image3maker (Internal Tool)

From The iPhone Wiki
Jump to: navigation, search

This article discusses software internally used by Apple.

Acquiring a copy without Apple's consent is illegal and may result in being scammed.
Engaging in illegal activity is not condoned. This information is provided for educational purposes only.

Original author(s) Apple Inc.
Developer(s) Apple Inc.
Operating system OS X
Size 77,760 bytes [APP]
Available in English
Type ?
License Closed source

image3maker is an Apple internal tool used to create img3 firmware files. It's implemented in mostly C with its symbols stripped. There is an open source version by the same name, Image3maker.

From the disassembly, it appears that the Key and IV are generated via /dev/random. The GID key is loaded in from a plist at /usr/local/standalone/firmware/platform_keys.plist in order to encrypt the KEY/IV fields within the KBAG (referred to as "Keybag").

Usage

The usage information from running the binary.

Usage: image3maker [options]

image3maker: Modes:
image3maker:     --create                             Create a new image3 file
image3maker:     --update                             Update an existing image3 file
image3maker:     --hashForSigning                     Generate and print the SHA-1 hash of the signable area
image3maker:     --signWithData                       Sign with supplied data
image3maker:     --finalizeWithoutSignature           Finalize image3 file for use with authorized installation
image3maker:     --printEpoch                         Print the numeric value of the epoch specified by --epoch
image3maker:     --print                              Print the value of the tag specified by --tag
image3maker: 
image3maker: General options:
image3maker:     --unsign                             Removes signature information, allowing operations on images
image3maker:                                          that have previously been signed.
image3maker: 
image3maker: Arguments for --create and --update:
image3maker:     --imagefile <file>                   Image3 format file
image3maker:                                            In --create mode this file is created or truncated
image3maker:     --type <type>                        Hex or 4-byte ASCII type tag
image3maker:                                            This is required for --create mode, not permitted in --update mode
image3maker:     --version <version>                  Set version string
image3maker:     --epoch <security epoch>             Explicit epoch or chip name to pick system default
image3maker:                                            default for 's5l8747x' is 16
image3maker:                                            default for 's5l8920x' is 4
image3maker:                                            default for 's5l8922x' is 2
image3maker:                                            default for 's5l8930x' is 2
image3maker:                                            default for 's5l8940x' is 17
image3maker:                                            default for 's5l8942x' is 16
image3maker:                                            default for 's5l8945x' is 16
image3maker:                                            default for 's5l8947x' is 16
image3maker:                                            default for 's5l8950x' is 16
image3maker:                                            default for 's5l8955x' is 16
image3maker:     --hardwareEpoch <hardware epoch>     Set the hardware epoch
image3maker:                                          Should only be used for Image3 objects embedded in certs.
image3maker:     --domain {manufacturer|darwin|rtxc}
image3maker:     --data <data file>                   Add payload data from <data file>
image3maker:     --personalize                        Personalize the image for local storage
image3maker:     --production                         Marks the image as a production image
image3maker:     --development                        Marks the image as a development image
image3maker:     --override <override>                Set the override value.
image3maker:                                          Should only be used for Image3 objects embedded in certs.
image3maker:     --chipType <chip ID>
image3maker:     --boardID <board ID>
image3maker:     --uniqueID <unique chip ID>
image3maker:     --padWithRandomBytes                 Adds random pad data
image3maker: 
image3maker: Arguments for --hashForSigning:
image3maker:     --partialHashReservationSize <size>  Requests a partial (unfinalized) hash rather than a normal hash.
image3maker:                                            The partial hash is computed assuming that an additional size bytes
image3maker:                                            will be added to the final signed portion of the image.
image3maker: 
image3maker: Arguments for --signWithData:
image3maker:     --expectHash <hash value>            Require that the image hash to <hash value>
image3maker:     --signWithSignature <signaturefile>  Sign the image using the supplied signature file
image3maker:     --signWithCertChain <chainfile>      Place the supplied cert chain file into the signed image
image3maker: 
image3maker: Arguments for --finalizeWithoutSignature:
image3maker:     --expectHash <hash value>            Require that the image hash to <hash value>
image3maker: 
image3maker: Arguments for --print:
image3maker:     --tag <tag name>                     Tag to be printed, either a 4 character string or a hexadecimal
image3maker:                                            number prefixed with 0x
image3maker:     --skip <n>                           Requests the nth occurrence of the specified tag. Defaults to 0.