iPhone OS Restore Image (93MB)

Discussion in 'iOS Blog Discussion' started by MacRumors, Jun 30, 2007.

  1. MacRumors macrumors bot


    Apr 12, 2001

    Inventive users can download the iPhone 1A543a restore image (93MB) from Apple.

    The link was discovered through iTunes 7.3, which offers users the capability to restore their iPhone to factory default settings. The resultant .zip file provides a Firmware Folder and two DMG (one password protected).

    There have been some ongoing efforts to unlock the Apple iPhone, but no documented success. According to one blogger, the Apple iPhone becomes locked to your SIM which you use to activate it (photo), but the iPhone's SIM can succesfully be used in another AT&T phone.
  2. diehardmacfan macrumors regular

    Mar 12, 2007
    i think apple removed this from their website. When i click on the link it says that is cant be found on their server and then it suggests another document, which is the OS but i can't get to that either. I hope whoever has the image saved, will try to hack it and work their way to unlocking it;)
  3. arn macrumors god


    Staff Member

    Apr 9, 2001
    I fixed the link.

  4. deannnnn macrumors 68000


    Jun 4, 2007
    New York City & South Florida
    Referring to the picture from Flickr,
    What happens when you press 'Dismiss'?
    Does it let you use the iPod or data through Wifi?
  5. diehardmacfan macrumors regular

    Mar 12, 2007
    yeh will someone please try that

    from the picture it looks like that would work. If so, then one would have to activate the phone with the sim card, then take it out, and put in a different sim card, and cancel the service with AT&T. Then one would be able to use all the features besides the phone for the cost of the $36 activation fee plus another sim card.

    Someone please try this with an iphone.

    P.S. Is it possible to boot from this image on a computer just like people booted from the Apple T.V. image on their computers.
  6. Billy Boo Bob macrumors 6502

    Billy Boo Bob

    Jun 6, 2005
    Dark Side Of The Moon
    I really, really doubt it. The phone's OS is compiled to run on ARM processors, not Intels, for starters.

    Now an emulation layer may show up someday so you can run the phone's OS inside a window. That would be fun, even if not really useful.
  7. nattyD macrumors newbie

    Jul 1, 2007
    This is a interesting discovery! Not only do we now have the OS to the iPhone it includes some additional information. One major point being that the iPhone contains a preset RAM image. Which is... weird.

    DMG: 694-5259-38.dmg
    Contains: RAM image. Along with most instructions for the iPhone (try opening it with a hex editor and you will see what I mean).
    Notes: This 'disk image' has the right extension but the data inside has been stored in a way that has an unusual format and Disk Utility cant mount it because of this. I have tried other utilities for mounting the image and repairing it etc. Nothing so far has worked. :(

    DMG: 694-5262-39.dmg
    Contains: The OS (which is a stripped down version of Leopard) and the extensions/modifications needed to use features of the iPhone.
    Notes: This disk image is is the right format and can be mounted. Unfortunately that would require a password because it is protected. I know a few people have been running brute force attacks on the password with no luck so far. :(

    The next part of the iPhone package is the two other files inside the main folder (not the Firmware folder)

    File: kernelcache.restore.release.s5l8900xrb
    Contains: The cache of the kernel stored on the iPhone. It's encrypted so I can't grab much from this.
    Notes: This is encrypted. The key must either be on the iPhone OS its self to decrypt the contents. Or the key is in iTunes.

    File: Restore.plist
    Contains: This holds key information about the iPhone's restore process. If it can be applied etc.
    Notes: None. Just open and your done. Altho you might be able to change the location of the firmware that it restores (You can change it, but some other part of the restore might not like that)

    Next bit is the Firmware folder. Surprise, surprise this contains the firmware and its resources so I don't really need to run over the files because its mostly self explanatory. But here is the contents.

    Folder: Firmware
    • all_flash
      1. all_flash.m68ap.production
        1. applelogo.img2
        2. batterycharging.img2
        3. batterylow0.img2
        4. batterylow1.img2
        5. DeviceTree.m68ap.img2
        6. iBoot.m68ap.RELEASE.img2
        7. LLB.m68ap.RELEASE.img2
        8. manifest
        9. needservice.img2
        10. recoverymode.img2
    • dfu
      1. iBSS.m68ap.RELEASE.dfu
      2. WTF.s5l8900xall.RELEASE.dfu

    The file, manifest, checks all the files for modifications.

    Also .img2 has no resemblance to pictures except they may contain some.

    Thats all I've got so far. Hope it helps!
  8. jcohen9229 macrumors newbie

    Jul 1, 2007
  9. nattyD macrumors newbie

    Jul 1, 2007
    I dont think the moderators would appreciate me talking about that kind of thing here so I will PM you with some details. There arent many tools out there for .dmg files.


