|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Firmware Keys"
m (→Notes: The S5L8942 is a revision to the A5 chip. (See the tech specs for the Apple TV 3G and iPad 2.)) |
m (iKeyHelper does not replace genpass, it /uses/ genpass.) |
||
| Line 3: | Line 3: | ||
[[S5L File Formats#IMG2|IMG2]] was the file format used prior to iOS 2.0. For iOS 1.1.x, IMG2 files were encrypted with Key 0x837. |
[[S5L File Formats#IMG2|IMG2]] was the file format used prior to iOS 2.0. For iOS 1.1.x, IMG2 files were encrypted with Key 0x837. |
||
| − | [[IMG3 File Format|IMG3]] encrypted files contain encrypted versions of the VFDecrypt Keys as part of the [[KBAG]] (key bag). These can be decrypted with the [[GID-key]]. For jailbroken iDevices the VFDecrypt keys can be retrieved with the devices [[AES Keys|hardware AES engine]]. The VFDecrypt key for the root filesystem image of an iDevice (~500 MB to 800MB in the case of iOS 5) requires either a decrypted [[Restore Ramdisk]] or [[Update Ramdisk]]. Once you have a decrypted Restore or Update Ramdisk, [[GenPass |
+ | [[IMG3 File Format|IMG3]] encrypted files contain encrypted versions of the VFDecrypt Keys as part of the [[KBAG]] (key bag). These can be decrypted with the [[GID-key]]. For jailbroken iDevices the VFDecrypt keys can be retrieved with the devices [[AES Keys|hardware AES engine]]. The VFDecrypt key for the root filesystem image of an iDevice (~500 MB to 800MB in the case of iOS 5) requires either a decrypted [[Restore Ramdisk]] or [[Update Ramdisk]]. Once you have a decrypted Restore or Update Ramdisk, [[GenPass]] can be used to gather the keys for the root filesystem. |
For the root filesystem there is one key per device model, with no IV. You can mount this once it has been decrypted using your program of choice. (For example, 7-zip on Windows (after extracting the DMG on Windows, extract the biggest file with {{wp|7-Zip}}) |
For the root filesystem there is one key per device model, with no IV. You can mount this once it has been decrypted using your program of choice. (For example, 7-zip on Windows (after extracting the DMG on Windows, extract the biggest file with {{wp|7-Zip}}) |
||
Revision as of 12:25, 28 April 2012
VFDecrypt Keys are the keys which can decrypt the files that come with the firmware. Apple uses a public-private key encryption to ensure the safety of their files. Over time Apple has changed the way to encrypt firmware files, thus the way to decrypt files as well as the way to get the VFDecrypt Keys has also.
IMG2 was the file format used prior to iOS 2.0. For iOS 1.1.x, IMG2 files were encrypted with Key 0x837.
IMG3 encrypted files contain encrypted versions of the VFDecrypt Keys as part of the KBAG (key bag). These can be decrypted with the GID-key. For jailbroken iDevices the VFDecrypt keys can be retrieved with the devices hardware AES engine. The VFDecrypt key for the root filesystem image of an iDevice (~500 MB to 800MB in the case of iOS 5) requires either a decrypted Restore Ramdisk or Update Ramdisk. Once you have a decrypted Restore or Update Ramdisk, GenPass can be used to gather the keys for the root filesystem. For the root filesystem there is one key per device model, with no IV. You can mount this once it has been decrypted using your program of choice. (For example, 7-zip on Windows (after extracting the DMG on Windows, extract the biggest file with Template:Wp)
Notes
The Update Ramdisk and Restore Ramdisks share the same IV and key per type of Application Processor. The current models are:
| Application Processor | iDevice |
|---|---|
| S5L8900 | iPhone, iPhone 3G, iPod touch |
| S5L8720 | iPhone, iPod touch 2G |
| S5L8920 | iPhone 3GS |
| S5L8922 | iPod touch 3G |
| S5L8930 (A4) | iPad, iPhone 4, iPod touch 4G, Apple TV 2G |
| S5L8940 (A5) | iPad 2, iPhone 4S |
| S5L8942 (revised A5) | iPad 2 Wi-Fi R2, Apple TV 3G |
| S5L8945 (A5X) | iPad 3 |
You can use img3decrypt[1] or xpwntool[2] to decrypt these as described in Ramdisk Decryption. Once done, mount or extract using the tool of your choice.
When posting a key page, please use the key template (IN THE CORRECT ORDER) and do NOT Template:Wp it.
For the VFDecrypt Keys of each firmware please check the builds listed at the appropiate firmware version page.
Firmware versions
- Main articles: Firmware, Beta Firmware
Gaps
As you will notice, there may be a gap or two, or a key for a current build that is not there. Please feel free to add them, but please be sure that it is only the key for a User or Developer build, as if you gave the key for another type of build that might or may not be out there people could get in trouble, and we do not want that. Thanks for contributing!
