Difference between revisions of "DFU Mode"

From The iPhone Wiki
Jump to: navigation, search
m (Consistency please.)
(Updating instructions on entering and exiting)
(8 intermediate revisions by 5 users not shown)
Line 1: Line 1:
'''DFU''' or '''Device Firmware Upgrade''' mode allows all devices to be restored from any state.
+
'''DFU''' or '''Device Firmware Upgrade''' mode allows all devices to be restored from any state. It is essentially a mode where the BootROM can accept iBSS. DFU is burned into the hardware, so it cannot be removed. On A7+ devices, it generates an ApNonce and recognizes APTickets as well, so even in DFU, it can accept an APTicket.
   
==DFU Mode==
+
== Entering DFU Mode ==
  +
=== Apple TV ===
===Entering DFU Mode on iPhone, iPad or iPod touch===
 
  +
# Force the device to reboot by holding down the "Menu" and "Down" buttons simultaneously for 6-7 seconds.
# Turn off the device.
 
  +
# Press "Menu" and "Play" simultaneously right after reboot, until a message pops up in [[iTunes]], saying that it has detected an Apple TV in Recovery Mode.
# Hold the Power button for 3 seconds.
 
# Plug your device into your computer with a USB cable.
+
# Plug the device into your computer using a Micro-USB cable.
# Hold the Home and Power buttons for 10 seconds.
 
# Release the Power button but keep holding the Home button.
 
# After about 15 seconds you will be alerted by iTunes saying that it has detected a device in Recovery Mode.
 
   
  +
=== iPad, iPhone 6s and below, iPhone SE and iPod touch ===
'''Make sure the device screen is blank and no logos are present'''
 
  +
# Connect the device to a computer using a USB cable.
  +
# Hold down both the Home button and Lock button.
  +
# After 8 seconds, release the Lock button while continuing to hold down the Home button.
  +
#* If the Apple logo appears, the Lock button was held down for too long.
  +
# Nothing will be displayed on the screen when the device is in DFU mode. If open, iTunes will alert you that a device was detected in recovery mode.
  +
#* If your device shows a screen telling you to connect the device to iTunes, retry these steps.
   
===Exiting DFU Mode on iPhone, iPad or iPod touch===
+
=== iPhone 7 and iPhone 7 Plus ===
# Hold the Home and Power buttons until the Apple Logo appears.
+
# Connect the device to a computer using a USB cable.
  +
# Hold down both the Side button and Volume Down button.
  +
# After 8 seconds, release the Side button while continuing to hold down the Volume Down button.
  +
#* If the Apple logo appears, the Side button was held down for too long.
  +
# Nothing will be displayed on the screen when the device is in DFU mode. If open, iTunes will alert you that a device was detected in recovery mode.
  +
#* If your device shows a screen telling you to connect the device to iTunes, retry these steps.
   
  +
=== iPhone 8, iPhone 8 Plus and iPhone X ===
===Entering DFU Mode on Apple TV===
 
# Plug the device into your computer using a microUSB cable.
+
# Connect the device to a computer using a USB cable.
  +
# Quick-press the Volume Up button
# Force the device to reboot by holding down the "Menu" and "Down" buttons simultaneously for 6-7 seconds.
 
  +
# Quick-press the Volume Down button
# Press "Menu" and "Play" simultaneously right after reboot, until a message pops up in [[iTunes]], saying that it has detected an Apple TV in Recovery Mode.
 
  +
# Hold down the Side button until the screen goes black, then hold down both the Side button and Volume Down button.
  +
# After 5 seconds, release the Side button while continuing to hold down the Volume Down button.
  +
#* If the Apple logo appears, the Side button was held down for too long.
  +
# Nothing will be displayed on the screen when the device is in DFU mode. If open, iTunes will alert you that a device was detected in recovery mode.
  +
#* If your device shows a screen telling you to connect the device to iTunes, retry these steps.
   
===Exiting DFU Mode on Apple TV===
+
== Exiting DFU Mode ==
  +
To exit DFU Mode, simply force restart your device.
# Hold down the "Menu" and "Down" buttons. The Apple TV will reboot.
 
  +
  +
* For Apple TV, hold down the "Menu" and "Down" buttons on your remote until the Apple TV reboots.
  +
* For iPad, iPhone 6s and below, iPhone SE and iPod touch, hold the Home button and the Lock button until the device reboots.
  +
* For iPhone 7 and iPhone 7 Plus, hold down the Side button and Volume Down button until the device reboots.
  +
* For iPhone 8, iPhone 8 Plus, and iPhone X, quick-press the Volume Up button, then quick-press the Volume Down button, then hold down the Side button until the device reboots.
   
