OTA Updates (Over-the-Air Updates, also know as wireless updates) were introduced with iOS 5. This allows a user of a device to go into Settings > General > Software Update and download and install the latest iOS software on-device, without the need for iTunes. The device checks an XML-based PLIST file on mesu.apple.com for updates. The updates are delivered in plain unencrypted ZIP files.
OTA Update contents
We now know three versions of OTA updates. OTA update bundle contains an Info.plist file and two folders: META-INF and AssetData. META-INF has only one file com.apple.ZipMetadata.plist which describes bundle contents.
AssetData contains three Bill-Of-Materials files (they can be viewed with lsbom and created with mkbom). pre.bom states filesystem before update, post.bom - after and payload.bom describes the patches to be applied during update process. It also contains boot folder where bootchain-related files are stored (iBoot, kernelcache, etc.), payloadv2 or payload (depends on PackageVersion value of AssetData/Info.plist file) and Info.plist file which describes the update. Info.plist file from AssetData folder contains PackageVersion field which can be 1.0, 2.0 or 3.0.
These updates do not contain payload.bom file and are deprecated. These updates do not contain any .bom files.
- archive.cpio.gz - the actual cpio patch archive (encrypted). Contains a list of BSDIFF40 patches and baseband firmware updates, if available, with the associated flashing tools (bbupdater/imeisv).
- Info.plist.signature - asymmetric signature of Info.plist validated against /System/Library/Lockdown/iPhoneSoftwareUpdate.pem.
- libupdate_brain.dylib - stage 2 update process library (encrypted).
All updates with 2.0 package version have payload folder inside AssetData instead of archive.cpio.gz file from 1.0 updates. It contains only two folders: added folder with unencrypted files which are to be added during update process and patches folder. patches folder is used to store BSDIFF40 patches that are applied to files during update process. They can be easily applied manually with bsdiff utility. patches folder file hierarchy is similar to devices root file system (ex. patch for /sbin/launchctl will be found at AssetData/payload/patches/sbin/launchctl). AssetData also contains payload.bom.signature that replaces Info.plist.signature. payload.bom.signature is used to check payload.bom which contains CRC32 of all files inside AssetData folder.
There are quite a number of changes to note between format 2.0 and 3.0. In particular, the filesystem contents are now stored in a large, proprietary archive.
- The added folder no longer exists.
- links.txt is just a list of strings. Strings that begin with '=' are symlink targets and following strings that begin with '+' are places where symlinks should be created.
- patches no longer use the BSDIFF40 format; they use a modified version dubbed BXDIFF41.
- payload and prepare_payload hold the filesystem contents in a proprietary format. As the name implies, prepare_payload is extracted first.
- The payloadv2 folder replaces the payload folder in updates packaged in format 3.0.
- removed.txt contains a list of files that should be removed before update starts.
- payload.bom now contains SHA1 hashes of all files in the AssetData folder.
Subsequent firmwares continue to specify a
PackageVersion of 3.0, but contain a few notable changes from the older 3.0 format.
With iOS 10.3, Apple began to use the same "delta" package for multiple firmware versions (e.g. iOS 7.1 through 7.1.2 receive the same ZIP file).
- An additional key called "ComboAsset" is included, with an array of dictionaries containing information for supported versions.
PrerequisiteOSVersionkeys of Info.plist are still strings. However, the string contains multiple versions and build numbers, with semi-colons to separate them.
It is otherwise the same as before.
iOS 11 introduced more changes to Format 3.0. (A
PackageVersion of 3.0 continues to be listed.)
- The new app_patches folder handles patching of removable stock apps, such as Mail.app and iTunes Store.app.
- patches now uses the updated BXDIFF50 format.
Conflicts With Jailbreaking
OTA Updates are often known to cause issues when jailbreaking a device. This became evident with evasi0n7, because most devices that were updated OTA, had to be restored with iTunes first, since the jailbreak would often fail if it was not.
While jailbroken, a device cannot install OTA updates successfully. If you try, it is likely that your device will either be stuck in a boot loop, or certain things will not work correctly. Newer jailbreaks such as evasi0n and evasi0n7 disable the OTA search daemon, which prevents the device from searching for an update (it will just stay indefinitely at "Checking for Update..."). This can also be done manually on any jailbreak, by deleting or moving /System/Library/LaunchDaemons/com.apple.mobile.softwareupdated.plist and /System/Library/LaunchDaemons/com.apple.softwareupdateservicesd.plist from your device. It can also be done with tools such as iCleaner Pro.
OTA updates list
Note that the Apple TV updates are organized by marketing version (the version displayed on the Apple TV), not the version of iOS it is based on.
- Jonathan Levin's examination of OTA updates
Software Update XMLs
Developer Beta Software Update XMLs
Carrier Software Update XMLs
Public Beta Software Update XMLs
Public Software Update XMLs
- Apple TV (for releases prior to iOS 6.0)
- iOS (documentation) (includes Apple TV (2nd generation) and Apple TV (3rd generation) releases after iOS 6.0)
- watchOS (documentation)
- Accessory Software Update XMLs:
- Other XMLs with unknown uses