The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Decrypting Firmwares"
m (typo) |
m (Updating and removing link that doesn't exist.) |
||
Line 1: | Line 1: | ||
− | iOS contains many layers of encryption. This page details how to remove the encryption wrapper around each file in the [[IPSW File Format|IPSW]] file. A decrypted ramdisk is required to ''obtain'' the key for the [[#Root Filesystem|root filesystem]], but not to simply decrypt it with an existing key. |
+ | iOS contains many layers of encryption. This page details how to remove the encryption wrapper around each file in the [[IPSW File Format|IPSW]] file. A decrypted ramdisk is required to ''obtain'' the key for the [[#Root Filesystem|root filesystem]], but not to simply decrypt it with an existing key. |
For more history, see [[Firmware Keys]]. |
For more history, see [[Firmware Keys]]. |
||
Line 5: | Line 5: | ||
== Ramdisks == |
== Ramdisks == |
||
This section details the decryption of the ramdisks in an [[IPSW File Format|IPSW]] file. The listed console commands are applicable to the [[S5L File Formats#IMG2|IMG2]] or [[IMG3 File Format|IMG3]] files under <code>/Firmware</code> also. |
This section details the decryption of the ramdisks in an [[IPSW File Format|IPSW]] file. The listed console commands are applicable to the [[S5L File Formats#IMG2|IMG2]] or [[IMG3 File Format|IMG3]] files under <code>/Firmware</code> also. |
||
+ | |||
=== 1.0.x === |
=== 1.0.x === |
||
− | With the release of the [[ |
+ | With the release of the [[M68AP|iPhone]], the [[IMG2 File Format|IMG2 files]] weren't encrypted. So, in order to use them, all you need to do is remove the 2048 byte (2 KiB) [[8900 File Format|8900 header]] from the file. You can do this with either a hex editor, or open up a console and run <code>dd(1)</code><sup>[{{man|dd|1}}]</sup>: |
dd if=''input'' of=''output'' bs=512 skip=4 conv=sync |
dd if=''input'' of=''output'' bs=512 skip=4 conv=sync |
||
Line 12: | Line 13: | ||
=== 1.1.x - 2.0b3 === |
=== 1.1.x - 2.0b3 === |
||
− | With the release of the [[ |
+ | With the release of the [[N45AP|iPod touch]], Apple added a layer of encryption around the [[IMG2 File Format|IMG2]]. The decryption key wasn't obscured however, and a simple analysis of [[iBoot]] by [[User:Zibri|Zibri]] revealed the [[AES Keys#Key 0x837|0x837 key]]. |
In order to decrypt them, you need to remove the 2048 byte (2 KiB) [[8900 File Format|8900 header]] from, then decrypt the resulting file. You can do this with either a hex editor, or open up a console and run <code>dd(1)</code><sup>[{{man|dd|1}}]</sup>: |
In order to decrypt them, you need to remove the 2048 byte (2 KiB) [[8900 File Format|8900 header]] from, then decrypt the resulting file. You can do this with either a hex editor, or open up a console and run <code>dd(1)</code><sup>[{{man|dd|1}}]</sup>: |
||
Line 32: | Line 33: | ||
=== 3.0[[Golden Master|GM]]/3.0 === |
=== 3.0[[Golden Master|GM]]/3.0 === |
||
OS X Snow Leopard introduced the HFS compressed disk image. With 3.0 (what beta?), Apple began using Snow Leopard to package the [[ramdisk]]s. This results in some zero sized files in the disk image if you don't use Snow Leopard or newer. A discussion on extracting those files is available on [[Talk:Decrypting Firmwares|the talk page]]. |
OS X Snow Leopard introduced the HFS compressed disk image. With 3.0 (what beta?), Apple began using Snow Leopard to package the [[ramdisk]]s. This results in some zero sized files in the disk image if you don't use Snow Leopard or newer. A discussion on extracting those files is available on [[Talk:Decrypting Firmwares|the talk page]]. |
||
+ | |||
==== [[S5L8900]] ==== |
==== [[S5L8900]] ==== |
||
<!-- This needs to be moved to a new page. Maybe [[Obtaining Decryption Keys]]? --> |
<!-- This needs to be moved to a new page. Maybe [[Obtaining Decryption Keys]]? --> |
||
Line 38: | Line 40: | ||
==== [[S5L8720]] ==== |
==== [[S5L8720]] ==== |
||
Business as usual, but keys and IVs have to be decrypted on the device still, unlike with the new [[S5L8900]] [[KBAG]]s. Apple incorrectly assumed that by encrypting iBEC and iBSS they were being sly. They were not. You can decrypt those on a 2.2.1 aes setup no problem whatsoever. |
Business as usual, but keys and IVs have to be decrypted on the device still, unlike with the new [[S5L8900]] [[KBAG]]s. Apple incorrectly assumed that by encrypting iBEC and iBSS they were being sly. They were not. You can decrypt those on a 2.2.1 aes setup no problem whatsoever. |
||
+ | |||
==== [[S5L8920]] ==== |
==== [[S5L8920]] ==== |
||
− | The [[ |
+ | The [[N88AP|iPhone 3GS]] firmware files are interesting. They have two [[KBAG]]s, which use AES-256 instead of the [[S5L8900]] and [[S5L8720]] that are using AES-128 still. The first KBAG has an identifier in it's header indicating that it is to be decrypted with the gid key, and the second is not known. For those that don't know how AES256 works, this now means that the first 0x10 bytes are the IV, and the remaining 0x20 bytes (not 0x10 anymore!) are the key. |
[[Category:Decryption]] |
[[Category:Decryption]] |
Revision as of 07:41, 8 October 2015
iOS contains many layers of encryption. This page details how to remove the encryption wrapper around each file in the IPSW file. A decrypted ramdisk is required to obtain the key for the root filesystem, but not to simply decrypt it with an existing key.
