OTA Updates

From The iPhone Wiki
Jump to: navigation, search

OTA Updates (Over-the-Air Updates, also known as wireless updates) were introduced with iOS 5. This allows a user of a device to go into Settings > General > Software Update and download and install the latest iOS software on-device, without the need for iTunes. The device checks an XML-based PLIST file on mesu.apple.com or sends a POST JSON request to gdmf.apple.com (codenamed Pallas) for updates. The updates are delivered in plain unencrypted ZIP files.

OTA Update contents

There are three known versions of OTA updates. OTA update bundles contain an Info.plist file and two folders: META-INF and AssetData. META-INF has only one file com.apple.ZipMetadata.plist which describes bundle contents.

AssetData contains three Bill-Of-Materials files (they can be viewed with lsbom and created with mkbom). pre.bom states filesystem before update, post.bom - after and payload.bom describes the patches to be applied during update process. It also contains boot folder where bootchain-related files are stored (iBoot, kernelcache, etc.), payloadv2 or payload (depends on PackageVersion value of AssetData/Info.plist file) and Info.plist file which describes the update. Info.plist file from AssetData folder contains PackageVersion field which can be 1.0, 2.0 or 3.0.

Format 1.0

These updates do not contain payload.bom file and are deprecated. These updates do not contain any .bom files.

  • archive.cpio.gz - the actual cpio patch archive (encrypted). Contains a list of BSDIFF40 patches and baseband firmware updates, if available, with the associated flashing tools (bbupdater/imeisv).
  • Info.plist.signature - asymmetric signature of Info.plist validated against /System/Library/Lockdown/iPhoneSoftwareUpdate.pem.
  • libupdate_brain.dylib - stage 2 update process library (encrypted).

Format 2.0

All updates with 2.0 package version have payload folder inside AssetData instead of archive.cpio.gz file from 1.0 updates. It contains only two folders: added folder with unencrypted files which are to be added during update process and patches folder. patches folder is used to store BSDIFF40 patches that are applied to files during update process. They can be easily applied manually with bsdiff utility. patches folder file hierarchy is similar to devices root file system (ex. patch for /sbin/launchctl will be found at AssetData/payload/patches/sbin/launchctl). AssetData also contains payload.bom.signature that replaces Info.plist.signature. payload.bom.signature is used to check payload.bom which contains CRC32 of all files inside AssetData folder.

Format 3.0

There are quite a number of changes to note between format 2.0 and 3.0. In particular, the filesystem contents are now stored in a large, proprietary archive.

  • The added folder no longer exists.
  • links.txt is just a list of strings. Strings that begin with '=' are symlink targets and following strings that begin with '+' are places where symlinks should be created.
  • patches no longer use the BSDIFF40 format; they use a modified version dubbed BXDIFF41.[1]
  • payload and prepare_payload hold the filesystem contents in a proprietary format.[2] As the name implies, prepare_payload is extracted first.
  • The payloadv2 folder replaces the payload folder in updates packaged in format 3.0.
  • removed.txt contains a list of files that should be removed before update starts.
  • payload.bom now contains SHA1 hashes of all files in the AssetData folder.

iOS 10.3

With iOS 10.3, Apple began to use the same "delta" package for multiple firmware versions (e.g. iOS 7.1 through 7.1.2 receive the same ZIP file).

  • An additional key called ComboAsset is included in the Info.plist, which is an array of dictionaries containing information for supported versions.
  • The PrerequisiteBuild and PrerequisiteOSVersion keys of Info.plist are still strings. However, the string may contain multiple versions and build numbers, separated with semicolons.

It is otherwise the same as before.

iOS 11

iOS 11 introduced more changes to Format 3.0. (A PackageVersion of 3.0 continues to be listed.)

  • The new app_patches folder handles patching of removable stock apps, such as Mail.app and iTunes Store.app, to extract them, everything before the PBZX header needs to be removed.
  • patches now uses the BXDIFF50 format.[1]
  • The payload.000-999 files use the AppleArchive compression. They can be extracted using the built-in macOS yaa command line tool or by adding the .aar extension and opening the file with the built-in macOS Archive Utility or Keka.

Conflicts With Jailbreaking

OTA Updates are often known to cause issues when jailbreaking a device. This became evident with evasi0n7, because most devices that were updated OTA, had to be restored with iTunes first, since the jailbreak would often fail if it was not.

While jailbroken, a device cannot install OTA updates successfully. If you try, it is likely that your device will either be stuck in a boot loop, or certain things will not work correctly. Newer jailbreaks such as evasi0n and evasi0n7 disable the OTA search daemon, which prevents the device from searching for an update (it will just stay indefinitely at "Checking for Update..." and will never show any updates available for installation). This can also be done manually on any jailbreak, by deleting or moving /System/Library/LaunchDaemons/com.apple.mobile.softwareupdated.plist and /System/Library/LaunchDaemons/com.apple.softwareupdateservicesd.plist from your device. It can also be done with tools such as iCleaner Pro.

OTA updates list




Apple Pencil


Beats Solo

Beats Studio



Siri Remote

Smart Keyboard

Apple TV

Note that the Apple TV updates are organized by marketing version (the version displayed on the Apple TV), not the version of iOS it is based on.

Apple Watch



iPad Air

iPad Pro

iPad mini


iPod touch


External links

Software Update XMLs


See Also