Difference between revisions of "Restore Process"

From The iPhone Wiki
Jump to: navigation, search
(Undo revision 5509 by 1337urmompois0n (Talk))
 
Line 1: Line 1:
  +
== 1.1.4 > 2.0 Restore ==
  +
This restore was performed, logged and dumped by scotty2. It was originally in a manifesto made while cracking the img3 format, so it may be typed up a little oddly
   
  +
=== The Process ===
Haxed by 1337Urmom at The Pois0nhack team
 
  +
# iTunes maps iBEC (WTF.m68ap.RELEASE.dfu) at 0x90000000.
Haxed by 1337Urmom at The Pois0nhack team
 
  +
# iBoot decrypts it, as it is an Img2 file, then runs it.
Haxed by 1337Urmom at The Pois0nhack team
 
  +
# iBEC does a check to see if it is mapped at 0x18000000, and if it is not, it remaps itself there.
Haxed by 1337Urmom at The Pois0nhack team
 
  +
# Sometime at the beginning of the iBEC's routine, it gives the iPhone whatever it needs to decrypt Img3 files, as you will obviously guess by reading the rest of these
Haxed by 1337Urmom at The Pois0nhack team
 
  +
# iTunes sends iBEC the kernelcache and the ramdisk. Both in Img3 format.
 
  +
# iBEC decrypts ramdisk and kernelcache then boots kernelcache.
Haxed by 1337Urmom at The Pois0nhack team
 
  +
# The ramdisk/kernel then copy the rootfs over, then flash the new devicetree, iBEC, iBSS, and iBoot.
Haxed by 1337Urmom at The Pois0nhack team
 
  +
# After the rootfs and the img3 files, it will flash over the baseband and friends.
Haxed by 1337Urmom at The Pois0nhack team
 
Haxed by 1337Urmom at The Pois0nhack team
 
Haxed by 1337Urmom at The Pois0nhack team
 
 
Haxed by 1337Urmom at The Pois0nhack team
 
Haxed by 1337Urmom at The Pois0nhack team
 
Haxed by 1337Urmom at The Pois0nhack team
 
Haxed by 1337Urmom at The Pois0nhack team
 
Haxed by 1337Urmom at The Pois0nhack team
 
 
Haxed by 1337Urmom at The Pois0nhack team
 
Haxed by 1337Urmom at The Pois0nhack team
 
Haxed by 1337Urmom at The Pois0nhack team
 
Haxed by 1337Urmom at The Pois0nhack team
 
Haxed by 1337Urmom at The Pois0nhack team
 
 
Haxed by 1337Urmom at The Pois0nhack team
 
Haxed by 1337Urmom at The Pois0nhack team
 
Haxed by 1337Urmom at The Pois0nhack team
 
Haxed by 1337Urmom at The Pois0nhack team
 
Haxed by 1337Urmom at The Pois0nhack team
 
 
Haxed by 1337Urmom at The Pois0nhack team
 
Haxed by 1337Urmom at The Pois0nhack team
 
Haxed by 1337Urmom at The Pois0nhack team
 
Haxed by 1337Urmom at The Pois0nhack team
 
Haxed by 1337Urmom at The Pois0nhack team
 
 
Haxed by 1337Urmom at The Pois0nhack team
 
Haxed by 1337Urmom at The Pois0nhack team
 
Haxed by 1337Urmom at The Pois0nhack team
 
Haxed by 1337Urmom at The Pois0nhack team
 
Haxed by 1337Urmom at The Pois0nhack team
 
 
Haxed by 1337Urmom at The Pois0nhack team
 
Haxed by 1337Urmom at The Pois0nhack team
 
Haxed by 1337Urmom at The Pois0nhack team
 
Haxed by 1337Urmom at The Pois0nhack team
 
Haxed by 1337Urmom at The Pois0nhack team
 
 
Haxed by 1337Urmom at The Pois0nhack team
 
Haxed by 1337Urmom at The Pois0nhack team
 
Haxed by 1337Urmom at The Pois0nhack team
 
Haxed by 1337Urmom at The Pois0nhack team
 
Haxed by 1337Urmom at The Pois0nhack team
 
 
Haxed by 1337Urmom at The Pois0nhack team
 
Haxed by 1337Urmom at The Pois0nhack team
 
Haxed by 1337Urmom at The Pois0nhack team
 
Haxed by 1337Urmom at The Pois0nhack team
 
Haxed by 1337Urmom at The Pois0nhack team
 
 
Haxed by 1337Urmom at The Pois0nhack team
 
Haxed by 1337Urmom at The Pois0nhack team
 
Haxed by 1337Urmom at The Pois0nhack team
 
Haxed by 1337Urmom at The Pois0nhack team
 
Haxed by 1337Urmom at The Pois0nhack team
 
 
Haxed by 1337Urmom at The Pois0nhack team
 
Haxed by 1337Urmom at The Pois0nhack team
 
Haxed by 1337Urmom at The Pois0nhack team
 
Haxed by 1337Urmom at The Pois0nhack team
 
Haxed by 1337Urmom at The Pois0nhack team
 
 
Haxed by 1337Urmom at The Pois0nhack team
 
Haxed by 1337Urmom at The Pois0nhack team
 
Haxed by 1337Urmom at The Pois0nhack team
 
Haxed by 1337Urmom at The Pois0nhack team
 
Haxed by 1337Urmom at The Pois0nhack team
 
v
 

Latest revision as of 07:26, 7 November 2009

1.1.4 > 2.0 Restore

This restore was performed, logged and dumped by scotty2. It was originally in a manifesto made while cracking the img3 format, so it may be typed up a little oddly

The Process

  1. iTunes maps iBEC (WTF.m68ap.RELEASE.dfu) at 0x90000000.
  2. iBoot decrypts it, as it is an Img2 file, then runs it.
  3. iBEC does a check to see if it is mapped at 0x18000000, and if it is not, it remaps itself there.
  4. Sometime at the beginning of the iBEC's routine, it gives the iPhone whatever it needs to decrypt Img3 files, as you will obviously guess by reading the rest of these
  5. iTunes sends iBEC the kernelcache and the ramdisk. Both in Img3 format.
  6. iBEC decrypts ramdisk and kernelcache then boots kernelcache.
  7. The ramdisk/kernel then copy the rootfs over, then flash the new devicetree, iBEC, iBSS, and iBoot.
  8. After the rootfs and the img3 files, it will flash over the baseband and friends.