<?xml version="1.0"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
	<id>https://www.theiphonewiki.com/w/api.php?action=feedcontributions&amp;feedformat=atom&amp;user=Rzhikharevich</id>
	<title>The iPhone Wiki - User contributions [en]</title>
	<link rel="self" type="application/atom+xml" href="https://www.theiphonewiki.com/w/api.php?action=feedcontributions&amp;feedformat=atom&amp;user=Rzhikharevich"/>
	<link rel="alternate" type="text/html" href="https://www.theiphonewiki.com/wiki/Special:Contributions/Rzhikharevich"/>
	<updated>2026-07-01T14:12:33Z</updated>
	<subtitle>User contributions</subtitle>
	<generator>MediaWiki 1.31.14</generator>
	<entry>
		<id>https://www.theiphonewiki.com/w/index.php?title=PurpleRestore&amp;diff=46592</id>
		<title>PurpleRestore</title>
		<link rel="alternate" type="text/html" href="https://www.theiphonewiki.com/w/index.php?title=PurpleRestore&amp;diff=46592"/>
		<updated>2015-06-26T02:11:20Z</updated>

		<summary type="html">&lt;p&gt;Rzhikharevich: A question sign looks odd, we need something in this entry.&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;{{internal software}}&lt;br /&gt;
{{Infobox software&lt;br /&gt;
 | name                   = PurpleRestore&lt;br /&gt;
 | title                  = PurpleRestore&lt;br /&gt;
 | logo                   = [[File:PurpleRestore logo.png]]&lt;br /&gt;
 | screenshot             = [[File:PurpleRestore15GC54.png|300px]]&lt;br /&gt;
 | caption                = PurpleRestore 5.0.1 (14GC54)&lt;br /&gt;
 | collapsible            = &lt;br /&gt;
 | author                 = Apple Inc.&lt;br /&gt;
 | developer              = Apple Inc.&lt;br /&gt;
 | released               = &lt;br /&gt;
 | discontinued           = &lt;br /&gt;
 | latest release version = 5.0.1 (14GC54)&amp;lt;br /&amp;gt;&amp;lt;small&amp;gt;(latest ''known'' version)&amp;lt;/small&amp;gt;&lt;br /&gt;
 | latest release date    = &lt;br /&gt;
 | latest preview version = &lt;br /&gt;
 | latest preview date    = &lt;br /&gt;
 | programming language   = &lt;br /&gt;
 | operating system       = [[wikipedia:OS X|OS X]]&lt;br /&gt;
 | platform               = &lt;br /&gt;
 | size                   = &lt;br /&gt;
 | language               = [[wikipedia:English language|English]]&lt;br /&gt;
 | status                 = &lt;br /&gt;
 | genre                  = Firmware flasher&lt;br /&gt;
 | license                = [[wikipedia:Proprietary software|Closed source]]&lt;br /&gt;
 | website                = &lt;br /&gt;
}}&lt;br /&gt;
{{float toc|left}}&lt;br /&gt;
'''PurpleRestore''' is a tool made by Apple and is used for flashing [[iDevice]]s. It provides far more customization than [[iTunes]], and it is usually used to flash internal firmware to [[Prototypes|prototypes]]. PurpleRestore 5.0.1 (build 14GC54) is the latest known version which is capable of detecting devices running/flashing the latest restore bundles (Betas/Stock/NonUI/etc.). Little is currently known about which versions it &amp;quot;supports&amp;quot; for restoring as such. PurpleRestore is installed by [[RestoreTools.pkg]]. A CLI version of PurpleRestore exists too.&lt;br /&gt;
&lt;br /&gt;
This tool can (and is meant to) handle multiple restores. When performing restores PurpleRestore color coordinates the device in the table and when the device is about to receive the AppleLogo it will turn the background color of the screen to the color assigned to the device.&lt;br /&gt;
Like [[iTunes]], [[PurpleRestore]] communicates with iDevices using a [[usbmux]] connection.&lt;br /&gt;
&lt;br /&gt;
== Restore Bundles==&lt;br /&gt;
Unlike iTunes, PurpleRestore doesn't use [[IPSW File Format|IPSW]] files to restore devices. It uses &amp;quot;Restore Bundles&amp;quot; which can be obtained from a server specific to a version of iOS, such as &amp;lt;code&amp;gt;afp://fieldgoal.apple.com/RestoreImages/&amp;lt;/code&amp;gt; and &amp;lt;code&amp;gt;afp://endzone.apple.com/OldRestoreImages/&amp;lt;/code&amp;gt; (among many others) . Unfortunately, the &amp;lt;code&amp;gt;afp&amp;lt;/code&amp;gt; protocol can only be accessed through Apple's internal VPN which means that the tool is essentially useless, because it can only install currently signed iOS.&lt;br /&gt;
&lt;br /&gt;
However, you can create your own bundles by extracting an IPSW into a folder, this only applies to firmwares that are being signed; or if you have SHSH blobs saved for an A4 device (and below) then you can either stitch or use [[TinyUmbrella]] to assist in a downgrade without the need for iTunes, you will need to put your device into Pwned DFU still. This will not give you any internal debugging abilities nor jailbreak your device. &lt;br /&gt;
&lt;br /&gt;
== Restore Components ==&lt;br /&gt;
Restore Components has several options:&lt;br /&gt;
* '''Restore Bundle''': Specify the bundle to use in restoring&lt;br /&gt;
* '''Firmware Directory''': Specify the folder where the [[LLB]], [[iBoot (Bootloader)|iBoot]], etc. [[IMG3 File Format|IMG3]] files are located.&lt;br /&gt;
* '''Ramdisk Image''': Specify a [[ramdisk]] to be used (i.e. [[Restore Ramdisk|restore]] or [[Update Ramdisk|update]] ramdisk)&lt;br /&gt;
* '''DFU''': Specify what tools to upload based on a selection of &amp;quot;Debug&amp;quot;, &amp;quot;Development&amp;quot;, or &amp;quot;Release&amp;quot;. A specific file can also be selected.&lt;br /&gt;
&lt;br /&gt;
== Restore Operations ==&lt;br /&gt;
[[File:IPhoneDuringPurpleRestore.jpeg|250px|thumb|right|iPhone 5 undergoing a PurpleRestore]]&lt;br /&gt;
Restore Operations contains the most options to configure. These may also be the most useful ones.&lt;br /&gt;
&lt;br /&gt;
* '''Hardware Readiness'''&lt;br /&gt;
** '''Minimum Battery Charge (mV)''': This value controls the minimum charge level at which the restore will be allowed to continue. Below this threshold, we either wait to charge (if we're charging) or fail (if we're not charging).  If this option is not specified, a default value is used (currently 3.8&amp;amp;nbsp;V). Setting this option to 0 bypasses all battery level checks.&lt;br /&gt;
** '''Wait for Minimum Charge''': If the current voltage is below the minimum level, then the default behavior is to let the device charge and then continue. This option overrides that behavior when false.&lt;br /&gt;
** '''Wait for Storage Device''': Controls whether the restore waits for the storage device /dev/disk0 to be available before the restore is initiated.&lt;br /&gt;
** '''Allow Untethered Restore''': Permit the restore to run untethered (not connected to a host).  The result of specifying this option when the restore needs data from the host (for instance, when flashing NOR) is undefined (but probably bad). If this option is specified and the device remains tethered, things should proceed as usual.&lt;br /&gt;
* '''Storage Media'''&lt;br /&gt;
** '''Use LwVM''': Controls whether the device is formatted for LwVM (if supported).&lt;br /&gt;
** '''Repartition''': Controls whether a new partition map is created on the device.&lt;br /&gt;
** '''System Partition Size (MiB)''': Specifies the size (in mebibytes) that is desired for the system partition. Because the partition size can only be changed when creating a new partition map, this option is only relevant when used in conjunction with repartition. A size of 0 indicates that the restore library should choose a suitable size for you, based on the specific restore bundle and image being used if possible.&lt;br /&gt;
** '''Content Protection Type''': Controls the type of data protection used on the device.&lt;br /&gt;
** '''Low-Level Erase''': Do a low level erase (wipe with null or random data) of the entire storage device prior to restoring.&lt;br /&gt;
* '''Restore System Partition'''&lt;br /&gt;
** '''System Image''': Determines which type of system image to restore, or which file to use for the system image.&lt;br /&gt;
** '''Kernel Cache Type''': This option controls the kernel cache that gets installed on the device.&lt;br /&gt;
* '''Baseband'''&lt;br /&gt;
** '''Update Baseband''': Controls whether the [[baseband]] and baseband bootloader are updated as part of the restore.&lt;br /&gt;
** '''Force Update''': The baseband update is skipped when the existing firmware matches the available firmware. In some cases, it is desirable to force the firmware update to occur, regardless of what is currently on there. This option, when set to true, forces the update to be attempted.&lt;br /&gt;
&lt;br /&gt;
== Restore OS ==&lt;br /&gt;
Restore OS options allow you to specify the following:&lt;br /&gt;
* '''Restore Boot-Args''':  Boot-Args used when the Restore OS is loaded. By default those arguments are used: &amp;quot;debug=0x14e serial=3 rd=md0 nand-enable-reformat=1 -progress&amp;quot;&lt;br /&gt;
* '''Firmware Type:''' Specify the firmware which should be flashed when restoring. This can either be &amp;quot;Debug&amp;quot;, &amp;quot;Factory FA&amp;quot;, &amp;quot;Factory SA&amp;quot;, &amp;quot;Firmware Development&amp;quot; or &amp;quot;Production&amp;quot;.&lt;br /&gt;
* '''Boot Image Type:''' Can be &amp;quot;Internal&amp;quot;, &amp;quot;User or Internal&amp;quot;, &amp;quot;User&amp;quot; or &amp;quot;Update&amp;quot;.&lt;br /&gt;
* '''Boot Kernel Cache:''' Specify whether the &amp;quot;Production&amp;quot; or &amp;quot;Development&amp;quot; kernel cache should be used.&lt;br /&gt;
&lt;br /&gt;
== Personalization Settings ==&lt;br /&gt;
As with iTunes, PurpleRestore can personalize builds for iOS devices (since recent Bootroms expect a valid APTicket). The tooltip for the &amp;quot;Personalized Restore&amp;quot; checkbox reads &amp;quot;Your ticket to the Orwellian cloud.&amp;quot; This may suggest that Apple developed TSS in part to control access to internal build variants (i.e. prevent leaks of &amp;quot;interesting&amp;quot; builds of iOS), in addition to preventing production users from downgrading. &lt;br /&gt;
* '''Variants''': &amp;quot;A predefined combination of restore pieces.&amp;quot; The options are: &amp;quot;Customer Install&amp;quot;, &amp;quot;Internal Debug&amp;quot;, &amp;quot;Internal Development&amp;quot;, &amp;quot;Internal Install&amp;quot;, &amp;quot;Internal Qualification&amp;quot;, and &amp;quot;Vendor install.&amp;quot; &lt;br /&gt;
* '''AppleConnect''': Used to authenticate all restores for personalization. Interestingly, AppleConnect will allow members of the iOS Developer Program (including non-employees) to install public builds of iOS (latest current and beta). It's likely AppleConnect is also used to authenticate signing of internal builds using the public TSS server, should the device be on the whitelist. &lt;br /&gt;
&lt;br /&gt;
== Restore Settings ==&lt;br /&gt;
[[File:PurpleRestoreOptions.png |250px|thumb|right|PurpleRestore configuration screen]]&lt;br /&gt;
By default, PurpleRestore comes with two pre-made restore settings. &amp;quot;Erase Install&amp;quot; and &amp;quot;Update Install&amp;quot;. Those restore settings are [[PList File Format|plist]] files that define the options PurpleRestore will use when restoring a device.&lt;br /&gt;
* '''Erase Install''': Repartition the media and erase all data before restoring. Includes all internal development tools and updates flash and the baseband by default.&lt;br /&gt;
* '''Update Install''': Includes all internal development tools and updates flash and the baseband by default.&lt;br /&gt;
{{clear}}&lt;br /&gt;
&lt;br /&gt;
== Problems ==&lt;br /&gt;
There are some problems with the leaked versions, because they almost always aren't the latest version.&lt;br /&gt;
&lt;br /&gt;
[[File:IBECStuck.png|250px|thumb|right|Stuck on Executing iBEC]]&lt;br /&gt;
One problem (common) is getting stuck at &amp;quot;Executing iBEC to bootstrap update&amp;quot;. This is likely a signing error, the device may have rejected the iBEC image.&lt;br /&gt;
&lt;br /&gt;
Another problem, when trying from DFU mode, the tool will send the DFU image, then the device will disconnect, reconnect, and repeat the process indefinitely.&lt;br /&gt;
&lt;br /&gt;
== See Also ==&lt;br /&gt;
* [[iTunes]]&lt;br /&gt;
* [https://www.youtube.com/watch?v=jaZ2JPUv-AU Video of process]&lt;br /&gt;
* [https://www.youtube.com/watch?v=IGC2lrYhQjw How-to create restore bundles from a public ipsw]&lt;br /&gt;
* [https://www.youtube.com/watch?v=DwipCKbWIlw PurpleRestore restore process]&lt;br /&gt;
&lt;br /&gt;
[[Category:Software]]&lt;/div&gt;</summary>
		<author><name>Rzhikharevich</name></author>
		
	</entry>
	<entry>
		<id>https://www.theiphonewiki.com/w/index.php?title=LwVM&amp;diff=46006</id>
		<title>LwVM</title>
		<link rel="alternate" type="text/html" href="https://www.theiphonewiki.com/w/index.php?title=LwVM&amp;diff=46006"/>
		<updated>2015-06-12T14:26:01Z</updated>

		<summary type="html">&lt;p&gt;Rzhikharevich: Same fixes.&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;'''LwVM''' (Lightweight Volume Manager) - partition table, which is used by iOS since 5.0.&lt;br /&gt;
&lt;br /&gt;
'''com.apple.driver.LightweightVolumeManager''' kext wraps the block device (&amp;lt;code&amp;gt;/dev/disk0&amp;lt;/code&amp;gt;) where the actual LwVM partition table is stored and publishes &amp;lt;code&amp;gt;/dev/disk0s1&amp;lt;/code&amp;gt; with emulated [[Wikipedia:GUID Partition Table|GPT]] which can be edited from user-land using conventional [[Wikipedia:GUID Partition Table|GPT]] editing tools (e.g. [http://sourceforge.net/projects/gptfdisk/ gptfdisk]) [https://code.google.com/p/iphone-dataprotection/wiki/LightweightVolumeManager]. All edits are trapped by the kext and before shutting down (after the volumes are unmounted) it writes the corresponding changes to LwVM partition table on &amp;lt;code&amp;gt;/dev/disk0&amp;lt;/code&amp;gt; (implemented in &amp;lt;code&amp;gt;LightweightVolumeManager::_gptLazyRepartition()&amp;lt;/code&amp;gt; function from the LwVM kext). After next boot new devices (e.g. &amp;lt;code&amp;gt;/dev/rdisk0s1s3&amp;lt;/code&amp;gt;) are published by the kext. This mechanism is used during [[OTA Updates]] to create third partition where the update ramdisk is copied to and booted into by setting nvram &amp;lt;code&amp;gt;boot-command&amp;lt;/code&amp;gt; to &amp;lt;code&amp;gt;upgrade&amp;lt;/code&amp;gt; [https://twitter.com/iH8sn0w/status/580016602512539648] and probably also &amp;lt;code&amp;gt;boot-partition&amp;lt;/code&amp;gt; to &amp;lt;code&amp;gt;2&amp;lt;/code&amp;gt; (partitions are indexed from 0, so third partition). &lt;br /&gt;
&lt;br /&gt;
The update partition is set up by &amp;lt;code&amp;gt;com.apple.MobileSoftwareUpdate.CleanupPreparePathService&amp;lt;/code&amp;gt; (XPC service accompanying [[softwareupdated]]). It shrinks HFS of the second (data) partition using &amp;lt;code&amp;gt;fsctl&amp;lt;/code&amp;gt; as illustrated in [https://github.com/danzatt/hfs_resize hfs_resize]. It then edits [[Wikipedia:GUID Partition Table|GPT]] on &amp;lt;code&amp;gt;/dev/rdisk0s1s3&amp;lt;/code&amp;gt; to reflect the size of shrunk HFS and creates new entry for the update partition in the freed space and creates new HFS on it. To create file-system manually you can use e.g.: &amp;lt;code&amp;gt;newfs_hfs -s -b 8192 -J 8192k -v Data2 /dev/rdisk0s1s4&amp;lt;/code&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Structure ==&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
typedef struct _LwVMPartitionRecord {&lt;br /&gt;
        uint64_t type[2]; //Should be equal to LwVMPartitionTypeHFS (see below) on an unmodified device.&lt;br /&gt;
        uint64_t guid[2]; //Random.&lt;br /&gt;
        uint64_t begin; //Partitions begin in bytes.&lt;br /&gt;
        uint64_t end; //End.&lt;br /&gt;
        uint64_t attribute; // 0 == unencrypted; 0x1000000000000 == encrypted&lt;br /&gt;
        uint16_t partitionName[0x24]; // UTF-16 encoded&lt;br /&gt;
} __attribute__ ((packed)) LwVMPartitionRecord;&lt;br /&gt;
&lt;br /&gt;
typedef struct _LwVM {&lt;br /&gt;
        uint64_t type[2]; //Should be LwVMType or LwVMType_noCRC.&lt;br /&gt;
        uint64_t guid[2]; //Random.&lt;br /&gt;
        uint64_t mediaSize; //Size in bytes.&lt;br /&gt;
        uint32_t numPartitions; //Number of partitions.&lt;br /&gt;
        uint32_t crc32;&lt;br /&gt;
        uint8_t unkn[464]; //Some unknown bytes, usually nulls.&lt;br /&gt;
        LwVMPartitionRecord partitions[12];&lt;br /&gt;
        uint16_t chunks[1024]; // chunks[0] should be 0xF000&lt;br /&gt;
} __attribute__ ((packed)) LwVM;&lt;br /&gt;
&lt;br /&gt;
static const char LwVMType[] = { 0x6A, 0x90, 0x88, 0xCF, 0x8A, 0xFD, 0x63, 0x0A, 0xE3, 0x51, 0xE2, 0x48, 0x87, 0xE0, 0xB9, 0x8B };&lt;br /&gt;
&lt;br /&gt;
static const char LwVMType_noCRC[] = { 0xB1, 0x89, 0xA5, 0x19, 0x4F, 0x59, 0x4B, 0x1D, 0xAD, 0x44, 0x1E, 0x12, 0x7A, 0xAF, 0x45, 0x39 };&lt;br /&gt;
&lt;br /&gt;
static const char LwVMPartitionTypeHFS[] = { 0x48, 0x46, 0x53, 0x00, 0x00, 0x00, 0x11, 0xAA, 0xAA, 0x11, 0x00, 0x30, 0x65, 0x43, 0xEC, 0xAC };&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== LightweightVolumeManager IOService ==&lt;br /&gt;
Running 'ioreg | grep &amp;quot;Lightweight&amp;quot;' shows, that there's an IOService with such name. [[User:rzhikharevich|I]] tried fuzzing IOConnectCallStructMethod selectors (very bad idea). The first call which returned KERN_SUCCESS was done with selector 1. Next, I tried this code:&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
&amp;lt;...&amp;gt;&lt;br /&gt;
kern_ret = IOConnectCallStructMethod(lwvm_conn, 1, NULL, 0, &amp;amp;info_sz, &amp;amp;o_sz);&lt;br /&gt;
if (kern_ret == KERN_SUCCESS)&lt;br /&gt;
{&lt;br /&gt;
           printf(&amp;quot;OK.\n&amp;quot;);&lt;br /&gt;
           void *info = malloc(info_sz);&lt;br /&gt;
           IOConnectCallStructMethod(lwvm_conn, 1, NULL, 0, info, &amp;amp;info_sz);&lt;br /&gt;
           &amp;lt;...&amp;gt;&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
All disk read operations started resulting with errors. Then my device rebooted and entered a boot loop. The code possibly messed the partition table up.&lt;br /&gt;
&lt;br /&gt;
== Tools ==&lt;br /&gt;
[http://www.github.com/rzhikharevich/lwvmedit lwvmedit]&lt;br /&gt;
&lt;br /&gt;
== External links ==&lt;br /&gt;
[https://code.google.com/p/iphone-dataprotection/wiki/LightweightVolumeManager iPhone dataprotection wiki]&lt;/div&gt;</summary>
		<author><name>Rzhikharevich</name></author>
		
	</entry>
	<entry>
		<id>https://www.theiphonewiki.com/w/index.php?title=LwVM&amp;diff=46005</id>
		<title>LwVM</title>
		<link rel="alternate" type="text/html" href="https://www.theiphonewiki.com/w/index.php?title=LwVM&amp;diff=46005"/>
		<updated>2015-06-12T14:24:09Z</updated>

		<summary type="html">&lt;p&gt;Rzhikharevich: Minor fix: GTP -&amp;gt; GPT&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;'''LwVM''' (Lightweight Volume Manager) - partition table, which is used by iOS since 5.0.&lt;br /&gt;
&lt;br /&gt;
'''com.apple.driver.LightweightVolumeManager''' kext wraps the block device (&amp;lt;code&amp;gt;/dev/disk0&amp;lt;/code&amp;gt;) where the actual LwVM partition table is stored and publishes &amp;lt;code&amp;gt;/dev/disk0s1&amp;lt;/code&amp;gt; with emulated [[Wikipedia:GUID Partition Table|GPT]] which can be edited from user-land using conventional [[Wikipedia:GUID Partition Table|GTP]] editing tools (e.g. [http://sourceforge.net/projects/gptfdisk/ gptfdisk]) [https://code.google.com/p/iphone-dataprotection/wiki/LightweightVolumeManager]. All edits are trapped by the kext and before shutting down (after the volumes are unmounted) it writes the corresponding changes to LwVM partition table on &amp;lt;code&amp;gt;/dev/disk0&amp;lt;/code&amp;gt; (implemented in &amp;lt;code&amp;gt;LightweightVolumeManager::_gptLazyRepartition()&amp;lt;/code&amp;gt; function from the LwVM kext). After next boot new devices (e.g. &amp;lt;code&amp;gt;/dev/rdisk0s1s3&amp;lt;/code&amp;gt;) are published by the kext. This mechanism is used during [[OTA Updates]] to create third partition where the update ramdisk is copied to and booted into by setting nvram &amp;lt;code&amp;gt;boot-command&amp;lt;/code&amp;gt; to &amp;lt;code&amp;gt;upgrade&amp;lt;/code&amp;gt; [https://twitter.com/iH8sn0w/status/580016602512539648] and probably also &amp;lt;code&amp;gt;boot-partition&amp;lt;/code&amp;gt; to &amp;lt;code&amp;gt;2&amp;lt;/code&amp;gt; (partitions are indexed from 0, so third partition). &lt;br /&gt;
&lt;br /&gt;
The update partition is set up by &amp;lt;code&amp;gt;com.apple.MobileSoftwareUpdate.CleanupPreparePathService&amp;lt;/code&amp;gt; (XPC service accompanying [[softwareupdated]]). It shrinks HFS of the second (data) partition using &amp;lt;code&amp;gt;fsctl&amp;lt;/code&amp;gt; as illustrated in [https://github.com/danzatt/hfs_resize hfs_resize]. It then edits [[Wikipedia:GUID Partition Table|GTP]] on &amp;lt;code&amp;gt;/dev/rdisk0s1s3&amp;lt;/code&amp;gt; to reflect the size of shrunk HFS and creates new entry for the update partition in the freed space and creates new HFS on it. To create file-system manually you can use e.g.: &amp;lt;code&amp;gt;newfs_hfs -s -b 8192 -J 8192k -v Data2 /dev/rdisk0s1s4&amp;lt;/code&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Structure ==&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
typedef struct _LwVMPartitionRecord {&lt;br /&gt;
        uint64_t type[2]; //Should be equal to LwVMPartitionTypeHFS (see below) on an unmodified device.&lt;br /&gt;
        uint64_t guid[2]; //Random.&lt;br /&gt;
        uint64_t begin; //Partitions begin in bytes.&lt;br /&gt;
        uint64_t end; //End.&lt;br /&gt;
        uint64_t attribute; // 0 == unencrypted; 0x1000000000000 == encrypted&lt;br /&gt;
        uint16_t partitionName[0x24]; // UTF-16 encoded&lt;br /&gt;
} __attribute__ ((packed)) LwVMPartitionRecord;&lt;br /&gt;
&lt;br /&gt;
typedef struct _LwVM {&lt;br /&gt;
        uint64_t type[2]; //Should be LwVMType or LwVMType_noCRC.&lt;br /&gt;
        uint64_t guid[2]; //Random.&lt;br /&gt;
        uint64_t mediaSize; //Size in bytes.&lt;br /&gt;
        uint32_t numPartitions; //Number of partitions.&lt;br /&gt;
        uint32_t crc32;&lt;br /&gt;
        uint8_t unkn[464]; //Some unknown bytes, usually nulls.&lt;br /&gt;
        LwVMPartitionRecord partitions[12];&lt;br /&gt;
        uint16_t chunks[1024]; // chunks[0] should be 0xF000&lt;br /&gt;
} __attribute__ ((packed)) LwVM;&lt;br /&gt;
&lt;br /&gt;
static const char LwVMType[] = { 0x6A, 0x90, 0x88, 0xCF, 0x8A, 0xFD, 0x63, 0x0A, 0xE3, 0x51, 0xE2, 0x48, 0x87, 0xE0, 0xB9, 0x8B };&lt;br /&gt;
&lt;br /&gt;
static const char LwVMType_noCRC[] = { 0xB1, 0x89, 0xA5, 0x19, 0x4F, 0x59, 0x4B, 0x1D, 0xAD, 0x44, 0x1E, 0x12, 0x7A, 0xAF, 0x45, 0x39 };&lt;br /&gt;
&lt;br /&gt;
static const char LwVMPartitionTypeHFS[] = { 0x48, 0x46, 0x53, 0x00, 0x00, 0x00, 0x11, 0xAA, 0xAA, 0x11, 0x00, 0x30, 0x65, 0x43, 0xEC, 0xAC };&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== LightweightVolumeManager IOService ==&lt;br /&gt;
Running 'ioreg | grep &amp;quot;Lightweight&amp;quot;' shows, that there's an IOService with such name. [[User:rzhikharevich|I]] tried fuzzing IOConnectCallStructMethod selectors (very bad idea). The first call which returned KERN_SUCCESS was done with selector 1. Next, I tried this code:&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
&amp;lt;...&amp;gt;&lt;br /&gt;
kern_ret = IOConnectCallStructMethod(lwvm_conn, 1, NULL, 0, &amp;amp;info_sz, &amp;amp;o_sz);&lt;br /&gt;
if (kern_ret == KERN_SUCCESS)&lt;br /&gt;
{&lt;br /&gt;
           printf(&amp;quot;OK.\n&amp;quot;);&lt;br /&gt;
           void *info = malloc(info_sz);&lt;br /&gt;
           IOConnectCallStructMethod(lwvm_conn, 1, NULL, 0, info, &amp;amp;info_sz);&lt;br /&gt;
           &amp;lt;...&amp;gt;&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
All disk read operations started resulting with errors. Then my device rebooted and entered a boot loop. The code possibly messed the partition table up.&lt;br /&gt;
&lt;br /&gt;
== Tools ==&lt;br /&gt;
[http://www.github.com/rzhikharevich/lwvmedit lwvmedit]&lt;br /&gt;
&lt;br /&gt;
== External links ==&lt;br /&gt;
[https://code.google.com/p/iphone-dataprotection/wiki/LightweightVolumeManager iPhone dataprotection wiki]&lt;/div&gt;</summary>
		<author><name>Rzhikharevich</name></author>
		
	</entry>
	<entry>
		<id>https://www.theiphonewiki.com/w/index.php?title=User:Rzhikharevich&amp;diff=45916</id>
		<title>User:Rzhikharevich</title>
		<link rel="alternate" type="text/html" href="https://www.theiphonewiki.com/w/index.php?title=User:Rzhikharevich&amp;diff=45916"/>
		<updated>2015-06-02T17:02:19Z</updated>

		<summary type="html">&lt;p&gt;Rzhikharevich: I don't want to always update the information everywhere, just linking my blog.&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Just an iPhone user and programmer. More [https://rzhikharevich.github.io here].&lt;br /&gt;
&lt;br /&gt;
PS. Not a native english-speaker.&lt;/div&gt;</summary>
		<author><name>Rzhikharevich</name></author>
		
	</entry>
	<entry>
		<id>https://www.theiphonewiki.com/w/index.php?title=User:Dankzegriefer&amp;diff=45871</id>
		<title>User:Dankzegriefer</title>
		<link rel="alternate" type="text/html" href="https://www.theiphonewiki.com/w/index.php?title=User:Dankzegriefer&amp;diff=45871"/>
		<updated>2015-05-23T13:33:05Z</updated>

		<summary type="html">&lt;p&gt;Rzhikharevich: Proper markup.&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Hello!&lt;br /&gt;
I am a guy who likes most mobile devices&lt;br /&gt;
&lt;br /&gt;
== Devices ==&lt;br /&gt;
&lt;br /&gt;
*HTC HD2 (Dualboot between Android 2.3 and CM7)&lt;br /&gt;
*SAMSUNG Galaxy S3 (CM11)&lt;br /&gt;
*iPhone 3G    (Bricked, Power button broken, can't enter DFU, never boots, may try to fix button)&lt;br /&gt;
*iPhone 2G    (Water in screen, trying to get someone to pump it out)&lt;br /&gt;
*iPhone 4     (Lost, Unjailbroken)&lt;br /&gt;
*iPod Touch 4 (iOS 6.1.6, Jailbroken with P0sixspwn)&lt;br /&gt;
*iPad         (Brother dropped on pavement, screen fatally cracked)&lt;/div&gt;</summary>
		<author><name>Rzhikharevich</name></author>
		
	</entry>
	<entry>
		<id>https://www.theiphonewiki.com/w/index.php?title=S5L8930&amp;diff=45845</id>
		<title>S5L8930</title>
		<link rel="alternate" type="text/html" href="https://www.theiphonewiki.com/w/index.php?title=S5L8930&amp;diff=45845"/>
		<updated>2015-05-20T15:49:27Z</updated>

		<summary type="html">&lt;p&gt;Rzhikharevich: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;[[Image:A4.jpg|right]]&lt;br /&gt;
A [[wikipedia:system on a chip|system on a chip]] (&amp;quot;SoC&amp;quot;) developed by Apple's in-house chip design department. Publicly, Apple refers to this chip as the '''A4'''. Internally, this processor is also based on the S5L8920X family, which can also be seen through the reuse of several MMIO devices and MMIO device registers (i.e: chipid). This is the last SoC revision on mobile devices manufactured for Apple that has a publicly known exploitable [[bootrom]] vulnerability.&lt;br /&gt;
&lt;br /&gt;
== Used in ==&lt;br /&gt;
* [[K66ap|Apple TV 2G]]&lt;br /&gt;
* [[K48ap|iPad]]&lt;br /&gt;
* [[iPhone 4]]&lt;br /&gt;
* [[n81ap|iPod touch 4G]]&lt;br /&gt;
&lt;br /&gt;
== [[BootROM]] Exploits ==&lt;br /&gt;
* [[Limera1n Exploit|limera1n]]&lt;br /&gt;
* [[SHA-1 Image Segment Overflow|SHAtter]]&lt;br /&gt;
&lt;br /&gt;
== Boot Chain ==&lt;br /&gt;
[[Bootrom 574.4|Bootrom]]-&amp;gt;[[LLB]]-&amp;gt;[[iBoot]]-&amp;gt;[[Kernel]]-&amp;gt;[[Firmware|System Software]]&lt;br /&gt;
&lt;br /&gt;
== Specifications ==&lt;br /&gt;
* '''CPU''': ARM Cortex-A8&lt;br /&gt;
* '''GPU''': PowerVR SGX 535&lt;br /&gt;
* '''A/V Playback''': PowerVR VXD&lt;br /&gt;
* '''RAM''': 256 MB ([[K66ap|Apple TV 2G]], [[K48ap|iPad]], and [[N81ap|iPod touch 4G]]) or 512 MB ([[iPhone 4]])&lt;br /&gt;
&lt;br /&gt;
[[Category:Application Processors]]&lt;br /&gt;
Aside from the [[iPhone 4]]'s additional RAM and an overall higher clock speed, these are the same specifications as the [[S5L8920]] and [[S5L8922]].&lt;br /&gt;
&lt;br /&gt;
== See also ==&lt;br /&gt;
* [[Bootrom 574.4]]&lt;br /&gt;
&lt;br /&gt;
== Links ==&lt;br /&gt;
* http://www.apple.com/ipad/specs/&lt;br /&gt;
* http://www.brightsideofnews.com/news/2010/1/27/apple-a4-soc-unveiled---its-an-arm-cpu-and-the-gpu!.aspx&lt;/div&gt;</summary>
		<author><name>Rzhikharevich</name></author>
		
	</entry>
	<entry>
		<id>https://www.theiphonewiki.com/w/index.php?title=BootROM&amp;diff=45844</id>
		<title>BootROM</title>
		<link rel="alternate" type="text/html" href="https://www.theiphonewiki.com/w/index.php?title=BootROM&amp;diff=45844"/>
		<updated>2015-05-20T15:49:20Z</updated>

		<summary type="html">&lt;p&gt;Rzhikharevich: Redirected page to Bootrom&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;#REDIRECT [[Bootrom]]&lt;/div&gt;</summary>
		<author><name>Rzhikharevich</name></author>
		
	</entry>
	<entry>
		<id>https://www.theiphonewiki.com/w/index.php?title=/private/var/mobile/Library/Safari&amp;diff=45843</id>
		<title>/private/var/mobile/Library/Safari</title>
		<link rel="alternate" type="text/html" href="https://www.theiphonewiki.com/w/index.php?title=/private/var/mobile/Library/Safari&amp;diff=45843"/>
		<updated>2015-05-20T15:46:32Z</updated>

		<summary type="html">&lt;p&gt;Rzhikharevich: Title fix.&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Children ==&lt;br /&gt;
=== Files ===&lt;br /&gt;
* {{ipfw|Bookmarks.db}}&lt;br /&gt;
* {{ipfw|Bookmarks.db-shm}}&lt;br /&gt;
* {{ipfw|Bookmarks.db-wal}}&lt;br /&gt;
* {{ipfw|com.apple.Bookmarks.lock}}&lt;br /&gt;
* {{ipfw|SearchEngines.plist}}&lt;br /&gt;
&lt;br /&gt;
== Parents ==&lt;br /&gt;
{{parent|private|var|mobile|Library}}&lt;/div&gt;</summary>
		<author><name>Rzhikharevich</name></author>
		
	</entry>
	<entry>
		<id>https://www.theiphonewiki.com/w/index.php?title=Xcode&amp;diff=45842</id>
		<title>Xcode</title>
		<link rel="alternate" type="text/html" href="https://www.theiphonewiki.com/w/index.php?title=Xcode&amp;diff=45842"/>
		<updated>2015-05-20T15:24:07Z</updated>

		<summary type="html">&lt;p&gt;Rzhikharevich: Grammar.&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;{{Infobox software&lt;br /&gt;
 | name                   = Xcode&lt;br /&gt;
 | title                  = Xcode&lt;br /&gt;
 | logo                   = [[File:Xcode.png|118px]]&lt;br /&gt;
 | screenshot             = &lt;br /&gt;
 | caption                = &lt;br /&gt;
 | collapsible            = &lt;br /&gt;
 | author                 = Apple Inc.&lt;br /&gt;
 | developer              = Apple Inc.&lt;br /&gt;
 | released               = &lt;br /&gt;
 | discontinued           = &lt;br /&gt;
 | latest release version = 6.3.2 (6D2105)&lt;br /&gt;
 | latest release date    = {{Start date and age|2015|5|18|df=yes}}&lt;br /&gt;
 | latest preview version = &lt;br /&gt;
 | latest preview date    = &lt;br /&gt;
 | programming language   = &lt;br /&gt;
 | operating system       = [[wikipedia:OS X|OS X]]&lt;br /&gt;
 | platform               = &lt;br /&gt;
 | size                   = ~2.57&amp;amp;nbsp;GB [APP]&lt;br /&gt;
 | language               = [[wikipedia:English language|English]]&lt;br /&gt;
 | status                 = &lt;br /&gt;
 | genre                  = &lt;br /&gt;
 | license                = [[wikipedia:Proprietary software|Closed source]]&lt;br /&gt;
 | website                = [http://developer.apple.com developer.apple.com]&lt;br /&gt;
}}&lt;br /&gt;
'''Xcode''' is an OS X application made by Apple, available on the Mac App Store for free. It is used to create OS X and [[iOS]] apps. It includes one or more SDKs to be able to test created applications on a built-in simulator.&lt;br /&gt;
&lt;br /&gt;
{{stub|software}}&lt;/div&gt;</summary>
		<author><name>Rzhikharevich</name></author>
		
