Modes: Difference between revisions

From freemyipod
Jump to navigation Jump to search
← Older edit
ZeOne (talk | contribs)
confirmed
28 edits
Sarg (talk | contribs)
1 edit
No edit summary
ZeOne (talk | contribs)
confirmed
28 edits
m alignment again
 
(46 intermediate revisions by 11 users not shown)
Line 1: Line 1:
Nanos have special modes that they can boot into called disk mode, DFU mode, and debug mode.
At any given time an iPod can be in one of several modes, some of which can be activated by holding down certain buttons while the iPod is booting. 
 
==Normal mode==
"Normal mode" is when the iPod is booted into [[RetailOS]] normally. In this mode the iPod presents as a mass storage device to a computer, allowing files to be transferred. Receiving device information from the iPod, as well as updating the iPod's [[Firmware]], can be done from normal mode through the use of proprietary SCSI commands.


==Disk mode==
==Disk mode==
Disk mode has existed ever since the iPod has existed. Disk mode is stored in the 1MB NOR auxillary flash (along with the bootloader), so this is pretty much always there, no matter what sort of tampering you have done. Disk mode basically makes the iPod behave as a massive storage device, allowing the computer to directly read and write the data flash chip. For more information on how to enter Disk mode (or Reboot), refer to the [http://www.ipodlinux.org/wiki/Key_Combinations Key Combination] page from iPodLinux Wiki.
In disk mode, like normal mode, the iPod presents as a mass storage device to a computer and can have its information read and firmware updated. When in disk mode, the iPod screen will display, with a black foreground and white background, either a no symbol with the text "Do not disconnect." or a checkmark symbol with the text "OK to disconnect." depending on whether the iPod is connected and if it has been ejected.  


[[Image:Diskmode.jpg]]  
Disk mode exists on all iPod models. For more information on how to enter disk mode, refer to [https://support.apple.com/kb/ht1363 this Apple support document]


([http://www.ipodlinux.org/ iPodLinux project])
Disk mode is also referred to as "forced disk mode" in device information received from the iPod.
 
The place where disk mode is stored on the device differs depending on the iPod model. On the iPod nano (4th generation) and newer, disk mode is stored in the "disk" partition of the [[Firmware]].  


==DFU mode==
==DFU mode==
DFU (Device Firmware Upgrade) mode is a relatively new standard for upgrading firmware that is used in many devices like the OpenMoko and the newer iPods. DFU mode (since nano 3G) is probably contained in the on-processor's bootrom. Newer iPods have both DFU mode and disk mode, while iPod Touch and iPhones have exclusively DFU mode. It is worth noting that DFU mode was implemented at the exact time that Apple switched from PortalPlayer to Samsung processors, and also exactly when the firmware was encrypted. There could be a relationship.
[https://en.wikipedia.org/wiki/Device_Firmware_Upgrade Device Firmware Upgrade], or DFU, is a standard for upgrading firmware over USB that is used by many devices, including iOS devices and newer iPods. DFU mode exists on the [[Nano 3G]] and newer and the [[Classic 6G]] and newer, coinciding with Apple's switch from PortalPlayer to Samsung processors. DFU mode is contained in the on-processor BootROM. Instructions on entering DFU mode can be found [https://theapplewiki.com/wiki/DFU_Mode#iPod here].
 
When in DFU mode, the iPod can be sent a special WTF [[IMG1]] firmware image to enter WTF mode. Other IMG1 images cannot be sent in this mode.
 
The [[Nano 2G]] also has a DFU mode, but it can only be entered by shorting testpoints on the iPod's circuit board or flashing the NOR with an image with an invalid signature or hash. It does, however, support a NOR DFU mode that can be entered by holding down Back+Play right after rebooting the device<ref>https://www.rockbox.org/irc/log-20080904#13:31:44</ref>.
 
