Friday, August 22, 2008

Exploring iPhone OS 2 files

Update: This technique also works with iPhone OS 3.x. You will find the VFDecrypt keys on The iPhone Wiki Firmware page. Just select the appropriate iPhone model and Version/Build of your firmware.

It turns out to be pretty simple:


  1. Download iPhone OS 2.0.2 (5C1)
    curl -O http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone/061-5241.20080818.t5Fv3/iPhone1,2_2.0.2_5C1_Restore.ipsw

  2. Unzip the ipsw which is actually a zip file
    unzip iPhone1,2_2.0.2_5C1_Restore.ipsw

  3. Download vfdecrypt
    svn co http://iphone-elite.googlecode.com/svn/trunk iphone-elite

  4. Compile vfdecrypt
    make -C iphone-elite/vfdecrypt_win32

  5. Decrypt the dmg (key from The iPhone Wiki)
    ./iphone-elite/vfdecrypt_win32/vfdecrypt -i 018-3978-1.dmg -k 31e3ff09ff046d5237187346ee893015354d2135e3f0f39480be63dd2a18444961c2da5d -o iPhoneOS-2.0.2.dmg

  6. Mount iPhone OS dmg and start exploring
    open iPhoneOS-2.0.2.dmg

Do not buy iQuarantine X

From iQuarantine X website:


  • iQuarantine X is not a background script or a script that gets attached to files or folders.
  • iQuarantine X is the first application to make the LEOPARD FILE QUARANTINE ALERTS go away.
  • iQuarantine X is the easiest way to rid LEOPARD of all FILE QUARANTINE ALERTS.

So, if it's not a script, what is it (beside a scam) ?
It's a hack that binary patches a system framework (/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Versions/A/CarbonCore) by short-circuiting the private function _FSAllocateQuarantineData.

So we have four good reasons not to buy it:
  1. It has an unacceptable upgrade policy.
  2. It binary patches a system framework.
  3. Developer does not reply to e-mails.
  4. You can disable the Leopard quarantine for free with an official technique.