	</entry>
	<entry>
		<id>https://www.theiphonewiki.com/w/index.php?title=User:Rzhikharevich&amp;diff=45682</id>
		<title>User:Rzhikharevich</title>
		<link rel="alternate" type="text/html" href="https://www.theiphonewiki.com/w/index.php?title=User:Rzhikharevich&amp;diff=45682"/>
		<updated>2015-04-27T18:52:59Z</updated>

		<summary type="html">&lt;p&gt;Rzhikharevich: /* Projects */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Just an iPhone user and programmer, a [http://uncyclopedia.wikia.com/wiki/Grammar_Nazi grammar nazi] (with russian language). 13 years old, started being interested in computer science at the age of 11.&lt;br /&gt;
PS. Not a native english-speaker.&lt;br /&gt;
&lt;br /&gt;
== Projects ==&lt;br /&gt;
Here's the list of my iOS-related projects:&lt;br /&gt;
*[https://github.com/rzhikharevich/lwvmedit lwvmedit] - first useful (?) tool for iOS, it can read and edit LwVM tables.&lt;br /&gt;
*iolwvm - an IOKit version of lwvmedit. I am working on reversing, how userspace communicates with the kernel to modify the partitions.&lt;br /&gt;
*libipwn - a library for interfacing with iDevices in DFU mode. Not public yet.&lt;br /&gt;
Other projects:&lt;br /&gt;
*eXtremeStep software project. Working on a kernel, I don't think, I'll ever finish that.&lt;br /&gt;
&lt;br /&gt;
== Knowledge ==&lt;br /&gt;
I know a lot about the iOS (at least relatively). I am also an experienced Unix/Linux user. &lt;br /&gt;
&lt;br /&gt;
Programming languages:&lt;br /&gt;
*C/C++&lt;br /&gt;
*Python&lt;br /&gt;
*x86 assembly.&lt;br /&gt;
Web design skills:&lt;br /&gt;
*HTML5&lt;br /&gt;
*CSS3&lt;br /&gt;
*Javascript.&lt;br /&gt;
&lt;br /&gt;
== Links ==&lt;br /&gt;
*[http://rzhikharevich.github.io My blog], under construction.&lt;br /&gt;
*[http://github.com/rzhikharevich Github account]&lt;br /&gt;
*[http://twitter.com/rzhikharevich Twitter]&lt;br /&gt;
&lt;br /&gt;
== iDevices ==&lt;br /&gt;
*White iPad 3, 64GB, iOS 8.3.&lt;br /&gt;
*iPhone 4, 16GB, iOS 7.1.2, jailbroken.&lt;br /&gt;
*The original iPhone (2G), Debian ARM via OpeniBoot&lt;br /&gt;
*Black iPhone 5, 32GB, iOS 8.3 (primary).&lt;br /&gt;
*Apple TV 3rd gen.&lt;br /&gt;
&lt;br /&gt;
== Operating systems ==&lt;br /&gt;
In current use:&lt;br /&gt;
*OS X Yosemite.&lt;br /&gt;
*Gentoo (hardened, x86_64, nomultilib) with Openbox and LXPanel.&lt;br /&gt;
*iOS.&lt;br /&gt;
Used:&lt;br /&gt;
*Windows XP/7/8/10&lt;br /&gt;
*Different Linux distributions (Gentoo is my favorite)&lt;/div&gt;</summary>
		<author><name>Rzhikharevich</name></author>
		
	</entry>
	<entry>
		<id>https://www.theiphonewiki.com/w/index.php?title=User:Rzhikharevich&amp;diff=45660</id>
		<title>User:Rzhikharevich</title>
		<link rel="alternate" type="text/html" href="https://www.theiphonewiki.com/w/index.php?title=User:Rzhikharevich&amp;diff=45660"/>
		<updated>2015-04-27T10:19:06Z</updated>

		<summary type="html">&lt;p&gt;Rzhikharevich: /* Operating systems */ It's back!&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Just an iPhone user and programmer, a [http://uncyclopedia.wikia.com/wiki/Grammar_Nazi grammar nazi] (with russian language). 13 years old, started being interested in computer science at the age of 11.&lt;br /&gt;
PS. Not a native english-speaker.&lt;br /&gt;
&lt;br /&gt;
== Projects ==&lt;br /&gt;
Here's the list of my iOS-related projects:&lt;br /&gt;
*[https://github.com/rzhikharevich/lwvmedit lwvmedit] - first useful (?) tool for iOS, it can read and edit LwVM tables.&lt;br /&gt;
*iolwvm - an IOKit version of lwvmedit. I am working on reversing, how userspace communicates with the kernel to modify the partitions.&lt;br /&gt;
*libipwn - a library for interfacing with iDevices in DFU mode. Not public yet.&lt;br /&gt;
Other projects:&lt;br /&gt;
*[http://github.com/rzhikharevich/NyanOS NyanOS] &amp;amp; [http://github.com/rzhikharevich/XNC XNC programming language].&lt;br /&gt;
&lt;br /&gt;
== Knowledge ==&lt;br /&gt;
I know a lot about the iOS (at least relatively). I am also an experienced Unix/Linux user. &lt;br /&gt;
&lt;br /&gt;
Programming languages:&lt;br /&gt;
*C/C++&lt;br /&gt;
*Python&lt;br /&gt;
*x86 assembly.&lt;br /&gt;
Web design skills:&lt;br /&gt;
*HTML5&lt;br /&gt;
*CSS3&lt;br /&gt;
*Javascript.&lt;br /&gt;
&lt;br /&gt;
== Links ==&lt;br /&gt;
*[http://rzhikharevich.github.io My blog], under construction.&lt;br /&gt;
*[http://github.com/rzhikharevich Github account]&lt;br /&gt;
*[http://twitter.com/rzhikharevich Twitter]&lt;br /&gt;
&lt;br /&gt;
== iDevices ==&lt;br /&gt;
*White iPad 3, 64GB, iOS 8.3.&lt;br /&gt;
*iPhone 4, 16GB, iOS 7.1.2, jailbroken.&lt;br /&gt;
*The original iPhone (2G), Debian ARM via OpeniBoot&lt;br /&gt;
*Black iPhone 5, 32GB, iOS 8.3 (primary).&lt;br /&gt;
*Apple TV 3rd gen.&lt;br /&gt;
&lt;br /&gt;
== Operating systems ==&lt;br /&gt;
In current use:&lt;br /&gt;
*OS X Yosemite.&lt;br /&gt;
*Gentoo (hardened, x86_64, nomultilib) with Openbox and LXPanel.&lt;br /&gt;
*iOS.&lt;br /&gt;
Used:&lt;br /&gt;
*Windows XP/7/8/10&lt;br /&gt;
*Different Linux distributions (Gentoo is my favorite)&lt;/div&gt;</summary>
		<author><name>Rzhikharevich</name></author>
		
	</entry>
	<entry>
		<id>https://www.theiphonewiki.com/w/index.php?title=Talk:Watch_OS&amp;diff=45638</id>
		<title>Talk:Watch OS</title>
		<link rel="alternate" type="text/html" href="https://www.theiphonewiki.com/w/index.php?title=Talk:Watch_OS&amp;diff=45638"/>
		<updated>2015-04-24T07:21:51Z</updated>

		<summary type="html">&lt;p&gt;Rzhikharevich: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Any news about Apple Watch hacking? I don't have one, but I'm interested, if its interfaces are stripped down like in Apple TV. --[[User:Rzhikharevich|Rzhikharevich]] ([[User talk:Rzhikharevich|talk]]) 07:19, 24 April 2015 (UTC), edited: --[[User:Rzhikharevich|Rzhikharevich]] ([[User talk:Rzhikharevich|talk]]) 07:21, 24 April 2015 (UTC)&lt;/div&gt;</summary>
		<author><name>Rzhikharevich</name></author>
		
	</entry>
	<entry>
		<id>https://www.theiphonewiki.com/w/index.php?title=Talk:Watch_OS&amp;diff=45637</id>
		<title>Talk:Watch OS</title>
		<link rel="alternate" type="text/html" href="https://www.theiphonewiki.com/w/index.php?title=Talk:Watch_OS&amp;diff=45637"/>
		<updated>2015-04-24T07:19:40Z</updated>

		<summary type="html">&lt;p&gt;Rzhikharevich: Created page with &amp;quot;Any news about Apple Watch hacking? --~~~~&amp;quot;&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Any news about Apple Watch hacking? --[[User:Rzhikharevich|Rzhikharevich]] ([[User talk:Rzhikharevich|talk]]) 07:19, 24 April 2015 (UTC)&lt;/div&gt;</summary>
		<author><name>Rzhikharevich</name></author>
		
	</entry>
	<entry>
		<id>https://www.theiphonewiki.com/w/index.php?title=File:PairWatch.jpg&amp;diff=45597</id>
		<title>File:PairWatch.jpg</title>
		<link rel="alternate" type="text/html" href="https://www.theiphonewiki.com/w/index.php?title=File:PairWatch.jpg&amp;diff=45597"/>
		<updated>2015-04-22T16:48:24Z</updated>

		<summary type="html">&lt;p&gt;Rzhikharevich: Rzhikharevich uploaded a new version of &amp;amp;quot;File:PairWatch.jpg&amp;amp;quot;&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&lt;/div&gt;</summary>
		<author><name>Rzhikharevich</name></author>
		
	</entry>
	<entry>
		<id>https://www.theiphonewiki.com/w/index.php?title=User:Rzhikharevich&amp;diff=45508</id>
		<title>User:Rzhikharevich</title>
		<link rel="alternate" type="text/html" href="https://www.theiphonewiki.com/w/index.php?title=User:Rzhikharevich&amp;diff=45508"/>
		<updated>2015-04-14T08:26:38Z</updated>

		<summary type="html">&lt;p&gt;Rzhikharevich: /* iDevices */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Just an iPhone user and programmer, a [http://uncyclopedia.wikia.com/wiki/Grammar_Nazi grammar nazi] (with russian language). 13 years old, started being interested in computer science at the age of 11.&lt;br /&gt;
PS. Not a native english-speaker.&lt;br /&gt;
&lt;br /&gt;
== Projects ==&lt;br /&gt;
Here's the list of my iOS-related projects:&lt;br /&gt;
*[https://github.com/rzhikharevich/lwvmedit lwvmedit] - first useful (?) tool for iOS, it can read and edit LwVM tables.&lt;br /&gt;
*iolwvm - an IOKit version of lwvmedit. I am working on reversing, how userspace communicates with the kernel to modify the partitions.&lt;br /&gt;
*libipwn - a library for interfacing with iDevices in DFU mode. Not public yet.&lt;br /&gt;
Other projects:&lt;br /&gt;
*[http://github.com/rzhikharevich/NyanOS NyanOS] &amp;amp; [http://github.com/rzhikharevich/XNC XNC programming language].&lt;br /&gt;
&lt;br /&gt;
== Knowledge ==&lt;br /&gt;
I know a lot about the iOS (at least relatively). I am also an experienced Unix/Linux user. &lt;br /&gt;
&lt;br /&gt;
Programming languages:&lt;br /&gt;
*C/C++&lt;br /&gt;
*Python&lt;br /&gt;
*x86 assembly.&lt;br /&gt;
Web design skills:&lt;br /&gt;
*HTML5&lt;br /&gt;
*CSS3&lt;br /&gt;
*Javascript.&lt;br /&gt;
&lt;br /&gt;
== Links ==&lt;br /&gt;
*[http://rzhikharevich.github.io My blog], under construction.&lt;br /&gt;
*[http://github.com/rzhikharevich Github account]&lt;br /&gt;
*[http://twitter.com/rzhikharevich Twitter]&lt;br /&gt;
&lt;br /&gt;
== iDevices ==&lt;br /&gt;
*White iPad 3, 64GB, iOS 8.3.&lt;br /&gt;
*iPhone 4, 16GB, iOS 7.1.2, jailbroken.&lt;br /&gt;
*The original iPhone (2G), Debian ARM via OpeniBoot&lt;br /&gt;
*Black iPhone 5, 32GB, iOS 8.3 (primary).&lt;br /&gt;
*Apple TV 3rd gen.&lt;br /&gt;
&lt;br /&gt;
== Operating systems ==&lt;br /&gt;
In current use:&lt;br /&gt;
*OS X Yosemite.&lt;br /&gt;
*iOS.&lt;br /&gt;
Used:&lt;br /&gt;
*Windows XP/7/8/10&lt;br /&gt;
*Different Linux distributions (Gentoo is my favorite)&lt;/div&gt;</summary>
		<author><name>Rzhikharevich</name></author>
		
	</entry>
	<entry>
		<id>https://www.theiphonewiki.com/w/index.php?title=PurpleRestore&amp;diff=45478</id>
		<title>PurpleRestore</title>
		<link rel="alternate" type="text/html" href="https://www.theiphonewiki.com/w/index.php?title=PurpleRestore&amp;diff=45478"/>
		<updated>2015-04-13T06:34:42Z</updated>

		<summary type="html">&lt;p&gt;Rzhikharevich: That section is pointless.&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;{{internal software}}&lt;br /&gt;
{{Infobox software&lt;br /&gt;
 | name                   = PurpleRestore&lt;br /&gt;
 | title                  = PurpleRestore&lt;br /&gt;
 | logo                   = [[File:PurpleRestore logo.png]]&lt;br /&gt;
 | screenshot             = [[File:PurpleRestore12A365.png|300px]]&lt;br /&gt;
 | caption                = PurpleRestore 4.0.0 (12A365)&lt;br /&gt;
 | collapsible            = &lt;br /&gt;
 | author                 = Apple Inc.&lt;br /&gt;
 | developer              = Apple Inc.&lt;br /&gt;
 | released               = &lt;br /&gt;
 | discontinued           = &lt;br /&gt;
 | latest release version = 4.0.0 (12A365)&amp;lt;br /&amp;gt;&amp;lt;small&amp;gt;(latest ''known'' version)&amp;lt;/small&amp;gt;&lt;br /&gt;
 | latest release date    = &lt;br /&gt;
 | latest preview version = &lt;br /&gt;
 | latest preview date    = &lt;br /&gt;
 | programming language   = &lt;br /&gt;
 | operating system       = [[wikipedia:OS X|OS X]]&lt;br /&gt;
 | platform               = &lt;br /&gt;
 | size                   = &lt;br /&gt;
 | language               = [[wikipedia:English language|English]]&lt;br /&gt;
 | status                 = &lt;br /&gt;
 | genre                  = ?&lt;br /&gt;
 | license                = [[wikipedia:Proprietary software|Closed source]]&lt;br /&gt;
 | website                = &lt;br /&gt;
}}&lt;br /&gt;
{{float toc|left}}&lt;br /&gt;
'''PurpleRestore''' is a tool made by Apple and is used for flashing [[iDevice]]s. It provides far more customization than [[iTunes]], and it is usually used to flash internal firmware to [[Prototypes|prototypes]]. PurpleRestore 4.0.0 (build 12A365) is the latest known version which is capable of detecting devices running/flashing the latest restore bundles (Betas/Stock/NonUI/etc.). Little is currently known about which versions it &amp;quot;supports&amp;quot; for restoring as such. PurpleRestore is installed by [[RestoreTools.pkg]]. A CLI version of PurpleRestore exists too.&lt;br /&gt;
&lt;br /&gt;
This tool can (and is meant to) handle multiple restores. When performing restores PurpleRestore color coordinates the device in the table and when the device is about to receive the AppleLogo it will turn the background color of the screen to the color assigned to the device.&lt;br /&gt;
Like [[iTunes]], [[PurpleRestore]] communicates with iDevices using a [[usbmux]] connection.&lt;br /&gt;
&lt;br /&gt;
== Restore Bundles==&lt;br /&gt;
Unlike iTunes, PurpleRestore doesn't use [[IPSW File Format|IPSW]] files to restore devices. It uses &amp;quot;Restore Bundles&amp;quot; which can be obtained from a server specific to a version of iOS, such as &amp;lt;code&amp;gt;afp://fieldgoal.apple.com/RestoreImages/&amp;lt;/code&amp;gt; and &amp;lt;code&amp;gt;afp://endzone.apple.com/OldRestoreImages/&amp;lt;/code&amp;gt; (among many others) . Unfortunately, the &amp;lt;code&amp;gt;afp&amp;lt;/code&amp;gt; protocol can only be accessed through Apple's internal VPN which means that the tool is essentially useless, because it can only install currently signed iOS.&lt;br /&gt;
&lt;br /&gt;
However, you can create your own bundles by extracting an IPSW into a folder, this only applies to firmwares that are being signed; or if you have SHSH blobs saved for an A4 device (and below) then you can either stitch or use [[TinyUmbrella]] to assist in a downgrade without the need for iTunes, you will need to put your device into Pwned DFU still. This will not give you any internal debugging abilities nor jailbreak your device. &lt;br /&gt;
&lt;br /&gt;
== Restore Components ==&lt;br /&gt;
Restore Components has several options:&lt;br /&gt;
* '''Restore Bundle''': Specify the bundle to use in restoring&lt;br /&gt;
* '''Firmware Directory''': Specify the folder where the [[LLB]], [[iBoot (Bootloader)|iBoot]], etc. [[IMG3 File Format|IMG3]] files are located.&lt;br /&gt;
* '''Ramdisk Image''': Specify a [[ramdisk]] to be used (i.e. [[Restore Ramdisk|restore]] or [[Update Ramdisk|update]] ramdisk)&lt;br /&gt;
* '''DFU''': Specify what tools to upload based on a selection of &amp;quot;Debug&amp;quot;, &amp;quot;Development&amp;quot;, or &amp;quot;Release&amp;quot;. A specific file can also be selected.&lt;br /&gt;
&lt;br /&gt;
== Restore Operations ==&lt;br /&gt;
[[File:IPhoneDuringPurpleRestore.jpeg|250px|thumb|right|iPhone 5 undergoing a PurpleRestore]]&lt;br /&gt;
Restore Operations contains the most options to configure. These may also be the most useful ones.&lt;br /&gt;
&lt;br /&gt;
* '''Hardware Readiness'''&lt;br /&gt;
** '''Minimum Battery Charge (mV)''': This value controls the minimum charge level at which the restore will be allowed to continue. Below this threshold, we either wait to charge (if we're charging) or fail (if we're not charging).  If this option is not specified, a default value is used (currently 3.8&amp;amp;nbsp;V). Setting this option to 0 bypasses all battery level checks.&lt;br /&gt;
** '''Wait for Minimum Charge''': If the current voltage is below the minimum level, then the default behavior is to let the device charge and then continue. This option overrides that behavior when false.&lt;br /&gt;
** '''Wait for Storage Device''': Controls whether the restore waits for the storage device /dev/disk0 to be available before the restore is initiated.&lt;br /&gt;
** '''Allow Untethered Restore''': Permit the restore to run untethered (not connected to a host).  The result of specifying this option when the restore needs data from the host (for instance, when flashing NOR) is undefined (but probably bad). If this option is specified and the device remains tethered, things should proceed as usual.&lt;br /&gt;
* '''Storage Media'''&lt;br /&gt;
** '''Use LwVM''': Controls whether the device is formatted for LwVM (if supported).&lt;br /&gt;
** '''Repartition''': Controls whether a new partition map is created on the device.&lt;br /&gt;
** '''System Partition Size (MiB)''': Specifies the size (in mebibytes) that is desired for the system partition. Because the partition size can only be changed when creating a new partition map, this option is only relevant when used in conjunction with repartition. A size of 0 indicates that the restore library should choose a suitable size for you, based on the specific restore bundle and image being used if possible.&lt;br /&gt;
** '''Content Protection Type''': Controls the type of data protection used on the device.&lt;br /&gt;
** '''Low-Level Erase''': Do a low level erase (wipe with null or random data) of the entire storage device prior to restoring.&lt;br /&gt;
* '''Restore System Partition'''&lt;br /&gt;
** '''System Image''': Determines which type of system image to restore, or which file to use for the system image.&lt;br /&gt;
** '''Kernel Cache Type''': This option controls the kernel cache that gets installed on the device.&lt;br /&gt;
* '''Baseband'''&lt;br /&gt;
** '''Update Baseband''': Controls whether the [[baseband]] and baseband bootloader are updated as part of the restore.&lt;br /&gt;
** '''Force Update''': The baseband update is skipped when the existing firmware matches the available firmware. In some cases, it is desirable to force the firmware update to occur, regardless of what is currently on there. This option, when set to true, forces the update to be attempted.&lt;br /&gt;
&lt;br /&gt;
== Restore OS ==&lt;br /&gt;
Restore OS options allow you to specify the following:&lt;br /&gt;
* '''Restore Boot-Args''':  Boot-Args used when the Restore OS is loaded. By default those arguments are used: &amp;quot;debug=0x14e serial=3 rd=md0 nand-enable-reformat=1 -progress&amp;quot;&lt;br /&gt;
* '''Firmware Type:''' Specify the firmware which should be flashed when restoring. This can either be &amp;quot;Debug&amp;quot;, &amp;quot;Factory FA&amp;quot;, &amp;quot;Factory SA&amp;quot;, &amp;quot;Firmware Development&amp;quot; or &amp;quot;Production&amp;quot;.&lt;br /&gt;
* '''Boot Image Type:''' Can be &amp;quot;Internal&amp;quot;, &amp;quot;User or Internal&amp;quot;, &amp;quot;User&amp;quot; or &amp;quot;Update&amp;quot;.&lt;br /&gt;
* '''Boot Kernel Cache:''' Specify whether the &amp;quot;Production&amp;quot; or &amp;quot;Development&amp;quot; kernel cache should be used.&lt;br /&gt;
&lt;br /&gt;
== Personalization Settings ==&lt;br /&gt;
As with iTunes, PurpleRestore can personalize builds for iOS devices (since recent Bootroms expect a valid APTicket). The tooltip for the &amp;quot;Personalized Restore&amp;quot; checkbox reads &amp;quot;Your ticket to the Orwellian cloud.&amp;quot; This may suggest that Apple developed TSS in part to control access to internal build variants (i.e. prevent leaks of &amp;quot;interesting&amp;quot; builds of iOS), in addition to preventing production users from downgrading. &lt;br /&gt;
* '''Variants''': &amp;quot;A predefined combination of restore pieces.&amp;quot; The options are: &amp;quot;Customer Install&amp;quot;, &amp;quot;Internal Debug&amp;quot;, &amp;quot;Internal Development&amp;quot;, &amp;quot;Internal Install&amp;quot;, &amp;quot;Internal Qualification&amp;quot;, and &amp;quot;Vendor install.&amp;quot; &lt;br /&gt;
* '''AppleConnect''': Used to authenticate all restores for personalization. Interestingly, AppleConnect will allow members of the iOS Developer Program (including non-employees) to install public builds of iOS (latest current and beta). It's likely AppleConnect is also used to authenticate signing of internal builds using the public TSS server, should the device be on the whitelist. &lt;br /&gt;
&lt;br /&gt;
== Restore Settings ==&lt;br /&gt;
[[File:PurpleRestoreOptions.png |250px|thumb|right|PurpleRestore configuration screen]]&lt;br /&gt;
By default, PurpleRestore comes with two pre-made restore settings. &amp;quot;Erase Install&amp;quot; and &amp;quot;Update Install&amp;quot;. Those restore settings are [[PList File Format|plist]] files that define the options PurpleRestore will use when restoring a device.&lt;br /&gt;
* '''Erase Install''': Repartition the media and erase all data before restoring. Includes all internal development tools and updates flash and the baseband by default.&lt;br /&gt;
* '''Update Install''': Includes all internal development tools and updates flash and the baseband by default.&lt;br /&gt;
{{clear}}&lt;br /&gt;
&lt;br /&gt;
== Problems ==&lt;br /&gt;
There are some problems with the leaked versions, because they almost always aren't the latest version.&lt;br /&gt;
&lt;br /&gt;
[[File:IBECStuck.png|250px|thumb|right|Stuck on Executing iBEC]]&lt;br /&gt;
One problem (common) is getting stuck at &amp;quot;Executing iBEC to bootstrap update&amp;quot;. This is likely a signing error, the device may have rejected the iBEC image.&lt;br /&gt;
&lt;br /&gt;
Another problem, when trying from DFU mode, the tool will send the DFU image, then the device will disconnect, reconnect, and repeat the process indefinitely.&lt;br /&gt;
&lt;br /&gt;
== See Also ==&lt;br /&gt;
* [[iTunes]]&lt;br /&gt;
* [https://www.youtube.com/watch?v=jaZ2JPUv-AU Video of process]&lt;br /&gt;
* [https://www.youtube.com/watch?v=IGC2lrYhQjw How-to create restore bundles from a public ipsw]&lt;br /&gt;
* [https://www.youtube.com/watch?v=DwipCKbWIlw PurpleRestore restore process]&lt;br /&gt;
&lt;br /&gt;
[[Category:Software]]&lt;/div&gt;</summary>
		<author><name>Rzhikharevich</name></author>
		
	</entry>
	<entry>
		<id>https://www.theiphonewiki.com/w/index.php?title=PurpleRestore&amp;diff=45477</id>
		<title>PurpleRestore</title>
		<link rel="alternate" type="text/html" href="https://www.theiphonewiki.com/w/index.php?title=PurpleRestore&amp;diff=45477"/>
		<updated>2015-04-13T01:27:55Z</updated>

		<summary type="html">&lt;p&gt;Rzhikharevich: /* Problems */ Fixed double &amp;quot;is&amp;quot;.&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;{{internal software}}&lt;br /&gt;
{{Infobox software&lt;br /&gt;
 | name                   = PurpleRestore&lt;br /&gt;
 | title                  = PurpleRestore&lt;br /&gt;
 | logo                   = [[File:PurpleRestore logo.png]]&lt;br /&gt;
 | screenshot             = [[File:PurpleRestore12A365.png|300px]]&lt;br /&gt;
 | caption                = PurpleRestore 4.0.0 (12A365)&lt;br /&gt;
 | collapsible            = &lt;br /&gt;
 | author                 = Apple Inc.&lt;br /&gt;
 | developer              = Apple Inc.&lt;br /&gt;
 | released               = &lt;br /&gt;
 | discontinued           = &lt;br /&gt;
 | latest release version = 4.0.0 (12A365)&amp;lt;br /&amp;gt;&amp;lt;small&amp;gt;(latest ''known'' version)&amp;lt;/small&amp;gt;&lt;br /&gt;
 | latest release date    = &lt;br /&gt;
 | latest preview version = &lt;br /&gt;
 | latest preview date    = &lt;br /&gt;
 | programming language   = &lt;br /&gt;
 | operating system       = [[wikipedia:OS X|OS X]]&lt;br /&gt;
 | platform               = &lt;br /&gt;
 | size                   = &lt;br /&gt;
 | language               = [[wikipedia:English language|English]]&lt;br /&gt;
 | status                 = &lt;br /&gt;
 | genre                  = ?&lt;br /&gt;
 | license                = [[wikipedia:Proprietary software|Closed source]]&lt;br /&gt;
 | website                = &lt;br /&gt;
}}&lt;br /&gt;
{{float toc|left}}&lt;br /&gt;
'''PurpleRestore''' is a tool made by Apple and is used for flashing [[iDevice]]s. It provides far more customization than [[iTunes]], and it is usually used to flash internal firmware to [[Prototypes|prototypes]]. PurpleRestore 4.0.0 (build 12A365) is the latest known version which is capable of detecting devices running/flashing the latest restore bundles (Betas/Stock/NonUI/etc.). Little is currently known about which versions it &amp;quot;supports&amp;quot; for restoring as such. PurpleRestore is installed by [[RestoreTools.pkg]]. A CLI version of PurpleRestore exists too.&lt;br /&gt;
&lt;br /&gt;
This tool can (and is meant to) handle multiple restores. When performing restores PurpleRestore color coordinates the device in the table and when the device is about to receive the AppleLogo it will turn the background color of the screen to the color assigned to the device.&lt;br /&gt;
Like [[iTunes]], [[PurpleRestore]] communicates with iDevices using a [[usbmux]] connection.&lt;br /&gt;
&lt;br /&gt;
== Restore Bundles==&lt;br /&gt;
Unlike iTunes, PurpleRestore doesn't use [[IPSW File Format|IPSW]] files to restore devices. It uses &amp;quot;Restore Bundles&amp;quot; which can be obtained from a server specific to a version of iOS, such as &amp;lt;code&amp;gt;afp://fieldgoal.apple.com/RestoreImages/&amp;lt;/code&amp;gt; and &amp;lt;code&amp;gt;afp://endzone.apple.com/OldRestoreImages/&amp;lt;/code&amp;gt; (among many others) . Unfortunately, the &amp;lt;code&amp;gt;afp&amp;lt;/code&amp;gt; protocol can only be accessed through Apple's internal VPN which means that the tool is essentially useless, because it can only install currently signed iOS.&lt;br /&gt;
&lt;br /&gt;
However, you can create your own bundles by extracting an IPSW into a folder, this only applies to firmwares that are being signed; or if you have SHSH blobs saved for an A4 device (and below) then you can either stitch or use [[TinyUmbrella]] to assist in a downgrade without the need for iTunes, you will need to put your device into Pwned DFU still. This will not give you any internal debugging abilities nor jailbreak your device. &lt;br /&gt;
&lt;br /&gt;
== Restore Components ==&lt;br /&gt;
Restore Components has several options:&lt;br /&gt;
* '''Restore Bundle''': Specify the bundle to use in restoring&lt;br /&gt;
* '''Firmware Directory''': Specify the folder where the [[LLB]], [[iBoot (Bootloader)|iBoot]], etc. [[IMG3 File Format|IMG3]] files are located.&lt;br /&gt;
* '''Ramdisk Image''': Specify a [[ramdisk]] to be used (i.e. [[Restore Ramdisk|restore]] or [[Update Ramdisk|update]] ramdisk)&lt;br /&gt;
* '''DFU''': Specify what tools to upload based on a selection of &amp;quot;Debug&amp;quot;, &amp;quot;Development&amp;quot;, or &amp;quot;Release&amp;quot;. A specific file can also be selected.&lt;br /&gt;
&lt;br /&gt;
== Restore Operations ==&lt;br /&gt;
[[File:IPhoneDuringPurpleRestore.jpeg|250px|thumb|right|iPhone 5 undergoing a PurpleRestore]]&lt;br /&gt;
Restore Operations contains the most options to configure. These may also be the most useful ones.&lt;br /&gt;
&lt;br /&gt;
* '''Hardware Readiness'''&lt;br /&gt;
** '''Minimum Battery Charge (mV)''': This value controls the minimum charge level at which the restore will be allowed to continue. Below this threshold, we either wait to charge (if we're charging) or fail (if we're not charging).  If this option is not specified, a default value is used (currently 3.8&amp;amp;nbsp;V). Setting this option to 0 bypasses all battery level checks.&lt;br /&gt;
** '''Wait for Minimum Charge''': If the current voltage is below the minimum level, then the default behavior is to let the device charge and then continue. This option overrides that behavior when false.&lt;br /&gt;
** '''Wait for Storage Device''': Controls whether the restore waits for the storage device /dev/disk0 to be available before the restore is initiated.&lt;br /&gt;
** '''Allow Untethered Restore''': Permit the restore to run untethered (not connected to a host).  The result of specifying this option when the restore needs data from the host (for instance, when flashing NOR) is undefined (but probably bad). If this option is specified and the device remains tethered, things should proceed as usual.&lt;br /&gt;
* '''Storage Media'''&lt;br /&gt;
** '''Use LwVM''': Controls whether the device is formatted for LwVM (if supported).&lt;br /&gt;
** '''Repartition''': Controls whether a new partition map is created on the device.&lt;br /&gt;
** '''System Partition Size (MiB)''': Specifies the size (in mebibytes) that is desired for the system partition. Because the partition size can only be changed when creating a new partition map, this option is only relevant when used in conjunction with repartition. A size of 0 indicates that the restore library should choose a suitable size for you, based on the specific restore bundle and image being used if possible.&lt;br /&gt;
** '''Content Protection Type''': Controls the type of data protection used on the device.&lt;br /&gt;
** '''Low-Level Erase''': Do a low level erase (wipe with null or random data) of the entire storage device prior to restoring.&lt;br /&gt;
* '''Restore System Partition'''&lt;br /&gt;
** '''System Image''': Determines which type of system image to restore, or which file to use for the system image.&lt;br /&gt;
** '''Kernel Cache Type''': This option controls the kernel cache that gets installed on the device.&lt;br /&gt;
* '''Baseband'''&lt;br /&gt;
** '''Update Baseband''': Controls whether the [[baseband]] and baseband bootloader are updated as part of the restore.&lt;br /&gt;
** '''Force Update''': The baseband update is skipped when the existing firmware matches the available firmware. In some cases, it is desirable to force the firmware update to occur, regardless of what is currently on there. This option, when set to true, forces the update to be attempted.&lt;br /&gt;
&lt;br /&gt;
== Restore OS ==&lt;br /&gt;
Restore OS options allow you to specify the following:&lt;br /&gt;
* '''Restore Boot-Args''':  Boot-Args used when the Restore OS is loaded. By default those arguments are used: &amp;quot;debug=0x14e serial=3 rd=md0 nand-enable-reformat=1 -progress&amp;quot;&lt;br /&gt;
* '''Firmware Type:''' Specify the firmware which should be flashed when restoring. This can either be &amp;quot;Debug&amp;quot;, &amp;quot;Factory FA&amp;quot;, &amp;quot;Factory SA&amp;quot;, &amp;quot;Firmware Development&amp;quot; or &amp;quot;Production&amp;quot;.&lt;br /&gt;
* '''Boot Image Type:''' Can be &amp;quot;Internal&amp;quot;, &amp;quot;User or Internal&amp;quot;, &amp;quot;User&amp;quot; or &amp;quot;Update&amp;quot;.&lt;br /&gt;
* '''Boot Kernel Cache:''' Specify whether the &amp;quot;Production&amp;quot; or &amp;quot;Development&amp;quot; kernel cache should be used.&lt;br /&gt;
&lt;br /&gt;
== Personalization Settings ==&lt;br /&gt;
As with iTunes, PurpleRestore can personalize builds for iOS devices (since recent Bootroms expect a valid APTicket). The tooltip for the &amp;quot;Personalized Restore&amp;quot; checkbox reads &amp;quot;Your ticket to the Orwellian cloud.&amp;quot; This may suggest that Apple developed TSS in part to control access to internal build variants (i.e. prevent leaks of &amp;quot;interesting&amp;quot; builds of iOS), in addition to preventing production users from downgrading. &lt;br /&gt;
* '''Variants''': &amp;quot;A predefined combination of restore pieces.&amp;quot; The options are: &amp;quot;Customer Install&amp;quot;, &amp;quot;Internal Debug&amp;quot;, &amp;quot;Internal Development&amp;quot;, &amp;quot;Internal Install&amp;quot;, &amp;quot;Internal Qualification&amp;quot;, and &amp;quot;Vendor install.&amp;quot; &lt;br /&gt;
* '''AppleConnect''': Used to authenticate all restores for personalization. Interestingly, AppleConnect will allow members of the iOS Developer Program (including non-employees) to install public builds of iOS (latest current and beta). It's likely AppleConnect is also used to authenticate signing of internal builds using the public TSS server, should the device be on the whitelist. &lt;br /&gt;
&lt;br /&gt;
== Restore Settings ==&lt;br /&gt;
[[File:PurpleRestoreOptions.png |250px|thumb|right|PurpleRestore configuration screen]]&lt;br /&gt;
By default, PurpleRestore comes with two pre-made restore settings. &amp;quot;Erase Install&amp;quot; and &amp;quot;Update Install&amp;quot;. Those restore settings are [[PList File Format|plist]] files that define the options PurpleRestore will use when restoring a device.&lt;br /&gt;
* '''Erase Install''': Repartition the media and erase all data before restoring. Includes all internal development tools and updates flash and the baseband by default.&lt;br /&gt;
* '''Update Install''': Includes all internal development tools and updates flash and the baseband by default.&lt;br /&gt;
{{clear}}&lt;br /&gt;
&lt;br /&gt;
== Reverse Engineering ==&lt;br /&gt;
This specific code is from [[iTunes]] for OS X. It detects if PurpleRestore is running so that it does not interfere with any operations that PurpleRestore is performing.&lt;br /&gt;
&lt;br /&gt;
 Off   Virt Adr  Instruction     Disassembly            Comment&lt;br /&gt;
 &lt;br /&gt;
 +354  003d7808  c70424bc01d700  mov [esp], 0x00d701bc  ; CFSTR(&amp;quot;com.apple.PurpleRestore&amp;quot;)&lt;br /&gt;
 +361  003d780f  e80c65c3ff      call 0x10000dd20       ; is specified bundle running&lt;br /&gt;
 +366  003d7814  84c0            test al, al&lt;br /&gt;
 +368  003d7816  7409            jz short 0x003d7821    ; if so, PurpleRestore is running&lt;br /&gt;
 +370  003d7818  c704246c8ba400  mov [esp], 0x00a48b6c  ; so ignore device,&lt;br /&gt;
 +377  003d781f  ebd3            jmp short 0x003d77f4   ; and jump back above loop for next device&lt;br /&gt;
 +379  003d7821  8d5de0          lea ebx, [ebp + 0xe0]&lt;br /&gt;
 +382  003d7824  895c2404        mov [esp + 4], ebx&lt;br /&gt;
&lt;br /&gt;
== Problems ==&lt;br /&gt;
There are some problems with the leaked versions, because they almost always aren't the latest version.&lt;br /&gt;
&lt;br /&gt;
[[File:IBECStuck.png|250px|thumb|right|Stuck on Executing iBEC]]&lt;br /&gt;
One problem (common) is getting stuck at &amp;quot;Executing iBEC to bootstrap update&amp;quot;. This is likely a signing error, the device may have rejected the iBEC image.&lt;br /&gt;
&lt;br /&gt;
Another problem, when trying from DFU mode, the tool will send the DFU image, then the device will disconnect, reconnect, and repeat the process indefinitely.&lt;br /&gt;
&lt;br /&gt;
== See Also ==&lt;br /&gt;
* [[iTunes]]&lt;br /&gt;
* [https://www.youtube.com/watch?v=jaZ2JPUv-AU Video of process]&lt;br /&gt;
* [https://www.youtube.com/watch?v=IGC2lrYhQjw How-to create restore bundles from a public ipsw]&lt;br /&gt;
* [https://www.youtube.com/watch?v=DwipCKbWIlw PurpleRestore restore process]&lt;br /&gt;
&lt;br /&gt;
[[Category:Software]]&lt;/div&gt;</summary>
		<author><name>Rzhikharevich</name></author>
		