==WTF mode==
In WTF mode (possibly 'Where's The Firmware?'), the iPod will accept any [[IMG1]] image it is sent over DFU and, if signature and decryption checks pass, will attempt to boot to it. It is entered from DFU mode when a specific WTF [[IMG1]] firmware image is sent. While in WTF mode the iPod still uses the standard DFU protocol.


The nano 2G also has a DFU mode, but that one is probably booted of the NOR flash instead of mask ROM, and doesn't seem to have anything in common with the newer DFU modes. It is not yet found out how to communicate with a Nano 2G in DFU mode, not even iTunes can do that.
The iTunes behavior upon seeing an iPod in WTF mode is to send it a "recovery" firmware image, which places the iPod in disk mode. However, any firmware image can be sent to it, including, for example, the "osos" partition from production iPod firmware, which enables tethered booting an iPod into [[RetailOS]].


===Getting DFU mode on 3G/4G===
==Diagnostic mode==
# Make sure your iPod is turned on and connected to your computer.
__NOTOC__
# Press the menu button and select (central) button simultaneously.
[[File:Nano 7G diagnostic mode.jpg|thumb|right|[[Nano 7G]] in diagnostics mode]]
# The iPod's screen will go black, and the Apple logo will shortly appear.
This mode will give quite a lot of info about your iPod. Except for the very first iPods, it can be accessed on clickwheel ipods by holding center and rewind when the apple logo appears during reboot. For the [[Nano 6G]] you enter Diagnostics mode by holding down all three boutons. For the [[Nano 7G]] you press and hold all butons other then the "play/pause" buton between the volume butons.  
# Keep on pressing till the Apple logo turns into a black screen. This is about 10 seconds.
In diagnostics mode you can find info about the battery power check the LCD, buton inputs, radio signals, DRAM, Nand, Accelorometor, dock information and an about section. On touchscreen iPods there is also a section for touchscreen testing.
# Release the menu and select buttons.


You should see this device on you usb listing (lsusb):
<pre>
Bus XXX Device YYY: ID 05ac:1224 Apple, Inc.  (for 3G)
Bus XXX Device YYY: ID 05ac:1225 Apple, Inc.  (for 4G)
</pre>


The product ID depends on whether the iPod is in DFU mode or not. For example, when a 4G Nano is not in DFU mode, lsusb returns:
<pre>
Bus XXX Device YYY: ID 05ac:1263 Apple, Inc.
*example for 3G needed*
</pre>


05ac is the vendor ID (apple), and the number after the colon is the Product ID. It might be worth finding out whether different firmwares return different product IDs in DFU or normal mode.


The 4G Nano's .ipsw file has a file named N58s.bootloader.release.rb3, and it is possible that this file is used for DFU mode.


===Using the dfu-utils===
While in DFU mode, you should be able to read and write the iPod's firmware. The tool that allows this is called dfu-util. On a Debian-based system, it can be obtained by the following command:
<pre>apt-get dfu-util</pre>
We have not yet been able to extract the firmware off of the iPod via DFU mode. Using this command, the same 64-byte sequence is repeated until the command is aborted. This should be worked on to figure out how to properly read and write the firmware using dfu-util.
<pre>dfu-util -t 64 -U ipod</pre>


==Debug (diagnostics) mode==
This mode will give quite a lot of info about your iPod. Except for the very first iPods, it can be accessed by holding center and rewind when the apple logo appears during reboot.


