Friday, August 22, 2008

Exploring iPhone OS 2 files

Update: This technique also works with iPhone OS 3.x. You will find the VFDecrypt keys on The iPhone Wiki Firmware page. Just select the appropriate iPhone model and Version/Build of your firmware.

It turns out to be pretty simple:


  1. Download iPhone OS 2.0.2 (5C1)
    curl -O http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone/061-5241.20080818.t5Fv3/iPhone1,2_2.0.2_5C1_Restore.ipsw

  2. Unzip the ipsw which is actually a zip file
    unzip iPhone1,2_2.0.2_5C1_Restore.ipsw

  3. Download vfdecrypt
    svn co http://iphone-elite.googlecode.com/svn/trunk iphone-elite

  4. Compile vfdecrypt
    make -C iphone-elite/vfdecrypt_win32

  5. Decrypt the dmg (key from The iPhone Wiki)
    ./iphone-elite/vfdecrypt_win32/vfdecrypt -i 018-3978-1.dmg -k 31e3ff09ff046d5237187346ee893015354d2135e3f0f39480be63dd2a18444961c2da5d -o iPhoneOS-2.0.2.dmg

  6. Mount iPhone OS dmg and start exploring
    open iPhoneOS-2.0.2.dmg

4 comments:

Anonymous said...

If you already have an iPhone, then you already have the .ipsw files on your computer in ~/Library/iTunes/iPhone Software Updates/

Nice tip, thanks!

Stéphane

Anonymous said...

One more thing...
This does not work for PPC users, except if you patch iphone-elite/vfdecrypt_win32/util.c: at lines 73 and 74, write:
#define swap32(x)
#define swap64(x)
There is no need to do byte-ending conversion for PPC :-)

Note that .png files are ill-formatted and cannot be decoded; use the following script to convert them to real PNG (though some files resist and can't be reformatted):
http://www.axelbrz.com.ar/?mod=iphone-png-images-normalizer
(copy .png files to a new writable folder, and execute script in this folder using "python ipin.py")

Stéphane

macubergeek said...

Sorry but the modification you suggested for PPC macs dosn't seem to work I modified lines 73 and 74 of util.c like so

#define swap32(x)
#define swap64(x)

and recompiled.
and re did vfdecrypt_32 as you indicated and the resulting dmg's don't mount.

Unknown said...

how do u apply this for exploring other firmwares like 3.0