	</entry>
	<entry>
		<id>https://www.theiphonewiki.com/w/index.php?title=Kernel&amp;diff=45454</id>
		<title>Kernel</title>
		<link rel="alternate" type="text/html" href="https://www.theiphonewiki.com/w/index.php?title=Kernel&amp;diff=45454"/>
		<updated>2015-04-11T00:40:03Z</updated>

		<summary type="html">&lt;p&gt;Rzhikharevich: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;The '''kernel''' of [[iOS]] is the [[wikipedia:XNU|XNU]] kernel. To learn about what &amp;quot;kernel&amp;quot; means in general, see [https://en.wikipedia.org/wiki/Kernel_(operating_system) the Wikipedia article].&lt;br /&gt;
&lt;br /&gt;
Pre-2.0, it was vulnerable to the [[Ramdisk Hack]] and may still be, but iBoot doesn't allow boot-args to be passed anymore. It is mapped to memory at 0x80000000, forcing a 2/2GB address separation, similar to Windows 32-bit model. On older iOS versions the separation was 3/1 (mapping the kernel at 0xC0000000), closer to the Linux model.&lt;br /&gt;
&lt;br /&gt;
Note, that this is NOT like 32-bit OS X, wherein the kernel resides in its own address space, but more like OS X 64-bit, wherein [[wikipedia:Control_Register#CR3|CR3]] is shared (albeit an address space larger by several orders of magnitude). See the appropriate [[#64-bit|section]].&lt;br /&gt;
&lt;br /&gt;
== [[ASLR]] ==&lt;br /&gt;
{{main|Kernel ASLR}}&lt;br /&gt;
As of [[iOS]] 6, the kernel is subject to ASLR, much akin to Mountain Lion (OS X 10.8). This make exploitation harder as the location of kernel code cannot be known.&lt;br /&gt;
&lt;br /&gt;
On production and development devices, the kernel is always stored as a statically linked [[kernelcache|cache]] stored at [[/System/Library/Caches/com.apple.kernelcaches/kernelcache]] that is decompressed and run on startup. &lt;br /&gt;
&lt;br /&gt;
== Stack ==&lt;br /&gt;
The kernel maintains thread specific stacks by calling kernel_memory_allocate, this allocates stacks in the specified kalloc zone. The bootstrap thread has its own specific static kernel stack, which is specified by _intstack. IRQ and FIQ handlers will also have their own execution stack which is specified by _irqstack.&lt;br /&gt;
&lt;br /&gt;
== Boot-Args ==&lt;br /&gt;
Like its OS X counterpart, iOS's XNU accepts command line arguments (though the actual passing of arguments is done by iBoot, which as of late refuses to do so). Arguments may be directed at the kernel proper, or any one of the many KExts (discussed below). The arguments of the kernel are largely the same as those of OS X.&lt;br /&gt;
&lt;br /&gt;
Kexts use boot-args as well, as can be seen when disassembly by calls to PE_parse_boot_argn (usually exported, _PE_parse_boot_argn 8027A8EC on the iOS 6.1.3 kernel, discovered by [[User:Haifisch|Haifisch]]). Finding references (using IDA) reveals hundreds places in the code wherein arguments are parsed in modules, pertaining to Flash, HDMI, and [[AppleMobileFileIntegrity|AMFI]].&lt;br /&gt;
&lt;br /&gt;
Here's a list of boot-args extracted with the [https://github.com/pod2g/ios_stuff/tree/master/idc-ios-boot-args IDA script] by [[User:MuscleNerd|MuscleNerd]]:&lt;br /&gt;
&lt;br /&gt;
-disable_aslr (From the xnu source code)&lt;br /&gt;
 _nand-part-poison&lt;br /&gt;
 _panicd_corename&lt;br /&gt;
 _panicd_ip&lt;br /&gt;
 _router_ip&lt;br /&gt;
 acc_debug&lt;br /&gt;
 aesdev&lt;br /&gt;
 als_enable_debug&lt;br /&gt;
 amfi&lt;br /&gt;
 amfi_allow_any_signature&lt;br /&gt;
 amfi_get_out_of_my_way&lt;br /&gt;
 amfi_unrestrict_task_for_pid&lt;br /&gt;
 AppleEmbeddedUSBArbitrator-debug&lt;br /&gt;
 AppleS5L8930XUSBArbitrator-debug&lt;br /&gt;
 AppleUSBPhy-debug&lt;br /&gt;
 arm7m-enable-jtag&lt;br /&gt;
 -b&lt;br /&gt;
 backlight-level&lt;br /&gt;
 backlight-logging&lt;br /&gt;
 baseband-spi-sclk-period&lt;br /&gt;
 bcom.chip.driveStrength_mA&lt;br /&gt;
 bcom.chip.watermark&lt;br /&gt;
 bcom.clock.sd-rate&lt;br /&gt;
 bcom.devif.fn2-block-size&lt;br /&gt;
 bcom.devif.rx-retries&lt;br /&gt;
 bcom.devif.transaction-log&lt;br /&gt;
 bcom.devif.tx-retries&lt;br /&gt;
 bcom.feature.flags&lt;br /&gt;
 bcom.ps.inactivity.timeout&lt;br /&gt;
 bcom.wte.thread-priority&lt;br /&gt;
 boot-uuid&lt;br /&gt;
 brightness&lt;br /&gt;
 burnin-size&lt;br /&gt;
 cameraclocks&lt;br /&gt;
 charger-debug&lt;br /&gt;
 cpus&lt;br /&gt;
 cs_debug&lt;br /&gt;
 cs_enforcement_disable&lt;br /&gt;
 darkwake&lt;br /&gt;
 dart&lt;br /&gt;
 dcc&lt;br /&gt;
 debug&lt;br /&gt;
 disable-usb-iap&lt;br /&gt;
 dp_async_event_fail_hard&lt;br /&gt;
 dp_audio_driver_level&lt;br /&gt;
 dp_audio_driver_mask&lt;br /&gt;
 dp_audio_interface_level&lt;br /&gt;
 dp_audio_interface_mask&lt;br /&gt;
 dp_controller_level&lt;br /&gt;
 dp_controller_mask&lt;br /&gt;
 dp_device_level&lt;br /&gt;
 dp_device_mask&lt;br /&gt;
 dp_display_interface_level&lt;br /&gt;
 dp_display_interface_mask&lt;br /&gt;
 dp_interface_level&lt;br /&gt;
 dp_interface_mask&lt;br /&gt;
 dp_log_level&lt;br /&gt;
 dp_max_channel_count_lpcm&lt;br /&gt;
 dp_max_sample_rate_lpcm&lt;br /&gt;
 dp_max_sample_size_lpcm&lt;br /&gt;
 dp_min_channel_count_lpcm&lt;br /&gt;
 dp_min_sample_rate_lpcm&lt;br /&gt;
 dp_min_sample_size_lpcm&lt;br /&gt;
 dp_service_level&lt;br /&gt;
 dp_service_mask&lt;br /&gt;
 dpsm&lt;br /&gt;
 dvb&lt;br /&gt;
 dvc&lt;br /&gt;
 dvd&lt;br /&gt;
 effaceable-enable-full-scan&lt;br /&gt;
 effaceable-enable-wipe&lt;br /&gt;
 enable-acsleep&lt;br /&gt;
 fairshare_minblockedtime&lt;br /&gt;
 fill&lt;br /&gt;
 fixedpriority_quantum&lt;br /&gt;
 fix-parity&lt;br /&gt;
 force-usb-host&lt;br /&gt;
 force-usb-power&lt;br /&gt;
 hdmi_max_channel_count_lpcm&lt;br /&gt;
 hdmi_max_sample_rate_lpcm&lt;br /&gt;
 hdmi_max_sample_size_lpcm&lt;br /&gt;
 hdmi_min_channel_count_lpcm&lt;br /&gt;
 hdmi_min_sample_rate_lpcm&lt;br /&gt;
 hdmi_min_sample_size_lpcm&lt;br /&gt;
 hdmi_protection_type&lt;br /&gt;
 hp-detect-invert&lt;br /&gt;
 hp-pop-workaround&lt;br /&gt;
 hp-switch-force-config&lt;br /&gt;
 hp-switch-ramp&lt;br /&gt;
 hsic&lt;br /&gt;
 i2c-logsize&lt;br /&gt;
 i2c-verbose&lt;br /&gt;
 ifa_debug&lt;br /&gt;
 ifnet_debug&lt;br /&gt;
 initmcl&lt;br /&gt;
 io&lt;br /&gt;
 iopfmi-timeout&lt;br /&gt;
 iotrace&lt;br /&gt;
 jpeg-log&lt;br /&gt;
 jtag&lt;br /&gt;
 kdp_crashdump_pkt_size&lt;br /&gt;
 kdp_ip_addr&lt;br /&gt;
 kdp_match_mac&lt;br /&gt;
 kdp_match_name&lt;br /&gt;
 keepsyms&lt;br /&gt;
 kextlog&lt;br /&gt;
 link_recovery_enabled&lt;br /&gt;
 mbuf_debug&lt;br /&gt;
 mbuf_pool&lt;br /&gt;
 mcache_flags&lt;br /&gt;
 mleak_sample_factor&lt;br /&gt;
 mseg&lt;br /&gt;
 msgbuf&lt;br /&gt;
 mt-bytes&lt;br /&gt;
 mt-strings&lt;br /&gt;
 mtxspin&lt;br /&gt;
 nand-boot-malloc&lt;br /&gt;
 nand-check-vs&lt;br /&gt;
 nand-commands&lt;br /&gt;
 nand-disable-driver&lt;br /&gt;
 nand-dump-vs-table&lt;br /&gt;
 nand-enable-adm&lt;br /&gt;
 nand-enable-reformat&lt;br /&gt;
 nand-enable-yaftl&lt;br /&gt;
 nand-erase&lt;br /&gt;
 nand-erase-install&lt;br /&gt;
 nand-fbbt-publish&lt;br /&gt;
 nand-force-restore&lt;br /&gt;
 nand-idle-timeout-ms&lt;br /&gt;
 nand-ignore-ptab&lt;br /&gt;
 nand-index-cache-size&lt;br /&gt;
 nand-latency-us&lt;br /&gt;
 nand-max-pages&lt;br /&gt;
 nand-neuralize&lt;br /&gt;
 nand-nvram-debug&lt;br /&gt;
 nand-ppn-debug&lt;br /&gt;
 nand-ppn-vs-debug&lt;br /&gt;
 nand-qual&lt;br /&gt;
 nand-queue-entries&lt;br /&gt;
 nand-read-blocks-max&lt;br /&gt;
 nand-read-dccycle-clks&lt;br /&gt;
 nand-read-hold-clks&lt;br /&gt;
 nand-readonly&lt;br /&gt;
 nand-read-setup-clks&lt;br /&gt;
 nand-reorder-defer-max&lt;br /&gt;
 nand-reorder-defer-size-trigger&lt;br /&gt;
 nand-reorder-read-promote-max&lt;br /&gt;
 nand-reset-burnin&lt;br /&gt;
 nand-save-rma-data&lt;br /&gt;
 nand-set-rma&lt;br /&gt;
 nand-sftl-cache-drain&lt;br /&gt;
 nand-sleep-debug-panic&lt;br /&gt;
 nand-slow-timings&lt;br /&gt;
 nand-wearlevel-timeout-ms&lt;br /&gt;
 nand-whiten-metadata&lt;br /&gt;
 nand-wipe&lt;br /&gt;
 nand-write-blocks-max&lt;br /&gt;
 nand-write-hold-clks&lt;br /&gt;
 nand-write-setup-clks&lt;br /&gt;
 nbuf&lt;br /&gt;
 ncl&lt;br /&gt;
 net.inet6.ip6.scopedroute&lt;br /&gt;
 net_affinity&lt;br /&gt;
 net_rtref&lt;br /&gt;
 network-type&lt;br /&gt;
 -no64exec&lt;br /&gt;
 -novfscache&lt;br /&gt;
 panicd_port&lt;br /&gt;
 pcp&lt;br /&gt;
 pctb&lt;br /&gt;
 pdmvr&lt;br /&gt;
 pio-error&lt;br /&gt;
 pmu-chargetrap&lt;br /&gt;
 pmu-debug&lt;br /&gt;
 ppn-clean&lt;br /&gt;
 -progress&lt;br /&gt;
 prox_enable_debug&lt;br /&gt;
 pthtest&lt;br /&gt;
 rd&lt;br /&gt;
 remote_nmi&lt;br /&gt;
 rootdev&lt;br /&gt;
 -s&lt;br /&gt;
 sdio.clock.base-rate&lt;br /&gt;
 sdio.clock.sd-rate&lt;br /&gt;
 sdio.debug.abort-init&lt;br /&gt;
 sdio.debug.init-delay&lt;br /&gt;
 sdio.log.flags&lt;br /&gt;
 sdio.log.level&lt;br /&gt;
 sdio.transfer.max-pio-blocks&lt;br /&gt;
 sdio.transfer.max-pio-size&lt;br /&gt;
 sdio.transfer.mode&lt;br /&gt;
 serial&lt;br /&gt;
 sgx_panic_on_recovery&lt;br /&gt;
 shadev&lt;br /&gt;
 slto_us&lt;br /&gt;
 socket_debug&lt;br /&gt;
 torchcltm0&lt;br /&gt;
 usb&lt;br /&gt;
 usb_dev_nmi&lt;br /&gt;
 usb_dev_reset&lt;br /&gt;
 -vnode_cache_defeat&lt;br /&gt;
 wdt&lt;br /&gt;
 wfi&lt;br /&gt;
 wlan.ap.channel&lt;br /&gt;
 wlan.debug.abort-init&lt;br /&gt;
 wlan.debug.generate-mac&lt;br /&gt;
 wlan.log.flags&lt;br /&gt;
 wlan.log.level&lt;br /&gt;
 wlan.log.timestamp&lt;br /&gt;
 wlan.netmanager.stats-timer-interval&lt;br /&gt;
 wlan.panic.factory&lt;br /&gt;
 wqsize&lt;br /&gt;
 WTE&lt;br /&gt;
 -x&lt;br /&gt;
&lt;br /&gt;
== Versions ==&lt;br /&gt;
In the beginning iOS had consistently maintained a fairly higher kernel version than the corresponding version of OS X, but over time iOS and OS X &amp;quot;moved nearer&amp;quot; together. Now at the time of writing, OS X Yosemite's XNU is 2782, whereas iOS 8 is 2783. This is not surprising, considering that iOS introduced novel features (such as [[Kernel ASLR]], the default freezer, and various security hardening features) which are first incorporated in it, and later made it to OS X. It seems that Apple is planning to gradually unite iOS and OS X kernels over time and with iOS 8 and OS X Yosemite the at least the version numbers are nearer to each other then ever before. The following demonstrates the OS versions at present (via terminal '''uname -a''' command):&lt;br /&gt;
&lt;br /&gt;
OS X Yosemite 10.10.3:&lt;br /&gt;
 &lt;br /&gt;
 Darwin Kernel Version 14.3.0: Mon Mar 23 11:59:05 PDT 2015; root:xnu-2782.20.48~5/RELEASE_X86_64&lt;br /&gt;
	&lt;br /&gt;
iOS 8.3:&lt;br /&gt;
&lt;br /&gt;
 Darwin Kernel Version 14.0.0: Sun Mar 29 19:44:04 PDT 2015; root:xnu-2784.20.34~2/RELEASE_ARM_[[S5L8950]]X&lt;br /&gt;
&lt;br /&gt;
Note: The RELEASE_ARM_xxxxxxxx file obviously differs on device / CPU and the time varies by a few minutes per device. &lt;br /&gt;
&lt;br /&gt;
=== Version List ===&lt;br /&gt;
The compilation date for each version will vary slightly between processors. This is due to the fact that compilations are sequential.&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot;&lt;br /&gt;
|-&lt;br /&gt;
! Version&lt;br /&gt;
! Build&lt;br /&gt;
! Comment&lt;br /&gt;
|-&lt;br /&gt;
| [[Alpine 1A420 (iPhone)|1A420]]&lt;br /&gt;
| Darwin Kernel Version 4.4.2-Purple-19: Thu Mar 8 01:43:04 PST 2007; root:xnu-933.0.14~46/RELEASE_ARM_[[S5L8900]]XRB&lt;br /&gt;
| from prototype - not sure if version is 100% correct.&lt;br /&gt;
|-&lt;br /&gt;
| 1.0&lt;br /&gt;
| Darwin Kernel Version 9.0.0d1: Tue May 22 21:15:54 PDT 2007; root:xnu-933.0.178/RELEASE_ARM_[[S5L8900]]XRB&lt;br /&gt;
| rowspan=&amp;quot;3&amp;quot; | Not sure if version is 100% correct.&lt;br /&gt;
|-&lt;br /&gt;
| 1.0.1&lt;br /&gt;
| class=&amp;quot;rborderplz&amp;quot; rowspan=&amp;quot;2&amp;quot; | Darwin Kernel Version 9.0.0d1: Fri Jun 22 00:38:56 PDT 2007; root:xnu-933.1.178~1/RELEASE_ARM_[[S5L8900]]XRB&lt;br /&gt;
|-&lt;br /&gt;
| class=&amp;quot;rborderplz&amp;quot; | 1.0.2&lt;br /&gt;
|-&lt;br /&gt;
| 1.1.1&lt;br /&gt;
| Darwin Kernel Version 9.0.0d1: Wed Sep 19 00:08:42 PDT 2007; root:xnu-933.0.203~21/RELEASE_ARM_[[S5L8900]]XRB&lt;br /&gt;
| First kernel that was [[8900_File_Format#8900|8900]] encrypted - not sure if version is 100% correct.&lt;br /&gt;
|-&lt;br /&gt;
| 1.1.2&lt;br /&gt;
| Darwin Kernel Version 9.0.0d1: Wed Oct 10 00:07:49 PDT 2007; root:xnu-933.0.204~7/RELEASE_ARM_[[S5L8900]]XRB&lt;br /&gt;
| Not sure if version is 100% correct.&lt;br /&gt;
|-&lt;br /&gt;
| 1.1.3&lt;br /&gt;
| rowspan=&amp;quot;3&amp;quot; | Darwin Kernel Version 9.0.0d1: Wed Dec 12 00:16:00 PST 2007; root:xnu-933.0.211~2/RELEASE_ARM_[[S5L8900]]XRB &lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 1.1.4&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 1.1.5&lt;br /&gt;
| iPod touch only&lt;br /&gt;
|-&lt;br /&gt;
| 2.0&lt;br /&gt;
| rowspan=&amp;quot;3&amp;quot; | Darwin Kernel Version 9.3.1: Sun Jun 15 21:37:01 PDT 2008; root:xnu-1228.6.76~45/RELEASE_ARM_[[S5L8900]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 2.0.1&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 2.0.2&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 2.1&lt;br /&gt;
| rowspan=&amp;quot;2&amp;quot; | Darwin Kernel Version 9.4.1: Sun Aug 10 21:25:25 PDT 2008; root:xnu-1228.7.27~12/RELEASE_ARM_[[S5L8720]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 2.1.1&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 2.2&lt;br /&gt;
| Darwin Kernel Version 9.4.1: Sat Nov  1 19:13:13 PDT 2008; root:xnu-1228.7.36~2/RELEASE_ARM_[[S5L8720]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 2.2.1&lt;br /&gt;
| Darwin Kernel Version 9.4.1: Mon Dec  8 21:02:57 PST 2008; root:xnu-1228.7.37~4/RELEASE_ARM_[[S5L8720]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 3.0&lt;br /&gt;
| rowspan=&amp;quot;2&amp;quot; | Darwin Kernel Version 10.0.0d3: Wed May 13 22:16:49 PDT 2009; root:xnu-1357.2.89~4/RELEASE_ARM_[[S5L8920]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 3.0.1&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 3.1&lt;br /&gt;
| Darwin Kernel Version 10.0.0d3: Fri Aug 14 13:23:32 PDT 2009; root:xnu-1357.5.30~2/RELEASE_ARM_[[S5L8920]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 3.1.2&lt;br /&gt;
| Darwin Kernel Version 10.0.0d3: Fri Sep 25 23:35:35 PDT 2009; root:xnu-1357.5.30~3/RELEASE_ARM_[[S5L8920]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 3.1.3&lt;br /&gt;
| Darwin Kernel Version 10.0.0d3: Fri Dec 18 01:34:28 PST 2009; root:xnu-1357.5.30~6/RELEASE_ARM_[[S5L8920]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 3.2&lt;br /&gt;
| Darwin Kernel Version 10.3.1: Mon Mar 15 23:15:33 PDT 2010; root:xnu-1504.2.27~18/RELEASE_ARM_[[S5L8930]]X&lt;br /&gt;
| rowspan=&amp;quot;3&amp;quot; | iPad Only &lt;br /&gt;
|-&lt;br /&gt;
| 3.2.1&lt;br /&gt;
| class=&amp;quot;rborderplz&amp;quot; | Darwin Kernel Version 10.3.1: Fri May 28 16:46:17 PDT 2010; root:xnu-1504.2.50~4/RELEASE_ARM_[[S5L8930]]X&lt;br /&gt;
|-&lt;br /&gt;
| 3.2.2&lt;br /&gt;
| class=&amp;quot;rborderplz&amp;quot; | Darwin Kernel Version 10.3.1: Wed Aug  4 19:08:04 PDT 2010; root:xnu-1504.2.60~1/RELEASE_ARM_[[S5L8930]]X&lt;br /&gt;
|-&lt;br /&gt;
| 4.0&lt;br /&gt;
| rowspan=&amp;quot;2&amp;quot; | Darwin Kernel Version 10.3.1: Wed May 26 22:28:33 PDT 2010; root:xnu-1504.50.73~2/RELEASE_ARM_[[S5L8930]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 4.0.1&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 4.0.2&lt;br /&gt;
| Darwin Kernel Version 10.3.1: Wed Aug  4 18:46:06 PDT 2010; root:xnu-1504.50.80~1/RELEASE_ARM_[[S5L8930]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 4.1&lt;br /&gt;
| Darwin Kernel Version 10.3.1: Wed Aug  4 22:35:51 PDT 2010; root:xnu-1504.55.33~10/RELEASE_ARM_[[S5L8930]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 4.2.1&lt;br /&gt;
| Darwin Kernel Version 10.4.0: Wed Oct 20 20:14:45 PDT 2010; root:xnu-1504.58.28~3/RELEASE_ARM_[[S5L8930]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 4.3&lt;br /&gt;
| rowspan=&amp;quot;2&amp;quot; | Darwin Kernel Version 11.0.0: Thu Feb 10 21:46:56 PST 2011; root:xnu-1735.46~2/RELEASE_ARM_[[S5L8930]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 4.3.1&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 4.3.2&lt;br /&gt;
| rowspan=&amp;quot;2&amp;quot; | Darwin Kernel Version 11.0.0: Wed Mar 30 18:51:10 PDT 2011; root:xnu-1735.46~10/RELEASE_ARM_[[S5L8930]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 4.3.3&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 4.3.4&lt;br /&gt;
| rowspan=&amp;quot;2&amp;quot; | Darwin Kernel Version 11.0.0: Sat Jul  9 00:59:43 PDT 2011; root:xnu-1735.47~1/RELEASE_ARM_[[S5L8930]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 4.3.5&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 5.0b5&lt;br /&gt;
| Darwin Kernel Version 11.0.0: Tue Aug  2 22:31:30 PDT 2011; root:xnu-1878.4.80~1/RELEASE_ARM_[[S5L8930]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 5.0&lt;br /&gt;
| Darwin Kernel Version 11.0.0: Thu Sep 15 23:34:43 PDT 2011; root:xnu-1878.4.43~2/RELEASE_ARM_[[S5L8940]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 5.0.1b&lt;br /&gt;
| Darwin Kernel Version 11.0.0: Wed Oct 19 19:05:07 PDT 2011; root:xnu-1878.4.45~1/RELEASE_ARM_[[S5L8930]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 5.0.1b2&lt;br /&gt;
| rowspan=&amp;quot;2&amp;quot; | Darwin Kernel Version 11.0.0: Tue Nov 1 20:34:16 PDT 2011; root:xnu-1878.4.46~1/RELEASE_ARM_[[S5L8940]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 5.0.1&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 5.1b&lt;br /&gt;
| Darwin Kernel Version 11.0.0: Sun Nov 13 19:10:13 PST 2011; root:xnu-1878.10.61~7/RELEASE_ARM_[[S5L8930]]X&lt;br /&gt;
| &lt;br /&gt;
|-&lt;br /&gt;
| 5.1b2&lt;br /&gt;
| Darwin Kernel Version 11.0.0: Sun Dec  4 18:57:33 PST 2011; root:xnu-1878.10.68~2/RELEASE_ARM_[[S5L8930]]X&lt;br /&gt;
| &lt;br /&gt;
|-&lt;br /&gt;
| 5.1b3&lt;br /&gt;
| Darwin Kernel Version 11.0.0: Mon Jan  2 18:46:01 PST 2012; root:xnu-1878.10.74~3/RELEASE_ARM_[[S5L8930]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 5.1&lt;br /&gt;
| Darwin Kernel Version 11.0.0: Wed Feb 1 23:18:07 PST 2012; root:xnu-1878.11.8~1/RELEASE_ARM_[[S5L8945]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 5.1.1&lt;br /&gt;
| Darwin Kernel Version 11.0.0: Sun Apr 8 21:51:26 PDT 2012; root:xnu-1878.11.10~1/RELEASE_ARM_[[S5L8930]]X &lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 6.0b&lt;br /&gt;
| Darwin Kernel Version 13.0.0: Wed May 30 19:23:03 PDT 2012; root:xnu-2107.1.78~18/RELEASE_ARM_[[S5L8930]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 6.0b2&lt;br /&gt;
| Darwin Kernel Version 13.0.0: Sun Jun 17 19:47:47 PDT 2012; root:xnu-2107.1.61~3/RELEASE_ARM_[[S5L8930]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 6.0b3&lt;br /&gt;
| Darwin Kernel Version 13.0.0: Sun Jul  8 20:15:17 PDT 2012; root:xnu-2107.2.9~3/RELEASE_ARM_[[S5L8930]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 6.0b4&lt;br /&gt;
| Darwin Kernel Version 13.0.0: Sun Jul 29 20:15:28 PDT 2012; root:xnu-2107.2.26~4/RELEASE_ARM_[[S5L8930]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 6.0&lt;br /&gt;
| Darwin Kernel Version 13.0.0: Sun Aug 19 00:31:06 PDT 2012; root:xnu-2107.2.33~4/RELEASE_ARM_[[S5L8950]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 6.0.1&lt;br /&gt;
| rowspan=&amp;quot;2&amp;quot; | Darwin Kernel Version 13.0.0: Wed Oct 10 23:32:19 PDT 2012; root:xnu-2107.2.34~2/RELEASE_ARM_[[S5L8950]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 6.0.2&lt;br /&gt;
| iPhone 5 only. &lt;br /&gt;
|-&lt;br /&gt;
| 6.1b&lt;br /&gt;
| Darwin Kernel Version 13.0.0: Sun Oct 21 19:28:43 PDT 2012; root:xnu-2107.7.51~17/RELEASE_ARM_[[S5L8930]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 6.1b2&lt;br /&gt;
| Darwin Kernel Version 13.0.0: Sun Nov  4 19:02:54 PST 2012; root:xnu-2107.7.53~2/RELEASE_ARM_[[S5L8930]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 6.1b3&lt;br /&gt;
| Darwin Kernel Version 13.0.0: Mon Nov 26 21:17:13 PST 2012; root:xnu-2107.7.53~27/RELEASE_ARM_[[S5L8930]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 6.1b4&lt;br /&gt;
| Darwin Kernel Version 13.0.0: Sun Dec  9 19:22:45 PST 2012; root:xnu-2107.7.55~6/RELEASE_ARM_[[S5L8930]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 6.1b5&lt;br /&gt;
| rowspan=&amp;quot;5&amp;quot; | Darwin Kernel Version 13.0.0: Sun Dec 16 20:01:39 PST 2012; root:xnu-2107.7.55~11/RELEASE_ARM_[[S5L8950]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 6.1&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 6.1.1b&lt;br /&gt;
|&lt;br /&gt;
|- &lt;br /&gt;
| 6.1.1&lt;br /&gt;
| iPhone 4S only&lt;br /&gt;
|- &lt;br /&gt;
| 6.1.2&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 6.1.3b2&lt;br /&gt;
| rowspan=&amp;quot;5&amp;quot; | Darwin Kernel Version 13.0.0: Wed Feb 13 21:35:42 PST 2013; root:xnu-2107.7.55.2.2~1/RELEASE_ARM_[[S5L8920]]X&lt;br /&gt;
|&lt;br /&gt;
|- &lt;br /&gt;
| 6.1.3&lt;br /&gt;
|&lt;br /&gt;
|- &lt;br /&gt;
| 6.1.4&lt;br /&gt;
| iPhone 5 only.&lt;br /&gt;
|-&lt;br /&gt;
| 6.1.5&lt;br /&gt;
| iPod touch 4 only.&lt;br /&gt;
|-&lt;br /&gt;
| 6.1.6&lt;br /&gt;
| iPod touch 4 and iPhone 3GS only.&lt;br /&gt;
|- &lt;br /&gt;
| 7.0b&lt;br /&gt;
| Darwin Kernel Version 14.0.0: Wed May 29 23:53:59 PDT 2013; root:xnu-2423.1.1.1.2~1/RELEASE_ARM_[[S5L8930]]X&lt;br /&gt;
|&lt;br /&gt;
|- &lt;br /&gt;
| 7.0b2&lt;br /&gt;
| Darwin Kernel Version 14.0.0: Mon Jun 17 00:51:51 PDT 2013; root:xnu-2423.1.28~7/RELEASE_ARM_[[S5L8930]]X&lt;br /&gt;
|&lt;br /&gt;
|- &lt;br /&gt;
| 7.0b3&lt;br /&gt;
| Darwin Kernel Version 14.0.0: Mon Jul  1 04:25:28 PDT 2013; root:xnu-2423.1.40~11/RELEASE_ARM_[[S5L8930]]X&lt;br /&gt;
|&lt;br /&gt;
|- &lt;br /&gt;
| 7.0b4&lt;br /&gt;
| Darwin Kernel Version 14.0.0: Mon Jul 22 02:12:11 PDT 2013; root:xnu-2423.1.55~8/RELEASE_ARM_[[S5L8930]]X&lt;br /&gt;
|&lt;br /&gt;
|- &lt;br /&gt;
| 7.0b5&lt;br /&gt;
| rowspan=&amp;quot;2&amp;quot; | Darwin Kernel Version 14.0.0: Sun Aug  4 22:40:14 PDT 2013; root:xnu-2423.1.70~6/RELEASE_ARM_[[S5L8930]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 7.0b6&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 7.0[[Golden Master|GM]]&lt;br /&gt;
| rowspan=&amp;quot;2&amp;quot; | Darwin Kernel Version 14.0.0: Tue Aug 13 21:39:05 PDT 2013; root:xnu-2423.1.73~3/RELEASE_ARM_[[S5L8930]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 7.0&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 7.0.1&lt;br /&gt;
| rowspan=&amp;quot;2&amp;quot; | Darwin Kernel Version 14.0.0: Mon Sep 9 20:56:02 PDT 2013; root:xnu-2423.1.74~2/RELEASE_ARM64_[[S5L8960]]X&lt;br /&gt;
| [[iPhone 5c]] and [[iPhone 5s|5s]] only&lt;br /&gt;
|-&lt;br /&gt;
| 7.0.2&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 7.0.3&lt;br /&gt;
| rowspan=&amp;quot;4&amp;quot; | Darwin Kernel Version 14.0.0: Fri Sep 27 23:08:32 PDT 2013; root:xnu-2423.3.12~1/RELEASE_ARM64_[[S5L8960]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 7.0.4&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 7.0.5&lt;br /&gt;
| iPhone 5c (iPhone5,4) and iPhone 5s (iPhone6,2) only.&lt;br /&gt;
|-&lt;br /&gt;
| 7.0.6&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 7.1b&lt;br /&gt;
| Darwin Kernel Version 14.0.0: Mon Nov 11 04:18:01 PST 2013; root:xnu-2423.10.33~9/RELEASE_ARM_[[S5L8930]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 7.1b2&lt;br /&gt;
| Darwin Kernel Version 14.0.0: Tue Dec 10 21:25:34 PST 2013; root:xnu-2423.10.38.1.1~1/RELEASE_ARM_[[S5L8930]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 7.1b3&lt;br /&gt;
| Darwin Kernel Version 14.0.0: Thu Jan  2 01:55:45 PST 2014; root:xnu-2423.10.45~5/RELEASE_ARM_[[S5L8930]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 7.1b4&lt;br /&gt;
| Darwin Kernel Version 14.0.0: Mon Jan 13 03:33:00 PST 2014; root:xnu-2423.10.49.0.1~3/RELEASE_ARM_[[S5L8930]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 7.1b5&lt;br /&gt;
| Darwin Kernel Version 14.0.0: Mon Jan 27 23:55:13 PST 2014; root:xnu-2423.10.58~2/RELEASE_ARM_[[S5L8930]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 7.1&lt;br /&gt;
| Darwin Kernel Version 14.0.0: Fri Feb 21 19:41:10 PST 2014; root:xnu-2423.10.67~1/RELEASE_ARM_[[S5L8930]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 7.1.1&lt;br /&gt;
| Darwin Kernel Version 14.0.0: Fri Mar 28 21:22:10 PDT 2014; root:xnu-2423.10.70~1/RELEASE_ARM_[[S5L8930]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 7.1.2&lt;br /&gt;
| Darwin Kernel Version 14.0.0: Thu May 15 23:17:54 PDT 2014; root:xnu-2423.10.71~1/RELEASE_ARM64_[[S5L8960]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 8.0b&lt;br /&gt;
| Darwin Kernel Version 14.0.0: Mon May 26 22:09:06 PDT 2014; root:xnu-2729.0.0.0.9~2/RELEASE_ARM_[[S5L8942]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 8.0b2&lt;br /&gt;
| Darwin Kernel Version 14.0.0: Sat Jun 14 16:36:40 PDT 2014; root:xnu-2775.0.0.1.1~3/RELEASE_ARM64_[[S5L8960]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 8.0b3&lt;br /&gt;
| Darwin Kernel Version 14.0.0: Wed Jul  2 18:51:34 PDT 2014; root:xnu-2783.1.21~19/RELEASE_ARM_[[S5L8950]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 8.0b4&lt;br /&gt;
| Darwin Kernel Version 14.0.0: Wed Jul 16 21:55:26 PDT 2014; root:xnu-2783.1.40.0.3~2/RELEASE_ARM_[[S5L8950]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 8.0b5&lt;br /&gt;
| Darwin Kernel Version 14.0.0: Wed Jul 30 23:04:17 PDT 2014; root:xnu-2783.1.62~20/RELEASE_ARM_[[S5L8950]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 8.0[[Golden Master|GM]]&lt;br /&gt;
| rowspan=&amp;quot;2&amp;quot; | Darwin Kernel Version 14.0.0: Tue Aug 19 15:09:47 PDT 2014; root:xnu-2783.1.72~8/RELEASE_ARM64_[[S5L8960]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 8.0&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 8.0.1&lt;br /&gt;
| rowspan=&amp;quot;2&amp;quot; | Darwin Kernel Version 14.0.0: Thu Sep 18 21:52:21 PDT 2014; root:xnu-2783.1.72~23/RELEASE_ARM_[[S5L8950]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 8.0.2&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 8.1b&lt;br /&gt;
| Darwin Kernel Version 14.0.0: Sat Sep 27 18:49:49 PDT 2014; root:xnu-2783.3.12~18/RELEASE_ARM_[[S5L8950]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 8.1b2&lt;br /&gt;
| Darwin Kernel Version 14.0.0: Fri Oct 3 21:52:09 PDT 2014; root:xnu-2783.3.13~2/RELEASE_ARM_[[S5L8950]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 8.1&lt;br /&gt;
| Darwin Kernel Version 14.0.0: Fri Oct 7 00:04:37 PDT 2014; root:xnu-2783.3.13~4/RELEASE_ARM_[[S5L8950]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 8.1.1b&lt;br /&gt;
| Darwin Kernel Version 14.0.0: Sun Nov 2 20:21:29 PDT 2014; root:xnu-2783.3.21~1/RELEASE_ARM_[[S5L8950]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 8.1.1&lt;br /&gt;
| rowspan=&amp;quot;2&amp;quot; | Darwin Kernel Version 14.0.0: Mon Nov 3 22:54:30 PDT 2014; root:xnu-2783.3.22~1/RELEASE_ARM_[[S5L8950]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 8.1.2&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 8.1.3&lt;br /&gt;
| Darwin Kernel Version 14.0.0: Mon Jan 2 21:29:20 PST 2015; root:xnu-2783.3.26~3/RELEASE_ARM_[[S5L8950]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 8.2b3&lt;br /&gt;
| Darwin Kernel Version 14.0.0: Sun Dec 14 20:59:15 PST 2014; root:xnu-2783.5.29.0.1~1/RELEASE_ARM_[[S5L8940]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 8.2b4&lt;br /&gt;
| Darwin Kernel Version 14.0.0: Tue Jan  6 21:02:10 PST 2015; root:xnu-2783.5.32~9/RELEASE_ARM_[[S5L8940]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 8.2b5&lt;br /&gt;
| Darwin Kernel Version 14.0.0: Mon Jan 26 22:16:17 PST 2015; root:xnu-2783.5.37~11/RELEASE_ARM_[[S5L8940]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 8.2&lt;br /&gt;
| Darwin Kernel Version 14.0.0: Mon Feb 9 22:07:57 PST 2015; root:xnu-2783.5.38~5/RELEASE_ARM_[[S5L8950]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 8.3b3&lt;br /&gt;
| Darwin Kernel Version 14.0.0: Mon Mar 4 20:55:58 PST 2015; root:xnu-2784.20.25~26/RELEASE_ARM_[[S5L8960]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 8.3b4&lt;br /&gt;
| Darwin Kernel Version 14.0.0: Thu Mar 19 00:16:36 PST 2015; root:xnu-2784.20.31~1/RELEASE_ARM_[[S5L8960]]X&lt;br /&gt;
|&lt;br /&gt;
|-&lt;br /&gt;
| 8.3&lt;br /&gt;
| Darwin Kernel Version 14.0.0: Sun Mar 29 19:44:04 PDT 2015; root:xnu-2784.20.34~2/RELEASE_ARM_[[S5L8950]]X&lt;br /&gt;
|&lt;br /&gt;
|}&lt;br /&gt;
&lt;br /&gt;
== Source Code ==&lt;br /&gt;
As XNU is based off of the [[wikipedia:Berkeley Software Distribution|BSD kernel]], it is [http://opensource.apple.com/source/xnu open source]. The source is under a [http://opensource.apple.com/license/bsd/ 3-clause BSD License] for the original BSD portions with the portions added by Apple under the [http://opensource.apple.com/license/apsl/ Apple Public Source License]. The [[#Versions|versions contained in iOS]] are not available, instead only versions used in ''OS X'' are available. This does not appear to be legal as per &amp;amp;#x00A7;2.3 in the APSL:&lt;br /&gt;
 2.3     Distribution of Executable Versions.  In addition, if You Externally Deploy Covered&lt;br /&gt;
 Code (Original Code and/or Modifications) in object code, executable form only, '''You must'''&lt;br /&gt;
 '''include a prominent notice''', in the code itself as well as in related documentation, '''stating'''&lt;br /&gt;
 '''that Source Code of the Covered Code is available''' under the terms of this License '''with'''&lt;br /&gt;
 '''information on how and where to obtain such Source Code'''.&lt;br /&gt;
with ''Source Code'' defined in &amp;amp;#x00A7;1.8:&lt;br /&gt;
 1.8     &amp;quot;Source Code&amp;quot; means the human readable form of a program or other work that is&lt;br /&gt;
 suitable for making modifications to it, including all modules it contains, plus any&lt;br /&gt;
 associated interface definition files, scripts used to control compilation and installation&lt;br /&gt;
 of an executable (object code).&lt;br /&gt;
&lt;br /&gt;
It is worth noting that Apple does ''not'' list XNU as being an open source component of [[iOS]]. This can be seen by viewing [http://opensource.apple.com/ opensource.apple.com] and selecting ''any'' iOS version. As far as can be told, ''none'' of the versions of XNU are available in source version.&lt;br /&gt;
&lt;br /&gt;
There are many other open souce components that iOS uses that are ''not'' listed, such as:&lt;br /&gt;
* [http://opensource.apple.com/source/CF/ CF] ([https://developer.apple.com/library/mac/#documentation/CoreFoundation/Reference/CoreFoundation_Collection/_index.html CoreFoundation] - Cocoa)&lt;br /&gt;
* [http://opensource.apple.com/source/SQLite/ SQLite] ([http://www.sqlite.org/ SQLite] - database utility)&lt;br /&gt;
* [http://opensource.apple.com/source/TimeZoneData/ TimeZoneData] ([[wikipedia:tz database|tz database]] - [[/usr/share/zoneinfo]])&lt;br /&gt;
* [http://opensource.apple.com/source/curl/ curl](?) ([http://curl.haxx.se/ libcurl] - various HTTP operations)&lt;br /&gt;
* [http://opensource.apple.com/source/hfs/ hfs] (hfs - [[wikipedia:Hierarchical File System|HFS]] driver)&lt;br /&gt;
* [http://opensource.apple.com/source/launchd/ launchd] ([[launchd]] - launch daemon)&lt;br /&gt;
* [http://opensource.apple.com/source/libxml2/ libxml2](?) ([http://www.xmlsoft.org/ libxml2] - parser for [[wikipedia:XML|XML]] [[PList File Format|plist]]s)&amp;lt;!-- or does CF handle the parsing? --&amp;gt;&lt;br /&gt;
* [http://opensource.apple.com/source/xnu/ xnu] (XNU - Kernel)&lt;br /&gt;
* [http://opensource.apple.com/source/zip/ zip] (zip - extraction of various files)&lt;br /&gt;
It does ''not'' appear that Apple assumes what you see in the ''OS X'' pages are also on ''iOS''&amp;lt;!-- reword needed --&amp;gt; as [http://opensource.apple.com/source/JavaScriptCore/ JavaScriptCore], [http://opensource.apple.com/source/WebCore/ WebCore], among others are listed on both [http://opensource.apple.com/release/mac-os-x-108/ OS X] (10.8) and [http://opensource.apple.com/release/ios-60/ iOS] (6.0), albeit different versions.&lt;br /&gt;
&lt;br /&gt;
It is also worth noting that [http://opensource.apple.com/source/gdb/ gdb] ([[wikipedia:GNU Compiler Collection|GCC]] debugger) and [http://opensource.apple.com/source/ld64/ ld64] are listed as components in [http://opensource.apple.com/release/ios-60/ iOS 6.0]. Why there are present is a mystery as they are not present on unaltered devices, but only through [[Cydia.app|Cydia]] or [[Xcode]]'s &amp;lt;code&amp;gt;DeveloperImage.dmg&amp;lt;/code&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
== Kernel Extensions ==&lt;br /&gt;
iOS, sadly, does ''not'' have [[Kernel Extension|kext]]s floating around the [[/|file system]], but they are indeed present. The [[kernelcache]] can be unpacked to show the kernel proper, along with the kexts (all packed in the __PRELINK_TEXT section) and their [[PList File Format|plist]]s (in the __PRELINK_INFO section).&lt;br /&gt;
&lt;br /&gt;
The Cydia supplied [[kextstat]] does not work on [[iOS]]. Sadly, the reason is that kextstat relies on &amp;lt;code&amp;gt;kmod_get_info(...)&amp;lt;/code&amp;gt;, which is a deprecated (and recently removed) API in recent&amp;lt;!-- how recent? --&amp;gt; iOS and OS X versions. With that said, the [[Kernel Extension|kext]]s ''do'' exist. The alternative, [[kextstat#jkextstat|jkextstat]], ''does'' work on recent iOS versions. jkextstat can cause some confusion as it uses the executable name &amp;lt;code&amp;gt;kextstat&amp;lt;/code&amp;gt;, similar to how calling &amp;lt;code&amp;gt;g++&amp;lt;/code&amp;gt; just launches &amp;lt;code&amp;gt;gcc&amp;lt;/code&amp;gt; but with parameters to treat all &amp;lt;code&amp;gt;.c&amp;lt;/code&amp;gt; files as C++ files.&lt;br /&gt;
&lt;br /&gt;
The following is the output from [[kextstat#jkextstat|jkextstat]] on an [[n81ap|iPod touch 4G]] running [[iOS]] 6(?):&lt;br /&gt;
&lt;br /&gt;
 Podicum:~ root# ./kextstat &lt;br /&gt;
   0 __kernel__ &lt;br /&gt;
   1 kpi.bsd &lt;br /&gt;
   2 kpi.dsep &lt;br /&gt;
   3 kpi.iokit &lt;br /&gt;
   4 kpi.libkern &lt;br /&gt;
   5 kpi.mach &lt;br /&gt;
   6 kpi.private &lt;br /&gt;
   7 kpi.unsupported &lt;br /&gt;
   8 driver.AppleARMPlatform &amp;lt;1 3 4 5 6 7&amp;gt;&lt;br /&gt;
   9 iokit.IOStorageFamily &amp;lt;1 3 4 5 6 7&amp;gt;&lt;br /&gt;
  10 driver.DiskImages &amp;lt;1 3 4 5 6 7 9&amp;gt;&lt;br /&gt;
  11 driver.FairPlayIOKit &amp;lt;1 3 4 5 6 7&amp;gt;&lt;br /&gt;
  12 driver.IOSlaveProcessor &amp;lt;3 4&amp;gt;&lt;br /&gt;
  13 driver.IOP_s5l8930x_firmware &amp;lt;3 4 12&amp;gt;&lt;br /&gt;
  14 iokit.AppleProfileFamily &amp;lt;1 3 4 5 6 7&amp;gt;&lt;br /&gt;
  15 iokit.IOCryptoAcceleratorFamily &amp;lt;1 3 4 5 7&amp;gt;&lt;br /&gt;
  16 driver.AppleMobileFileIntegrity &amp;lt;1 2 3 4 5 6 7 15&amp;gt;&lt;br /&gt;
  17 iokit.IONetworkingFamily &amp;lt;1 3 4 5 6 7&amp;gt;&lt;br /&gt;
  18 iokit.IOUserEthernet &amp;lt;1 3 4 5 6 16 17&amp;gt;&lt;br /&gt;
  19 platform.AppleKernelStorage &amp;lt;3 4 7&amp;gt;&lt;br /&gt;
  20 iokit.IOSurface &amp;lt;1 3 4 5 6 7 8&amp;gt;&lt;br /&gt;
  21 iokit.IOStreamFamily &amp;lt;3 4 5&amp;gt;&lt;br /&gt;
  22 iokit.IOAudio2Family &amp;lt;1 3 4 5 21&amp;gt;&lt;br /&gt;
  23 driver.AppleAC3Passthrough &amp;lt;1 3 4 5 7 8 11 21 22&amp;gt;&lt;br /&gt;
  24 iokit.EncryptedBlockStorage &amp;lt;1 3 4 5 9 15&amp;gt;&lt;br /&gt;
  25 iokit.IOFlashStorage &amp;lt;1 3 4 5 7 9 24&amp;gt;&lt;br /&gt;
  26 driver.AppleEffaceableStorage &amp;lt;1 3 4 5 7 8 25&amp;gt;&lt;br /&gt;
  27 driver.AppleKeyStore &amp;lt;1 3 4 5 6 7 15 16 26&amp;gt;&lt;br /&gt;
  28 kext.AppleMatch &amp;lt;1 4&amp;gt;&lt;br /&gt;
  29 security.sandbox &amp;lt;1 2 3 4 5 6 7 16 28&amp;gt;&lt;br /&gt;
  30 driver.AppleS5L8930X &amp;lt;1 3 4 5 7 8&amp;gt;&lt;br /&gt;
  31 iokit.IOHIDFamily &amp;lt;1 3 4 5 6 7 16&amp;gt;&lt;br /&gt;
  32 driver.AppleM68Buttons &amp;lt;1 3 4 5 7 8 31&amp;gt;&lt;br /&gt;
  33 iokit.IOUSBDeviceFamily &amp;lt;1 3 4 5&amp;gt;&lt;br /&gt;
  34 iokit.IOSerialFamily &amp;lt;1 3 4 5 6 7&amp;gt;&lt;br /&gt;
  35 driver.AppleOnboardSerial &amp;lt;1 3 4 5 7 34&amp;gt;&lt;br /&gt;
  36 iokit.IOAccessoryManager &amp;lt;3 4 5 7 8 33 34 35&amp;gt;&lt;br /&gt;
  37 driver.AppleProfileTimestampAction &amp;lt;1 3 4 5 14&amp;gt;&lt;br /&gt;
  38 driver.AppleProfileThreadInfoAction &amp;lt;1 3 4 6 14&amp;gt;&lt;br /&gt;
  39 driver.AppleProfileKEventAction &amp;lt;1 3 4 14&amp;gt;&lt;br /&gt;
  40 driver.AppleProfileRegisterStateAction &amp;lt;1 3 4 14&amp;gt;&lt;br /&gt;
  41 driver.AppleProfileCallstackAction &amp;lt;1 3 4 5 6 14&amp;gt;&lt;br /&gt;
  42 driver.AppleProfileReadCounterAction &amp;lt;3 4 6 14&amp;gt;&lt;br /&gt;
  43 driver.AppleARMPL192VIC &amp;lt;3 4 5 7 8&amp;gt;&lt;br /&gt;
  44 driver.AppleCDMA &amp;lt;1 3 4 5 7 8 15&amp;gt;&lt;br /&gt;
  45 driver.IODARTFamily &amp;lt;3 4 5&amp;gt;&lt;br /&gt;
  46 driver.AppleS5L8930XDART &amp;lt;1 3 4 5 7 8 45&amp;gt;&lt;br /&gt;
  47 iokit.IOSDIOFamily &amp;lt;1 3 4 5 7&amp;gt;&lt;br /&gt;
  48 driver.AppleIOPSDIO &amp;lt;1 3 4 5 7 8 12 47&amp;gt;&lt;br /&gt;
  49 driver.AppleIOPFMI &amp;lt;1 3 4 5 7 8 12 25&amp;gt;&lt;br /&gt;
  50 driver.AppleSamsungSPI &amp;lt;1 3 4 5 7 8&amp;gt;&lt;br /&gt;
  51 driver.AppleSamsungSerial &amp;lt;1 3 4 5 7 8 34 35&amp;gt;&lt;br /&gt;
  52 driver.AppleSamsungPKE &amp;lt;3 4 5 7 8 15&amp;gt;&lt;br /&gt;
  53 driver.AppleS5L8920X &amp;lt;1 3 4 5 7 8&amp;gt;&lt;br /&gt;
  54 driver.AppleSamsungI2S &amp;lt;1 3 4 5 7 8&amp;gt;&lt;br /&gt;
  55 driver.AppleEmbeddedUSB &amp;lt;1 3 4 5 7 8&amp;gt;&lt;br /&gt;
  56 driver.AppleS5L8930XUSBPhy &amp;lt;1 3 4 5 7 8 55&amp;gt;&lt;br /&gt;
  57 iokit.IOUSBFamily &amp;lt;1 3 4 5 7&amp;gt;&lt;br /&gt;
  58 driver.AppleUSBEHCI &amp;lt;1 3 4 5 7 57&amp;gt;&lt;br /&gt;
  59 driver.AppleUSBComposite &amp;lt;1 3 4 57&amp;gt;&lt;br /&gt;
  60 driver.AppleEmbeddedUSBHost &amp;lt;1 3 4 5 7 55 57 59&amp;gt;&lt;br /&gt;
  61 driver.AppleUSBOHCI &amp;lt;1 3 4 5 57&amp;gt;&lt;br /&gt;
  62 driver.AppleUSBOHCIARM &amp;lt;3 4 5 8 55 57 60 61&amp;gt;&lt;br /&gt;
  63 driver.AppleUSBHub &amp;lt;1 3 4 5 57&amp;gt;&lt;br /&gt;
  64 driver.AppleUSBEHCIARM &amp;lt;3 4 5 8 55 57 58 60 63&amp;gt;&lt;br /&gt;
  65 driver.AppleS5L8930XUSB &amp;lt;1 3 4 5 7 8 55 57 58 60 61 62 64&amp;gt;&lt;br /&gt;
  66 driver.AppleARM7M &amp;lt;3 4 8 12&amp;gt;&lt;br /&gt;
  67 driver.EmbeddedIOP &amp;lt;3 4 5 12&amp;gt;&lt;br /&gt;
  68 driver.AppleVXD375 &amp;lt;1 3 4 5 7 8 11&amp;gt;&lt;br /&gt;
  69 driver.AppleD1815PMU &amp;lt;1 3 4 5 7 8 31&amp;gt;&lt;br /&gt;
  70 iokit.AppleARMIISAudio &amp;lt;1 3 4 5 7 22&amp;gt;&lt;br /&gt;
  71 driver.AppleEmbeddedAudio &amp;lt;1 3 4 5 7 8 22 31 70&amp;gt;&lt;br /&gt;
  72 driver.AppleCS42L59Audio &amp;lt;3 4 5 8 22 31 70 71&amp;gt;&lt;br /&gt;
  73 driver.AppleEmbeddedAccelerometer &amp;lt;3 4 5 7 8 31&amp;gt;&lt;br /&gt;
  74 driver.AppleEmbeddedGyro &amp;lt;1 3 4 5 7 8 31&amp;gt;&lt;br /&gt;
  75 driver.AppleEmbeddedLightSensor &amp;lt;3 4 5 7 8 31&amp;gt;&lt;br /&gt;
  76 iokit.IOAcceleratorFamily &amp;lt;1 3 4 5 7 8&amp;gt;&lt;br /&gt;
  77 IMGSGX535 &amp;lt;1 3 4 5 7 8 76&amp;gt;&lt;br /&gt;
  78 driver.H2H264VideoEncoderDriver &amp;lt;1 3 4 5 7 8&amp;gt;&lt;br /&gt;
  79 driver.AppleJPEGDriver &amp;lt;1 3 4 5 7 8&amp;gt;&lt;br /&gt;
  80 driver.AppleH3CameraInterface &amp;lt;1 3 4 5 7 8&amp;gt;&lt;br /&gt;
  81 driver.AppleM2ScalerCSCDriver &amp;lt;1 3 4 5 7 8 45&amp;gt;&lt;br /&gt;
  82 iokit.IOMobileGraphicsFamily &amp;lt;1 3 4 5 7 8&amp;gt;&lt;br /&gt;
  83 driver.AppleDisplayPipe &amp;lt;1 3 4 5 7 8 82&amp;gt;&lt;br /&gt;
  84 driver.AppleCLCD &amp;lt;1 3 4 5 7 8 82 83&amp;gt;&lt;br /&gt;
  85 driver.AppleSamsungMIPIDSI &amp;lt;1 3 4 5 7 8&amp;gt;&lt;br /&gt;
  86 driver.ApplePinotLCD &amp;lt;1 3 4 5 7 8&amp;gt;&lt;br /&gt;
  87 driver.AppleSamsungSWI &amp;lt;1 3 4 5 7 8&amp;gt;&lt;br /&gt;
  88 iokit.IODisplayPortFamily &amp;lt;1 3 4 5 6 7 22&amp;gt;&lt;br /&gt;
  89 driver.AppleRGBOUT &amp;lt;1 3 4 5 7 8 82 83 88&amp;gt;&lt;br /&gt;
  90 driver.AppleTVOut &amp;lt;1 3 4 5 7 8&amp;gt;&lt;br /&gt;
  91 driver.AppleAMC_r2 &amp;lt;1 3 4 5 7 8 11 21 22&amp;gt;&lt;br /&gt;
  92 driver.AppleSamsungDPTX &amp;lt;3 4 5 7 8 88&amp;gt;&lt;br /&gt;
  93 driver.AppleSynopsysOTGDevice &amp;lt;1 3 4 5 7 8 33 55&amp;gt;&lt;br /&gt;
  94 driver.AppleNANDFTL &amp;lt;1 3 4 5 7 9 25&amp;gt;&lt;br /&gt;
  95 driver.AppleNANDLegacyFTL &amp;lt;1 3 4 5 9 25 94&amp;gt;&lt;br /&gt;
  96 AppleFSCompression.AppleFSCompressionTypeZlib &amp;lt;1 2 3 4 6&amp;gt;&lt;br /&gt;
  97 IOTextEncryptionFamily &amp;lt;1 3 4 5 7 11&amp;gt;&lt;br /&gt;
  98 driver.AppleBSDKextStarter &amp;lt;3 4&amp;gt;&lt;br /&gt;
  99 nke.ppp &amp;lt;1 3 4 5 6 7&amp;gt;&lt;br /&gt;
 100 nke.l2tp &amp;lt;1 3 4 5 6 7 99&amp;gt;&lt;br /&gt;
 101 nke.pptp &amp;lt;1 3 4 5 6 7 99&amp;gt;&lt;br /&gt;
 102 iokit.IO80211Family &amp;lt;1 3 4 5 6 7 17&amp;gt;&lt;br /&gt;
 103 driver.AppleBCMWLANCore &amp;lt;1 3 4 5 6 7 8 17 102&amp;gt;&lt;br /&gt;
 104 driver.AppleBCMWLANBusInterfaceSDIO &amp;lt;1 3 4 5 6 7 8 47 103&amp;gt;&lt;br /&gt;
 105 driver.AppleDiagnosticDataAccessReadOnly &amp;lt;1 3 4 5 7 8 94&amp;gt;&lt;br /&gt;
 106 driver.LightweightVolumeManager &amp;lt;1 3 4 5 9 15 24 26&amp;gt;&lt;br /&gt;
 107 driver.IOFlashNVRAM &amp;lt;1 3 4 5 6 7 25&amp;gt;&lt;br /&gt;
 108 driver.AppleNANDFirmware &amp;lt;1 3 4 5 25&amp;gt;&lt;br /&gt;
 109 driver.AppleImage3NORAccess &amp;lt;1 3 4 5 7 8 15 108&amp;gt;&lt;br /&gt;
 110 driver.AppleBluetooth &amp;lt;1 3 4 5 7 8&amp;gt;&lt;br /&gt;
 111 driver.AppleMultitouchSPI &amp;lt;1 3 4 5 7 8&amp;gt;&lt;br /&gt;
 112 driver.AppleUSBMike &amp;lt;1 3 4 5 8 22 33&amp;gt;&lt;br /&gt;
 113 driver.AppleUSBDeviceMux &amp;lt;1 3 4 5 6 7 33&amp;gt;&lt;br /&gt;
 114 driver.AppleUSBEthernetDevice &amp;lt;1 3 4 5 6 8 17 33&amp;gt;&lt;br /&gt;
&lt;br /&gt;
For a specific extension, e.g. SandBox, the full information (including the handy load address) is also accessible:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;code&amp;gt;root# ./jkextstat -b sandbox  -x&amp;lt;/code&amp;gt;:&lt;br /&gt;
 &amp;lt;plist&amp;gt;&lt;br /&gt;
 &amp;lt;dict&amp;gt;&lt;br /&gt;
         &amp;lt;key&amp;gt;CFBundleIdentifier&amp;lt;/key&amp;gt;&lt;br /&gt;
         &amp;lt;string&amp;gt;com.apple.security.sandbox&amp;lt;/string&amp;gt;&lt;br /&gt;
         &amp;lt;key&amp;gt;CFBundleVersion&amp;lt;/key&amp;gt;&lt;br /&gt;
         &amp;lt;string&amp;gt;154.7&amp;lt;/string&amp;gt;&lt;br /&gt;
         &amp;lt;key&amp;gt;OSBundleCPUSubtype&amp;lt;/key&amp;gt;&lt;br /&gt;
         &amp;lt;integer&amp;gt;9&amp;lt;/integer&amp;gt;&lt;br /&gt;
         &amp;lt;key&amp;gt;OSBundleCPUType&amp;lt;/key&amp;gt;&lt;br /&gt;
         &amp;lt;integer&amp;gt;12&amp;lt;/integer&amp;gt;&lt;br /&gt;
         &amp;lt;key&amp;gt;OSBundleDependencies&amp;lt;/key&amp;gt;&lt;br /&gt;
         &amp;lt;array&amp;gt;&lt;br /&gt;
                 &amp;lt;integer&amp;gt;6&amp;lt;/integer&amp;gt;&lt;br /&gt;
                 &amp;lt;integer&amp;gt;7&amp;lt;/integer&amp;gt;&lt;br /&gt;
                 &amp;lt;integer&amp;gt;5&amp;lt;/integer&amp;gt;&lt;br /&gt;
                 &amp;lt;integer&amp;gt;3&amp;lt;/integer&amp;gt;&lt;br /&gt;
                 &amp;lt;integer&amp;gt;28&amp;lt;/integer&amp;gt;&lt;br /&gt;
                 &amp;lt;integer&amp;gt;1&amp;lt;/integer&amp;gt;&lt;br /&gt;
                 &amp;lt;integer&amp;gt;4&amp;lt;/integer&amp;gt;&lt;br /&gt;
                 &amp;lt;integer&amp;gt;16&amp;lt;/integer&amp;gt;&lt;br /&gt;
                 &amp;lt;integer&amp;gt;2&amp;lt;/integer&amp;gt;&lt;br /&gt;
         &amp;lt;/array&amp;gt;&lt;br /&gt;
         &amp;lt;key&amp;gt;OSBundleExecutablePath&amp;lt;/key&amp;gt;&lt;br /&gt;
         &amp;lt;string&amp;gt;/System/Library/Extensions/Sandbox.kext/Sandbox&amp;lt;/string&amp;gt;&lt;br /&gt;
         &amp;lt;key&amp;gt;OSBundleIsInterface&amp;lt;/key&amp;gt;&lt;br /&gt;
         &amp;lt;false/&amp;gt;&lt;br /&gt;
         &amp;lt;key&amp;gt;OSBundleLoadAddress&amp;lt;/key&amp;gt;&lt;br /&gt;
         &amp;lt;integer&amp;gt;2153734144&amp;lt;/integer&amp;gt;&lt;br /&gt;
         &amp;lt;key&amp;gt;OSBundleLoadSize&amp;lt;/key&amp;gt;&lt;br /&gt;
         &amp;lt;integer&amp;gt;36864&amp;lt;/integer&amp;gt;&lt;br /&gt;
         &amp;lt;key&amp;gt;OSBundleLoadTag&amp;lt;/key&amp;gt;&lt;br /&gt;
         &amp;lt;integer&amp;gt;29&amp;lt;/integer&amp;gt;&lt;br /&gt;
         &amp;lt;key&amp;gt;OSBundleMachOHeaders&amp;lt;/key&amp;gt;&lt;br /&gt;
         &amp;lt;data&amp;gt;&lt;br /&gt;
         zvrt/gwAAAAJAAAACwAAAAMAAAAgAgAAAQAAAAEAAAAEAQAAX19URVhUAAAAAAAAAAAA&lt;br /&gt;
         AABgX4AAgAAAAAAAAACAAAAHAAAABwAAAAMAAAAAAAAAX190ZXh0AAAAAAAAAAAAAF9f&lt;br /&gt;
         VEVYVAAAAAAAAAAAAADMbV+AKGEAAMwNAAACAAAAAAAAAAAAAAAABwCAAAAAAAAAAABf&lt;br /&gt;
         X2NzdHJpbmcAAAAAAAAAX19URVhUAAAAAAAAAAAAAPTOX4DLDQAA9G4AAAAAAAAAAAAA&lt;br /&gt;
         AAAAAAIAAAAAAAAAAAAAAF9fY29uc3QAAAAAAAAAAABfX1RFWFQAAAAAAAAAAAAAwNxf&lt;br /&gt;
         gDEDAADAfAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAQBAABfX0RBVEEAAAAA&lt;br /&gt;
         AAAAAAAAAOBfgAAQAAAAgAAAABAAAAcAAAAHAAAAAwAAAAAAAABfX2RhdGEAAAAAAAAA&lt;br /&gt;
         AAAAX19EQVRBAAAAAAAAAAAAAADgX4C0BgAAAIAAAAQAAAAAAAAAAAAAAAAAAAAAAAAA&lt;br /&gt;
         AAAAAF9fYnNzAAAAAAAAAAAAAABfX0RBVEEAAAAAAAAAAAAAwOZfgHgAAAAAAAAABAAA&lt;br /&gt;
         AAAAAAAAAAAAAQAAAAAAAAAAAAAAX19jb21tb24AAAAAAAAAAF9fREFUQQAAAAAAAAAA&lt;br /&gt;
         AAA451+AGAAAAAAAAAACAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAbAAAAGAAAABasg7Y2&lt;br /&gt;
         TzkVrtqsgOViBQ0=&lt;br /&gt;
         &amp;lt;/data&amp;gt;&lt;br /&gt;
         &amp;lt;key&amp;gt;OSBundlePath&amp;lt;/key&amp;gt;&lt;br /&gt;
         &amp;lt;string&amp;gt;/System/Library/Extensions/Sandbox.kext&amp;lt;/string&amp;gt;&lt;br /&gt;
         &amp;lt;key&amp;gt;OSBundlePrelinked&amp;lt;/key&amp;gt;&lt;br /&gt;
         &amp;lt;true/&amp;gt;&lt;br /&gt;
         &amp;lt;key&amp;gt;OSBundleRetainCount&amp;lt;/key&amp;gt;&lt;br /&gt;
         &amp;lt;integer&amp;gt;0&amp;lt;/integer&amp;gt;&lt;br /&gt;
         &amp;lt;key&amp;gt;OSBundleStarted&amp;lt;/key&amp;gt;&lt;br /&gt;
         &amp;lt;true/&amp;gt;&lt;br /&gt;
         &amp;lt;key&amp;gt;OSBundleUUID&amp;lt;/key&amp;gt;&lt;br /&gt;
         &amp;lt;data&amp;gt;&lt;br /&gt;
         FqyDtjZPORWu2qyA5WIFDQ==&lt;br /&gt;
         &amp;lt;/data&amp;gt;&lt;br /&gt;
         &amp;lt;key&amp;gt;OSBundleWiredSize&amp;lt;/key&amp;gt;&lt;br /&gt;
         &amp;lt;integer&amp;gt;36864&amp;lt;/integer&amp;gt;&lt;br /&gt;
         &amp;lt;key&amp;gt;OSKernelResource&amp;lt;/key&amp;gt;&lt;br /&gt;
         &amp;lt;false/&amp;gt;&lt;br /&gt;
 &amp;lt;/dict&amp;gt;&lt;br /&gt;
 &amp;lt;/plist&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
It's also worth mentioning that, in the above listing, the OSBundleMachOHeaders (base-64 encoded binary headers) leak kernel addresses in iOS 6.0, defeating [[Kernel ASLR]]. This has been quickly fixed in iOS 6.0.1, effectively locking down iOS for the foreseeable future, thanks to security researcher [[mdowd]].&lt;br /&gt;
&lt;br /&gt;
==[[User:Winocm|Winocm's]] custom kernel==&lt;br /&gt;
[[User:Winocm|Winocm]] uses a custom kernel which the version can be found below.&lt;br /&gt;
 Darwin Kernel Version 13.0.0: Fri Nov 22 18:19:54 CST 2013; root:xnu-2050.48.13~7/DEVELOPMENT_ARM_[[S5L8930]]X&lt;br /&gt;
&lt;br /&gt;
== See Also ==&lt;br /&gt;
* [[Kernel Syscalls]]&lt;br /&gt;
* [[Kernel Sysctls]]&lt;br /&gt;
* [[Kernel Task]]&lt;br /&gt;
* [[Kernel Symbols]]&lt;br /&gt;
* [[kdebug]]&lt;br /&gt;
* [[kernelcache]]&lt;br /&gt;
* [[Tutorial:Booting XNU on A4 Devices]]&lt;br /&gt;
&lt;br /&gt;
== External Links ==&lt;br /&gt;
* [http://opensource.apple.com/source/xnu XNU Source] (up to latest **OS X** version)&lt;br /&gt;
* [[i0n1c]] on [https://media.blackhat.com/bh-us-11/Esser/BH_US_11_Esser_Exploiting_The_iOS_Kernel_Slides.pdf exploiting the kernel]&lt;br /&gt;
* [[User:Haifisch|Haifisch]] on [http://dylanlaws.com/Kernel101 Decrypting the iOS kernel for disassembly]&lt;br /&gt;
* [http://newosxbook.com/src.jl?tree=listings&amp;amp;file=18-1-JKextstat.c jkextstat.c]&lt;br /&gt;
* [http://www.amazon.com/gp/product/1118057651 OSX/iOS internals book]&lt;/div&gt;</summary>
		<author><name>Rzhikharevich</name></author>
		