 
==Enter True Hardware DFU Mode Automatically==
 
==Enter True Hardware DFU Mode Automatically==
Line 28: Line 46:
 
===Steps===
 
===Steps===
 
# Make a copy of a fresh IPSW file.
 
# Make a copy of a fresh IPSW file.
# Open the IPSW as a zip folder and browse to /firmware/all_Flash/all_flash.xxxxx.production/
+
# Open the IPSW as a zip folder and browse to /firmware/all_flash/all_flash.xxxxx.production/
# Extract LLB.*****.RELEASE.img3 and open it in a hex editor.
+
# Extract LLB.*****.RELEASE.img3/im4p and open it in a hex editor.
 
# Change some random bit or bits, it doesn't matter which or what you write.
 
# Change some random bit or bits, it doesn't matter which or what you write.
 
# Add the edited file back to the zip, rename zip to ipsw and restore it to your device using iTunes.
 
# Add the edited file back to the zip, rename zip to ipsw and restore it to your device using iTunes.
Line 39: Line 57:
 
# Delete LLB.*****.RELEASE.img3.
 
# Delete LLB.*****.RELEASE.img3.
 
# Copy applelogo.********.img3 to temporary directory.
 
# Copy applelogo.********.img3 to temporary directory.
# Rename the copy of applelogo.********.img3 to LLB.*****.RELEASE.img3. (If you forget the name of the LLB file, you can find it again in the file named manifest.)
+
# Rename the copy of applelogo.********.img3/im4p to LLB.*****.RELEASE.img3/im4p. (If you forget the name of the LLB file, you can find it again in the file named manifest.)
 
# Copy the renamed applelogo file back to the all_flash.xxxxx.production directory.
 
# Copy the renamed applelogo file back to the all_flash.xxxxx.production directory.
 
# Rename the zip.
 
# Rename the zip.
Line 46: Line 64:
 
==DFU Mode Output to the computer==
 
==DFU Mode Output to the computer==
 
<pre>iProduct: "Apple Mobile Device (DFU Mode)"</pre> <pre>iSerialNumber: "CPID:XXXX CPRV:15 CPFM:03 SCEP:03 BDID:00 ECID:XXXXXXXXXXXXXXXX SRTG:[iBoot-XXX.X.X]"</pre>
 
<pre>iProduct: "Apple Mobile Device (DFU Mode)"</pre> <pre>iSerialNumber: "CPID:XXXX CPRV:15 CPFM:03 SCEP:03 BDID:00 ECID:XXXXXXXXXXXXXXXX SRTG:[iBoot-XXX.X.X]"</pre>
  +
 
==Revisions==
 
==Revisions==
 
===[[S5L8900]] (0x1222)===
 
===[[S5L8900]] (0x1222)===
This is the device ID in the [[N45ap|iPod touch]], the [[M68ap|iPhone]], and the [[N82ap|iPhone 3G]]. For more information about the protocol, see [[DFU 0x1222]].
+
This is the device ID in the [[N45AP|iPod touch]], the [[M68AP|iPhone]], and the [[N82AP|iPhone 3G]]. For more information about the protocol, see [[DFU 0x1222]].
   
 
===[[S5L8720 Bootrom|S5L8720]], [[S5L8920]], and [[WTF|WTF mode post-2.0]] (0x1227)===
 
===[[S5L8720 Bootrom|S5L8720]], [[S5L8920]], and [[WTF|WTF mode post-2.0]] (0x1227)===
This is the device ID in the [[N72ap|iPod touch 2G]], the [[N88ap|iPhone 3GS]], the [[N90ap|iPhone 4]] and [[WTF|WTF mode]]. For more information on the protocol, see [[DFU 0x1227]].
+
This is the device ID in the [[N72AP|iPod touch (2nd generation)]], the [[N88AP|iPhone 3GS]], the [[N90AP|iPhone 4]], subsequent 32 bit devices, all 64 bit devices, and [[WTF|WTF mode]]. For more information on the protocol, see [[DFU 0x1227]].
   
 
[[Category:Bootrom]]
 
[[Category:Bootrom]]

Revision as of 18:46, 19 November 2017

DFU or Device Firmware Upgrade mode allows all devices to be restored from any state. It is essentially a mode where the BootROM can accept iBSS. DFU is burned into the hardware, so it cannot be removed. On A7+ devices, it generates an ApNonce and recognizes APTickets as well, so even in DFU, it can accept an APTicket.

