iPhone OS Restore Image (93MB)

Discussion in 'iOS Blog Discussion' started by MacRumors, Jun 30, 2007.

  1. macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]

    Inventive users can download the iPhone 1A543a restore image (93MB) from Apple.

    The link was discovered through iTunes 7.3, which offers users the capability to restore their iPhone to factory default settings. The resultant .zip file provides a Firmware Folder and two DMG (one password protected).

    There have been some ongoing efforts to unlock the Apple iPhone, but no documented success. According to one blogger, the Apple iPhone becomes locked to your SIM which you use to activate it (photo), but the iPhone's SIM can succesfully be used in another AT&T phone.
     
  2. macrumors regular

    Joined:
    Mar 12, 2007
    #2
    i think apple removed this from their website. When i click on the link it says that is cant be found on their server and then it suggests another document, which is the OS but i can't get to that either. I hope whoever has the image saved, will try to hack it and work their way to unlocking it;)
     
  3. arn
    macrumors god

    arn

    Staff Member

    Joined:
    Apr 9, 2001
    #3
    I fixed the link.

    arn
     
  4. macrumors 68000

    deannnnn

    Joined:
    Jun 4, 2007
    Location:
    New York City & South Florida
    #4
    Referring to the picture from Flickr,
    What happens when you press 'Dismiss'?
    Does it let you use the iPod or data through Wifi?
     
  5. macrumors regular

    Joined:
    Mar 12, 2007
    #5
    yeh will someone please try that

    from the picture it looks like that would work. If so, then one would have to activate the phone with the sim card, then take it out, and put in a different sim card, and cancel the service with AT&T. Then one would be able to use all the features besides the phone for the cost of the $36 activation fee plus another sim card.

    Someone please try this with an iphone.

    P.S. Is it possible to boot from this image on a computer just like people booted from the Apple T.V. image on their computers.
     
  6. macrumors 6502

    Billy Boo Bob

    Joined:
    Jun 6, 2005
    Location:
    Dark Side Of The Moon
    #6
    I really, really doubt it. The phone's OS is compiled to run on ARM processors, not Intels, for starters.

    Now an emulation layer may show up someday so you can run the phone's OS inside a window. That would be fun, even if not really useful.
     
  7. macrumors newbie

    Joined:
    Jul 1, 2007
    #7
    This is a interesting discovery! Not only do we now have the OS to the iPhone it includes some additional information. One major point being that the iPhone contains a preset RAM image. Which is... weird.

    DMG: 694-5259-38.dmg
    Contains: RAM image. Along with most instructions for the iPhone (try opening it with a hex editor and you will see what I mean).
    Notes: This 'disk image' has the right extension but the data inside has been stored in a way that has an unusual format and Disk Utility cant mount it because of this. I have tried other utilities for mounting the image and repairing it etc. Nothing so far has worked. :(

    DMG: 694-5262-39.dmg
    Contains: The OS (which is a stripped down version of Leopard) and the extensions/modifications needed to use features of the iPhone.
    Notes: This disk image is is the right format and can be mounted. Unfortunately that would require a password because it is protected. I know a few people have been running brute force attacks on the password with no luck so far. :(


    The next part of the iPhone package is the two other files inside the main folder (not the Firmware folder)

    File: kernelcache.restore.release.s5l8900xrb
    Contains: The cache of the kernel stored on the iPhone. It's encrypted so I can't grab much from this.
    Notes: This is encrypted. The key must either be on the iPhone OS its self to decrypt the contents. Or the key is in iTunes.

    File: Restore.plist
    Contains: This holds key information about the iPhone's restore process. If it can be applied etc.
    Notes: None. Just open and your done. Altho you might be able to change the location of the firmware that it restores (You can change it, but some other part of the restore might not like that)


    Next bit is the Firmware folder. Surprise, surprise this contains the firmware and its resources so I don't really need to run over the files because its mostly self explanatory. But here is the contents.

    Folder: Firmware
    Contents:
    • all_flash
      1. all_flash.m68ap.production
        1. applelogo.img2
        2. batterycharging.img2
        3. batterylow0.img2
        4. batterylow1.img2
        5. DeviceTree.m68ap.img2
        6. iBoot.m68ap.RELEASE.img2
        7. LLB.m68ap.RELEASE.img2
        8. manifest
        9. needservice.img2
        10. recoverymode.img2
    • dfu
      1. iBSS.m68ap.RELEASE.dfu
      2. WTF.s5l8900xall.RELEASE.dfu

    The file, manifest, checks all the files for modifications.

    Also .img2 has no resemblance to pictures except they may contain some.


    Thats all I've got so far. Hope it helps!
     
  8. macrumors newbie

    Joined:
    Jul 1, 2007
  9. macrumors newbie

    Joined:
    Jul 1, 2007
    #9
    I dont think the moderators would appreciate me talking about that kind of thing here so I will PM you with some details. There arent many tools out there for .dmg files.

    nattyD

    Edit: If anyone else wants to do that kind of thing just PM me.
     
  10. macrumors 68000

    Joined:
    Oct 8, 2003
    #10
    .dmg files use 128 bit AES encryption. Brute forcing is not an option unless you have several millennia to spare.
     