	</entry>
	<entry>
		<id>https://www.theiphonewiki.com/w/index.php?title=Apple_Watch_(1st_generation)&amp;diff=45309</id>
		<title>Apple Watch (1st generation)</title>
		<link rel="alternate" type="text/html" href="https://www.theiphonewiki.com/w/index.php?title=Apple_Watch_(1st_generation)&amp;diff=45309"/>
		<updated>2015-03-31T11:33:26Z</updated>

		<summary type="html">&lt;p&gt;Rzhikharevich: /* Specifications */ New info from MacRumors.&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;[[File:Watch.jpg|right|thumb|Apple Watch]]&lt;br /&gt;
&lt;br /&gt;
This is the Apple Watch introduced by Tim Cook at Apple's 'Wish we could say more.' event on the 9th September 2014.&lt;br /&gt;
&lt;br /&gt;
== Application Processor ==&lt;br /&gt;
This device uses the new Apple S1 processor, The processor is an ARMv7k architecture (32-bit). Internally, the watch is referred to as n27aap (Watch1,1) or n28aap (Watch1,2).&lt;br /&gt;
&lt;br /&gt;
== Specifications ==&lt;br /&gt;
* RAM: [http://appleinsider.com/articles/14/09/22/rumor-apple-watch-to-feature-512mb-of-ram-4gb-of-storage 512MB]&lt;br /&gt;
* [http://www.chipworks.com/en/technical-competitive-analysis/resources/blog/broadcom-wins-wifi-in-apple-watch/ BCM4334 Wi-Fi chip from Broadcom]&lt;br /&gt;
* NAND size: [http://www.macrumors.com/2015/03/10/apple-watch-storage-photos-music/ 8 GiB. 2 GBs are for songs. 75 MB for photos].&lt;br /&gt;
* Display: Retina.&lt;br /&gt;
* Screen: Sapphire crystal (Apple Watch/Apple Watch Edition)/Strengthened Ion-X glass (Apple Watch Sport)&lt;br /&gt;
* Compatibility: iOS 8.2 running on: [[iPhone 5]], [[iPhone 5c]], [[iPhone 5s]], [[n61ap|iPhone 6]], [[n56ap|iPhone 6 Plus]]&lt;br /&gt;
&lt;br /&gt;
== Operating System ==&lt;br /&gt;
The watch runs a slimmed down version of iOS 8.x. The user interface is managed by &amp;quot;Carousel&amp;quot; (instead of Springboard). Most frameworks are replaced with &amp;quot;Nano&amp;quot; equivalents.&lt;br /&gt;
&lt;br /&gt;
== Versions ==&lt;br /&gt;
* Apple Watch&lt;br /&gt;
* Apple Watch Sport&lt;br /&gt;
* Apple Watch Edition (the body is made from gold)&lt;br /&gt;
&lt;br /&gt;
== Third-party applications ==&lt;br /&gt;
Apple confirmed, that Watch will support third-party applications. The device will have an API called WatchKit.&lt;br /&gt;
&lt;br /&gt;
[[File:Watch_apps.jpg|thumb|Some Watch icons]]&lt;br /&gt;
[[File:PairWatch.jpg|thumb]]&lt;br /&gt;
&lt;br /&gt;
Currently announced third-party apps:&lt;br /&gt;
*Facebook&lt;br /&gt;
*Twitter (A07)&lt;br /&gt;
*City Mapper (E10)&lt;br /&gt;
*BMW&lt;br /&gt;
*HoneyWell (B07)&lt;br /&gt;
*Lutron (C07)&lt;br /&gt;
*Nike+&lt;br /&gt;
*American Airlines (B06)&lt;br /&gt;
*Starwood Hotels (C02)&lt;br /&gt;
*Major League Baseball (C10)&lt;br /&gt;
*PInterest (D07)&lt;br /&gt;
*Yahoo (D06)&lt;br /&gt;
*Comedy Central (A04)&lt;br /&gt;
&lt;br /&gt;
== Links ==&lt;br /&gt;
*http://www.apple.com/watch/&lt;/div&gt;</summary>
		<author><name>Rzhikharevich</name></author>
		
