Internal Firmware

From The iPhone Wiki
Revision as of 18:10, 20 July 2015 by ShadowLee19 (talk | contribs) (I corrected the layout.)
Jump to: navigation, search
See also: Beta Firmware

This (will be) a documented list of known factory firmwares, used by Apple workers in California to do engineering tests on prototype devices and also by factory workers on production ones during manufacturing. Factory firmwares are based on production iOS ones, but adapted for internal engineering tests, development and debugging.

They are also known as "NonUI (No User Interface)" builds, probably because most applications are command line ones. The SpringBoard replacement, named SwitchBoard, allow launching a GUI of some of those applications. Unlike production iOS firmwares, factory ones have the following differences :

  • Contain DEVELOPMENT Fused bootloaders in \Firmware\dfu\ and \Firmware\all_flash\all_flash.[board codename].factoryfa\.
  • Contain DEVELOPMENT Fused kernel cache with more symbols, and with individual kexts in /System/Library/Extensions
  • Contain Skankwerk (gear) logo image file in \Firmware\all_flash\all_flash.[board codename].factoryfa\.
  • Have the /AppleInternal folder, which the hierarchy inside get priority over hierarchy in /.
  • No SpringBoard, requires the use of daemons to launch SwitchBoard.app as a multi-app launcher instead.
  • /usr and subfolders contain many UNIX command line utilities.
  • SSH daemon is pre-installed - as dropbear
  • Boot loader passes arguments to kernel (unlike RELEASE boot loaders as of iOS 5.0) which makes it easy to disable AMFI
  • It has some Private Frameworks in /System/Library/PrivateFrameworks for internal GUI apps and command line utilities.
  • Most internal applications require the use of SkankKit to produce special layers such as text on the framebuffer.

Unlike regular iOS Firmwares, factory ones are distributed in "restore bundles". Those are unzipped IPSW files which can be restored on devices using an internal restore software such as PurpleRestore. Release and factory firmwares "restore bundles" have the same packaging structure (bootloaders, kernel, restore ramdisk, update ramdisk and root filesystem).

Some interesting facts about factory firmwares

  • Design: Apple seems to use the same GUI design from the production firmware to the factory one. Production iOS 1.x to 6.x skeuomorphism design is also present on 1.x to 6.x factory firmwares, but seems really more excessive than production ones. For exemple, the "skankwerk" boot logo represents a real gear and many GUI icons are realistic or simply photos of real life things (especially in Operator). For newer versions, production iOS 7.x to 9.x flat design is mostly used in 7.x to 9.x factory firmwares. For exemple, the new "skankwerk" boot logo is likely a flat, simple white gear. Some newer internal applications like Earthbound also use a "flat" design.
  • Other: The "skank" word is used to name multiple elements of factory firmwares. For exemple, there is "skankphone", "skankbattery" (the green battery shown in SwitchBoard), "skankwerk" logo, "skankkit" framework, "purpleskank" (used by BurnIn) and probably some other. The "skank" word seems to be a reference to "Skunkworks" projects, which are secrecy projects that are usually innovative. Read more about "Skunkworks" on Wikipedia https://en.wikipedia.org/wiki/Skunkworks_project.

iPhone 2G

Version Build Codename Baseband Comments
1.0 1A420 Alpine 03.06.01_G[1] Originally available here, but was soon taken down.
4A57 ? -

iPhone 3GS

Version Build Codename Baseband Comments
3.1b 7C108b Sierra ? -

iPhone 4

Version Build Codename Baseband Comments
4.0 8A2062a Inferno ? -

iPhone 5

Version Build Codename Baseband Comments
6.0 10A23110z Inferno ? -

iPhone 6

Version Build Codename Baseband Comments
8.0 12A9331h Inferno ? -

iPod 3G

Version Build Codename Baseband Comments
3.1 7C144 Inferno - -
3.1 7C1023e Inferno - -

iPad mini 2

Version Build Codename Baseband Comments
7.0.3 11B64940j Inferno - -