Internal Firmware

From The iPhone Wiki
Revision as of 16:47, 20 July 2015 by ShadowLee19 (talk | contribs) (I added some infos.)
Jump to: navigation, search
See also: Beta Firmware

This (will be) a documented list of known factory firmwares, used by Apple workers in California to do engineering tests on prototype devices and also by factory workers on production ones during manufacturing. Factory firmwares are based on production iOS ones, but adapted for internal engineering tests, development and debugging. They are also known as "NonUI (No User Interface)" builds, probably because most applications are command line ones. The SpringBoard replacement, named SwitchBoard, allow launching a GUI of some of those applications. Unlike production iOS firmwares, factory ones have the following differences :

  • Contain DEVELOPMENT Fused bootloaders in \Firmware\dfu\ and \Firmware\all_flash\all_flash.[board codename].factoryfa\.
  • Contain DEVELOPMENT Fused kernel cache with more symbols, and with individual kexts in /System/Library/Extensions
  • Contain Skankwerk (gear) logo image file in \Firmware\all_flash\all_flash.[board codename].factoryfa\.
  • Have the /AppleInternal folder, which the hierarchy inside get priority over hierarchy in /.
  • No SpringBoard, requires the use of daemons to launch as a multi-app launcher instead.
  • /usr and subfolders contain many UNIX command line utilities.
  • SSH daemon is pre-installed - as dropbear
  • Boot loader passes arguments to kernel (unlike RELEASE boot loaders as of iOS 5.0) which makes it easy to disable AMFI
  • It has some Private Frameworks in /System/Library/PrivateFrameworks for internal GUI apps and command line utilities.
  • Most internal applications require the use of SkankKit to produce special layers such as text on the framebuffer.

Unlike regular iOS Firmwares, factory ones are distributed in "restore bundles". Those are unzipped IPSW files which can be restored on devices using an internal restore software such as PurpleRestore. Release and factory firmwares "restore bundles" have the same packaging structure (bootloaders, kernel, restore ramdisk, update ramdisk and root filesystem).

Some interesting facts about factory firmwares

  • Design: Apple seems to use the same GUI design from the production firmware to the factory one. Production iOS 1.x to 6.x skeuomorphism design is also present on 1.x to 6.x factory firmwares, but seems really more excessive than production ones. For exemple, the "skankwerk" boot logo represents a real gear and many GUI icons are realistic or simply photos of real life things (especially in Operator). For newer versions, production iOS 7.x to 9.x flat design is mostly used in 7.x to 9.x factory firmwares. For exemple, the new "skankwerk" boot logo is likely a flat, simple white gear. Some newer internal applications like Earthbound also use a "flat" design.
  • Other: The "skank" word is used to name multiple elements of factory firmwares. For exemple, there is "skankphone", "skankbattery" (the green battery shown in SwitchBoard), "skankwerk" logo, "skankkit" framework, "purpleskank" (used by BurnIn) and probably some other. The "skank" word seems to be a reference to "Skunkworks" projects, which are secrecy projects that are usually innovative. Read more about "Skunkworks" on Wikipedia
Version Build Codename Baseband SHA1 Hash Comments File Size Device
1.0 1A420 Alpine 03.06.01_G[1] 6e798e906c6590a7521ef89b731569be6d05b3aa Originally available here, but was soon taken down. 109,813,128 iPhone
4A57 ? ? Runs SwitchBoard, a simple launcher for other utilities. ?
3.1b 7C108b Sierra iPhone 3GS
Inf1 8A2062a Inferno iPhone 4
? 7C144 Inferno iPod 3G
7C1023e Inferno
8A2062a Inferno iPhone 4
6.0 10A23110z Inferno iPhone 5
7.0.3 11B64940j Inferno iPad mini 2
8.0 12A9331h Inferno iPhone 6