	</entry>
	<entry>
		<id>https://www.theiphonewiki.com/w/index.php?title=Apple_Watch_(1st_generation)&amp;diff=45272</id>
		<title>Apple Watch (1st generation)</title>
		<link rel="alternate" type="text/html" href="https://www.theiphonewiki.com/w/index.php?title=Apple_Watch_(1st_generation)&amp;diff=45272"/>
		<updated>2015-03-30T04:36:42Z</updated>

		<summary type="html">&lt;p&gt;Rzhikharevich: /* Third-party applications */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;[[File:Watch.jpg|right|thumb|Apple Watch]]&lt;br /&gt;
&lt;br /&gt;
== Summary ==&lt;br /&gt;
This is the Apple Watch introduced by Tim Cook at Apple's 'Wish we could say more.' event on the 9th September 2014.&lt;br /&gt;
&lt;br /&gt;
== Application Processor ==&lt;br /&gt;
This device uses the new Apple S1 processor, currently nothing is known about it.&lt;br /&gt;
&lt;br /&gt;
== Specifications ==&lt;br /&gt;
* RAM: [http://appleinsider.com/articles/14/09/22/rumor-apple-watch-to-feature-512mb-of-ram-4gb-of-storage 512MB]&lt;br /&gt;
* [http://www.chipworks.com/en/technical-competitive-analysis/resources/blog/broadcom-wins-wifi-in-apple-watch/ BCM4334 Wi-Fi chip from Broadcom]&lt;br /&gt;
* NAND size: 4GB/8GB. It's also possible, that more will be available.&lt;br /&gt;
* Display: Retina.&lt;br /&gt;
* Screen: Sapphire crystal (Apple Watch/Apple Watch Edition)/Strengthened Ion-X glass (Apple Watch Sport)&lt;br /&gt;
* Compatibility: iOS 8.2 running on: iPhone 5, iPhone 5C, iPhone 5S, iPhone 6, iPhone 6 Plus&lt;br /&gt;
&lt;br /&gt;
== Versions ==&lt;br /&gt;
* Apple Watch&lt;br /&gt;
* Apple Watch Sport&lt;br /&gt;
* Apple Watch Edition (the body is made from gold)&lt;br /&gt;
&lt;br /&gt;
== Third-party applications ==&lt;br /&gt;
Apple confirmed, that Watch will support third-party applications. The device will have an API called WatchKit.&lt;br /&gt;
&lt;br /&gt;
[[File:Watch_apps.jpg|right|thumb|Some Watch icons]]&lt;br /&gt;
[[File:PairWatch.jpg|right|thumb]]&lt;br /&gt;
&lt;br /&gt;
Currently announced third-party apps:&lt;br /&gt;
*Facebook&lt;br /&gt;
*Twitter (A07)&lt;br /&gt;
*City Mapper (E10)&lt;br /&gt;
*BMW&lt;br /&gt;
*HoneyWell (B07)&lt;br /&gt;
*Lutron (C07)&lt;br /&gt;
*Nike+&lt;br /&gt;
*American Airlines (B06)&lt;br /&gt;
*Starwood Hotels (C02)&lt;br /&gt;
*Major League Baseball (C10)&lt;br /&gt;
*PInterest (D07)&lt;br /&gt;
*Yahoo (D06)&lt;br /&gt;
*Comedy Central (A04)&lt;br /&gt;
&lt;br /&gt;
== Links ==&lt;br /&gt;
*http://www.apple.com/watch/&lt;/div&gt;</summary>
		<author><name>Rzhikharevich</name></author>
		
	</entry>
	<entry>
		<id>https://www.theiphonewiki.com/w/index.php?title=File:PairWatch.jpg&amp;diff=45271</id>
		<title>File:PairWatch.jpg</title>
		<link rel="alternate" type="text/html" href="https://www.theiphonewiki.com/w/index.php?title=File:PairWatch.jpg&amp;diff=45271"/>
		<updated>2015-03-30T04:35:17Z</updated>

		<summary type="html">&lt;p&gt;Rzhikharevich: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&lt;/div&gt;</summary>
		<author><name>Rzhikharevich</name></author>
		
	</entry>
	<entry>
		<id>https://www.theiphonewiki.com/w/index.php?title=IBoot_(Bootloader)&amp;diff=45270</id>
		<title>IBoot (Bootloader)</title>
		<link rel="alternate" type="text/html" href="https://www.theiphonewiki.com/w/index.php?title=IBoot_(Bootloader)&amp;diff=45270"/>
		<updated>2015-03-30T04:29:08Z</updated>

		<summary type="html">&lt;p&gt;Rzhikharevich: /* Revisions */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;{{lowercase}}&lt;br /&gt;
'''iBoot''' is Apple's stage 2 bootloader for all of the [[iDevice|devices]]. It runs what is known as [[Recovery Mode]]. It has an interactive interface which can be used over USB or serial.&lt;br /&gt;
&lt;br /&gt;
== [[Bootrom]] ==&lt;br /&gt;
The bootrom also goes by the name &amp;quot;iBoot.&amp;quot; The list of bootroms can be found on [[Bootrom|their own page]].&lt;br /&gt;
&lt;br /&gt;
== Extract and Disassemble ==&lt;br /&gt;
To extract the bootloader and disassemble using IDA, follow the following steps:&lt;br /&gt;
#obtain the bootloader from the iPSW. This file is in the &amp;lt;code&amp;gt;Firmware/all_flash&amp;lt;/code&amp;gt; subdir, e.g. &amp;lt;code&amp;gt;Firmware/all_flash/all_flash.n81ap.production/iBoot.n81ap.RELEASE.img3&amp;lt;/code&amp;gt;, where the &amp;quot;n81ap&amp;quot;, &amp;quot;k90&amp;quot;, etc.. are for the i-Device type&lt;br /&gt;
#run xpwntool with the proper key (from elsewhere in this Wiki)&lt;br /&gt;
#Make sure the decryption was successful - if it is, you should see:&lt;br /&gt;
 &amp;quot;iBoot for ...., Copyright 2011, Apple Inc.&amp;quot;&lt;br /&gt;
if you cat (i.e. type) the file.&lt;br /&gt;
&amp;lt;ol&amp;gt;&amp;lt;li value=&amp;quot;4&amp;quot;&amp;gt;remove the img3 header - the good stuff starts at offset 0x40 (i.e. 64) - using dd (skip=1 bs=64) or some other tool&amp;lt;/li&amp;gt;&lt;br /&gt;
&amp;lt;li&amp;gt;Load in IDA. Set processor to ARM. Rebase program (Edit&amp;amp;#8594;Segments&amp;amp;#8594;Rebase Program) to 0x5FF00000 (for iBoot in iOS 5). You should see something like:&amp;lt;/li&amp;gt;&amp;lt;/ol&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
ROM:5FF00000 loc_5FF00000                            ; CODE XREF: ROM:5FF00078�j&lt;br /&gt;
ROM:5FF00000                 B       loc_5FF00040        ; Used for Reset - This is where we start&lt;br /&gt;
ROM:5FF00004 ; ---------------------------------------------------------------------------&lt;br /&gt;
ROM:5FF00004                 LDR     PC, =sub_5FF16FB4   ; Used for Undef&lt;br /&gt;
ROM:5FF00008 ; ---------------------------------------------------------------------------&lt;br /&gt;
ROM:5FF00008                 LDR     PC, =sub_5FF16FEC   ; Used for SWI&lt;br /&gt;
ROM:5FF0000C ; ---------------------------------------------------------------------------&lt;br /&gt;
ROM:5FF0000C                 LDR     PC, =sub_5FF17024   ; Used for Prefabt&lt;br /&gt;
ROM:5FF00010 ; ---------------------------------------------------------------------------&lt;br /&gt;
ROM:5FF00010                 LDR     PC, =sub_5FF17060   ; Used for DataAbt&lt;br /&gt;
ROM:5FF00014 ; ---------------------------------------------------------------------------&lt;br /&gt;
ROM:5FF00014                 LDR     PC, =loc_5FF17098   ; Used for AddrExc &lt;br /&gt;
ROM:5FF00018 ; ---------------------------------------------------------------------------&lt;br /&gt;
ROM:5FF00018                 LDR     PC, =loc_5FF16F24   ; Used for IRQ&lt;br /&gt;
ROM:5FF0001C ; ---------------------------------------------------------------------------&lt;br /&gt;
ROM:5FF0001C                 LDR     PC, =sub_5FF16F6C   ; Probably FIQ, need to verify this&lt;br /&gt;
ROM:5FF00020 ; ---------------------------------------------------------------------------&lt;br /&gt;
ROM:5FF00020                 SVCPL   0xF00040&lt;br /&gt;
ROM:5FF00020 ; ---------------------------------------------------------------------------&lt;br /&gt;
ROM:5FF00024 off_5FF00024    DCD sub_5FF16FB4        ; DATA XREF: ROM:5FF00004�r&lt;br /&gt;
ROM:5FF00028 off_5FF00028    DCD sub_5FF16FEC        ; DATA XREF: ROM:5FF00008�r&lt;br /&gt;
ROM:5FF0002C off_5FF0002C    DCD sub_5FF17024        ; DATA XREF: ROM:5FF0000C�r&lt;br /&gt;
ROM:5FF00030 off_5FF00030    DCD sub_5FF17060        ; DATA XREF: ROM:5FF00010�r&lt;br /&gt;
ROM:5FF00034 off_5FF00034    DCD loc_5FF17098        ; DATA XREF: ROM:5FF00014�r&lt;br /&gt;
ROM:5FF00038 off_5FF00038    DCD loc_5FF16F24        ; DATA XREF: ROM:5FF00018�r&lt;br /&gt;
ROM:5FF0003C off_5FF0003C    DCD sub_5FF16F6C        ; DATA XREF: ROM:5FF0001C�r&lt;br /&gt;
ROM:5FF00040 ; ---------------------------------------------------------------------------&lt;br /&gt;
ROM:5FF00040&lt;br /&gt;
ROM:5FF00040 loc_5FF00040                            ; CODE XREF: ROM:loc_5FF00000�j&lt;br /&gt;
ROM:5FF00040                 ADR     R0, loc_5FF00000   &amp;lt;-- The address we rebased to&lt;br /&gt;
ROM:5FF00044                 LDR     R1, =loc_5FF00000&lt;br /&gt;
ROM:5FF00048                 CMP     R0, R1&lt;br /&gt;
ROM:5FF0004C                 CMP     R0, R1&lt;br /&gt;
ROM:5FF00050                 BEQ     loc_5FF0007C&lt;br /&gt;
...&lt;br /&gt;
...&lt;br /&gt;
ROM:5FF000E8 loc_5FF000E8                            ; CODE XREF: ROM:5FF000F0�j&lt;br /&gt;
ROM:5FF000E8                 CMP     R0, R1&lt;br /&gt;
ROM:5FF000EC                 STRLT   R2, [R0],#4&lt;br /&gt;
ROM:5FF000F0                 BLT     loc_5FF000E8&lt;br /&gt;
ROM:5FF000F4                 LDR     R0, =(_ibootStart+1)&lt;br /&gt;
ROM:5FF000F8                 MOV     LR, PC&lt;br /&gt;
ROM:5FF000FC                 BX      R0 ; _ibootStart&lt;br /&gt;
ROM:5FF00100&lt;br /&gt;
ROM:5FF00100 loc_5FF00100                            ; CODE XREF: ROM:loc_5FF00100�j&lt;br /&gt;
ROM:5FF00100                 B       loc_5FF00100&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Where iBootStart (not the official Apple Symbol, of course) can be seen at: &lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
ROM:5FF00BA4 _ibootStart                             ; CODE XREF: ROM:5FF000FC�p&lt;br /&gt;
ROM:5FF00BA4                                         ; DATA XREF: ROM:5FF000F4�o ...&lt;br /&gt;
ROM:5FF00BA4                 PUSH    {R7,LR}&lt;br /&gt;
ROM:5FF00BA6                 MOV     R7, SP&lt;br /&gt;
ROM:5FF00BA8                 LDR     R0, =aIbootStart ; &amp;quot;\niBoot start\n&amp;quot;&lt;br /&gt;
ROM:5FF00BAA                 BL      loc_5FF233C4&lt;br /&gt;
ROM:5FF00BAE                 MOVS    R0, #0&lt;br /&gt;
ROM:5FF00BB0                 BL      loc_5FF16E54&lt;br /&gt;
ROM:5FF00BB4                 BL      loc_5FF1570C&lt;br /&gt;
ROM:5FF00BB8                 BL      loc_5FF143A8&lt;br /&gt;
ROM:5FF00BBC                 BL      unk_5FF15264&lt;br /&gt;
ROM:5FF00BC0                 LDR     R0, =aMain      ; &amp;quot;main&amp;quot;&lt;br /&gt;
..&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Flow of iBoot (1219 - 5.0.x) ==&lt;br /&gt;
iBoot is quite a complicated binary, which spawns several ARM tasks to enable the boot process:&lt;br /&gt;
&lt;br /&gt;
 - iBootStart (disassembly started above) - starts main (5FF00BCA) - which calls the main function at 5FF00C14&lt;br /&gt;
 - main: Does the good stuff (loading the kernel, etc)&lt;br /&gt;
    starts the poweroff task (5FF00EF2) - calls  (sub_5FF00FD0+1)&lt;br /&gt;
    In recovery mode (failed boot): &lt;br /&gt;
            starts command (5FF00F0A) - calls 5FF15928&lt;br /&gt;
            starts idleoff (5FF99F2E) - calls 5FF01060&lt;br /&gt;
&lt;br /&gt;
== Revisions ==&lt;br /&gt;
 [[iBoot-99]]              1.0b    (Build 1A420) [Unreleased]&lt;br /&gt;
 [[iBoot-159]]             1.0     (Build 1A543a)&lt;br /&gt;
                       1.0.1   (Build 1C25)&lt;br /&gt;
                       1.0.2   (Build 1C28)&lt;br /&gt;
 [[iBoot-204]]             1.1     (Build 3A100)&lt;br /&gt;
                       1.1     (Build 3A101)&lt;br /&gt;
                       1.1.1   (Build 3A109a)&lt;br /&gt;
 [[iBoot-204.0.2]]         1.1.1   (Build 3A110a)&lt;br /&gt;
 [[iBoot-204.2.9]]         1.1.2   (Build 3B48b)&lt;br /&gt;
 [[iBoot-204.3.14]]        1.1.3   (Build 4A93)&lt;br /&gt;
                       1.1.4   (Build 4A102)&lt;br /&gt;
 [[iBoot-204.3.16]]        1.1.5   (Build 4B1)&lt;br /&gt;
 ?                     1.2b    (Build 5A147p)&lt;br /&gt;
 ?                     2.0b2   (Build 5A225c)&lt;br /&gt;
 ?                     2.0b3   (Build 5A240d)&lt;br /&gt;
 ?                     2.0b4   (Build 5A258f)&lt;br /&gt;
 ?                     2.0b5   (Build 5A274d)&lt;br /&gt;
 ?                     2.0b6P  (Build 5A292g)&lt;br /&gt;
 ?                     2.0b6F  (Build 5A308)&lt;br /&gt;
 ?                     2.0b7   (Build 5A331)&lt;br /&gt;
 ?                     2.0b8[[Golden Master|GM]] (Build 5A345)&lt;br /&gt;
 [[iBoot-320.20]]          2.0     (Build 5A347)&lt;br /&gt;
                       2.0.1   (Build 5B108)&lt;br /&gt;
                       2.0.2   (Build 5C1)&lt;br /&gt;
 ?                     2.1b    (Build 5F90)&lt;br /&gt;
 [[iBoot-385.22]]          2.1     (Build 5F137)&lt;br /&gt;
                       2.1.1   (Build 5F138)&lt;br /&gt;
 ?                     2.2b    (Build 5G29)&lt;br /&gt;
 [[iBoot-385.49]]          2.2     (Build 5G77)&lt;br /&gt;
                       2.2     (Build 5G77a)&lt;br /&gt;
                       2.2.1   (Build 5H11)&lt;br /&gt;
                       2.2.1   (Build 5H11a)&lt;br /&gt;
 ?                     3.0b    (Build 7A238j)&amp;lt;!-- 3.0b and below need &amp;quot;~##&amp;quot;, but there is no &amp;quot;BuildManifest.plist&amp;quot;, &amp;quot;BuildSubmission.plist&amp;quot;, or &amp;quot;BuildManifesto.plist&amp;quot; in the IPSW... --&amp;gt;&lt;br /&gt;
 [[iBoot-594.2~1]]         3.0b2   (Build 7A259g)&lt;br /&gt;
 [[iBoot-596.6~3]]         3.0b3   (Build 7A280f)&lt;br /&gt;
 [[iBoot-596.16~2]]        3.0b4   (Build 7A300g)&lt;br /&gt;
 [[iBoot-596.20~1]]        3.0b5   (Build 7A312g)&lt;br /&gt;
 [[iBoot-596.24~1]]        3.0     (Build 7A341)&lt;br /&gt;
                       3.0.1   (Build 7A400)&lt;br /&gt;
 [[iBoot-636.26~2]]        3.1b    (Build 7C97d)&lt;br /&gt;
 iBoot-636.??~?        3.1b2   (Build 7C106c)&lt;br /&gt;
 [[iBoot-636.47~1]]        3.1b3   (Build 7C116a)&lt;br /&gt;
 [[iBoot-636.65~2]]        3.1     (Build 7C144)&lt;br /&gt;
 [[iBoot-636.66~1]]        3.1.1   (Build 7C145)&lt;br /&gt;
                       3.1.1   (Build 7C146)&lt;br /&gt;
 [[iBoot-636.66~5]]        3.1.2   (Build 7D11)&lt;br /&gt;
 [[iBoot-636.66.33~4]]     3.1.3   (Build 7E18)&lt;br /&gt;
 [[iBoot-817.28~18]]       3.2     (Build 7B367)&lt;br /&gt;
 [[iBoot-817.29~2]]        3.2.1   (Build 7B405)&lt;br /&gt;
                       3.2.2   (Build 7B500)&lt;br /&gt;
 [[iBoot-822.2.1]]         development build for [[n90ap]] dated 2009.&lt;br /&gt;
 [[iBoot-872~12]]          4.0b    (Build 8A230m)&lt;br /&gt;
 [[iBoot-889.3~2]]         4.0b2   (Build 8A248c)&lt;br /&gt;
 [[iBoot-889.12~2]]        4.0b3   (Build 8A260b)&lt;br /&gt;
 [[iBoot-889.19~1]]        4.0b4   (Build 8A274b)&lt;br /&gt;
 [[iBoot-889.24~4]]        4.0[[Golden Master|GM]]   (Build 8A293)&lt;br /&gt;
                       4.0     (Build 8A293)&lt;br /&gt;
                       4.0.1   (Build 8A306)&lt;br /&gt;
                       4.0.2   (Build 8A400)&lt;br /&gt;
 [[iBoot-931.18.1~1]]      4.1b    (Build 8B5080c)&lt;br /&gt;
 [[iBoot-931.18.15~2]]     4.1b2   (Build 8B5091b)&lt;br /&gt;
 [[iBoot-931.18.27~1]]     4.1     (Build 8B117)&lt;br /&gt;
                       4.1     (Build 8B118)&lt;br /&gt;
 [[iBoot-931.67~2]]        4.2b    (Build 8C5091e)&lt;br /&gt;
 [[iBoot-931.71.80~1]]     4.2b2   (Build 8C5101c)&lt;br /&gt;
 [[iBoot-931.71.13~3]]     4.2b3   (Build 8C5115c)&lt;br /&gt;
 [[iBoot-931.71.16~9]]     4.2[[Golden Master|GM]]   (Build 8C134)&lt;br /&gt;
                       4.2[[Golden Master|GM]]   (Build 8C134b)&lt;br /&gt;
                       4.2.1[[Golden Master|GM]] (Build 8C148)&lt;br /&gt;
                       4.2.1   (Build 8C148)&lt;br /&gt;
                       4.2.1   (Build 8C148a)&lt;br /&gt;
 [[iBoot-931.72.14~6]]     4.2.5   (Build 8E128)&lt;br /&gt;
                       4.2.6   (Build 8E200)&lt;br /&gt;
                       4.2.7   (Build 8E303)&lt;br /&gt;
                       4.2.8   (Build 8E401)&lt;br /&gt;
 [[iBoot-931.72.14~10]]    4.2.9   (Build 8E501)&lt;br /&gt;
                       4.2.10  (Build 8E600)&lt;br /&gt;
 [[iBoot-1072.33~1]]       4.3b    (Build 8F5148b)&lt;br /&gt;
 [[iBoot-1072.38~2]]       4.3b2   (Build 8F5153d)&lt;br /&gt;
 [[iBoot-1072.49~2]]       4.3b3   (Build 8F5166b)&lt;br /&gt;
 [[iBoot-1072.58~4]]       4.3[[Golden Master|GM]]   (Build 8F190)&lt;br /&gt;
                       4.3     (Build 8F190)&lt;br /&gt;
 [[iBoot-1072.59~2]]       4.3     (Build 8F191)&lt;br /&gt;
                       4.3.1   (Build 8G4)&lt;br /&gt;
 [[iBoot-1072.61~2]]       4.3.2   (Build 8H7)&lt;br /&gt;
                       4.3.2   (Build 8H8)&lt;br /&gt;
                       4.3.3   (Build 8J2)&lt;br /&gt;
                       4.3.3   (Build 8J3)&lt;br /&gt;
 [[iBoot-1072.61~6]]       4.3.4   (Build 8K2)&lt;br /&gt;
                       4.3.5   (Build 8L1)&lt;br /&gt;
 [[iBoot-1219.35.80~1]]    5.0b    (Build 9A5220p)&lt;br /&gt;
 [[iBoot-1219.40.25~4]]    5.0b2   (Build 9A5248d)&lt;br /&gt;
 [[iBoot-1219.41.11~1]]    5.0b3   (Build 9A5259f)&lt;br /&gt;
 [[iBoot-1219.42.8~1]]     5.0b4   (Build 9A5274d)&lt;br /&gt;
 [[iBoot-1219.43.9~3]]     5.0b5   (Build 9A5288d)&lt;br /&gt;
 [[iBoot-1219.43.18~3]]    5.0b6   (Build 9A5302b)&lt;br /&gt;
 [[iBoot-1219.43.27~1]]    5.0b7   (Build 9A5313e)&lt;br /&gt;
 [[iBoot-1219.43.32~15]]   5.0[[Golden Master|GM]]   (Build 9A332) [Unreleased]&lt;br /&gt;
                       5.0[[Golden Master|GM]]   (Build 9A334)&lt;br /&gt;
                       5.0     (Build 9A334)&lt;br /&gt;
 [[iBoot-1219.43.32~27]]   5.0.1b1 (Build 9A402)&lt;br /&gt;
 [[iBoot-1219.43.32~29]]   5.0.1b2 (Build 9A404)&lt;br /&gt;
                       5.0.1   (Build 9A405)&lt;br /&gt;
                       5.0.1   (Build 9A406)&lt;br /&gt;
 [[iBoot-1219.61.19~6]]    5.1b    (Build 9B5117b)&lt;br /&gt;
 [[iBoot-1219.62.1~2]]     5.1b2   (Build 9B5127c)&lt;br /&gt;
 [[iBoot-1219.62.8~5]]     5.1b3   (Build 9B5141a)&lt;br /&gt;
 [[iBoot-1219.62.15]]      5.1     (Build 9B176)&lt;br /&gt;
 [[iBoot-1219.62.15~2]]    5.1     (Build 9B179b)&lt;br /&gt;
                       5.1.1   (Build 9B206)&lt;br /&gt;
 [[iBoot-1537.1.60~15]]    6.0b    (Build 10A5316k)&lt;br /&gt;
 [[iBoot-1537.2.11~5]]     6.0b2   (Build 10A5338d)&lt;br /&gt;
 [[iBoot-1537.2.81~1]]     6.0b3   (Build 10A5355d)&lt;br /&gt;
 [[iBoot-1537.2.41~2]]     6.0b4   (Build 10A5376e)&amp;lt;!-- What the? --&amp;gt;&lt;br /&gt;
 [[iBoot-1537.4.18~2]]     6.0[[Golden Master|GM]]   (Build 10A403)&lt;br /&gt;
                       6.0     (Build 10A403)&lt;br /&gt;
 [[iBoot-1537.4.19~1]]     6.0     (Build 10A405)&lt;br /&gt;
                       6.0     (Build 10A406)&lt;br /&gt;
 [[iBoot-1537.4.20~1]]     6.0     (Build 10A407)&lt;br /&gt;
 [[iBoot-1537.4.21~3]]     6.0.1   (Build 10A523)&lt;br /&gt;
                       6.0.1   (Build 10A525)&lt;br /&gt;
 [[iBoot-1537.4.21~2]]     6.0.1   (Build 10A8426)&lt;br /&gt;
                       6.0.2   (Build 10A8500)&lt;br /&gt;
 [[iBoot-1537.4.21~3]]     6.0.2   (Build 10A550)&lt;br /&gt;
                       6.0.2   (Build 10A551)&lt;br /&gt;
 [[iBoot-1537.9.40~3]]     6.1b    (Build 10B5095f)&lt;br /&gt;
 [[iBoot-1537.9.46~8]]     6.1b2   (Build 10B5105c)&lt;br /&gt;
                       6.1b3   (Build 10B5117b)&lt;br /&gt;
                       6.1b4   (Build 10B5126b)&lt;br /&gt;
 [[iBoot-1537.9.55~4]]     6.1b5   (Build 10B141)&lt;br /&gt;
                       6.1b5   (Build 10B142)&lt;br /&gt;
                       6.1b5   (Build 10B143)&lt;br /&gt;
                       6.1b5   (Build 10B144)&lt;br /&gt;
                       6.1     (Build 10B141)&lt;br /&gt;
                       6.1     (Build 10B142)&lt;br /&gt;
                       6.1     (Build 10B143)&lt;br /&gt;
                       6.1     (Build 10B144)&lt;br /&gt;
                       6.1.1b  (Build 10B311)&lt;br /&gt;
                       6.1.1   (Build 10B145)&lt;br /&gt;
                       6.1.2   (Build 10B146)&lt;br /&gt;
                       6.1.2   (Build 10B147)&lt;br /&gt;
 [[iBoot-1537.9.55~11]]    6.1.3b2 (Build 10B318)&lt;br /&gt;
                       6.1.3b2 (Build 10B318a)&lt;br /&gt;
                       6.1.3   (Build 10B329)&lt;br /&gt;
                       6.1.4   (Build 10B350)&lt;br /&gt;
                       6.1.5   (Build 10B400)&lt;br /&gt;
                       6.1.6   (Build 10B500)&lt;br /&gt;
 [[iBoot-1940.1.8~44]]     7.0b    (Build 11A4372q)&lt;br /&gt;
 [[iBoot-1940.1.35~9]]     7.0b2   (Build 11A4400f)&lt;br /&gt;
 [[iBoot-1940.1.46.1.1~1]] 7.0b3   (Build 11A4414e)&lt;br /&gt;
 [[iBoot-1940.1.66~9]]     7.0b4   (Build 11A4435d)&lt;br /&gt;
 [[iBoot-1940.1.75~3]]     7.0b5   (Build 11A4449a)&lt;br /&gt;
                       7.0b6   (Build 11A4449d)         &lt;br /&gt;
 [[iBoot-1940.1.75~20]]    7.0[[Golden Master|GM]]   (Build 11A465)&lt;br /&gt;
                       7.0     (Build 11A465) &lt;br /&gt;
 [[iBoot-1940.1.75~93]]    7.0.1   (Build 11A470a) &lt;br /&gt;
                       7.0.2   (Build 11A501)&lt;br /&gt;
 [[iBoot-1940.3.5~1]]      7.0.3   (Build 11B511)&lt;br /&gt;
                       7.0.4   (Build 11B554a)&lt;br /&gt;
                       7.0.5   (Build 11B601)&lt;br /&gt;
                       7.0.6   (Build 11B651)&lt;br /&gt;
 [[iBoot-1940.10.51~3]]    7.1b    (Build 11D5099e)&lt;br /&gt;
 [[iBoot-1940.10.57~8]]    7.1b2   (Build 11D5115d)&lt;br /&gt;
 [[iBoot-1940.10.58~11]]   7.1b3   (Build 11D5127c)&lt;br /&gt;
 [[iBoot-1940.10.58~32]]   7.1b4   (Build 11D5134c)&lt;br /&gt;
 [[iBoot-1940.10.58~70]]   7.1b5   (Build 11D5145e)&lt;br /&gt;
 [[iBoot-1940.10.58~115]]  7.1     (Build 11D167)&lt;br /&gt;
                       7.1     (Build 11D169)&lt;br /&gt;
 [[iBoot-1940.10.58~122]]  7.1.1   (Build 11D201)&lt;br /&gt;
 [[iBoot-1940.10.58~132]]  7.1.2   (Build 11D257)&lt;br /&gt;
 [[iBoot-2261.1.6.0.1~45]] 8.0b    (Build 12A4265u)&lt;br /&gt;
 [[iBoot-2261.1.31~21]]    8.0b2   (Build 12A4297e)&lt;br /&gt;
 [[iBoot-2261.1.46~31]]    8.0b3   (Build 12A4318c)&lt;br /&gt;
 [[iBoot-2261.1.57~43]]    8.0b4   (Build 12A4331d)&lt;br /&gt;
 [[iBoot-2261.1.64~28]]    8.0b5   (Build 12A4345d)&lt;br /&gt;
 [[iBoot-2261.1.67~8]]     8.0[[Golden Master|GM]]   (Build 12A365)&lt;br /&gt;
                       8.0     (Build 12A365)&lt;br /&gt;
                       8.0     (Build 12A366)&lt;br /&gt;
 [[iBoot-2261.1.68~1]]     8.0.1   (Build 12A402) &lt;br /&gt;
                       8.0.2   (Build 12A405)&lt;br /&gt;
 [[iBoot-2261.3.31~3]]     8.1b    (Build 12B401) &lt;br /&gt;
 [[iBoot-2261.3.31~9]]     8.1b2   (Build 12B407)&lt;br /&gt;
 [[iBoot-2261.3.32~2]]     8.1     (Build 12B410)&lt;br /&gt;
                       8.1     (Build 12B411)&lt;br /&gt;
 [[iBoot-2261.3.33~13]]    8.1.1b  (Build 12B432)&lt;br /&gt;
 [[iBoot-2261.3.33~14]]    8.1.1   (Build 12B435)&lt;br /&gt;
                       8.1.1   (Build 12B436)&lt;br /&gt;
                       8.1.2   (Build 12B440)&lt;br /&gt;
 [[iBoot-2261.3.33~39]]    8.1.3   (Build 12B446)&lt;br /&gt;
 [[iBoot-2261.5.34~3]]     8.2b    (Build 12D436)&lt;br /&gt;
 [[iBoot-2261.5.41~10]]    8.2b2   (Build 12D445d)&lt;br /&gt;
 [[iBoot-2261.5.47~1]]     8.2b3   (Build 12D5452a)&lt;br /&gt;
 [[iBoot-2261.5.54~3]]     8.2b4   (Build 12D5461b)&lt;br /&gt;
 [[iBoot-2261.5.58~25]]    8.2b5   (Build 12D5480a)&lt;br /&gt;
 [[iBoot-2261.5.64~15]]    8.2     (Build 12D508)&lt;br /&gt;
 iBoot-2261.??.??~??   8.3b    (Build 12F5027d)&lt;br /&gt;
 iBoot-2261.??.??~??   8.3b2   (Build 12F5037c)&lt;br /&gt;
 [[iBoot-2261.20.19~16]]   8.3b3   (Build 12F5047f)&lt;br /&gt;
 [[iBoot-2261.20.20~9]]    8.3b4   (Build 12F5061)&lt;br /&gt;
&lt;br /&gt;
=== [[Apple TV]] ===&lt;br /&gt;
 [[iBoot-931.44.21~1]]    4.0     4.1     (Build 8M89)&lt;br /&gt;
 [[iBoot-931.71.16~9]]    4.1     4.2     (Build 8C150)&lt;br /&gt;
                      4.1.1   4.2.1   (Build 8C154)&lt;br /&gt;
 [[iBoot-1072.33~1]]      4.2b    4.3b    (Build 8F5148b)&lt;br /&gt;
 [[iBoot-1072.38~2]]      4.2b2   4.3b2   (Build 8F5153d)&lt;br /&gt;
 [[iBoot-1072.49~2]]      4.2b3   4.3b3   (Build 8F5166b)&lt;br /&gt;
 [[iBoot-1072.59~2]]      4.2     4.3     (Build 8F191m)&lt;br /&gt;
                      4.2.1   4.3     (Build 8F202)&lt;br /&gt;
                      4.2.2   4.3     (Build 8F305)&lt;br /&gt;
                      4.3     4.3     (Build 8F455)&lt;br /&gt;
 [[iBoot-1219.35.80~1]]   4.4b    5.0b    (Build 9A5220p)&lt;br /&gt;
 [[iBoot-1219.40.25~4]]   4.4b2   5.0b2   (Build 9A5248d)&lt;br /&gt;
 [[iBoot-1219.41.11~1]]   4.4b3   5.0b3   (Build 9A5259f)&lt;br /&gt;
 [[iBoot-1219.43.9~3]]    4.4b5   5.0b5   (Build 9A5288d)&lt;br /&gt;
 [[iBoot-1219.43.18~3]]   4.4b6   5.0b6   (Build 9A5302b)&lt;br /&gt;
 [[iBoot-1219.43.27~1]]   4.4b7   5.0b7   (Build 9A5313e)&lt;br /&gt;
 [[iBoot-1219.43.32~21]]  4.4     5.0     (Build 9A334v)&lt;br /&gt;
 [[iBoot-1219.43.32~22]]  4.4.1   5.0     (Build 9A335a)&lt;br /&gt;
                      4.4.2   5.0     (Build 9A336a)&lt;br /&gt;
 [[iBoot-1219.43.32~29]]  4.4.3   5.0.1   (Build 9A405l)&lt;br /&gt;
                      4.4.4   5.0.1   (Build 9A406a)&lt;br /&gt;
 [[iBoot-1219.62.1~2]]    5.0b2   5.1b2   (Build 9B5127c)&lt;br /&gt;
 [[iBoot-1219.62.8~5]]    5.0b3   5.1b3   (Build 9B5141a)&lt;br /&gt;
 [[iBoot-1219.62.15~2]]   5.0     5.1     (Build 9B179b)&lt;br /&gt;
 [[iBoot-1537.1.60~15]]   5.1b    6.0b    (Build 10A5316k)&lt;br /&gt;
 [[iBoot-1537.2.11~5]]    5.1b2   6.0b2   (Build 10A5338d)&lt;br /&gt;
 [[iBoot-1537.2.81~1]]    5.1b3   6.0b3   (Build 10A5355d)&lt;br /&gt;
 [[iBoot-1537.2.41~2]]    5.1b4   6.0b4   (Build 10A5376e)&amp;lt;!-- What the? --&amp;gt;&lt;br /&gt;
 [[iBoot-1537.4.19~1]]    5.1     6.0     (Build 10A406e)&lt;br /&gt;
 [[iBoot-1537.4.21~3]]    5.1.1   6.0.1   (Build 10A831)&lt;br /&gt;
 [[iBoot-1537.9.40~3]]    5.2b    6.1b    (Build 10B5095f)&lt;br /&gt;
 [[iBoot-1537.9.46~8]]    5.2b2   6.1b2   (Build 10B5105c)&lt;br /&gt;
                      5.2b3   6.1b3   (Build 10B5117d)&lt;br /&gt;
                      5.2b4   6.1b4   (Build 10B5126d)&lt;br /&gt;
 [[iBoot-1537.9.55~4]]    5.2     6.1     (Build 10B144b)&lt;br /&gt;
 [[iBoot-1537.9.55~11]]   5.2.1   6.1.3   (Build 10B329a)&lt;br /&gt;
 [[iBoot-1537.9.55~11]]   5.3     6.1.4   (Build 10B809)&lt;br /&gt;
 [[iBoot-1940.1.8~44]]    5.4b    7.0b    (Build 11A4372q)&lt;br /&gt;
 [[iBoot-1940.1.35~9]]    5.4b2   7.0b2   (Build 11A4400f)&lt;br /&gt;
 [[iBoot-1940.1.66~9]]    6.0b3   7.0b4   (Build 11A4435d)&lt;br /&gt;
 [[iBoot-1940.1.75~3]]    6.0b4   7.0b5   (Build 11A4449a)&lt;br /&gt;
 [[iBoot-1940.1.75~93]]   6.0     7.0.1   (Build 11A470e)&lt;br /&gt;
                      6.0     7.0.2   (Build 11A502)&lt;br /&gt;
 [[iBoot-1940.3.5~1]]     6.0.1   7.0.3   (Build 11B511d)&lt;br /&gt;
                      6.0.2   7.0.4   (Build 11B554a)&lt;br /&gt;
 [[iBoot-1940.10.51~3]]   6.1b    7.1b    (Build 11D5099e)&lt;br /&gt;
 [[iBoot-1940.10.57~8]]   6.1b2   7.1b2   (Build 11D5115d)&lt;br /&gt;
 [[iBoot-1940.10.58~11]]  6.1b3   7.1b3   (Build 11D5127c)&lt;br /&gt;
 [[iBoot-1940.10.58~32]]  6.1b4   7.1b4   (Build 11D5134c)&lt;br /&gt;
 [[iBoot-1940.10.58~70]]  6.1b5   7.1b5   (Build 11D5145e)&lt;br /&gt;
 [[iBoot-1940.10.58~115]] 6.1     7.1     (Build 11D167)&lt;br /&gt;
 [[iBoot-1940.10.58~122]] 6.1.1   7.1.1   (Build 11D201c)&lt;br /&gt;
 [[iBoot-1940.10.58~132]] 6.2     7.1.2   (Build 11D257c)&lt;br /&gt;
                      6.2.1   7.1.2    (Build 12A365b)&lt;br /&gt;
 [[iBoot-2261.1.31~21]]   7.0b    8.0b    (Build 12A4297e)&lt;br /&gt;
 [[iBoot-2261.1.46~31]]   7.0b2   8.0b3   (Build 12A4318c)&lt;br /&gt;
 [[iBoot-2261.1.57~43]]   7.0b3   8.0b4   (Build 12A4331d)&lt;br /&gt;
 [[iBoot-2261.1.64~28]]   7.0b4   8.0b5   (Build 12A4345d)&lt;br /&gt;
 [[iBoot-2261.1.67~8]]    7.0[[Golden Master|GM]]   8.0[[Golden Master|GM]]   (Build 12A365b)&lt;br /&gt;
                      7.0     8.0     (Build 12A365b)&lt;br /&gt;
 [[iBoot-2261.3.31~3]]    7.0.1b  8.1b    (Build 12B401)&lt;br /&gt;
 [[iBoot-2261.3.31~9]]    7.0.1b2 8.1b2   (Build 12B407)&lt;br /&gt;
 [[iBoot-2261.3.32~2]]    7.0.1   8.1     (Build 12B410a)&lt;br /&gt;
 [[iBoot-2261.3.33~13]]   7.0.2b  8.1.1b  (Build 12B432)&lt;br /&gt;
 [[iBoot-2261.3.33~14]]   7.0.2   8.1.1   (Build 12B435)&lt;br /&gt;
 [[iBoot-2261.3.33~39]]   7.0.3   8.1.3   (Build 12B446)&lt;br /&gt;
 iBoot-2261.?.??~??   7.1b    8.2b5   (Build 12D5480a)&lt;br /&gt;
 [[iBoot-2261.5.64~15]]   7.1     8.2     (Build 12D508)&lt;br /&gt;
 iBoot-2261.?.??~??   7.1b2   8.3b2   (Build 12F5037c)&lt;br /&gt;
 [[iBoot-2261.20.20~9]]   7.1b3   8.3b4   (Build 12F5061)&lt;br /&gt;
&lt;br /&gt;
=== [[Haywire]] ===&lt;br /&gt;
 [[iBoot-1537.9.55~3]]   1.0.0   (Build 10B7129)&lt;br /&gt;
&lt;br /&gt;
== [[Exploits]] ==&lt;br /&gt;
On 1st February, 2014, iH8sn0w found a very powerful iBoot exploit that allows any iDevice with an [[S5L8940|A5]] or [[S5L8945|A5X]] chip to be jailbroken, regardless of the iOS version. He used it mainly to grab AES [[Firmware Keys|decryption keys]]. However, according to [https://twitter.com/winocm/status/429704672211763200 this tweet from winocm], the exploit will never go public. Once he cleans it up a bit, the [[Firmware Keys|decryption keys]] will be available [http://www.icj.me/ios/keys here].&lt;br /&gt;
He mentioned [https://twitter.com/iH8sn0w/status/429838704077979648 here] that it will work on [[A6]] and [[A7]] chips soon, but it will require some minor modifications.&lt;br /&gt;
&lt;br /&gt;
== Commands used as an exploit vector ==&lt;br /&gt;
* '''diags''': Until 2.0 beta 6, the [[diags]] command would jump to code at the address provided to it. For example, if you sent &amp;quot;diags 0x9000000&amp;quot;, it would directly jump to the code at 0x9000000. There is now a check that only allows engineering devices to utilize this backdoor.&lt;br /&gt;
* '''arm7_go''': For firmware 2.1.1, the [[N72ap|iPod touch 2G]] iBoot contains the [[ARM7 Go]] command, which could be used to run a payload on the ARM7 in the device.&lt;br /&gt;
&lt;br /&gt;
== OpeniBoot ==&lt;br /&gt;
There is an open source version of iBoot designed so that custom kernels can be run on the iPhone/iPod/iPad. You can check out the source [http://github.com/iDroid-Project/OpeniBoot here]. It is VERY useful if you are ever reversing iBoot and do not feel like finding out what certain hardware registers are yourself.&lt;br /&gt;
OpeniBoot currently supports all S5l8900, S5l8720, S5l8920 and S5l8930 devices. More info can be found about OpeniBoot and Linux on these devices on the iDroid-Project [http://idroidproject.org website].&lt;br /&gt;
&lt;br /&gt;
== Remappings ==&lt;br /&gt;
 // n88 (3GS)&lt;br /&gt;
 0x4FF00000 =&amp;gt; 0x0&lt;br /&gt;
 0x40000000 =&amp;gt; 0xC0000000&lt;br /&gt;
&lt;br /&gt;
== See also ==&lt;br /&gt;
* [[iBoot (Enums)]]&lt;br /&gt;
* [http://www.youtube.com/watch?v=0NValNoW5Rc Unreleased Untethered iBoot Exploit]&lt;br /&gt;
&lt;br /&gt;
[[Category:iBoot]]&lt;/div&gt;</summary>
		<author><name>Rzhikharevich</name></author>
		
