Difference between revisions of "Extracting firmware"
m (Protected "Extracting firmware" [edit=autoconfirmed:move=autoconfirmed]) |
|||
| (11 intermediate revisions by 6 users not shown) | |||
| Line 1: | Line 1: | ||
| − | The tool for extracting iPod firmware is called extract2g. Extract2g can be found on the | + | The tool for extracting iPod firmware is called extract2g. Extract2g can be found on the freemyipod SVN at |
| + | http://svn.freemyipod.org/tools/extract2g/. The Windows and the Linux versions can be built with a simple make command. Extract2g supports all of the Nanos and the 5G and 6G iPods (haven't tested any others). If the output says something similar to "Extracting from osos.fw," you should be fine. | ||
To obtain a list of availible files, type in: | To obtain a list of availible files, type in: | ||
| Line 8: | Line 9: | ||
*osos.fw | *osos.fw | ||
*aupd.fw | *aupd.fw | ||
| + | *rsrc.fw | ||
| + | |||
| + | On Nano 4G, you should use the -4 or --4g-compat option in order to dump the correct data from the firmware. This option is considered as a workaround, because the Nano 4G firmwares are detected as Nano 3G's, but the offset is different. | ||
| + | |||
| + | To list the files, type in: | ||
| + | <pre>extract2g -l -4 dump.img</pre> | ||
| + | To extract all files, type in: | ||
| + | <pre>extract2g -A -4 dump.img</pre> | ||
| + | You should now have 9 files: | ||
| + | *appl.fw | ||
| + | *bdhw.fw | ||
| + | *bdsw.fw | ||
| + | *chrg.fw | ||
| + | *diag.fw | ||
| + | *disk.fw | ||
| + | *lbat.fw | ||
| + | *osos.fw | ||
*rsrc.fw | *rsrc.fw | ||
These are your extracted firmware images. To learn more about these, please visit the [[Firmware]] page. If you need more information about using extract2g, type in: | These are your extracted firmware images. To learn more about these, please visit the [[Firmware]] page. If you need more information about using extract2g, type in: | ||
<pre>extract2g - -help</pre> | <pre>extract2g - -help</pre> | ||
| + | |||
| + | ===Decrypting blobs=== | ||
| + | |||
| + | On iPod Nano3G and above some of these resources (notably [[OSOS|osos.fw]] and other executables) are encrypted and signed. [[wInd3x]] can be used to decrypt them as long as a compatible devices is connected in DFU mode. | ||
| + | |||
| + | ===Removing header=== | ||
| + | |||
| + | Also if you are using the osos.fw outputted by extract2g in [[emCORE]] you need to remove the 2 KiB header from it: | ||
| + | <pre>dd if=osos.fw of=osos.out bs=2048 skip=1</pre> | ||
| + | Or alternatively, under Windows open osos.fw in HxD and select 'select block' from the edit menu, select from 0x0 to 0x7FF, then delete this region and save. | ||
| + | |||
| + | Then put osos.out into /.boot/AppleOS.bin | ||
| + | |||
==Helpful pages== | ==Helpful pages== | ||
http://home.gna.org/linux4nano/download/crypto_synth-1.0.pdf | http://home.gna.org/linux4nano/download/crypto_synth-1.0.pdf | ||
http://www.ipodlinux.org/wiki/Firmware | http://www.ipodlinux.org/wiki/Firmware | ||
Latest revision as of 17:46, 9 January 2023
The tool for extracting iPod firmware is called extract2g. Extract2g can be found on the freemyipod SVN at http://svn.freemyipod.org/tools/extract2g/. The Windows and the Linux versions can be built with a simple make command. Extract2g supports all of the Nanos and the 5G and 6G iPods (haven't tested any others). If the output says something similar to "Extracting from osos.fw," you should be fine.
To obtain a list of availible files, type in:
extract2g -l dump.img
Please note that "dump.img" can be replaced with whatever your dump file is named. To actually extract the firmwares, type in:
extract2g -A dump.img
You should now have 3 files:
- osos.fw
- aupd.fw
- rsrc.fw
On Nano 4G, you should use the -4 or --4g-compat option in order to dump the correct data from the firmware. This option is considered as a workaround, because the Nano 4G firmwares are detected as Nano 3G's, but the offset is different.
To list the files, type in:
extract2g -l -4 dump.img
To extract all files, type in:
extract2g -A -4 dump.img
You should now have 9 files:
- appl.fw
- bdhw.fw
- bdsw.fw
- chrg.fw
- diag.fw
- disk.fw
- lbat.fw
- osos.fw
- rsrc.fw
These are your extracted firmware images. To learn more about these, please visit the Firmware page. If you need more information about using extract2g, type in:
extract2g - -help
Decrypting blobs
On iPod Nano3G and above some of these resources (notably osos.fw and other executables) are encrypted and signed. wInd3x can be used to decrypt them as long as a compatible devices is connected in DFU mode.
Removing header
Also if you are using the osos.fw outputted by extract2g in emCORE you need to remove the 2 KiB header from it:
dd if=osos.fw of=osos.out bs=2048 skip=1
Or alternatively, under Windows open osos.fw in HxD and select 'select block' from the edit menu, select from 0x0 to 0x7FF, then delete this region and save.
Then put osos.out into /.boot/AppleOS.bin
Helpful pages
http://home.gna.org/linux4nano/download/crypto_synth-1.0.pdf
