Difference between revisions of "Talk:Telluride 9A406 (iPhone4,1)"

From The iPhone Wiki
Jump to: navigation, search
(Key location)
(Key location)
Line 4: Line 4:
 
:I am sure they were referring to the fact that, because the ramdisks are unencrypted, they were able to be "extracted" without the device. --[[User:5urd|5urd]] 17:05, 16 December 2011 (MST)
 
:I am sure they were referring to the fact that, because the ramdisks are unencrypted, they were able to be "extracted" without the device. --[[User:5urd|5urd]] 17:05, 16 December 2011 (MST)
 
:: continuing from this, where do you get the ramdisk key if it is encrypted? --[[User:Adaminsull|adaminsull]] ([[User talk:Adaminsull|talk]]) 18:43, 29 January 2013 (UTC)
 
:: continuing from this, where do you get the ramdisk key if it is encrypted? --[[User:Adaminsull|adaminsull]] ([[User talk:Adaminsull|talk]]) 18:43, 29 January 2013 (UTC)
  +
:::The ramdisk's [[KBAG]] needs to be decrypted with the device's GID key. There is no way to extract the GID key; you need a bootrom exploit (an iBoot exploit may suffice?) to use the device's AES engine. Once you have the IV and key, you can use xpwntool to decrypt the ramdisk. --[[User:Dialexio|<span style="color:#BA0000; font-weight:normal;">Dialexio</span>]] ([[User talk:Dialexio|<span style="color:#BA0000; font-weight:normal;">talk</span>]]) 20:43, 29 January 2013 (UTC)

Revision as of 20:43, 29 January 2013

Key location

Everyone is saying that the VFDecrypt keys were practically included in the OS, but I can't find em :P Where would they be in the IPSW? --rdqronos 20:01, 15 December 2011 (MST)

The VFDecrypt key is in the ramdisk. You could use GenPass to get it. --Dialexio 22:12, 15 December 2011 (MST)
I am sure they were referring to the fact that, because the ramdisks are unencrypted, they were able to be "extracted" without the device. --5urd 17:05, 16 December 2011 (MST)
continuing from this, where do you get the ramdisk key if it is encrypted? --adaminsull (talk) 18:43, 29 January 2013 (UTC)
The ramdisk's KBAG needs to be decrypted with the device's GID key. There is no way to extract the GID key; you need a bootrom exploit (an iBoot exploit may suffice?) to use the device's AES engine. Once you have the IV and key, you can use xpwntool to decrypt the ramdisk. --Dialexio (talk) 20:43, 29 January 2013 (UTC)