	</entry>
	<entry>
		<id>https://www.theiphonewiki.com/w/index.php?title=NOR_(SysCfg)&amp;diff=45249</id>
		<title>NOR (SysCfg)</title>
		<link rel="alternate" type="text/html" href="https://www.theiphonewiki.com/w/index.php?title=NOR_(SysCfg)&amp;diff=45249"/>
		<updated>2015-03-29T12:55:48Z</updated>

		<summary type="html">&lt;p&gt;Rzhikharevich: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;'''SysCfg''' is a section of the S5L [[NOR]] (or [[NAND]]) that stores vital information such as your device's model number and serial number.&lt;br /&gt;
&lt;br /&gt;
==Importance==&lt;br /&gt;
Although it is very important to have this, as [[iBoot]] needs to populate the [[DeviceTree]] with this information, it appears that some people have been able to overwrite their [[NOR]] with garbage and somehow got this data back after a restore. In the case of the [[N72ap|iPod touch 2G]], this section of [[NOR]] seems to be read-only by default.&lt;br /&gt;
&lt;br /&gt;
This varies by device - on other devices, if you alter SysCfg, the device may be [[bricked]].&lt;/div&gt;</summary>
		<author><name>Rzhikharevich</name></author>
		
	</entry>
	<entry>
		<id>https://www.theiphonewiki.com/w/index.php?title=I0n1c&amp;diff=45247</id>
		<title>I0n1c</title>
		<link rel="alternate" type="text/html" href="https://www.theiphonewiki.com/w/index.php?title=I0n1c&amp;diff=45247"/>
		<updated>2015-03-29T03:32:23Z</updated>

		<summary type="html">&lt;p&gt;Rzhikharevich: /* Presentations */ A new one.&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;{{lowercase}}&lt;br /&gt;
'''i0n1c''', whose real name is Stefan Esser, is a German security researcher. He developed [[Antid0te]], an [[wikipedia:Address space layout randomization|ASLR]] for jailbroken [[iPhone]]s in fall 2010, but never released it, because [[iOS]] since 4.3 includes an implementation of ASLR. He developed an untethering exploit for iOS 4.3. He gave a version of the exploit that worked on iOS 4.3.1 to the [[iPhone Dev Team]] which updated [[redsn0w]] and [[PwnageTool]] to use it and released the new tools on 4 April 2011. [[sn0wbreeze]] was also updated to include his untether. As the vulnerability went unpatched in iOS 4.3.2 and 4.3.3, he updated his code later to support those firmwares. An iOS 4.3-compatible version was never released. His exploit was used in [[Pangu]] jailbreak.&lt;br /&gt;
&lt;br /&gt;
===Presentations===&lt;br /&gt;
*[http://www.slideshare.net/i0n1c/syscan-2015-esserios678securityastudyinfail iOS 678 Security - A Study in Fail]&lt;br /&gt;
*[http://www.slideshare.net/i0n1c/ruxcon-2014-stefan-esser-ios8-containers-sandboxes-and-entitlements Ruxcon 2014 - iOS8 Containers, Sandboxes and Entitlements]&lt;br /&gt;
*[http://conference.hitb.org/hitbsecconf2011kul/materials/D2T1%20-%20Stefan%20Esser%20-%20iPhone%20Exploitation%20-%20One%20ROPe%20to%20Bind%20Them%20All.pdf HITB 2011 Malaysia: iPhone Exploitation - One ROPe to bind them all?]&lt;br /&gt;
*[http://antid0te.com/CSW2012_StefanEsser_iOS5_An_Exploitation_Nightmare_FINAL.pdf CanSecWest 2012: iOS5, an Exploitation Nightmare (PDF)]&lt;br /&gt;
*[https://media.blackhat.com/bh-us-11/Esser/BH_US_11_Esser_Exploiting_The_iOS_Kernel_Slides.pdf BlackHat US 2011: Exploiting the iOS Kernel (PDF)]&lt;br /&gt;
&lt;br /&gt;
===Links===&lt;br /&gt;
*[https://twitter.com/i0n1c i0n1c on Twitter]&lt;br /&gt;
*[http://www.suspekt.org Homepage]&lt;br /&gt;
*[https://github.com/stefanesser GitHub]&lt;br /&gt;
[[Category:Hackers]]&lt;br /&gt;
[[Category:Security Researcher]]&lt;/div&gt;</summary>
		<author><name>Rzhikharevich</name></author>
		
	</entry>
	<entry>
		<id>https://www.theiphonewiki.com/w/index.php?title=IBoot_(Bootloader)&amp;diff=45246</id>
		<title>IBoot (Bootloader)</title>
		<link rel="alternate" type="text/html" href="https://www.theiphonewiki.com/w/index.php?title=IBoot_(Bootloader)&amp;diff=45246"/>
		<updated>2015-03-29T01:42:43Z</updated>

		<summary type="html">&lt;p&gt;Rzhikharevich: /* Revisions */ Not sure, if this should be placed here.&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;{{lowercase}}&lt;br /&gt;
'''iBoot''' is Apple's stage 2 bootloader for all of the [[iDevice|devices]]. It runs what is known as [[Recovery Mode]]. It has an interactive interface which can be used over USB or serial.&lt;br /&gt;
&lt;br /&gt;
== [[Bootrom]] ==&lt;br /&gt;
The bootrom also goes by the name &amp;quot;iBoot.&amp;quot; The list of bootroms can be found on [[Bootrom|their own page]].&lt;br /&gt;
&lt;br /&gt;
== Extract and Disassemble ==&lt;br /&gt;
To extract the bootloader and disassemble using IDA, follow the following steps:&lt;br /&gt;
#obtain the bootloader from the iPSW. This file is in the &amp;lt;code&amp;gt;Firmware/all_flash&amp;lt;/code&amp;gt; subdir, e.g. &amp;lt;code&amp;gt;Firmware/all_flash/all_flash.n81ap.production/iBoot.n81ap.RELEASE.img3&amp;lt;/code&amp;gt;, where the &amp;quot;n81ap&amp;quot;, &amp;quot;k90&amp;quot;, etc.. are for the i-Device type&lt;br /&gt;
#run xpwntool with the proper key (from elsewhere in this Wiki)&lt;br /&gt;
#Make sure the decryption was successful - if it is, you should see:&lt;br /&gt;
 &amp;quot;iBoot for ...., Copyright 2011, Apple Inc.&amp;quot;&lt;br /&gt;
if you cat (i.e. type) the file.&lt;br /&gt;
&amp;lt;ol&amp;gt;&amp;lt;li value=&amp;quot;4&amp;quot;&amp;gt;remove the img3 header - the good stuff starts at offset 0x40 (i.e. 64) - using dd (skip=1 bs=64) or some other tool&amp;lt;/li&amp;gt;&lt;br /&gt;
&amp;lt;li&amp;gt;Load in IDA. Set processor to ARM. Rebase program (Edit&amp;amp;#8594;Segments&amp;amp;#8594;Rebase Program) to 0x5FF00000 (for iBoot in iOS 5). You should see something like:&amp;lt;/li&amp;gt;&amp;lt;/ol&amp;gt;&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
ROM:5FF00000 loc_5FF00000                            ; CODE XREF: ROM:5FF00078�j&lt;br /&gt;
ROM:5FF00000                 B       loc_5FF00040        ; Used for Reset - This is where we start&lt;br /&gt;
ROM:5FF00004 ; ---------------------------------------------------------------------------&lt;br /&gt;
ROM:5FF00004                 LDR     PC, =sub_5FF16FB4   ; Used for Undef&lt;br /&gt;
ROM:5FF00008 ; ---------------------------------------------------------------------------&lt;br /&gt;
ROM:5FF00008                 LDR     PC, =sub_5FF16FEC   ; Used for SWI&lt;br /&gt;
ROM:5FF0000C ; ---------------------------------------------------------------------------&lt;br /&gt;
ROM:5FF0000C                 LDR     PC, =sub_5FF17024   ; Used for Prefabt&lt;br /&gt;
ROM:5FF00010 ; ---------------------------------------------------------------------------&lt;br /&gt;
ROM:5FF00010                 LDR     PC, =sub_5FF17060   ; Used for DataAbt&lt;br /&gt;
ROM:5FF00014 ; ---------------------------------------------------------------------------&lt;br /&gt;
ROM:5FF00014                 LDR     PC, =loc_5FF17098   ; Used for AddrExc &lt;br /&gt;
ROM:5FF00018 ; ---------------------------------------------------------------------------&lt;br /&gt;
ROM:5FF00018                 LDR     PC, =loc_5FF16F24   ; Used for IRQ&lt;br /&gt;
ROM:5FF0001C ; ---------------------------------------------------------------------------&lt;br /&gt;
ROM:5FF0001C                 LDR     PC, =sub_5FF16F6C   ; Probably FIQ, need to verify this&lt;br /&gt;
ROM:5FF00020 ; ---------------------------------------------------------------------------&lt;br /&gt;
ROM:5FF00020                 SVCPL   0xF00040&lt;br /&gt;
ROM:5FF00020 ; ---------------------------------------------------------------------------&lt;br /&gt;
ROM:5FF00024 off_5FF00024    DCD sub_5FF16FB4        ; DATA XREF: ROM:5FF00004�r&lt;br /&gt;
ROM:5FF00028 off_5FF00028    DCD sub_5FF16FEC        ; DATA XREF: ROM:5FF00008�r&lt;br /&gt;
ROM:5FF0002C off_5FF0002C    DCD sub_5FF17024        ; DATA XREF: ROM:5FF0000C�r&lt;br /&gt;
ROM:5FF00030 off_5FF00030    DCD sub_5FF17060        ; DATA XREF: ROM:5FF00010�r&lt;br /&gt;
ROM:5FF00034 off_5FF00034    DCD loc_5FF17098        ; DATA XREF: ROM:5FF00014�r&lt;br /&gt;
ROM:5FF00038 off_5FF00038    DCD loc_5FF16F24        ; DATA XREF: ROM:5FF00018�r&lt;br /&gt;
ROM:5FF0003C off_5FF0003C    DCD sub_5FF16F6C        ; DATA XREF: ROM:5FF0001C�r&lt;br /&gt;
ROM:5FF00040 ; ---------------------------------------------------------------------------&lt;br /&gt;
ROM:5FF00040&lt;br /&gt;
ROM:5FF00040 loc_5FF00040                            ; CODE XREF: ROM:loc_5FF00000�j&lt;br /&gt;
ROM:5FF00040                 ADR     R0, loc_5FF00000   &amp;lt;-- The address we rebased to&lt;br /&gt;
ROM:5FF00044                 LDR     R1, =loc_5FF00000&lt;br /&gt;
ROM:5FF00048                 CMP     R0, R1&lt;br /&gt;
ROM:5FF0004C                 CMP     R0, R1&lt;br /&gt;
ROM:5FF00050                 BEQ     loc_5FF0007C&lt;br /&gt;
...&lt;br /&gt;
...&lt;br /&gt;
ROM:5FF000E8 loc_5FF000E8                            ; CODE XREF: ROM:5FF000F0�j&lt;br /&gt;
ROM:5FF000E8                 CMP     R0, R1&lt;br /&gt;
ROM:5FF000EC                 STRLT   R2, [R0],#4&lt;br /&gt;
ROM:5FF000F0                 BLT     loc_5FF000E8&lt;br /&gt;
ROM:5FF000F4                 LDR     R0, =(_ibootStart+1)&lt;br /&gt;
ROM:5FF000F8                 MOV     LR, PC&lt;br /&gt;
ROM:5FF000FC                 BX      R0 ; _ibootStart&lt;br /&gt;
ROM:5FF00100&lt;br /&gt;
ROM:5FF00100 loc_5FF00100                            ; CODE XREF: ROM:loc_5FF00100�j&lt;br /&gt;
ROM:5FF00100                 B       loc_5FF00100&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Where iBootStart (not the official Apple Symbol, of course) can be seen at: &lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
ROM:5FF00BA4 _ibootStart                             ; CODE XREF: ROM:5FF000FC�p&lt;br /&gt;
ROM:5FF00BA4                                         ; DATA XREF: ROM:5FF000F4�o ...&lt;br /&gt;
ROM:5FF00BA4                 PUSH    {R7,LR}&lt;br /&gt;
ROM:5FF00BA6                 MOV     R7, SP&lt;br /&gt;
ROM:5FF00BA8                 LDR     R0, =aIbootStart ; &amp;quot;\niBoot start\n&amp;quot;&lt;br /&gt;
ROM:5FF00BAA                 BL      loc_5FF233C4&lt;br /&gt;
ROM:5FF00BAE                 MOVS    R0, #0&lt;br /&gt;
ROM:5FF00BB0                 BL      loc_5FF16E54&lt;br /&gt;
ROM:5FF00BB4                 BL      loc_5FF1570C&lt;br /&gt;
ROM:5FF00BB8                 BL      loc_5FF143A8&lt;br /&gt;
ROM:5FF00BBC                 BL      unk_5FF15264&lt;br /&gt;
ROM:5FF00BC0                 LDR     R0, =aMain      ; &amp;quot;main&amp;quot;&lt;br /&gt;
..&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Flow of iBoot (1219 - 5.0.x) ==&lt;br /&gt;
iBoot is quite a complicated binary, which spawns several ARM tasks to enable the boot process:&lt;br /&gt;
&lt;br /&gt;
 - iBootStart (disassembly started above) - starts main (5FF00BCA) - which calls the main function at 5FF00C14&lt;br /&gt;
 - main: Does the good stuff (loading the kernel, etc)&lt;br /&gt;
    starts the poweroff task (5FF00EF2) - calls  (sub_5FF00FD0+1)&lt;br /&gt;
    In recovery mode (failed boot): &lt;br /&gt;
            starts command (5FF00F0A) - calls 5FF15928&lt;br /&gt;
            starts idleoff (5FF99F2E) - calls 5FF01060&lt;br /&gt;
&lt;br /&gt;
== Revisions ==&lt;br /&gt;
 [[iBoot-99]]              1.0b    (Build 1A420) [Unreleased]&lt;br /&gt;
 [[iBoot-159]]             1.0     (Build 1A543a)&lt;br /&gt;
                       1.0.1   (Build 1C25)&lt;br /&gt;
                       1.0.2   (Build 1C28)&lt;br /&gt;
 [[iBoot-204]]             1.1     (Build 3A100)&lt;br /&gt;
                       1.1     (Build 3A101)&lt;br /&gt;
                       1.1.1   (Build 3A109a)&lt;br /&gt;
 [[iBoot-204.0.2]]         1.1.1   (Build 3A110a)&lt;br /&gt;
 [[iBoot-204.2.9]]         1.1.2   (Build 3B48b)&lt;br /&gt;
 [[iBoot-204.3.14]]        1.1.3   (Build 4A93)&lt;br /&gt;
                       1.1.4   (Build 4A102)&lt;br /&gt;
 [[iBoot-204.3.16]]        1.1.5   (Build 4B1)&lt;br /&gt;
 ?                     1.2b    (Build 5A147p)&lt;br /&gt;
 ?                     2.0b2   (Build 5A225c)&lt;br /&gt;
 ?                     2.0b3   (Build 5A240d)&lt;br /&gt;
 ?                     2.0b4   (Build 5A258f)&lt;br /&gt;
 ?                     2.0b5   (Build 5A274d)&lt;br /&gt;
 ?                     2.0b6P  (Build 5A292g)&lt;br /&gt;
 ?                     2.0b6F  (Build 5A308)&lt;br /&gt;
 ?                     2.0b7   (Build 5A331)&lt;br /&gt;
 ?                     2.0b8[[Golden Master|GM]] (Build 5A345)&lt;br /&gt;
 [[iBoot-320.20]]          2.0     (Build 5A347)&lt;br /&gt;
                       2.0.1   (Build 5B108)&lt;br /&gt;
                       2.0.2   (Build 5C1)&lt;br /&gt;
 ?                     2.1b    (Build 5F90)&lt;br /&gt;
 [[iBoot-385.22]]          2.1     (Build 5F137)&lt;br /&gt;
                       2.1.1   (Build 5F138)&lt;br /&gt;
 ?                     2.2b    (Build 5G29)&lt;br /&gt;
 [[iBoot-385.49]]          2.2     (Build 5G77)&lt;br /&gt;
                       2.2     (Build 5G77a)&lt;br /&gt;
                       2.2.1   (Build 5H11)&lt;br /&gt;
                       2.2.1   (Build 5H11a)&lt;br /&gt;
 ?                     3.0b    (Build 7A238j)&amp;lt;!-- 3.0b and below need &amp;quot;~##&amp;quot;, but there is no &amp;quot;BuildManifest.plist&amp;quot;, &amp;quot;BuildSubmission.plist&amp;quot;, or &amp;quot;BuildManifesto.plist&amp;quot; in the IPSW... --&amp;gt;&lt;br /&gt;
 [[iBoot-594.2~1]]         3.0b2   (Build 7A259g)&lt;br /&gt;
 [[iBoot-596.6~3]]         3.0b3   (Build 7A280f)&lt;br /&gt;
 [[iBoot-596.16~2]]        3.0b4   (Build 7A300g)&lt;br /&gt;
 [[iBoot-596.20~1]]        3.0b5   (Build 7A312g)&lt;br /&gt;
 [[iBoot-596.24~1]]        3.0     (Build 7A341)&lt;br /&gt;
                       3.0.1   (Build 7A400)&lt;br /&gt;
 [[iBoot-636.26~2]]        3.1b    (Build 7C97d)&lt;br /&gt;
 iBoot-636.??~?        3.1b2   (Build 7C106c)&lt;br /&gt;
 [[iBoot-636.47~1]]        3.1b3   (Build 7C116a)&lt;br /&gt;
 [[iBoot-636.65~2]]        3.1     (Build 7C144)&lt;br /&gt;
 [[iBoot-636.66~1]]        3.1.1   (Build 7C145)&lt;br /&gt;
                       3.1.1   (Build 7C146)&lt;br /&gt;
 [[iBoot-636.66~5]]        3.1.2   (Build 7D11)&lt;br /&gt;
 [[iBoot-636.66.33~4]]     3.1.3   (Build 7E18)&lt;br /&gt;
 [[iBoot-817.28~18]]       3.2     (Build 7B367)&lt;br /&gt;
 [[iBoot-817.29~2]]        3.2.1   (Build 7B405)&lt;br /&gt;
                       3.2.2   (Build 7B500)&lt;br /&gt;
 [[iBoot-822.2.1]]         development build for n90ap dated 2009.&lt;br /&gt;
 [[iBoot-872~12]]          4.0b    (Build 8A230m)&lt;br /&gt;
 [[iBoot-889.3~2]]         4.0b2   (Build 8A248c)&lt;br /&gt;
 [[iBoot-889.12~2]]        4.0b3   (Build 8A260b)&lt;br /&gt;
 [[iBoot-889.19~1]]        4.0b4   (Build 8A274b)&lt;br /&gt;
 [[iBoot-889.24~4]]        4.0[[Golden Master|GM]]   (Build 8A293)&lt;br /&gt;
                       4.0     (Build 8A293)&lt;br /&gt;
                       4.0.1   (Build 8A306)&lt;br /&gt;
                       4.0.2   (Build 8A400)&lt;br /&gt;
 [[iBoot-931.18.1~1]]      4.1b    (Build 8B5080c)&lt;br /&gt;
 [[iBoot-931.18.15~2]]     4.1b2   (Build 8B5091b)&lt;br /&gt;
 [[iBoot-931.18.27~1]]     4.1     (Build 8B117)&lt;br /&gt;
                       4.1     (Build 8B118)&lt;br /&gt;
 [[iBoot-931.67~2]]        4.2b    (Build 8C5091e)&lt;br /&gt;
 [[iBoot-931.71.80~1]]     4.2b2   (Build 8C5101c)&lt;br /&gt;
 [[iBoot-931.71.13~3]]     4.2b3   (Build 8C5115c)&lt;br /&gt;
 [[iBoot-931.71.16~9]]     4.2[[Golden Master|GM]]   (Build 8C134)&lt;br /&gt;
                       4.2[[Golden Master|GM]]   (Build 8C134b)&lt;br /&gt;
                       4.2.1[[Golden Master|GM]] (Build 8C148)&lt;br /&gt;
                       4.2.1   (Build 8C148)&lt;br /&gt;
                       4.2.1   (Build 8C148a)&lt;br /&gt;
 [[iBoot-931.72.14~6]]     4.2.5   (Build 8E128)&lt;br /&gt;
                       4.2.6   (Build 8E200)&lt;br /&gt;
                       4.2.7   (Build 8E303)&lt;br /&gt;
                       4.2.8   (Build 8E401)&lt;br /&gt;
 [[iBoot-931.72.14~10]]    4.2.9   (Build 8E501)&lt;br /&gt;
                       4.2.10  (Build 8E600)&lt;br /&gt;
 [[iBoot-1072.33~1]]       4.3b    (Build 8F5148b)&lt;br /&gt;
 [[iBoot-1072.38~2]]       4.3b2   (Build 8F5153d)&lt;br /&gt;
 [[iBoot-1072.49~2]]       4.3b3   (Build 8F5166b)&lt;br /&gt;
 [[iBoot-1072.58~4]]       4.3[[Golden Master|GM]]   (Build 8F190)&lt;br /&gt;
                       4.3     (Build 8F190)&lt;br /&gt;
 [[iBoot-1072.59~2]]       4.3     (Build 8F191)&lt;br /&gt;
                       4.3.1   (Build 8G4)&lt;br /&gt;
 [[iBoot-1072.61~2]]       4.3.2   (Build 8H7)&lt;br /&gt;
                       4.3.2   (Build 8H8)&lt;br /&gt;
                       4.3.3   (Build 8J2)&lt;br /&gt;
                       4.3.3   (Build 8J3)&lt;br /&gt;
 [[iBoot-1072.61~6]]       4.3.4   (Build 8K2)&lt;br /&gt;
                       4.3.5   (Build 8L1)&lt;br /&gt;
 [[iBoot-1219.35.80~1]]    5.0b    (Build 9A5220p)&lt;br /&gt;
 [[iBoot-1219.40.25~4]]    5.0b2   (Build 9A5248d)&lt;br /&gt;
 [[iBoot-1219.41.11~1]]    5.0b3   (Build 9A5259f)&lt;br /&gt;
 [[iBoot-1219.42.8~1]]     5.0b4   (Build 9A5274d)&lt;br /&gt;
 [[iBoot-1219.43.9~3]]     5.0b5   (Build 9A5288d)&lt;br /&gt;
 [[iBoot-1219.43.18~3]]    5.0b6   (Build 9A5302b)&lt;br /&gt;
 [[iBoot-1219.43.27~1]]    5.0b7   (Build 9A5313e)&lt;br /&gt;
 [[iBoot-1219.43.32~15]]   5.0[[Golden Master|GM]]   (Build 9A332) [Unreleased]&lt;br /&gt;
                       5.0[[Golden Master|GM]]   (Build 9A334)&lt;br /&gt;
                       5.0     (Build 9A334)&lt;br /&gt;
 [[iBoot-1219.43.32~27]]   5.0.1b1 (Build 9A402)&lt;br /&gt;
 [[iBoot-1219.43.32~29]]   5.0.1b2 (Build 9A404)&lt;br /&gt;
                       5.0.1   (Build 9A405)&lt;br /&gt;
                       5.0.1   (Build 9A406)&lt;br /&gt;
 [[iBoot-1219.61.19~6]]    5.1b    (Build 9B5117b)&lt;br /&gt;
 [[iBoot-1219.62.1~2]]     5.1b2   (Build 9B5127c)&lt;br /&gt;
 [[iBoot-1219.62.8~5]]     5.1b3   (Build 9B5141a)&lt;br /&gt;
 [[iBoot-1219.62.15]]      5.1     (Build 9B176)&lt;br /&gt;
 [[iBoot-1219.62.15~2]]    5.1     (Build 9B179b)&lt;br /&gt;
                       5.1.1   (Build 9B206)&lt;br /&gt;
 [[iBoot-1537.1.60~15]]    6.0b    (Build 10A5316k)&lt;br /&gt;
 [[iBoot-1537.2.11~5]]     6.0b2   (Build 10A5338d)&lt;br /&gt;
 [[iBoot-1537.2.81~1]]     6.0b3   (Build 10A5355d)&lt;br /&gt;
 [[iBoot-1537.2.41~2]]     6.0b4   (Build 10A5376e)&amp;lt;!-- What the? --&amp;gt;&lt;br /&gt;
 [[iBoot-1537.4.18~2]]     6.0[[Golden Master|GM]]   (Build 10A403)&lt;br /&gt;
                       6.0     (Build 10A403)&lt;br /&gt;
 [[iBoot-1537.4.19~1]]     6.0     (Build 10A405)&lt;br /&gt;
                       6.0     (Build 10A406)&lt;br /&gt;
 [[iBoot-1537.4.20~1]]     6.0     (Build 10A407)&lt;br /&gt;
 [[iBoot-1537.4.21~3]]     6.0.1   (Build 10A523)&lt;br /&gt;
                       6.0.1   (Build 10A525)&lt;br /&gt;
 [[iBoot-1537.4.21~2]]     6.0.1   (Build 10A8426)&lt;br /&gt;
                       6.0.2   (Build 10A8500)&lt;br /&gt;
 [[iBoot-1537.4.21~3]]     6.0.2   (Build 10A550)&lt;br /&gt;
                       6.0.2   (Build 10A551)&lt;br /&gt;
 [[iBoot-1537.9.40~3]]     6.1b    (Build 10B5095f)&lt;br /&gt;
 [[iBoot-1537.9.46~8]]     6.1b2   (Build 10B5105c)&lt;br /&gt;
                       6.1b3   (Build 10B5117b)&lt;br /&gt;
                       6.1b4   (Build 10B5126b)&lt;br /&gt;
 [[iBoot-1537.9.55~4]]     6.1b5   (Build 10B141)&lt;br /&gt;
                       6.1b5   (Build 10B142)&lt;br /&gt;
                       6.1b5   (Build 10B143)&lt;br /&gt;
                       6.1b5   (Build 10B144)&lt;br /&gt;
                       6.1     (Build 10B141)&lt;br /&gt;
                       6.1     (Build 10B142)&lt;br /&gt;
                       6.1     (Build 10B143)&lt;br /&gt;
                       6.1     (Build 10B144)&lt;br /&gt;
                       6.1.1b  (Build 10B311)&lt;br /&gt;
                       6.1.1   (Build 10B145)&lt;br /&gt;
                       6.1.2   (Build 10B146)&lt;br /&gt;
                       6.1.2   (Build 10B147)&lt;br /&gt;
 [[iBoot-1537.9.55~11]]    6.1.3b2 (Build 10B318)&lt;br /&gt;
                       6.1.3b2 (Build 10B318a)&lt;br /&gt;
                       6.1.3   (Build 10B329)&lt;br /&gt;
                       6.1.4   (Build 10B350)&lt;br /&gt;
                       6.1.5   (Build 10B400)&lt;br /&gt;
                       6.1.6   (Build 10B500)&lt;br /&gt;
 [[iBoot-1940.1.8~44]]     7.0b    (Build 11A4372q)&lt;br /&gt;
 [[iBoot-1940.1.35~9]]     7.0b2   (Build 11A4400f)&lt;br /&gt;
 [[iBoot-1940.1.46.1.1~1]] 7.0b3   (Build 11A4414e)&lt;br /&gt;
 [[iBoot-1940.1.66~9]]     7.0b4   (Build 11A4435d)&lt;br /&gt;
 [[iBoot-1940.1.75~3]]     7.0b5   (Build 11A4449a)&lt;br /&gt;
                       7.0b6   (Build 11A4449d)         &lt;br /&gt;
 [[iBoot-1940.1.75~20]]    7.0[[Golden Master|GM]]   (Build 11A465)&lt;br /&gt;
                       7.0     (Build 11A465) &lt;br /&gt;
 [[iBoot-1940.1.75~93]]    7.0.1   (Build 11A470a) &lt;br /&gt;
                       7.0.2   (Build 11A501)&lt;br /&gt;
 [[iBoot-1940.3.5~1]]      7.0.3   (Build 11B511)&lt;br /&gt;
                       7.0.4   (Build 11B554a)&lt;br /&gt;
                       7.0.5   (Build 11B601)&lt;br /&gt;
                       7.0.6   (Build 11B651)&lt;br /&gt;
 [[iBoot-1940.10.51~3]]    7.1b    (Build 11D5099e)&lt;br /&gt;
 [[iBoot-1940.10.57~8]]    7.1b2   (Build 11D5115d)&lt;br /&gt;
 [[iBoot-1940.10.58~11]]   7.1b3   (Build 11D5127c)&lt;br /&gt;
 [[iBoot-1940.10.58~32]]   7.1b4   (Build 11D5134c)&lt;br /&gt;
 [[iBoot-1940.10.58~70]]   7.1b5   (Build 11D5145e)&lt;br /&gt;
 [[iBoot-1940.10.58~115]]  7.1     (Build 11D167)&lt;br /&gt;
                       7.1     (Build 11D169)&lt;br /&gt;
 [[iBoot-1940.10.58~122]]  7.1.1   (Build 11D201)&lt;br /&gt;
 [[iBoot-1940.10.58~132]]  7.1.2   (Build 11D257)&lt;br /&gt;
 [[iBoot-2261.1.6.0.1~45]] 8.0b    (Build 12A4265u)&lt;br /&gt;
 [[iBoot-2261.1.31~21]]    8.0b2   (Build 12A4297e)&lt;br /&gt;
 [[iBoot-2261.1.46~31]]    8.0b3   (Build 12A4318c)&lt;br /&gt;
 [[iBoot-2261.1.57~43]]    8.0b4   (Build 12A4331d)&lt;br /&gt;
 [[iBoot-2261.1.64~28]]    8.0b5   (Build 12A4345d)&lt;br /&gt;
 [[iBoot-2261.1.67~8]]     8.0[[Golden Master|GM]]   (Build 12A365)&lt;br /&gt;
                       8.0     (Build 12A365)&lt;br /&gt;
                       8.0     (Build 12A366)&lt;br /&gt;
 [[iBoot-2261.1.68~1]]     8.0.1   (Build 12A402) &lt;br /&gt;
                       8.0.2   (Build 12A405)&lt;br /&gt;
 [[iBoot-2261.3.31~3]]     8.1b    (Build 12B401) &lt;br /&gt;
 [[iBoot-2261.3.31~9]]     8.1b2   (Build 12B407)&lt;br /&gt;
 [[iBoot-2261.3.32~2]]     8.1     (Build 12B410)&lt;br /&gt;
                       8.1     (Build 12B411)&lt;br /&gt;
 [[iBoot-2261.3.33~13]]    8.1.1b  (Build 12B432)&lt;br /&gt;
 [[iBoot-2261.3.33~14]]    8.1.1   (Build 12B435)&lt;br /&gt;
                       8.1.1   (Build 12B436)&lt;br /&gt;
                       8.1.2   (Build 12B440)&lt;br /&gt;
 [[iBoot-2261.3.33~39]]    8.1.3   (Build 12B446)&lt;br /&gt;
 [[iBoot-2261.5.34~3]]     8.2b    (Build 12D436)&lt;br /&gt;
 [[iBoot-2261.5.41~10]]    8.2b2   (Build 12D445d)&lt;br /&gt;
 [[iBoot-2261.5.47~1]]     8.2b3   (Build 12D5452a)&lt;br /&gt;
 [[iBoot-2261.5.54~3]]     8.2b4   (Build 12D5461b)&lt;br /&gt;
 [[iBoot-2261.5.58~25]]    8.2b5   (Build 12D5480a)&lt;br /&gt;
 [[iBoot-2261.5.64~15]]    8.2     (Build 12D508)&lt;br /&gt;
 iBoot-2261.??.??~??   8.3b    (Build 12F5027d)&lt;br /&gt;
 iBoot-2261.??.??~??   8.3b2   (Build 12F5037c)&lt;br /&gt;
 [[iBoot-2261.20.19~16]]   8.3b3   (Build 12F5047f)&lt;br /&gt;
 [[iBoot-2261.20.20~9]]    8.3b4   (Build 12F5061)&lt;br /&gt;
&lt;br /&gt;
=== [[Apple TV]] ===&lt;br /&gt;
 [[iBoot-931.44.21~1]]    4.0     4.1     (Build 8M89)&lt;br /&gt;
 [[iBoot-931.71.16~9]]    4.1     4.2     (Build 8C150)&lt;br /&gt;
                      4.1.1   4.2.1   (Build 8C154)&lt;br /&gt;
 [[iBoot-1072.33~1]]      4.2b    4.3b    (Build 8F5148b)&lt;br /&gt;
 [[iBoot-1072.38~2]]      4.2b2   4.3b2   (Build 8F5153d)&lt;br /&gt;
 [[iBoot-1072.49~2]]      4.2b3   4.3b3   (Build 8F5166b)&lt;br /&gt;
 [[iBoot-1072.59~2]]      4.2     4.3     (Build 8F191m)&lt;br /&gt;
                      4.2.1   4.3     (Build 8F202)&lt;br /&gt;
                      4.2.2   4.3     (Build 8F305)&lt;br /&gt;
                      4.3     4.3     (Build 8F455)&lt;br /&gt;
 [[iBoot-1219.35.80~1]]   4.4b    5.0b    (Build 9A5220p)&lt;br /&gt;
 [[iBoot-1219.40.25~4]]   4.4b2   5.0b2   (Build 9A5248d)&lt;br /&gt;
 [[iBoot-1219.41.11~1]]   4.4b3   5.0b3   (Build 9A5259f)&lt;br /&gt;
 [[iBoot-1219.43.9~3]]    4.4b5   5.0b5   (Build 9A5288d)&lt;br /&gt;
 [[iBoot-1219.43.18~3]]   4.4b6   5.0b6   (Build 9A5302b)&lt;br /&gt;
 [[iBoot-1219.43.27~1]]   4.4b7   5.0b7   (Build 9A5313e)&lt;br /&gt;
 [[iBoot-1219.43.32~21]]  4.4     5.0     (Build 9A334v)&lt;br /&gt;
 [[iBoot-1219.43.32~22]]  4.4.1   5.0     (Build 9A335a)&lt;br /&gt;
                      4.4.2   5.0     (Build 9A336a)&lt;br /&gt;
 [[iBoot-1219.43.32~29]]  4.4.3   5.0.1   (Build 9A405l)&lt;br /&gt;
                      4.4.4   5.0.1   (Build 9A406a)&lt;br /&gt;
 [[iBoot-1219.62.1~2]]    5.0b2   5.1b2   (Build 9B5127c)&lt;br /&gt;
 [[iBoot-1219.62.8~5]]    5.0b3   5.1b3   (Build 9B5141a)&lt;br /&gt;
 [[iBoot-1219.62.15~2]]   5.0     5.1     (Build 9B179b)&lt;br /&gt;
 [[iBoot-1537.1.60~15]]   5.1b    6.0b    (Build 10A5316k)&lt;br /&gt;
 [[iBoot-1537.2.11~5]]    5.1b2   6.0b2   (Build 10A5338d)&lt;br /&gt;
 [[iBoot-1537.2.81~1]]    5.1b3   6.0b3   (Build 10A5355d)&lt;br /&gt;
 [[iBoot-1537.2.41~2]]    5.1b4   6.0b4   (Build 10A5376e)&amp;lt;!-- What the? --&amp;gt;&lt;br /&gt;
 [[iBoot-1537.4.19~1]]    5.1     6.0     (Build 10A406e)&lt;br /&gt;
 [[iBoot-1537.4.21~3]]    5.1.1   6.0.1   (Build 10A831)&lt;br /&gt;
 [[iBoot-1537.9.40~3]]    5.2b    6.1b    (Build 10B5095f)&lt;br /&gt;
 [[iBoot-1537.9.46~8]]    5.2b2   6.1b2   (Build 10B5105c)&lt;br /&gt;
                      5.2b3   6.1b3   (Build 10B5117d)&lt;br /&gt;
                      5.2b4   6.1b4   (Build 10B5126d)&lt;br /&gt;
 [[iBoot-1537.9.55~4]]    5.2     6.1     (Build 10B144b)&lt;br /&gt;
 [[iBoot-1537.9.55~11]]   5.2.1   6.1.3   (Build 10B329a)&lt;br /&gt;
 [[iBoot-1537.9.55~11]]   5.3     6.1.4   (Build 10B809)&lt;br /&gt;
 [[iBoot-1940.1.8~44]]    5.4b    7.0b    (Build 11A4372q)&lt;br /&gt;
 [[iBoot-1940.1.35~9]]    5.4b2   7.0b2   (Build 11A4400f)&lt;br /&gt;
 [[iBoot-1940.1.66~9]]    6.0b3   7.0b4   (Build 11A4435d)&lt;br /&gt;
 [[iBoot-1940.1.75~3]]    6.0b4   7.0b5   (Build 11A4449a)&lt;br /&gt;
 [[iBoot-1940.1.75~93]]   6.0     7.0.1   (Build 11A470e)&lt;br /&gt;
                      6.0     7.0.2   (Build 11A502)&lt;br /&gt;
 [[iBoot-1940.3.5~1]]     6.0.1   7.0.3   (Build 11B511d)&lt;br /&gt;
                      6.0.2   7.0.4   (Build 11B554a)&lt;br /&gt;
 [[iBoot-1940.10.51~3]]   6.1b    7.1b    (Build 11D5099e)&lt;br /&gt;
 [[iBoot-1940.10.57~8]]   6.1b2   7.1b2   (Build 11D5115d)&lt;br /&gt;
 [[iBoot-1940.10.58~11]]  6.1b3   7.1b3   (Build 11D5127c)&lt;br /&gt;
 [[iBoot-1940.10.58~32]]  6.1b4   7.1b4   (Build 11D5134c)&lt;br /&gt;
 [[iBoot-1940.10.58~70]]  6.1b5   7.1b5   (Build 11D5145e)&lt;br /&gt;
 [[iBoot-1940.10.58~115]] 6.1     7.1     (Build 11D167)&lt;br /&gt;
 [[iBoot-1940.10.58~122]] 6.1.1   7.1.1   (Build 11D201c)&lt;br /&gt;
 [[iBoot-1940.10.58~132]] 6.2     7.1.2   (Build 11D257c)&lt;br /&gt;
                      6.2.1   7.1.2    (Build 12A365b)&lt;br /&gt;
 [[iBoot-2261.1.31~21]]   7.0b    8.0b    (Build 12A4297e)&lt;br /&gt;
 [[iBoot-2261.1.46~31]]   7.0b2   8.0b3   (Build 12A4318c)&lt;br /&gt;
 [[iBoot-2261.1.57~43]]   7.0b3   8.0b4   (Build 12A4331d)&lt;br /&gt;
 [[iBoot-2261.1.64~28]]   7.0b4   8.0b5   (Build 12A4345d)&lt;br /&gt;
 [[iBoot-2261.1.67~8]]    7.0[[Golden Master|GM]]   8.0[[Golden Master|GM]]   (Build 12A365b)&lt;br /&gt;
                      7.0     8.0     (Build 12A365b)&lt;br /&gt;
 [[iBoot-2261.3.31~3]]    7.0.1b  8.1b    (Build 12B401)&lt;br /&gt;
 [[iBoot-2261.3.31~9]]    7.0.1b2 8.1b2   (Build 12B407)&lt;br /&gt;
 [[iBoot-2261.3.32~2]]    7.0.1   8.1     (Build 12B410a)&lt;br /&gt;
 [[iBoot-2261.3.33~13]]   7.0.2b  8.1.1b  (Build 12B432)&lt;br /&gt;
 [[iBoot-2261.3.33~14]]   7.0.2   8.1.1   (Build 12B435)&lt;br /&gt;
 [[iBoot-2261.3.33~39]]   7.0.3   8.1.3   (Build 12B446)&lt;br /&gt;
 iBoot-2261.?.??~??   7.1b    8.2b5   (Build 12D5480a)&lt;br /&gt;
 [[iBoot-2261.5.64~15]]   7.1     8.2     (Build 12D508)&lt;br /&gt;
 iBoot-2261.?.??~??   7.1b2   8.3b2   (Build 12F5037c)&lt;br /&gt;
 [[iBoot-2261.20.20~9]]   7.1b3   8.3b4   (Build 12F5061)&lt;br /&gt;
&lt;br /&gt;
=== [[Haywire]] ===&lt;br /&gt;
 [[iBoot-1537.9.55~3]]   1.0.0   (Build 10B7129)&lt;br /&gt;
&lt;br /&gt;
== [[Exploits]] ==&lt;br /&gt;
On 1st February, 2014, iH8sn0w found a very powerful iBoot exploit that allows any iDevice with an [[S5L8940|A5]] or [[S5L8945|A5X]] chip to be jailbroken, regardless of the iOS version. He used it mainly to grab AES [[Firmware Keys|decryption keys]]. However, according to [https://twitter.com/winocm/status/429704672211763200 this tweet from winocm], the exploit will never go public. Once he cleans it up a bit, the [[Firmware Keys|decryption keys]] will be available [http://www.icj.me/ios/keys here].&lt;br /&gt;
He mentioned [https://twitter.com/iH8sn0w/status/429838704077979648 here] that it will work on [[A6]] and [[A7]] chips soon, but it will require some minor modifications.&lt;br /&gt;
&lt;br /&gt;
== Commands used as an exploit vector ==&lt;br /&gt;
* '''diags''': Until 2.0 beta 6, the [[diags]] command would jump to code at the address provided to it. For example, if you sent &amp;quot;diags 0x9000000&amp;quot;, it would directly jump to the code at 0x9000000. There is now a check that only allows engineering devices to utilize this backdoor.&lt;br /&gt;
* '''arm7_go''': For firmware 2.1.1, the [[N72ap|iPod touch 2G]] iBoot contains the [[ARM7 Go]] command, which could be used to run a payload on the ARM7 in the device.&lt;br /&gt;
&lt;br /&gt;
== OpeniBoot ==&lt;br /&gt;
There is an open source version of iBoot designed so that custom kernels can be run on the iPhone/iPod/iPad. You can check out the source [http://github.com/iDroid-Project/OpeniBoot here]. It is VERY useful if you are ever reversing iBoot and do not feel like finding out what certain hardware registers are yourself.&lt;br /&gt;
OpeniBoot currently supports all S5l8900, S5l8720, S5l8920 and S5l8930 devices. More info can be found about OpeniBoot and Linux on these devices on the iDroid-Project [http://idroidproject.org website].&lt;br /&gt;
&lt;br /&gt;
== Remappings ==&lt;br /&gt;
 // n88 (3GS)&lt;br /&gt;
 0x4FF00000 =&amp;gt; 0x0&lt;br /&gt;
 0x40000000 =&amp;gt; 0xC0000000&lt;br /&gt;
&lt;br /&gt;
== See also ==&lt;br /&gt;
* [[iBoot (Enums)]]&lt;br /&gt;
* [http://www.youtube.com/watch?v=0NValNoW5Rc Unreleased Untethered iBoot Exploit]&lt;br /&gt;
&lt;br /&gt;
[[Category:iBoot]]&lt;/div&gt;</summary>
		<author><name>Rzhikharevich</name></author>
		
