Restore Process

From The iPhone Wiki
Revision as of 18:16, 28 July 2008 by ChronicDev (talk | contribs) (1.1.4 > 2.0 Restore)
Jump to: navigation, search

1.1.4 > 2.0 Restore

This restore was performed, logged and dumped by scotty2

The Process

  1. iTunes maps iBEC (WTF.m68ap.RELEASE.dfu) at 0x90000000.
  2. iBoot decrypts it, as it is an Img2 file, then runs it.
  3. iBEC does a check to see if it is mapped at 0x18000000, and if it is not, it remaps itself there.
  4. Sometime at the beginning of the iBEC's routine, it gives the iPhone whatever it needs to decrypt Img3 files, as you will obviously guess by reading the rest of these
  5. iTunes sends iBEC the kernelcache and the ramdisk. Both in Img3 format.
  6. iBEC decrypts ramdisk and kernelcache then boots kernelcache.
  7. The ramdisk/kernel then copy the rootfs over, then flash the new devicetree, iBEC, iBSS, and iBoot.
  8. After the rootfs and the img3 files, it will flash over the baseband and friends.