Talk:Telluride 9A406 (iPhone4,1)
Key location
Everyone is saying that the VFDecrypt keys were practically included in the OS, but I can't find em :P Where would they be in the IPSW? --rdqronos 20:01, 15 December 2011 (MST)
- The VFDecrypt key is in the ramdisk. You could use GenPass to get it. --Dialexio 22:12, 15 December 2011 (MST)
- I am sure they were referring to the fact that, because the ramdisks are unencrypted, they were able to be "extracted" without the device. --5urd 17:05, 16 December 2011 (MST)
- continuing from this, where do you get the ramdisk key if it is encrypted? --iAdam1n (talk) 18:43, 29 January 2013 (UTC)
- The ramdisk's KBAG needs to be decrypted with the device's GID key. There is no way to extract the GID key; you need a bootrom exploit (an iBoot exploit may suffice?) to use the device's AES engine. Once you have the IV and key, you can use xpwntool to decrypt the ramdisk. --Dialexio (talk) 20:43, 29 January 2013 (UTC)
- How would I get the GID key on an A4 device? --iAdam1n (talk) 20:56, 29 January 2013 (UTC)
- You can't. GID key is only in hardware and has never been extracted. You can only ask the hardware to use the GID key to decrypt something for you. --http (talk) 23:53, 30 January 2013 (UTC)
- Then how do I ask it for the GID key? --iAdam1n (talk) 23:57, 30 January 2013 (UTC)
- You 'can't. It is embedded directly into the device. There is no way to get it without a direct analysis of the die of the chip, or performing a side-channel attack on the chip while it encrypts/decrypts data. The encryption is done by the processor with a key embedded into the processor. You can, however, ask the processor to encrypt and decrypt stuff for you. That is done with the MobileDevice Library and xpwn. If you want help, please ask one of the people who post keys here, not us. Thanks. --5urd (talk) 19:01, 4 February 2013 (UTC)
- They are not just in the IPSW. You have to decrypt a ramdisk then use GenPass to get the rootfs key. As the ramdisk's in this IPSW were not encrypted, just use GenPass with the normal ramdisk. --iAdam1n (talk) 11:36, 23 August 2013 (UTC)
- Then how do I ask it for the GID key? --iAdam1n (talk) 23:57, 30 January 2013 (UTC)
- You can't. GID key is only in hardware and has never been extracted. You can only ask the hardware to use the GID key to decrypt something for you. --http (talk) 23:53, 30 January 2013 (UTC)
- How would I get the GID key on an A4 device? --iAdam1n (talk) 20:56, 29 January 2013 (UTC)
- The ramdisk's KBAG needs to be decrypted with the device's GID key. There is no way to extract the GID key; you need a bootrom exploit (an iBoot exploit may suffice?) to use the device's AES engine. Once you have the IV and key, you can use xpwntool to decrypt the ramdisk. --Dialexio (talk) 20:43, 29 January 2013 (UTC)
- continuing from this, where do you get the ramdisk key if it is encrypted? --iAdam1n (talk) 18:43, 29 January 2013 (UTC)