    Edit: If anyone else wants to do that kind of thing just PM me.
  10. dr_lha macrumors 68000

    Oct 8, 2003
    .dmg files use 128 bit AES encryption. Brute forcing is not an option unless you have several millennia to spare.
  11. Metatron macrumors 6502


    Jul 2, 2002
    oh come now...in 5 years the budget processor of the time will be able to crack it in under a minute. But who will care by then???
  12. dr_lha macrumors 68000

    Oct 8, 2003
    Under a minute? Unless there's a breakthrough of massive proportions in the next five years I think you might be overestimating the increase of CPU speed in the next 5 years.

    Its quite possible that someone might find an alternative to brute forcing to break AES 128 in the next five years though.

    From Wikipedia:
  13. mkrishnan Moderator emeritus


    Jan 9, 2004
    Grand Rapids, MI, USA
    So are there any components that are not encrypted, that might lead the way for people to "slipstream" hacks into the image? ;)

    P.S. is there anything like a network archive/install or software update on the iPhone? Forgive me if this was brought up in one of the main threads already. :eek:
  14. rockstarjoe macrumors 6502a


    Jun 2, 2006
    washington dc
    How does a 93MB restore give you a 700MB OS? I'm confused.
  15. korndog2003 macrumors regular


    May 31, 2007
    Keyser, WV, USA
    Hmm maybe if users go after the windows version of the restore file. Maybe a little more luck there.
  16. diehardmacfan macrumors regular

    Mar 12, 2007
    so if itunes can get the info off of the DMG, then the password must be in iTunes, or iTunes retreives the password from the internet.

    would that be a logical assumption?

    wouldn't it be easier to try to get the iphone to mount in disk mode with some hacking, then one could just image that
  17. Killyp macrumors 68040


    Jun 14, 2006
    The same way a 4.7 gb DVD gives you a 20 GB OS X install ;) I believe it works off the same principal PNG uses in comparison with BMP, only stores the minimum amount of information requires like a 'palette' rather than storing everything in a format which allows for every single possibility...
  18. Metatron macrumors 6502


    Jul 2, 2002

    ***note, I did say the word "crack"...
  19. dr_lha macrumors 68000

    Oct 8, 2003
    Not really, the DMG password is probably stored onboard the iPhone. iTunes presumably just uploads the DMG to the iPhone's flash memory, and the iPhone mounts it using its internal password.
  20. nattyD macrumors newbie

    Jul 1, 2007
    Ok now would I be right that the iPhone uses the same partition scheme as the iPod? I would think so because you cant access the iPhones OS in the normal disk that you get popping up.

    Now we can save what is on the other partitions using this command in the Terminal:
    # dd if=/dev/disk1s2 of=iphone_os_partition_backup
    *If your iPhone is mounted in a different location (eg.disk2) then change that in the command. Just run
    for that information. Also s2 might not be the partition so... try others if it fails. Just dont do the main one other wise you will have you entire iPhone's main drive backed up.

    Then the whole OS will be saved into one file. Which people can start dissecting if they want.

    There are a few other ways of mounting the OS partition but these can be dangerous so read up if you want to.

  21. dr_lha macrumors 68000

    Oct 8, 2003
    You're making a big assumption that you can access the iPhone's disk through a /dev entry I think. The iPhone does not have a "disk mode" like the iPod, so I doubt what you posted would work.
  22. nattyD macrumors newbie

    Jul 1, 2007
    Well the iPhone has to be mounted (but it doesnt have to be visible) for iTunes to add data to it (the data partition that is). So then you should be able to access other partitions with the Terminal.

    I dont know if it will work so if someone is willing to try it please do because I'd like to have a peak around in the data of the raw OS.

    And yes it is an assumption because I dont actually have one and cant get one until 2008 (bloody Australia).
  23. SpinThis! macrumors 6502

    Jan 30, 2007
    Inside the Machine (Green Bay, WI)
    Actually the OS is around 210 MB expanded. It's the difference between measuring in binary (your OS) and decimal (the hard drive makers). On the 8GB model, you never had the full 8 GB to start with... it's closer to 7.45 GB.
  24. dr_lha macrumors 68000

    Oct 8, 2003
    Why? Perhaps the syncing is done through a proprietary protocol. There's no reason why it needs to be mounted as a device. The iPhone could sync through sftp for all we know, there's no techical reason why it needs to be mounted as a drive and then "hidden". If you can access it through Terminal then thats no security at all after all.
    Well my iPhone ships before July 17th, so I'll look into it when I get it, but I don't think its going to be all that easy I'm afraid.
  25. diamond.g macrumors 603


    Mar 20, 2007
    In Windows, the iPhone would have to show up in device manager. And if it does then there is a drive id (sorta) associated with it. All that information would be stored in the Registry. The real question is how you would present it to Windows as an actual drive letter.

    In OS X it isn't showing up as a mounted drive under terminal. How are they putting data on the iPhone?

Share This Page