	</entry>
	<entry>
		<id>https://www.theiphonewiki.com/w/index.php?title=Brick&amp;diff=45245</id>
		<title>Brick</title>
		<link rel="alternate" type="text/html" href="https://www.theiphonewiki.com/w/index.php?title=Brick&amp;diff=45245"/>
		<updated>2015-03-29T00:21:48Z</updated>

		<summary type="html">&lt;p&gt;Rzhikharevich: /* Intentionally modifying key parts of iOS: changing NVRAM variables to invalid values */ Apple iOS and Cisco IOS are entirely different things (notice the 'i').&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;A '''bricked''' device is a device that does not work. The direct metaphorical meaning is that the device is permanently damaged (making it as useless as a brick), but people use the term &amp;quot;bricked&amp;quot; for non-working conditions which range from easy to fix (such as a failed update) to impossible to fix (such as damaged baseband memory). A phone may be called &amp;quot;bricked&amp;quot; if it will not boot, will not respond to input, will not make calls, etc.&lt;br /&gt;
&lt;br /&gt;
== Difficulty of bricking an iOS device ==&lt;br /&gt;
&lt;br /&gt;
Using a jailbreaking tool cannot put a device into an unusable state on its own - if something goes wrong while jailbreaking, putting the device into [[DFU Mode]] will allow you to restore it via iTunes. Installing software via Cydia also cannot cause an unrecoverable state (unless very specifically designed to do so by a malicious person, which has not been seen &amp;quot;in the wild&amp;quot;). Other than that specific exception, if something goes wrong, DFU mode will still work.&lt;br /&gt;
&lt;br /&gt;
== Types of &amp;quot;bricking&amp;quot; that can be easily fixed (not really &amp;quot;bricking&amp;quot;) ==&lt;br /&gt;
&lt;br /&gt;
=== Installing stock iOS on a device with a preserved baseband ===&lt;br /&gt;
&lt;br /&gt;
Early unlock solutions could result in unusable (but recoverable) phones after installing an iOS update if you didn't take special steps. For people who used [[redsn0w]] to install the iPad baseband ([[06.15.00]]) on a compatible iPhone 3G or iPhone 3GS so that they could use [[ultrasn0w]] to carrier unlock it, upgrading or restoring iOS using &amp;quot;stock&amp;quot; (normal) IPSWs would make the phone unusable - until you made and restored a &amp;quot;custom&amp;quot; IPSW without a baseband update ([http://www.jailbreakqa.com/faq#32532 instructions]), and then reinstalled the iPad baseband using redsn0w. Avoiding doing a stock upgrade/restore (upgrading or restoring iOS using a &amp;quot;custom&amp;quot; IPSW) avoided this problem.&lt;br /&gt;
&lt;br /&gt;
=== Intentionally modifying key parts of iOS: changing NVRAM variables to invalid values ===&lt;br /&gt;
&lt;br /&gt;
In February 2015, [http://dayt0n.github.io/articles/dclr-override/ researchers released information] about how to change an [[NOR (NVRAM)|nvram]] variable called &amp;lt;code&amp;gt;DClr_override&amp;lt;/code&amp;gt;. If this is changed to an invalid value for the device (valid values are not the same on all devices), and the device is rebooted, the device will not be able to boot. This can be fixed by restoring to iOS 8.3 beta 4 or later.&lt;br /&gt;
&lt;br /&gt;
== Types of bricking that may be hard to fix ==&lt;br /&gt;
&lt;br /&gt;
=== Changing MAC address to invalid address ===&lt;br /&gt;
&lt;br /&gt;
If you change your device's MAC address to something invalid (for example if you're attempting to change your [[UDID]]), your internet won't work again until you fix the MAC address (using MobileTerminal or similar). This persists even if you restore -- so you can make this really really hard to fix if you restore and there's no jailbreak available, if the available jailbreaks don't include afc2 and other workarounds aren't working, etc. [http://www.jailbreakqa.com/questions/277646/stuck-after-mac-address-change-can-i-revive-it Here's a JailbreakQA thread about this] and [http://www.jailbreakqa.com/questions/211048/how-to-install-afc2add-without-using-wi-fi-in-a-jailbroken-ipad-3-with-704 another one].&lt;br /&gt;
&lt;br /&gt;
=== Intentionally modifying key parts of iOS: other ways ===&lt;br /&gt;
&lt;br /&gt;
If you purposefully erase / zero out your [[NOR]], then you will have trouble doing a DFU restore because important information from the [[NOR (SysCfg)|SysCfg]] section will not be available.&lt;br /&gt;
&lt;br /&gt;
[http://www.reddit.com/r/jailbreak/comments/1m3jo6/how_much_torture_kernel_user_based_etc_would_it/cc5g8nj See winocm's explanation of several related ways to brick a device]:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;blockquote&amp;gt;&lt;br /&gt;
* Erase SysCfg/replace it with 0xFFs.&lt;br /&gt;
* Destroy the 'SrNm' tag in the SysCfg, it won't activate then.&lt;br /&gt;
* Set all clock gates enabled and set PLL frequencies to mad numbers, THIS WILL DAMAGE THE HARDWARE.&lt;br /&gt;
* Run constant NAND stress tests to wear out NAND pages.&lt;br /&gt;
* Set the 'display-timing' nvram variable to some other garbage. iPod touch 2G/3G does weird things with that.&lt;br /&gt;
&lt;br /&gt;
If you know how the hardware works, this can be done from an iBoot/kernel level.&lt;br /&gt;
&amp;lt;/blockquote&amp;gt;&lt;br /&gt;
&lt;br /&gt;
=== Making the wrong modifications to the baseband ===&lt;br /&gt;
&lt;br /&gt;
One way to irreversibly brick a device in software is to flash an invalid [[Baseband Bootloader|baseband bootloader]], provided it has a baseband. Most other bad flash scenarios are recoverable some way or another. &lt;br /&gt;
&lt;br /&gt;
Another way to brick the baseband is by installing baseband [[06.15.00]] on an incompatible device. [[redsn0w]] has an option to install this baseband on the [[N82ap|iPhone 3G]] or [[N88ap|iPhone 3GS]] in order to get a baseband version that is unlockable with [[ultrasn0w]]. This is a nice way to get an unlock, because the [[K48ap|iPad]], the [[N82ap|iPhone 3G]] and the [[N88ap|iPhone 3GS]] all share the same [[Baseband Device]], but the [[K48ap|iPad]] has a newer version number in its baseband. That way people can actually downgrade by installing a higher version (there are no [[APTicket]] checks in these devices). This has known side-effects, like losing [[GPS]] functionality (this baseband comes from an iPad which has no GPS or differently implemented).&lt;br /&gt;
&lt;br /&gt;
It was possible to brick an [[N88ap|iPhone 3GS]] with this method. In fall 2011 Apple replaced the [[NOR]] flash. It is not clear if this was done intentionally to prevent this method. The previous type of baseband was 36my1ee and they changed it to 36my1eh, 36my1eg. (There was no switch to Toshiba baseband devices.) These new [[NOR]] flash chips seem to work with the newer baseband versions in the [[N88ap|iPhone 3GS]], but are not supported with the old [[06.15.00]] baseband. Therefore installing this version will brick your device if you have a new [[NOR]] flash, as you (currently) cannot go back and install anything else. To check before installation, check the version number, as it reveals the production year/week in the digits 3...5. Week 34/2011 appears safe, 35 seems iffy, 36 seems iffy, 37 is not safe. Or open the device and check the chip type.&lt;/div&gt;</summary>
		<author><name>Rzhikharevich</name></author>
		
	</entry>
	<entry>
		<id>https://www.theiphonewiki.com/w/index.php?title=Talk:Touch_ID&amp;diff=45228</id>
		<title>Talk:Touch ID</title>
		<link rel="alternate" type="text/html" href="https://www.theiphonewiki.com/w/index.php?title=Talk:Touch_ID&amp;diff=45228"/>
		<updated>2015-03-27T19:34:13Z</updated>

		<summary type="html">&lt;p&gt;Rzhikharevich: Created page with &amp;quot;Err, isn't there a non-private framework? There's a lot of apps using Touch ID now. Also, is it true that replacing Touch ID on iPhone 6 will make the whole device bricked? --...&amp;quot;&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Err, isn't there a non-private framework? There's a lot of apps using Touch ID now. Also, is it true that replacing Touch ID on iPhone 6 will make the whole device bricked? --[[User:Rzhikharevich|Rzhikharevich]] ([[User talk:Rzhikharevich|talk]]) 19:34, 27 March 2015 (UTC)&lt;/div&gt;</summary>
		<author><name>Rzhikharevich</name></author>
		
	</entry>
	<entry>
		<id>https://www.theiphonewiki.com/w/index.php?title=NAND&amp;diff=45224</id>
		<title>NAND</title>
		<link rel="alternate" type="text/html" href="https://www.theiphonewiki.com/w/index.php?title=NAND&amp;diff=45224"/>
		<updated>2015-03-27T12:19:04Z</updated>

		<summary type="html">&lt;p&gt;Rzhikharevich: /* Jailbreaking */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;[[File:8GBflash.jpg|thumb|right|An 8GiB Samsung &amp;lt;code&amp;gt;KMCMN0000M-B998&amp;lt;/code&amp;gt; (serial &amp;lt;code&amp;gt;FEA962P2&amp;lt;/code&amp;gt;) NAND chip]]&lt;br /&gt;
'''NAND''', so called because of its use of [[wikipedia:NAND gate|not AND gates]], is a type of [[wikipedia:Flash memory|non-volatile memory chip]] that is used in all [[iDevice]]s. This chip is where all the ''storage'' (not memory) of the device is located. In the case of [[iOS]], the chips can range anywhere from 4 GiB to 128 GiB.&lt;br /&gt;
&lt;br /&gt;
== Partitions ==&lt;br /&gt;
{{see also|/private/etc/fstab}}&lt;br /&gt;
In the case of [[iOS]], it is split into two [[/private/etc/fstab|partitions]], a root partition ranging from 256(?) MiB to ~2 GiB, and a user partition occupying the rest. The root partition is located first on the chip and is mounted to the [[/|root of the filesystem]] (&amp;lt;code&amp;gt;/&amp;lt;/code&amp;gt;). The user partition is located after the root partition on the chip and is mounted to [[/private/var]].&lt;br /&gt;
=== Size of Partitions ===&lt;br /&gt;
The size of the root partition has varied throughout [[iOS]]'s history, while the user partition just fills the rest of the space of the NAND chip. Here is a comparison of the size of the root partition compared to iOS version:&lt;br /&gt;
* 256 MiB: ?&amp;lt;!-- did this even exist? --&amp;gt;&lt;br /&gt;
* 512 MiB: ? - 4.0&lt;br /&gt;
* 1024 MiB: 4.0 - present&lt;br /&gt;
* ~2 GiB: ?.? on newer devices.&lt;br /&gt;
&lt;br /&gt;
== Jailbreaking ==&lt;br /&gt;
{{main|Jailbreak}}&lt;br /&gt;
Jailbreaking, in it's simplest form, involves modifying [[/private/etc/fstab]] before being parsed by the [[kernelcache|kernel]] to mount the [[/|root partition]] as read-write (&amp;lt;code&amp;gt;rw&amp;lt;/code&amp;gt;), as opposed to read-only (&amp;lt;code&amp;gt;ro&amp;lt;/code&amp;gt;). The only use of a so called &amp;quot;bare-bones&amp;quot; jailbreak is a proof-of-concept. A semi known example (the only publicly disclosed) of a &amp;quot;bare-bones&amp;quot; jailbreak is the [[k66ap|Apple TV 2G]] from [[Mojave 8M89 (Apple TV 2G)|4.0]] (4.1) to [[Jasper 8C150 (Apple TV 2G)|4.1]] (4.2). Not all jailbreak payloads modify [[/private/etc/fstab]], some of them remount the [[/|root partition]] manually.&lt;br /&gt;
&lt;br /&gt;
== Data Layout ==&lt;br /&gt;
As NAND chips are not hard drives, their &amp;quot;sector&amp;quot; sizes are different than that of a typical hard drive. In fact, they aren't even called sectors, but instead called a &amp;quot;page&amp;quot;.&lt;br /&gt;
&lt;br /&gt;
The difference between a page and a sector is that a ''modern'' hard drive sector contains either 512 or 4096 bytes of data with anywhere from roughly 30 to 250 bytes of [[wikipedia:Error detection and correction|error correction code]] (ECC) data, while a page contains 8192 bytes of data and ''no'' ECC. ECC is most likely not used as flash memory uses transistors, which are more reliable than magnetism to store data. It has, however, been [http://www.micron.com/~/media/Documents/Products/Software%20Article/SWNL_implementing_ecc.pdf proposed to implement ECC in flash memory] as the smaller [[wikipedia:Semiconductor device fabrication|fabrication process]] has shrunk to the width of about [[wikipedia:22 nanometer|150]] helium atoms (&amp;lt;code&amp;gt;.14 nm&amp;lt;/code&amp;gt;, or &amp;lt;code&amp;gt;22 nm&amp;lt;/code&amp;gt; total).&lt;br /&gt;
&lt;br /&gt;
The next level up from a page is a block which is a collection of 128 pages. A block can be compared to a 4K sector hard drive that emulates 512 byte sectors. Each page contains 56 bytes of padding followed by 8136 bytes of data to form a total of 8192 (&amp;lt;code&amp;gt;2&amp;lt;sup&amp;gt;13&amp;lt;/sup&amp;gt;&amp;lt;/code&amp;gt;) bytes. The purpose of the padding is currently unknown. It is unlikely to be for filesystem specific data as it is present on the bootloader blocks also.&lt;br /&gt;
&lt;br /&gt;
The layout of an 8 GiB chip containing [[iOS]] has been documented by [[CPICH]]. He [https://twitter.com/cpich3g/status/15966288660660224 notes] that an [[iPhone 4]] is documented, but it could easily be adapted to any other device or [[firmware]]. He uploaded the document to [http://freepdfhosting.com/29256fdff9.pdf FreePDFHosting], but it was later removed after 30 days as per their policy. [[User:MuscleNerd|MuscleNerd]] rasterized the document's pages and uploaded the images here:&lt;br /&gt;
&amp;lt;gallery&amp;gt;&lt;br /&gt;
File:N1.png|Page 1&lt;br /&gt;
File:N2.png|Page 2&lt;br /&gt;
File:N3.png|Page 3&lt;br /&gt;
File:N4.png|Page 4&lt;br /&gt;
File:N5.png|Page 5&lt;br /&gt;
&amp;lt;/gallery&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== See Also ==&lt;br /&gt;
* [[/private/etc/fstab]]&lt;br /&gt;
* [[Jailbreak]]&lt;br /&gt;
&lt;br /&gt;
== External Links ==&lt;br /&gt;
* [http://freepdfhosting.com/29256fdff9.pdf NAND Layout of iPhone 4] (dead link) documented by [[CPICH]]&lt;br /&gt;
* [http://esec-lab.sogeti.com/ SOGETI ESEC-Labs] on the [http://esec-lab.sogeti.com/dotclear/public/publications/11-hitbamsterdam-iphonedataprotection.pdf encryption of iOS devices]&lt;/div&gt;</summary>
		<author><name>Rzhikharevich</name></author>
		
	</entry>
	<entry>
		<id>https://www.theiphonewiki.com/w/index.php?title=NAND&amp;diff=45223</id>
		<title>NAND</title>
		<link rel="alternate" type="text/html" href="https://www.theiphonewiki.com/w/index.php?title=NAND&amp;diff=45223"/>
		<updated>2015-03-27T12:12:20Z</updated>

		<summary type="html">&lt;p&gt;Rzhikharevich: /* Partitions */ Someone should edit this page and add certain values.&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;[[File:8GBflash.jpg|thumb|right|An 8GiB Samsung &amp;lt;code&amp;gt;KMCMN0000M-B998&amp;lt;/code&amp;gt; (serial &amp;lt;code&amp;gt;FEA962P2&amp;lt;/code&amp;gt;) NAND chip]]&lt;br /&gt;
'''NAND''', so called because of its use of [[wikipedia:NAND gate|not AND gates]], is a type of [[wikipedia:Flash memory|non-volatile memory chip]] that is used in all [[iDevice]]s. This chip is where all the ''storage'' (not memory) of the device is located. In the case of [[iOS]], the chips can range anywhere from 4 GiB to 128 GiB.&lt;br /&gt;
&lt;br /&gt;
== Partitions ==&lt;br /&gt;
{{see also|/private/etc/fstab}}&lt;br /&gt;
In the case of [[iOS]], it is split into two [[/private/etc/fstab|partitions]], a root partition ranging from 256(?) MiB to ~2 GiB, and a user partition occupying the rest. The root partition is located first on the chip and is mounted to the [[/|root of the filesystem]] (&amp;lt;code&amp;gt;/&amp;lt;/code&amp;gt;). The user partition is located after the root partition on the chip and is mounted to [[/private/var]].&lt;br /&gt;
=== Size of Partitions ===&lt;br /&gt;
The size of the root partition has varied throughout [[iOS]]'s history, while the user partition just fills the rest of the space of the NAND chip. Here is a comparison of the size of the root partition compared to iOS version:&lt;br /&gt;
* 256 MiB: ?&amp;lt;!-- did this even exist? --&amp;gt;&lt;br /&gt;
* 512 MiB: ? - 4.0&lt;br /&gt;
* 1024 MiB: 4.0 - present&lt;br /&gt;
* ~2 GiB: ?.? on newer devices.&lt;br /&gt;
&lt;br /&gt;
== Jailbreaking ==&lt;br /&gt;
{{main|Jailbreak}}&lt;br /&gt;
Jailbreaking, in it's simplest form, involves modifying [[/private/etc/fstab]] before being parsed by the [[kernelcache|kernel]] to mount the [[/|root partition]] as read-write (&amp;lt;code&amp;gt;rw&amp;lt;/code&amp;gt;), as opposed to read-only (&amp;lt;code&amp;gt;ro&amp;lt;/code&amp;gt;). The only use of a so called &amp;quot;bare-bones&amp;quot; jailbreak is a proof-of-concept. A semi known example (the only publicly disclosed) of a &amp;quot;bare-bones&amp;quot; jailbreak is the [[k66ap|Apple TV 2G]] from [[Mojave 8M89 (Apple TV 2G)|4.0]] (4.1) to [[Jasper 8C150 (Apple TV 2G)|4.1]] (4.2).&lt;br /&gt;
&lt;br /&gt;
== Data Layout ==&lt;br /&gt;
As NAND chips are not hard drives, their &amp;quot;sector&amp;quot; sizes are different than that of a typical hard drive. In fact, they aren't even called sectors, but instead called a &amp;quot;page&amp;quot;.&lt;br /&gt;
&lt;br /&gt;
The difference between a page and a sector is that a ''modern'' hard drive sector contains either 512 or 4096 bytes of data with anywhere from roughly 30 to 250 bytes of [[wikipedia:Error detection and correction|error correction code]] (ECC) data, while a page contains 8192 bytes of data and ''no'' ECC. ECC is most likely not used as flash memory uses transistors, which are more reliable than magnetism to store data. It has, however, been [http://www.micron.com/~/media/Documents/Products/Software%20Article/SWNL_implementing_ecc.pdf proposed to implement ECC in flash memory] as the smaller [[wikipedia:Semiconductor device fabrication|fabrication process]] has shrunk to the width of about [[wikipedia:22 nanometer|150]] helium atoms (&amp;lt;code&amp;gt;.14 nm&amp;lt;/code&amp;gt;, or &amp;lt;code&amp;gt;22 nm&amp;lt;/code&amp;gt; total).&lt;br /&gt;
&lt;br /&gt;
The next level up from a page is a block which is a collection of 128 pages. A block can be compared to a 4K sector hard drive that emulates 512 byte sectors. Each page contains 56 bytes of padding followed by 8136 bytes of data to form a total of 8192 (&amp;lt;code&amp;gt;2&amp;lt;sup&amp;gt;13&amp;lt;/sup&amp;gt;&amp;lt;/code&amp;gt;) bytes. The purpose of the padding is currently unknown. It is unlikely to be for filesystem specific data as it is present on the bootloader blocks also.&lt;br /&gt;
&lt;br /&gt;
The layout of an 8 GiB chip containing [[iOS]] has been documented by [[CPICH]]. He [https://twitter.com/cpich3g/status/15966288660660224 notes] that an [[iPhone 4]] is documented, but it could easily be adapted to any other device or [[firmware]]. He uploaded the document to [http://freepdfhosting.com/29256fdff9.pdf FreePDFHosting], but it was later removed after 30 days as per their policy. [[User:MuscleNerd|MuscleNerd]] rasterized the document's pages and uploaded the images here:&lt;br /&gt;
&amp;lt;gallery&amp;gt;&lt;br /&gt;
File:N1.png|Page 1&lt;br /&gt;
File:N2.png|Page 2&lt;br /&gt;
File:N3.png|Page 3&lt;br /&gt;
File:N4.png|Page 4&lt;br /&gt;
File:N5.png|Page 5&lt;br /&gt;
&amp;lt;/gallery&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== See Also ==&lt;br /&gt;
* [[/private/etc/fstab]]&lt;br /&gt;
* [[Jailbreak]]&lt;br /&gt;
&lt;br /&gt;
== External Links ==&lt;br /&gt;
* [http://freepdfhosting.com/29256fdff9.pdf NAND Layout of iPhone 4] (dead link) documented by [[CPICH]]&lt;br /&gt;
* [http://esec-lab.sogeti.com/ SOGETI ESEC-Labs] on the [http://esec-lab.sogeti.com/dotclear/public/publications/11-hitbamsterdam-iphonedataprotection.pdf encryption of iOS devices]&lt;/div&gt;</summary>
		<author><name>Rzhikharevich</name></author>
		
	</entry>
	<entry>
		<id>https://www.theiphonewiki.com/w/index.php?title=User:Semaphore&amp;diff=45219</id>
		<title>User:Semaphore</title>
		<link rel="alternate" type="text/html" href="https://www.theiphonewiki.com/w/index.php?title=User:Semaphore&amp;diff=45219"/>
		<updated>2015-03-26T13:32:32Z</updated>

		<summary type="html">&lt;p&gt;Rzhikharevich: Grammar.&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Semaphore (on Twitter named notcom) has written the famous [[TinyUmbrella]] tool to backup the [[SHSH]] certificates to be able to downgrade firmware.&lt;br /&gt;
&lt;br /&gt;
He is a member of the [[Chronic Dev (team)|Chronic Dev Team]].&lt;br /&gt;
&lt;br /&gt;
== Links ==&lt;br /&gt;
* [http://www.twitter.com/notcom semaphore on Twitter]&lt;br /&gt;
* [http://thefirmwareumbrella.blogspot.com/ His blog related to the TinyUmbrella tool]&lt;br /&gt;
* [https://github.com/semaphore GitHub]&lt;br /&gt;
[[Category:Hackers]]&lt;/div&gt;</summary>
		<author><name>Rzhikharevich</name></author>
		
	</entry>
	<entry>
		<id>https://www.theiphonewiki.com/w/index.php?title=Talk:S5L8900&amp;diff=45218</id>
		<title>Talk:S5L8900</title>
		<link rel="alternate" type="text/html" href="https://www.theiphonewiki.com/w/index.php?title=Talk:S5L8900&amp;diff=45218"/>
		<updated>2015-03-26T09:01:19Z</updated>

		<summary type="html">&lt;p&gt;Rzhikharevich: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;I am not sure if there's actually any X Server running on an iDroid system. Modern Android versions use SurfaceFlinger instead of X, but I couldn't find out in which Android release it was introduced. What about the iDroid? --[[User:Rzhikharevich|Rzhikharevich]] ([[User talk:Rzhikharevich|talk]]) 09:01, 26 March 2015 (UTC)&lt;/div&gt;</summary>
		<author><name>Rzhikharevich</name></author>
		
