Factory Firmware

From The iPhone Wiki
Jump to: navigation, search
See also: Beta Firmware
This (will be) a documented list of known factory firmwares, used by Apple workers in California to do engineering tests on prototype devices and also by factory workers on production ones during manufacturing. Factory firmwares are based on production iOS ones, but adapted for internal engineering tests, development and debugging.

They are also known as "NonUI (No User Interface)" builds, probably because most applications are command line ones. The SpringBoard replacement, named SwitchBoard, allow launching a GUI of some of those applications. Unlike production iOS firmwares, factory ones have the following differences :

  • Contain DEVELOPMENT Fused bootloaders in \Firmware\dfu\ and \Firmware\all_flash\all_flash.[board codename].factoryfa\.
  • Contain DEVELOPMENT Fused kernel cache with more symbols, and with individual kexts in /System/Library/Extensions
  • Contain Skankwerk (gear) logo image file in \Firmware\all_flash\all_flash.[board codename].factoryfa\.
  • Have the /AppleInternal folder, which the hierarchy inside get priority over hierarchy in /.
  • No SpringBoard, requires the use of daemons to launch SwitchBoard.app as a multi-app launcher instead.
  • /usr and subfolders contain many UNIX command line utilities.
  • SSH daemon is pre-installed - as dropbear
  • Boot loader passes arguments to kernel (unlike RELEASE boot loaders as of iOS 5.0) which makes it easy to disable AMFI
  • It has some Private Frameworks in /System/Library/PrivateFrameworks for internal GUI apps and command line utilities.
  • Most internal applications require the use of SkankKit to produce special layers such as text on the framebuffer.

Unlike regular iOS Firmwares, factory ones are distributed in "restore bundles". Those are unzipped IPSW files which can be restored on devices using an internal restore software such as PurpleRestore. Release and factory firmwares "restore bundles" have the same packaging structure (bootloaders, kernel, restore ramdisk, update ramdisk and root filesystem).

Some interesting facts about factory firmwares

  • Design: Apple seems to use the same GUI design from the production firmware to the factory one. Production iOS 1.x to 6.x skeuomorphism design is also present on 1.x to 6.x factory firmwares, but seems really more excessive than production ones. For example, the "skankwerk" boot logo represents a real gear and many GUI icons are realistic or simply photos of real life things (especially in Operator). For newer versions, production iOS 7.x to 9.x flat design is mostly used in 7.x to 9.x factory firmwares. For example, the new "skankwerk" boot logo is likely a flat, simple white gear. Some newer internal applications like Earthbound also use a "flat" design.
  • Other: The "skank" word is used to name multiple elements of factory firmwares. For example, there is "skankphone", "skankbattery" (the green battery shown in SwitchBoard), "skankwerk" logo, "skankkit" framework, "purpleskank" (used by BurnIn) and probably some other. The "skank" word seems to be a reference to "Skunkworks" projects, which are secrecy projects that are usually innovative. Read more about "Skunkworks" on Wikipedia https://en.wikipedia.org/wiki/Skunkworks_project.

iPhone

Version Build Codename Baseband Comments
1.0 1A420 Alpine 03.06.01_G[1] Originally available here, but was soon taken down.
4A57 04.02.13_G -

iPhone 3GS

Version Build Codename Baseband Comments
3.1b 7C108b Sierra?  ? -
5.1 9B3176n HoodooYabuli  ? -

iPhone 4

Version Build Codename Baseband Comments
4.0 8A133 Apex? 01.32.01 -
8A2062a Apex?  ? -
8A2180g ApexNanshan 01.42.01 -
5.1 9B3176h HoodooYabuli 04.12.01 -

iPhone 4S

Version Build Codename Baseband Comments
6.0 10A23941a SundanceNanshan 2.0.0.2 -

iPhone 5

Version Build Codename Baseband Comments
6.0 10A23110z Sundance?  ? -

iPhone 5s

Version Build Codename Baseband Comments
7.0 11A24580o InnsbruckNanshan  ? -

iPhone 6

Version Build Codename Baseband Comments
8.0 12A9331h Okemo?  ? -
12A93650o OkemoAni  ? This build is pretty obscure, but it is in the wild.

iPhone 6s

Version Build Codename Baseband Comments
9.0 13A342  ?  ? -

iPad mini 2

Version Build Codename Baseband Comments
7.0.3 11B64940j InnsbruckTaos? - -

iPod touch (3rd generation)

Version Build Codename Comments
3.1 7C144 Northstar? -
7C1023e Inferno? -