Entering DFU Mode

Apple TV

  1. Plug the device into your computer using a Micro-USB cable.
  2. Force the device to reboot by holding down the "Menu" and "Down" buttons simultaneously for 6-7 seconds.
  3. Press "Menu" and "Play" simultaneously right after reboot, until a message pops up in iTunes, saying that it has detected an Apple TV in Recovery Mode.

iPad, iPhone 6s and below, iPhone SE and iPod touch

  1. Connect the device to a computer using a USB cable.
  2. Hold down both the Home button and Lock button.
  3. After 8 seconds, release the Lock button while continuing to hold down the Home button.
    • If the Apple logo appears, the Lock button was held down for too long.
  4. Nothing will be displayed on the screen when the device is in DFU mode. If open, iTunes will alert you that a device was detected in recovery mode.
    • If your device shows a screen telling you to connect the device to iTunes, retry these steps.

iPhone 7 and iPhone 7 Plus

  1. Connect the device to a computer using a USB cable.
  2. Hold down both the Side button and Volume Down button.
  3. After 8 seconds, release the Side button while continuing to hold down the Volume Down button.
    • If the Apple logo appears, the Side button was held down for too long.
  4. Nothing will be displayed on the screen when the device is in DFU mode. If open, iTunes will alert you that a device was detected in recovery mode.
    • If your device shows a screen telling you to connect the device to iTunes, retry these steps.

iPhone 8, iPhone 8 Plus and iPhone X

  1. Connect the device to a computer using a USB cable.
  2. Quick-press the Volume Up button
  3. Quick-press the Volume Down button
  4. Hold down the Side button until the screen goes black, then hold down both the Side button and Volume Down button.
  5. After 5 seconds, release the Side button while continuing to hold down the Volume Down button.
    • If the Apple logo appears, the Side button was held down for too long.
  6. Nothing will be displayed on the screen when the device is in DFU mode. If open, iTunes will alert you that a device was detected in recovery mode.
    • If your device shows a screen telling you to connect the device to iTunes, retry these steps.

Exiting DFU Mode

To exit DFU Mode, simply force restart your device.

  • For Apple TV, hold down the "Menu" and "Down" buttons on your remote until the Apple TV reboots.
  • For iPad, iPhone 6s and below, iPhone SE and iPod touch, hold the Home button and the Lock button until the device reboots.
  • For iPhone 7 and iPhone 7 Plus, hold down the Side button and Volume Down button until the device reboots.
  • For iPhone 8, iPhone 8 Plus, and iPhone X, quick-press the Volume Up button, then quick-press the Volume Down button, then hold down the Side button until the device reboots.

Enter True Hardware DFU Mode Automatically

The EnterDFU function in the MobileDevice Library does not enter the true DFU Mode in the hardware. It's possible to enter the true DFU Mode without doing it manually, but it cannot be exited unless a restore is performed, as it creates a DFU Loop. This doesn't work with S5L8900 devices.

Steps

  1. Make a copy of a fresh IPSW file.
  2. Open the IPSW as a zip folder and browse to /firmware/all_flash/all_flash.xxxxx.production/
  3. Extract LLB.*****.RELEASE.img3/im4p and open it in a hex editor.
  4. Change some random bit or bits, it doesn't matter which or what you write.
  5. Add the edited file back to the zip, rename zip to ipsw and restore it to your device using iTunes.
  6. The restore will error out and your device will be in DFU Mode.

Alternative Method

If the previous method does not work for you, try this one.

  1. Do steps 1 and 2 from above.
  2. Delete LLB.*****.RELEASE.img3.
  3. Copy applelogo.********.img3 to temporary directory.
  4. Rename the copy of applelogo.********.img3/im4p to LLB.*****.RELEASE.img3/im4p. (If you forget the name of the LLB file, you can find it again in the file named manifest.)
  5. Copy the renamed applelogo file back to the all_flash.xxxxx.production directory.
  6. Rename the zip.
  7. Restore the file using iTunes. (If every thing goes well, you should receive an error 31 from iTunes.)

DFU Mode Output to the computer

iProduct: "Apple Mobile Device (DFU Mode)"
iSerialNumber: "CPID:XXXX CPRV:15 CPFM:03 SCEP:03 BDID:00 ECID:XXXXXXXXXXXXXXXX SRTG:[iBoot-XXX.X.X]"

Revisions

S5L8900 (0x1222)

This is the device ID in the iPod touch, the iPhone, and the iPhone 3G. For more information about the protocol, see DFU 0x1222.

S5L8720, S5L8920, and WTF mode post-2.0 (0x1227)

This is the device ID in the iPod touch (2nd generation), the iPhone 3GS, the iPhone 4, subsequent 32 bit devices, all 64 bit devices, and WTF mode. For more information on the protocol, see DFU 0x1227.