	</entry>
	<entry>
		<id>https://www.theiphonewiki.com/w/index.php?title=Talk:S5L8900&amp;diff=45217</id>
		<title>Talk:S5L8900</title>
		<link rel="alternate" type="text/html" href="https://www.theiphonewiki.com/w/index.php?title=Talk:S5L8900&amp;diff=45217"/>
		<updated>2015-03-26T09:01:04Z</updated>

		<summary type="html">&lt;p&gt;Rzhikharevich: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;I am not sure if there's actually any X Server running on an iDroid system. Modern Android versions use SurfaceFlinger instead of X, but I couldn't find out in which Android release it was introduced. What about the iDroid?&lt;/div&gt;</summary>
		<author><name>Rzhikharevich</name></author>
		
	</entry>
	<entry>
		<id>https://www.theiphonewiki.com/w/index.php?title=/private/var/mobile/Library/Safari/SearchEngines.plist&amp;diff=45165</id>
		<title>/private/var/mobile/Library/Safari/SearchEngines.plist</title>
		<link rel="alternate" type="text/html" href="https://www.theiphonewiki.com/w/index.php?title=/private/var/mobile/Library/Safari/SearchEngines.plist&amp;diff=45165"/>
		<updated>2015-03-23T23:26:15Z</updated>

		<summary type="html">&lt;p&gt;Rzhikharevich: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;This file is very usable, when Safari doesn't support your favorite search engine. Just edit it, if you need.&lt;br /&gt;
&lt;br /&gt;
== Parents ==&lt;br /&gt;
{{parent|private/var/mobile/Library/Safari}}&lt;br /&gt;
&lt;br /&gt;
[[Category:Filesystem]]&lt;/div&gt;</summary>
		<author><name>Rzhikharevich</name></author>
		
	</entry>
	<entry>
		<id>https://www.theiphonewiki.com/w/index.php?title=/private/var/mobile/Library/Safari/SearchEngines.plist&amp;diff=45164</id>
		<title>/private/var/mobile/Library/Safari/SearchEngines.plist</title>
		<link rel="alternate" type="text/html" href="https://www.theiphonewiki.com/w/index.php?title=/private/var/mobile/Library/Safari/SearchEngines.plist&amp;diff=45164"/>
		<updated>2015-03-23T23:25:56Z</updated>

		<summary type="html">&lt;p&gt;Rzhikharevich: Created page with &amp;quot;This file is very usable, when Safai doesn't support your favorite search engine. Just edit it, if you need.  == Parents == {{parent|private/var/mobile/Library/Safari}}  Cat...&amp;quot;&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;This file is very usable, when Safai doesn't support your favorite search engine. Just edit it, if you need.&lt;br /&gt;
&lt;br /&gt;
== Parents ==&lt;br /&gt;
{{parent|private/var/mobile/Library/Safari}}&lt;br /&gt;
&lt;br /&gt;
[[Category:Filesystem]]&lt;/div&gt;</summary>
		<author><name>Rzhikharevich</name></author>
		
	</entry>
	<entry>
		<id>https://www.theiphonewiki.com/w/index.php?title=/private/var/mobile/Library/Safari&amp;diff=45163</id>
		<title>/private/var/mobile/Library/Safari</title>
		<link rel="alternate" type="text/html" href="https://www.theiphonewiki.com/w/index.php?title=/private/var/mobile/Library/Safari&amp;diff=45163"/>
		<updated>2015-03-23T23:23:09Z</updated>

		<summary type="html">&lt;p&gt;Rzhikharevich: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;This folder stores Safari data.&lt;br /&gt;
&lt;br /&gt;
== Files ==&lt;br /&gt;
* {{ipfw|Bookmarks.db}}&lt;br /&gt;
* {{ipfw|Bookmarks.db-shm}}&lt;br /&gt;
* {{ipfw|Bookmarks.db-wal}}&lt;br /&gt;
* {{ipfw|com.apple.Bookmarks.lock}}&lt;br /&gt;
* {{ipfw|SearchEngines.plist}}&lt;br /&gt;
&lt;br /&gt;
== Parents ==&lt;br /&gt;
{{parent|private/var/mobile/Library}}&lt;br /&gt;
&lt;br /&gt;
[[Category:Filesystem]]&lt;/div&gt;</summary>
		<author><name>Rzhikharevich</name></author>
		
	</entry>
	<entry>
		<id>https://www.theiphonewiki.com/w/index.php?title=/private/var/mobile/Library/Safari&amp;diff=45162</id>
		<title>/private/var/mobile/Library/Safari</title>
		<link rel="alternate" type="text/html" href="https://www.theiphonewiki.com/w/index.php?title=/private/var/mobile/Library/Safari&amp;diff=45162"/>
		<updated>2015-03-23T23:21:57Z</updated>

		<summary type="html">&lt;p&gt;Rzhikharevich: Created page with &amp;quot;This folder stores Safari data.  == Files == * {{ipfw|Bookmarks.db}} * {{ipfw|Bookmarks.db-shm}} * {{ipfw|Bookmarks.db-wal}} * {{ipfw|com.apple.Bookmarks.lock}} * {{ipfw|Searc...&amp;quot;&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;This folder stores Safari data.&lt;br /&gt;
&lt;br /&gt;
== Files ==&lt;br /&gt;
* {{ipfw|Bookmarks.db}}&lt;br /&gt;
* {{ipfw|Bookmarks.db-shm}}&lt;br /&gt;
* {{ipfw|Bookmarks.db-wal}}&lt;br /&gt;
* {{ipfw|com.apple.Bookmarks.lock}}&lt;br /&gt;
* {{ipfw|SearchEngines.plist}}&lt;br /&gt;
&lt;br /&gt;
[[Category:Filesystem]]&lt;/div&gt;</summary>
		<author><name>Rzhikharevich</name></author>
		
	</entry>
	<entry>
		<id>https://www.theiphonewiki.com/w/index.php?title=/&amp;diff=45161</id>
		<title>/</title>
		<link rel="alternate" type="text/html" href="https://www.theiphonewiki.com/w/index.php?title=/&amp;diff=45161"/>
		<updated>2015-03-23T23:16:20Z</updated>

		<summary type="html">&lt;p&gt;Rzhikharevich: /* External Links */ Added a link to a document by Apple. Explains non-FHS directories.&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;__NOTOC__&lt;br /&gt;
This is the root directory for [[iOS]]. The firmware listing of these folders follow very closely to the [[wikipedia:Filesystem Hierarchy Standard|Filesystem Hierarchy Standard]] for [[wikipedia:Unix|Unix]] and [[wikipedia:Unix-like|Unix-like]] [[wikipedia:Operating system|operating systems]].&lt;br /&gt;
&lt;br /&gt;
== Children ==&lt;br /&gt;
=== Folders ===&lt;br /&gt;
* {{ipfw|AppleInternal}} ([[Apple Internal Apps|Apple Internal apps]] and [[Prototype Firmware|prototypes]])&lt;br /&gt;
* {{ipfw|Applications}}&lt;br /&gt;
* {{ipfw|bin}}&lt;br /&gt;
* {{ipfw|boot}}&lt;br /&gt;
* {{ipfw|cores}}&lt;br /&gt;
* {{ipfw|dev}}&lt;br /&gt;
* {{ipfw|Developer}}&lt;br /&gt;
* {{ipfw|private/etc|etc}} ([[wikipedia:Symbolic link|symlink]] to &amp;lt;code&amp;gt;/private/etc&amp;lt;/code&amp;gt;)&lt;br /&gt;
* {{ipfw|Library}}&lt;br /&gt;
* {{ipfw|lib}}&lt;br /&gt;
* {{ipfw|mnt}}&lt;br /&gt;
* {{ipfw|private}}&lt;br /&gt;
* {{ipfw|sbin}}&lt;br /&gt;
* {{ipfw|System}}&lt;br /&gt;
* {{ipfw|private/var/tmp|tmp}} (symlink to &amp;lt;code&amp;gt;/private/var/tmp&amp;lt;/code&amp;gt;)&lt;br /&gt;
* {{ipfw|private/var/mobile|User}} (symlink to &amp;lt;code&amp;gt;/private/var/mobile&amp;lt;/code&amp;gt; ({{ipfw|private/var/root|/private/var/root}} on [[iOS|iPhone OS]] 1.1.2 and below)&lt;br /&gt;
* {{ipfw|usr}}&lt;br /&gt;
* {{ipfw|private/var|var}} (symlink to &amp;lt;code&amp;gt;/private/var&amp;lt;/code&amp;gt;)&lt;br /&gt;
=== Files ===&lt;br /&gt;
* {{ipfw|.file}}&lt;br /&gt;
&lt;br /&gt;
== External Links ==&lt;br /&gt;
* [http://refspecs.linuxfoundation.org/FHS_2.3/fhs-2.3.html Filesystem Hierachy Standard 2.3]&lt;br /&gt;
* [https://developer.apple.com/library/mac/documentation/FileManagement/Conceptual/FileSystemProgrammingGuide/FileSystemOverview/FileSystemOverview.html File Sysyem Basics (Apple)]&lt;br /&gt;
[[Category:Filesystem]]&lt;/div&gt;</summary>
		<author><name>Rzhikharevich</name></author>
		
	</entry>
	<entry>
		<id>https://www.theiphonewiki.com/w/index.php?title=/usr/local/bin&amp;diff=45160</id>
		<title>/usr/local/bin</title>
		<link rel="alternate" type="text/html" href="https://www.theiphonewiki.com/w/index.php?title=/usr/local/bin&amp;diff=45160"/>
		<updated>2015-03-23T23:07:48Z</updated>

		<summary type="html">&lt;p&gt;Rzhikharevich: /* Parents */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;The FHS defines the /usr/local as the “tertiary hierarchy for local data installed by the system administrator.” The /usr/local/bin directory contains programs.&lt;br /&gt;
&lt;br /&gt;
== Children ==&lt;br /&gt;
=== Folders ===&lt;br /&gt;
(none)&lt;br /&gt;
&lt;br /&gt;
=== Files ===&lt;br /&gt;
* {{ipfw|ioflashstoragetool}}&lt;br /&gt;
TODO: this list is not complete.&lt;br /&gt;
&lt;br /&gt;
== Parents ==&lt;br /&gt;
{{parent|usr/local}}&lt;br /&gt;
&lt;br /&gt;
[[Category:Filesystem]]&lt;/div&gt;</summary>
		<author><name>Rzhikharevich</name></author>
		
	</entry>
	<entry>
		<id>https://www.theiphonewiki.com/w/index.php?title=/private/var/mobile/Library&amp;diff=45159</id>
		<title>/private/var/mobile/Library</title>
		<link rel="alternate" type="text/html" href="https://www.theiphonewiki.com/w/index.php?title=/private/var/mobile/Library&amp;diff=45159"/>
		<updated>2015-03-23T23:06:14Z</updated>

		<summary type="html">&lt;p&gt;Rzhikharevich: Created page with &amp;quot;An explanation by Apple: &amp;quot;There are multiple Library directories on the system, each one associated with a different domain or specific user. Apps should use the Library direc...&amp;quot;&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;An explanation by Apple: &amp;quot;There are multiple Library directories on the system, each one associated with a different domain or specific user. Apps should use the Library directory to store app-specific (or system-specific) resources.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
== Children ==&lt;br /&gt;
=== Folders ===&lt;br /&gt;
* {{ipfw|Safari}}&lt;br /&gt;
&lt;br /&gt;
=== Files ===&lt;br /&gt;
* {{ipfw|ConfigurationProfilesAppAccessibilityParameters.plist}}&lt;br /&gt;
&lt;br /&gt;
== Parents ==&lt;br /&gt;
{{parent|private|var/mobile}}&lt;br /&gt;
&lt;br /&gt;
[[Category:Filesystem]]&lt;/div&gt;</summary>
		<author><name>Rzhikharevich</name></author>
		
	</entry>
	<entry>
		<id>https://www.theiphonewiki.com/w/index.php?title=/usr/local&amp;diff=45158</id>
		<title>/usr/local</title>
		<link rel="alternate" type="text/html" href="https://www.theiphonewiki.com/w/index.php?title=/usr/local&amp;diff=45158"/>
		<updated>2015-03-23T23:05:13Z</updated>

		<summary type="html">&lt;p&gt;Rzhikharevich: /* Parents */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;The FHS defines the /usr/local as the “tertiary hierarchy for local data installed by the system administrator.” On iOS this folder is typically found on ramdisks.&lt;br /&gt;
&lt;br /&gt;
== Children ==&lt;br /&gt;
=== Folders ===&lt;br /&gt;
* {{ipfw|bin}}&lt;br /&gt;
TODO: this list is not complete.&lt;br /&gt;
&lt;br /&gt;
=== Files ===&lt;br /&gt;
(none)&lt;br /&gt;
&lt;br /&gt;
== Parents ==&lt;br /&gt;
{{parent|usr}}&lt;br /&gt;
&lt;br /&gt;
[[Category:Filesystem]]&lt;/div&gt;</summary>
		<author><name>Rzhikharevich</name></author>
		
	</entry>
	<entry>
		<id>https://www.theiphonewiki.com/w/index.php?title=User:Rzhikharevich&amp;diff=45152</id>
		<title>User:Rzhikharevich</title>
		<link rel="alternate" type="text/html" href="https://www.theiphonewiki.com/w/index.php?title=User:Rzhikharevich&amp;diff=45152"/>
		<updated>2015-03-23T18:31:20Z</updated>

		<summary type="html">&lt;p&gt;Rzhikharevich: /* iDevices */ Sorry for many edits in a row.&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Just an iPhone user and programmer, a [http://uncyclopedia.wikia.com/wiki/Grammar_Nazi grammar nazi] (with russian language). 13 years old, started being interested in computer science at the age of 11.&lt;br /&gt;
PS. Not a native english-speaker.&lt;br /&gt;
&lt;br /&gt;
== Projects ==&lt;br /&gt;
Here's the list of my iOS-related projects:&lt;br /&gt;
*[https://github.com/rzhikharevich/lwvmedit lwvmedit] - first useful (?) tool for iOS, it can read and edit LwVM tables.&lt;br /&gt;
*iolwvm - an IOKit version of lwvmedit. I am working on reversing, how userspace communicates with the kernel to modify the partitions.&lt;br /&gt;
*libipwn - a library for interfacing with iDevices in DFU mode. Not public yet.&lt;br /&gt;
Other projects:&lt;br /&gt;
*[http://github.com/rzhikharevich/NyanOS NyanOS] &amp;amp; [http://github.com/rzhikharevich/XNC XNC programming language].&lt;br /&gt;
&lt;br /&gt;
== Knowledge ==&lt;br /&gt;
I know a lot about the iOS (at least relatively). I am also an experienced Unix/Linux user. &lt;br /&gt;
&lt;br /&gt;
Programming languages:&lt;br /&gt;
*C/C++&lt;br /&gt;
*Python&lt;br /&gt;
*x86 assembly.&lt;br /&gt;
Web design skills:&lt;br /&gt;
*HTML5&lt;br /&gt;
*CSS3&lt;br /&gt;
*Javascript.&lt;br /&gt;
&lt;br /&gt;
== Links ==&lt;br /&gt;
*[http://rzhikharevich.github.io My blog], under construction.&lt;br /&gt;
*[http://github.com/rzhikharevich Github account]&lt;br /&gt;
*[http://twitter.com/rzhikharevich Twitter]&lt;br /&gt;
&lt;br /&gt;
== iDevices ==&lt;br /&gt;
*White iPad 3, 64GB, iOS 8.1, jailbroken.&lt;br /&gt;
*iPhone 4, 16GB, iOS 7.1.2, jailbroken.&lt;br /&gt;
*The original iPhone (2G), Debian ARM via OpeniBoot&lt;br /&gt;
*Black iPhone 5, 32GB, iOS 8.2 (primary).&lt;br /&gt;
*Apple TV 3rd gen.&lt;br /&gt;
&lt;br /&gt;
== Operating systems ==&lt;br /&gt;
In current use:&lt;br /&gt;
*OS X Yosemite.&lt;br /&gt;
*iOS.&lt;br /&gt;
Used:&lt;br /&gt;
*Windows XP/7/8/10&lt;br /&gt;
*Different Linux distributions (Gentoo is my favorite)&lt;/div&gt;</summary>
		<author><name>Rzhikharevich</name></author>
		
	</entry>
	<entry>
		<id>https://www.theiphonewiki.com/w/index.php?title=User:Rzhikharevich&amp;diff=45151</id>
		<title>User:Rzhikharevich</title>
		<link rel="alternate" type="text/html" href="https://www.theiphonewiki.com/w/index.php?title=User:Rzhikharevich&amp;diff=45151"/>
		<updated>2015-03-23T18:30:10Z</updated>

		<summary type="html">&lt;p&gt;Rzhikharevich: /* Projects */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Just an iPhone user and programmer, a [http://uncyclopedia.wikia.com/wiki/Grammar_Nazi grammar nazi] (with russian language). 13 years old, started being interested in computer science at the age of 11.&lt;br /&gt;
PS. Not a native english-speaker.&lt;br /&gt;
&lt;br /&gt;
== Projects ==&lt;br /&gt;
Here's the list of my iOS-related projects:&lt;br /&gt;
*[https://github.com/rzhikharevich/lwvmedit lwvmedit] - first useful (?) tool for iOS, it can read and edit LwVM tables.&lt;br /&gt;
*iolwvm - an IOKit version of lwvmedit. I am working on reversing, how userspace communicates with the kernel to modify the partitions.&lt;br /&gt;
*libipwn - a library for interfacing with iDevices in DFU mode. Not public yet.&lt;br /&gt;
Other projects:&lt;br /&gt;
*[http://github.com/rzhikharevich/NyanOS NyanOS] &amp;amp; [http://github.com/rzhikharevich/XNC XNC programming language].&lt;br /&gt;
&lt;br /&gt;
== Knowledge ==&lt;br /&gt;
I know a lot about the iOS (at least relatively). I am also an experienced Unix/Linux user. &lt;br /&gt;
&lt;br /&gt;
Programming languages:&lt;br /&gt;
*C/C++&lt;br /&gt;
*Python&lt;br /&gt;
*x86 assembly.&lt;br /&gt;
Web design skills:&lt;br /&gt;
*HTML5&lt;br /&gt;
*CSS3&lt;br /&gt;
*Javascript.&lt;br /&gt;
&lt;br /&gt;
== Links ==&lt;br /&gt;
*[http://rzhikharevich.github.io My blog], under construction.&lt;br /&gt;
*[http://github.com/rzhikharevich Github account]&lt;br /&gt;
*[http://twitter.com/rzhikharevich Twitter]&lt;br /&gt;
&lt;br /&gt;
== iDevices ==&lt;br /&gt;
*White iPad 3, 64GB, iOS 7.1.2, jailbroken.&lt;br /&gt;
*iPhone 4, 16GB, iOS 7.1.2, jailbroken.&lt;br /&gt;
*The original iPhone (2G), Debian ARM via OpeniBoot&lt;br /&gt;
*Black iPhone 5, 32GB, iOS 8.0.2 (primary).&lt;br /&gt;
*Apple TV 3rd gen.&lt;br /&gt;
&lt;br /&gt;
== Operating systems ==&lt;br /&gt;
In current use:&lt;br /&gt;
*OS X Yosemite.&lt;br /&gt;
*iOS.&lt;br /&gt;
Used:&lt;br /&gt;
*Windows XP/7/8/10&lt;br /&gt;
*Different Linux distributions (Gentoo is my favorite)&lt;/div&gt;</summary>
		<author><name>Rzhikharevich</name></author>
		
	</entry>
	<entry>
		<id>https://www.theiphonewiki.com/w/index.php?title=S5L8930&amp;diff=45150</id>
		<title>S5L8930</title>
		<link rel="alternate" type="text/html" href="https://www.theiphonewiki.com/w/index.php?title=S5L8930&amp;diff=45150"/>
		<updated>2015-03-23T18:27:42Z</updated>

		<summary type="html">&lt;p&gt;Rzhikharevich: /* Bootrom Exploits */ It's referenced as an exploit, not a tool.&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;[[Image:A4.jpg|right]]&lt;br /&gt;
A [[wikipedia:system on a chip|system on a chip]] (&amp;quot;SoC&amp;quot;) developed by Apple's in-house chip design department. Publicly, Apple refers to this chip as the '''A4'''. Internally, this processor is also based on the S5L8920X family, which can also be seen through the reuse of several MMIO devices and MMIO device registers (i.e: chipid). This is the last SoC revision on mobile devices manufactured for Apple that has a publicly known exploitable [[bootrom]] vulnerability.&lt;br /&gt;
&lt;br /&gt;
== Used in ==&lt;br /&gt;
* [[K66ap|Apple TV 2G]]&lt;br /&gt;
* [[K48ap|iPad]]&lt;br /&gt;
* [[iPhone 4]]&lt;br /&gt;
* [[n81ap|iPod touch 4G]]&lt;br /&gt;
&lt;br /&gt;
== [[Bootrom]] Exploits ==&lt;br /&gt;
* [[limera1n exploit|limera1n]]&lt;br /&gt;
* [[SHA-1 Image Segment Overflow|SHAtter]]&lt;br /&gt;
&lt;br /&gt;
== Boot Chain ==&lt;br /&gt;
[[Bootrom 574.4|Bootrom]]-&amp;gt;[[LLB]]-&amp;gt;[[iBoot]]-&amp;gt;[[Kernel]]-&amp;gt;[[Firmware|System Software]]&lt;br /&gt;
&lt;br /&gt;
== Specifications ==&lt;br /&gt;
* '''CPU''': ARM Cortex-A8&lt;br /&gt;
* '''GPU''': PowerVR SGX 535&lt;br /&gt;
* '''A/V Playback''': PowerVR VXD&lt;br /&gt;
* '''RAM''': 256 MB ([[K66ap|Apple TV 2G]], [[K48ap|iPad]], and [[N81ap|iPod touch 4G]]) or 512 MB ([[iPhone 4]])&lt;br /&gt;
&lt;br /&gt;
[[Category:Application Processors]]&lt;br /&gt;
Aside from the [[iPhone 4]]'s additional RAM and an overall higher clock speed, these are the same specifications as the [[S5L8920]] and [[S5L8922]].&lt;br /&gt;
&lt;br /&gt;
== See also ==&lt;br /&gt;
* [[Bootrom 574.4]]&lt;br /&gt;
&lt;br /&gt;
== Links ==&lt;br /&gt;
* http://www.apple.com/ipad/specs/&lt;br /&gt;
* http://www.brightsideofnews.com/news/2010/1/27/apple-a4-soc-unveiled---its-an-arm-cpu-and-the-gpu!.aspx&lt;/div&gt;</summary>
		<author><name>Rzhikharevich</name></author>
		
	</entry>
	<entry>
		<id>https://www.theiphonewiki.com/w/index.php?title=Talk:OpenSharedCacheFile&amp;diff=45148</id>
		<title>Talk:OpenSharedCacheFile</title>
		<link rel="alternate" type="text/html" href="https://www.theiphonewiki.com/w/index.php?title=Talk:OpenSharedCacheFile&amp;diff=45148"/>
		<updated>2015-03-23T17:16:06Z</updated>

		<summary type="html">&lt;p&gt;Rzhikharevich: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Does this allow root access? Also, could we add that it was patched in 6.1.3/6.1.4 (possibly 6.1.6, I'll test that)? --[[User:Awesomebing1|Awesomebing1]] ([[User talk:Awesomebing1|talk]]) 02:13, 23 March 2015 (UTC)&lt;br /&gt;
:[http://www.cvedetails.com/cve/CVE-2013-3950/ CVE Details] stands, that the last vulnerable version is 6.1.3. I don't think, that this vulnerability can cause any privilege escalations. --[[User:Rzhikharevich|Rzhikharevich]] ([[User talk:Rzhikharevich|talk]]) 17:16, 23 March 2015 (UTC)&lt;/div&gt;</summary>
		<author><name>Rzhikharevich</name></author>
		
	</entry>
	<entry>
		<id>https://www.theiphonewiki.com/w/index.php?title=Talk:OpenSharedCacheFile&amp;diff=45147</id>
		<title>Talk:OpenSharedCacheFile</title>
		<link rel="alternate" type="text/html" href="https://www.theiphonewiki.com/w/index.php?title=Talk:OpenSharedCacheFile&amp;diff=45147"/>
		<updated>2015-03-23T17:14:25Z</updated>

		<summary type="html">&lt;p&gt;Rzhikharevich: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Does this allow root access? Also, could we add that it was patched in 6.1.3/6.1.4 (possibly 6.1.6, I'll test that)? --[[User:Awesomebing1|Awesomebing1]] ([[User talk:Awesomebing1|talk]]) 02:13, 23 March 2015 (UTC)&lt;br /&gt;
:[[http://www.cvedetails.com/cve/CVE-2013-3950/|This resource]] stands, that the last vulnerable version is 6.1.3. I don't think, that this vulnerability can cause any privilege escalations.&lt;/div&gt;</summary>
		<author><name>Rzhikharevich</name></author>
		
	</entry>
	<entry>
		<id>https://www.theiphonewiki.com/w/index.php?title=/usr/local/bin&amp;diff=45146</id>
		<title>/usr/local/bin</title>
		<link rel="alternate" type="text/html" href="https://www.theiphonewiki.com/w/index.php?title=/usr/local/bin&amp;diff=45146"/>
		<updated>2015-03-23T17:01:59Z</updated>

		<summary type="html">&lt;p&gt;Rzhikharevich: Oops!&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;The FHS defines the /usr/local as the “tertiary hierarchy for local data installed by the system administrator.” The /usr/local/bin directory contains programs.&lt;br /&gt;
&lt;br /&gt;
== Children ==&lt;br /&gt;
=== Folders ===&lt;br /&gt;
(none)&lt;br /&gt;
&lt;br /&gt;
=== Files ===&lt;br /&gt;
* {{ipfw|ioflashstoragetool}}&lt;br /&gt;
TODO: this list is not complete.&lt;br /&gt;
&lt;br /&gt;
== Parents ==&lt;br /&gt;
{{parent}}&lt;br /&gt;
&lt;br /&gt;
[[Category:Filesystem]]&lt;/div&gt;</summary>
		<author><name>Rzhikharevich</name></author>
		
	</entry>
	<entry>
		<id>https://www.theiphonewiki.com/w/index.php?title=/usr/local/bin/ioflashstoragetool&amp;diff=45145</id>
		<title>/usr/local/bin/ioflashstoragetool</title>
		<link rel="alternate" type="text/html" href="https://www.theiphonewiki.com/w/index.php?title=/usr/local/bin/ioflashstoragetool&amp;diff=45145"/>
		<updated>2015-03-23T16:57:01Z</updated>

		<summary type="html">&lt;p&gt;Rzhikharevich: Typo fix.&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;This tool seems be present in restore ramdisks for formatting NAND flash.&lt;br /&gt;
&lt;br /&gt;
== Usage ==&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
ioflashstoragetool: Low-level NAND flash utility&lt;br /&gt;
&lt;br /&gt;
Options:                                                                      &lt;br /&gt;
  --verbose           Be talkative about what the tool is doing.              &lt;br /&gt;
  --noisy             Be extremely noisy while doing things.                  &lt;br /&gt;
  --quiet             Don't show progress output.                             &lt;br /&gt;
                                                                              &lt;br /&gt;
Multi-bank addressing:                                                        &lt;br /&gt;
  p&amp;lt;page&amp;gt;             Addresses all banks, starting at bank 0, page &amp;lt;page&amp;gt;.   &lt;br /&gt;
  b&amp;lt;block&amp;gt;            Addresses all banks, starting at bank 0, block &amp;lt;block&amp;gt;. &lt;br /&gt;
    In these modes, page/block counts are per-bank and all operations start   &lt;br /&gt;
    at bank zero.  &amp;lt;page&amp;gt;/&amp;lt;block&amp;gt; may be decimal or hex preceeded by 0x.      &lt;br /&gt;
                                                                              &lt;br /&gt;
Single-bank addressing:                                                       &lt;br /&gt;
  &amp;lt;bank&amp;gt;p&amp;lt;page&amp;gt;       Addresses bank &amp;lt;bank&amp;gt;, starting at page &amp;lt;page&amp;gt;.         &lt;br /&gt;
  &amp;lt;bank&amp;gt;b&amp;lt;block&amp;gt;      Addresses bank &amp;lt;bank&amp;gt;, starting at block &amp;lt;block&amp;gt;.       &lt;br /&gt;
    In these modes, page/block counts are for the selected bank only.         &lt;br /&gt;
    &amp;lt;bank&amp;gt; is decimal, &amp;lt;page&amp;gt;/&amp;lt;block&amp;gt; may be decimal or hex preceeded by 0x.  &lt;br /&gt;
                                                                              &lt;br /&gt;
Commands:                                                                     &lt;br /&gt;
  format &amp;lt;partition table type&amp;gt;                                                        &lt;br /&gt;
    Writes partition table to pages 0 and 1 of block 0 of all devices.        &lt;br /&gt;
    The &amp;lt;partition table type&amp;gt; may be one of: s5l8720x s5l8920x               &lt;br /&gt;
      --force               Performs format even if an AND signature is       &lt;br /&gt;
                            detected. &lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== NAND info example output ==&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
NAND Configuration&lt;br /&gt;
Vendor:           	Hynix&lt;br /&gt;
Lithography:      	26nm&lt;br /&gt;
Capacity:         	64GB&lt;br /&gt;
Firmware Version: 	020076P.........  (30 32 30 30 37 36 50 00 00 00 00 00 00 00 00 00)&lt;br /&gt;
ManufacturerID:   	0x4201220182ad&lt;br /&gt;
Num of CEs:       	4&lt;br /&gt;
PPN Device:       	Yes&lt;br /&gt;
PPN Version:      	1.0.6&lt;br /&gt;
PPN Toggle:       	No&lt;br /&gt;
4 CEs of 4 CAUs of 2048 blocks of 256 pages of 8192 bytes data, 32 bytes spare&lt;br /&gt;
2040 superblocks&lt;br /&gt;
4096 pages/superblock -&amp;gt; 8192 vbas/superblock&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;/div&gt;</summary>
		<author><name>Rzhikharevich</name></author>
		
	</entry>
	<entry>
		<id>https://www.theiphonewiki.com/w/index.php?title=/usr/local/bin/ioflashstoragetool&amp;diff=45144</id>
		<title>/usr/local/bin/ioflashstoragetool</title>
		<link rel="alternate" type="text/html" href="https://www.theiphonewiki.com/w/index.php?title=/usr/local/bin/ioflashstoragetool&amp;diff=45144"/>
		<updated>2015-03-23T16:56:29Z</updated>

		<summary type="html">&lt;p&gt;Rzhikharevich: Created page with &amp;quot;This tool seems be present in restore ramdisk for formatting NAND flash.  == Usage == &amp;lt;pre&amp;gt; ioflashstoragetool: Low-level NAND flash utility  Options:                         ...&amp;quot;&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;This tool seems be present in restore ramdisk for formatting NAND flash.&lt;br /&gt;
&lt;br /&gt;
== Usage ==&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
ioflashstoragetool: Low-level NAND flash utility&lt;br /&gt;
&lt;br /&gt;
Options:                                                                      &lt;br /&gt;
  --verbose           Be talkative about what the tool is doing.              &lt;br /&gt;
  --noisy             Be extremely noisy while doing things.                  &lt;br /&gt;
  --quiet             Don't show progress output.                             &lt;br /&gt;
                                                                              &lt;br /&gt;
Multi-bank addressing:                                                        &lt;br /&gt;
  p&amp;lt;page&amp;gt;             Addresses all banks, starting at bank 0, page &amp;lt;page&amp;gt;.   &lt;br /&gt;
  b&amp;lt;block&amp;gt;            Addresses all banks, starting at bank 0, block &amp;lt;block&amp;gt;. &lt;br /&gt;
    In these modes, page/block counts are per-bank and all operations start   &lt;br /&gt;
    at bank zero.  &amp;lt;page&amp;gt;/&amp;lt;block&amp;gt; may be decimal or hex preceeded by 0x.      &lt;br /&gt;
                                                                              &lt;br /&gt;
Single-bank addressing:                                                       &lt;br /&gt;
  &amp;lt;bank&amp;gt;p&amp;lt;page&amp;gt;       Addresses bank &amp;lt;bank&amp;gt;, starting at page &amp;lt;page&amp;gt;.         &lt;br /&gt;
  &amp;lt;bank&amp;gt;b&amp;lt;block&amp;gt;      Addresses bank &amp;lt;bank&amp;gt;, starting at block &amp;lt;block&amp;gt;.       &lt;br /&gt;
    In these modes, page/block counts are for the selected bank only.         &lt;br /&gt;
    &amp;lt;bank&amp;gt; is decimal, &amp;lt;page&amp;gt;/&amp;lt;block&amp;gt; may be decimal or hex preceeded by 0x.  &lt;br /&gt;
                                                                              &lt;br /&gt;
Commands:                                                                     &lt;br /&gt;
  format &amp;lt;partition table type&amp;gt;                                                        &lt;br /&gt;
    Writes partition table to pages 0 and 1 of block 0 of all devices.        &lt;br /&gt;
    The &amp;lt;partition table type&amp;gt; may be one of: s5l8720x s5l8920x               &lt;br /&gt;
      --force               Performs format even if an AND signature is       &lt;br /&gt;
                            detected. &lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== NAND info example output ==&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
NAND Configuration&lt;br /&gt;
Vendor:           	Hynix&lt;br /&gt;
Lithography:      	26nm&lt;br /&gt;
Capacity:         	64GB&lt;br /&gt;
Firmware Version: 	020076P.........  (30 32 30 30 37 36 50 00 00 00 00 00 00 00 00 00)&lt;br /&gt;
ManufacturerID:   	0x4201220182ad&lt;br /&gt;
Num of CEs:       	4&lt;br /&gt;
PPN Device:       	Yes&lt;br /&gt;
PPN Version:      	1.0.6&lt;br /&gt;
PPN Toggle:       	No&lt;br /&gt;
4 CEs of 4 CAUs of 2048 blocks of 256 pages of 8192 bytes data, 32 bytes spare&lt;br /&gt;
2040 superblocks&lt;br /&gt;
4096 pages/superblock -&amp;gt; 8192 vbas/superblock&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;/div&gt;</summary>
		<author><name>Rzhikharevich</name></author>
		
	</entry>
	<entry>
		<id>https://www.theiphonewiki.com/w/index.php?title=/usr/local/bin&amp;diff=45143</id>
		<title>/usr/local/bin</title>
		<link rel="alternate" type="text/html" href="https://www.theiphonewiki.com/w/index.php?title=/usr/local/bin&amp;diff=45143"/>
		<updated>2015-03-23T16:48:15Z</updated>

		<summary type="html">&lt;p&gt;Rzhikharevich: Created page with &amp;quot;The FHS defines the /usr/local as the “tertiary hierarchy for local data installed by the system administrator.” The /usr/local/bin directory contains programs.  == Childr...&amp;quot;&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;The FHS defines the /usr/local as the “tertiary hierarchy for local data installed by the system administrator.” The /usr/local/bin directory contains programs.&lt;br /&gt;
&lt;br /&gt;
== Children ==&lt;br /&gt;
=== Folders ===&lt;br /&gt;
* {{ipfw|ioflashstoragetool}}&lt;br /&gt;
TODO: this list is not complete.&lt;br /&gt;
&lt;br /&gt;
=== Files ===&lt;br /&gt;
(none)&lt;br /&gt;
&lt;br /&gt;
== Parents ==&lt;br /&gt;
{{parent}}&lt;br /&gt;
&lt;br /&gt;
[[Category:Filesystem]]&lt;/div&gt;</summary>
		<author><name>Rzhikharevich</name></author>
		
	</entry>
	<entry>
		<id>https://www.theiphonewiki.com/w/index.php?title=/usr/local&amp;diff=45142</id>
		<title>/usr/local</title>
		<link rel="alternate" type="text/html" href="https://www.theiphonewiki.com/w/index.php?title=/usr/local&amp;diff=45142"/>
		<updated>2015-03-23T16:45:55Z</updated>

		<summary type="html">&lt;p&gt;Rzhikharevich: Created page with &amp;quot;The FHS defines the /usr/local as the “tertiary hierarchy for local data installed by the system administrator.” On iOS this folder is typically found on ramdisks.  == Chi...&amp;quot;&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;The FHS defines the /usr/local as the “tertiary hierarchy for local data installed by the system administrator.” On iOS this folder is typically found on ramdisks.&lt;br /&gt;
&lt;br /&gt;
== Children ==&lt;br /&gt;
=== Folders ===&lt;br /&gt;
* {{ipfw|bin}}&lt;br /&gt;
TODO: this list is not complete.&lt;br /&gt;
&lt;br /&gt;
=== Files ===&lt;br /&gt;
(none)&lt;br /&gt;
&lt;br /&gt;
== Parents ==&lt;br /&gt;
{{parent}}&lt;br /&gt;
&lt;br /&gt;
[[Category:Filesystem]]&lt;/div&gt;</summary>
		<author><name>Rzhikharevich</name></author>
		
	</entry>
</feed>