWithoutSignature Finalize image3 file for use with authorized installation image3maker: --printEpoch Print the numeric value of the epoch specified by --epoch image3maker: --print Print the value of the tag specified by --tag image3maker: image3maker: General options: image3maker: --unsign Removes signature information, allowing operations on images image3maker: that have previously been signed. image3maker: image3maker: Arguments for --create and --update: image3maker: --imagefile <file> Image3 format file image3maker: In --create mode this file is created or truncated image3maker: --type <type> Hex or 4-byte ASCII type tag image3maker: This is required for --create mode, not permitted in --update mode image3maker: --version <version> Set version string image3maker: --epoch <security epoch> Explicit epoch or chip name to pick system default image3maker: default for 's5l8747x' is 16 image3maker: default for 's5l8920x' is 4 image3maker: default for 's5l8922x' is 2 image3maker: default for 's5l8930x' is 2 image3maker: default for 's5l8940x' is 17 image3maker: default for 's5l8942x' is 16 image3maker: default for 's5l8945x' is 16 image3maker: default for 's5l8947x' is 16 image3maker: default for 's5l8950x' is 16 image3maker: default for 's5l8955x' is 16 image3maker: --hardwareEpoch <hardware epoch> Set the hardware epoch image3maker: Should only be used for Image3 objects embedded in certs. image3maker: --domain {manufacturer|darwin|rtxc} image3maker: --data <data file> Add payload data from <data file> image3maker: --personalize Personalize the image for local storage image3maker: --production Marks the image as a production image image3maker: --development Marks the image as a development image image3maker: --override <override> Set the override value. image3maker: Should only be used for Image3 objects embedded in certs. image3maker: --chipType <chip ID> image3maker: --boardID <board ID> image3maker: --uniqueID <unique chip ID> image3maker: --padWithRandomBytes Adds random pad data image3maker: image3maker: Arguments for --hashForSigning: image3maker: --partialHashReservationSize <size> Requests a partial (unfinalized) hash rather than a normal hash. image3maker: The partial hash is computed assuming that an additional size bytes image3maker: will be added to the final signed portion of the image. image3maker: image3maker: Arguments for --signWithData: image3maker: --expectHash <hash value> Require that the image hash to <hash value> image3maker: --signWithSignature <signaturefile> Sign the image using the supplied signature file image3maker: --signWithCertChain <chainfile> Place the supplied cert chain file into the signed image image3maker: image3maker: Arguments for --finalizeWithoutSignature: image3maker: --expectHash <hash value> Require that the image hash to <hash value> image3maker: image3maker: Arguments for --print: image3maker: --tag <tag name> Tag to be printed, either a 4 character string or a hexadecimal image3maker: number prefixed with 0x image3maker: --skip <n> Requests the nth occurrence of the specified tag. Defaults to 0.