For more history, see Firmware Keys.
Contents
Ramdisks
This section details the decryption of the ramdisks in an IPSW file. The listed console commands are applicable to the IMG2 or IMG3 files under /Firmware
also.
1.0.x
With the release of the iPhone, the IMG2 files weren't encrypted. So, in order to use them, all you need to do is remove the 2048 byte (2 KiB) 8900 header from the file. You can do this with either a hex editor, or open up a console and run dd(1)
[man]:
dd if=input of=output bs=512 skip=4 conv=sync
Once the header has been stripped, you will be left with either an IMG2 file or a mountable HFS filesystem.
1.1.x - 2.0b3
With the release of the iPod touch, Apple added a layer of encryption around the IMG2. The decryption key wasn't obscured however, and a simple analysis of iBoot by Zibri revealed the 0x837 key.
In order to decrypt them, you need to remove the 2048 byte (2 KiB) 8900 header from, then decrypt the resulting file. You can do this with either a hex editor, or open up a console and run dd(1)
[man]:
dd if=input of=stripped bs=512 skip=4 conv=sync
Once the header is stripped, you need to do the actual decryption. The ramdisk is encrypted using AES-128 with cipher block chaining (CBC). The key is the 0x837 key with no IV. To decrypt, open up a console and run openssl(1)
[man]:
openssl enc -d -in stripped -out output -aes-128-cbc -K 188458a6d15034dfe386f23b61d43774 -iv 0
Once decrypted, you will be left with either an IMG2 file or a mountable HFS filesystem.
2.0b4 - 3.0b5
With the fourth beta of 2.0, Apple introduced the IMG3 file format, replacing the broken IMG2 file format. This format was soon reversed and img3decrypt[src] was created by Steven Smith (@stroughtonsmith) on 21 August 2008. His code was later implemented into xpwntool[src]. In order to decrypt an IMG3 file, open a console and run one of the commands depending on your program choice:
img3decrypt e input output iv key xpwntool input output -k key -iv iv
The IV and key for a specific firmware is available through the Firmware Keys page or from the Info.plist
file underneath PwnageTool's /FirmwareBundles
folder.
Once decrypted, you will be left with either a raw binary blob. If input
was a ramdisk, output
will be a mountable HFS filesystem.
3.0GM/3.0
OS X Snow Leopard introduced the HFS compressed disk image. With 3.0 (what beta?), Apple began using Snow Leopard to package the ramdisks. This results in some zero sized files in the disk image if you don't use Snow Leopard or newer. A discussion on extracting those files is available on the talk page.
S5L8900
With the 3.0 Golden Master (7A341) and 3.0.1, Apple messed up and, instead of using the application processor-specific GID Key, used a pseudo-GID of 5f650295e1fffc97ce77abd49dd955b3 to encrypt the KBAG. This makes obtaining the keys for this version dead simple. Once you have decrypted the KBAG, decryption using the keys in it is the same as above.
S5L8720
Business as usual, but keys and IVs have to be decrypted on the device still, unlike with the new S5L8900 KBAGs. Apple incorrectly assumed that by encrypting iBEC and iBSS they were being sly. They were not. You can decrypt those on a 2.2.1 aes setup no problem whatsoever.
S5L8920
The iPhone 3GS firmware files are interesting. They have two KBAGs, which use AES-256 instead of the S5L8900 and S5L8720 that are using AES-128 still. The first KBAG has an identifier in it's header indicating that it is to be decrypted with the gid key, and the second is not known. For those that don't know how AES256 works, this now means that the first 0x10 bytes are the IV, and the remaining 0x20 bytes (not 0x10 anymore!) are the key.