  11. macrumors 6502

    Metatron

    Joined:
    Jul 2, 2002
    #11
    oh come now...in 5 years the budget processor of the time will be able to crack it in under a minute. But who will care by then???
     
  12. macrumors 68000

    Joined:
    Oct 8, 2003
    #12
    Under a minute? Unless there's a breakthrough of massive proportions in the next five years I think you might be overestimating the increase of CPU speed in the next 5 years.

    Its quite possible that someone might find an alternative to brute forcing to break AES 128 in the next five years though.

    From Wikipedia:
     
  13. Moderator emeritus

    mkrishnan

    Joined:
    Jan 9, 2004
    Location:
    Grand Rapids, MI, USA
    #13
    So are there any components that are not encrypted, that might lead the way for people to "slipstream" hacks into the image? ;)

    P.S. is there anything like a network archive/install or software update on the iPhone? Forgive me if this was brought up in one of the main threads already. :eek:
     
  14. macrumors 6502a

    rockstarjoe

    Joined:
    Jun 2, 2006
    Location:
    washington dc
    #14
    How does a 93MB restore give you a 700MB OS? I'm confused.
     
  15. macrumors regular

    korndog2003

    Joined:
    May 31, 2007
    Location:
    Keyser, WV, USA
    #15
    Hmm maybe if users go after the windows version of the restore file. Maybe a little more luck there.
     
  16. macrumors regular

    Joined:
    Mar 12, 2007
    #16
    so if itunes can get the info off of the DMG, then the password must be in iTunes, or iTunes retreives the password from the internet.

    would that be a logical assumption?

    wouldn't it be easier to try to get the iphone to mount in disk mode with some hacking, then one could just image that
     
  17. macrumors 68040

    Killyp

    Joined:
    Jun 14, 2006
    #17
    The same way a 4.7 gb DVD gives you a 20 GB OS X install ;) I believe it works off the same principal PNG uses in comparison with BMP, only stores the minimum amount of information requires like a 'palette' rather than storing everything in a format which allows for every single possibility...
     
  18. macrumors 6502

    Metatron

    Joined:
    Jul 2, 2002
    #18

    ***note, I did say the word "crack"...
     
  19. macrumors 68000

    Joined:
    Oct 8, 2003
    #19
    Not really, the DMG password is probably stored onboard the iPhone. iTunes presumably just uploads the DMG to the iPhone's flash memory, and the iPhone mounts it using its internal password.
     
  20. macrumors newbie

    Joined:
    Jul 1, 2007
    #20
    Ok now would I be right that the iPhone uses the same partition scheme as the iPod? I would think so because you cant access the iPhones OS in the normal disk that you get popping up.

    Now we can save what is on the other partitions using this command in the Terminal:
    Code:
    # dd if=/dev/disk1s2 of=iphone_os_partition_backup
    
    *If your iPhone is mounted in a different location (eg.disk2) then change that in the command. Just run
    Code:
    mount
    for that information. Also s2 might not be the partition so... try others if it fails. Just dont do the main one other wise you will have you entire iPhone's main drive backed up.

    Then the whole OS will be saved into one file. Which people can start dissecting if they want.

    There are a few other ways of mounting the OS partition but these can be dangerous so read up if you want to.

    nattyD
     
  21. macrumors 68000

    Joined:
    Oct 8, 2003
    #21
    You're making a big assumption that you can access the iPhone's disk through a /dev entry I think. The iPhone does not have a "disk mode" like the iPod, so I doubt what you posted would work.
     
  22. macrumors newbie

    Joined:
    Jul 1, 2007
    #22
    Well the iPhone has to be mounted (but it doesnt have to be visible) for iTunes to add data to it (the data partition that is). So then you should be able to access other partitions with the Terminal.

    I dont know if it will work so if someone is willing to try it please do because I'd like to have a peak around in the data of the raw OS.

    And yes it is an assumption because I dont actually have one and cant get one until 2008 (bloody Australia).
     
  23. macrumors 6502

    Joined:
    Jan 30, 2007
    Location:
    Inside the Machine (Green Bay, WI)
    #23
    Actually the OS is around 210 MB expanded. It's the difference between measuring in binary (your OS) and decimal (the hard drive makers). On the 8GB model, you never had the full 8 GB to start with... it's closer to 7.45 GB.
     
  24. macrumors 68000

    Joined:
    Oct 8, 2003
    #24
    Why? Perhaps the syncing is done through a proprietary protocol. There's no reason why it needs to be mounted as a device. The iPhone could sync through sftp for all we know, there's no techical reason why it needs to be mounted as a drive and then "hidden". If you can access it through Terminal then thats no security at all after all.
    Well my iPhone ships before July 17th, so I'll look into it when I get it, but I don't think its going to be all that easy I'm afraid.
     
  25. macrumors 603

    Joined:
    Mar 20, 2007
    Location:
    Virginia
    #25
    In Windows, the iPhone would have to show up in device manager. And if it does then there is a drive id (sorta) associated with it. All that information would be stored in the Registry. The real question is how you would present it to Windows as an actual drive letter.

    In OS X it isn't showing up as a mounted drive under terminal. How are they putting data on the iPhone?
     

Share This Page