==Helpful pages==
http://www.ipodlinux.org/wiki/Key_Combinations


http://daniel.haxx.se/blog/2008/09/03/dfu-mode-on-2nd-gen-nanos/


http://www.usb.org/developers/devclass_docs/DFU_1.1.pdf
==USB IDs==
When connected to a computer, the iPod presents a vendor ID of 05ac (Apple Inc.) and a product ID that depends on its model and which mode it is in:  
{| class="wikitable"
|-
! colspan="2" | Model
! Normal/disk mode
! DFU mode
! WTF mode
|-
| colspan="2" | [[Nano 2G]]
| <code>1260</code>
| <code>1220</code>
| <code>1240</code>
|-
| colspan="2" | [[Nano 3G]]
| <code>1262</code>
| <code>1223</code>/<code>1224</code>
| <code>1242</code>
|-
| colspan="2" | [[Nano 4G]]
| <code>1263</code>
| <code>1225</code>
| <code>1243</code>
|-
| colspan="2" | [[Nano 5G]]
| <code>1265</code>
| <code>1231</code>
| <code>1246</code>
|-
| colspan="2" | [[Nano 6G]]
| <code>1266</code>
| <code>1232</code>
| <code>1248</code>
|-
| rowspan="2" | [[Nano 7G]]
| Initial
| rowspan="2" | <code>1267</code>
| rowspan="2" | <code>1234</code>
| <code>1249</code>
|-
| Rev A
| <code>124a</code>
|-
| rowspan="4" | [[Classic 6G]]
| [[Classic 6G#Initial|Initial]]
| rowspan="4" | <code>1261</code>
| rowspan="4" | <code>1223</code>
| <code>1241</code>
|-
| [[Classic 6G#Rev A|Rev A]]
| <code>1245</code>
|-
| [[Classic 6G#Rev B|Rev B]]
| <code>1247</code>
|-
| Rev C
| <code>1250</code>
|}

Latest revision as of 02:49, 8 April 2026

At any given time an iPod can be in one of several modes, some of which can be activated by holding down certain buttons while the iPod is booting.

Normal mode

"Normal mode" is when the iPod is booted into retailOS normally. In this mode the iPod presents as a mass storage device to a computer, allowing files to be transferred. Receiving device information from the iPod, as well as updating the iPod's Firmware, can be done from normal mode through the use of proprietary SCSI commands.

Disk mode

In disk mode, like normal mode, the iPod presents as a mass storage device to a computer and can have its information read and firmware updated. When in disk mode, the iPod screen will display, with a black foreground and white background, either a no symbol with the text "Do not disconnect." or a checkmark symbol with the text "OK to disconnect." depending on whether the iPod is connected and if it has been ejected.

Disk mode exists on all iPod models. For more information on how to enter disk mode, refer to this Apple support document

Disk mode is also referred to as "forced disk mode" in device information received from the iPod.

The place where disk mode is stored on the device differs depending on the iPod model. On the iPod nano (4th generation) and newer, disk mode is stored in the "disk" partition of the Firmware.

DFU mode

Device Firmware Upgrade, or DFU, is a standard for upgrading firmware over USB that is used by many devices, including iOS devices and newer iPods. DFU mode exists on the iPod nano (3rd generation) and newer and the iPod classic (6th generation) and newer, coinciding with Apple's switch from PortalPlayer to Samsung processors. DFU mode is contained in the on-processor BootROM. Instructions on entering DFU mode can be found here.

When in DFU mode, the iPod can be sent a special WTF IMG1 firmware image to enter WTF mode. Other IMG1 images cannot be sent in this mode.

The iPod nano (2nd generation) also has a DFU mode, but it can only be entered by shorting testpoints on the iPod's circuit board or flashing the NOR with an image with an invalid signature or hash. It does, however, support a NOR DFU mode that can be entered by holding down Back+Play right after rebooting the device[1].

WTF mode

In WTF mode (possibly 'Where's The Firmware?'), the iPod will accept any IMG1 image it is sent over DFU and, if signature and decryption checks pass, will attempt to boot to it. It is entered from DFU mode when a specific WTF IMG1 firmware image is sent. While in WTF mode the iPod still uses the standard DFU protocol.

The iTunes behavior upon seeing an iPod in WTF mode is to send it a "recovery" firmware image, which places the iPod in disk mode. However, any firmware image can be sent to it, including, for example, the "osos" partition from production iPod firmware, which enables tethered booting an iPod into retailOS.

Diagnostic mode

iPod nano (7th generation) in diagnostics mode

This mode will give quite a lot of info about your iPod. Except for the very first iPods, it can be accessed on clickwheel ipods by holding center and rewind when the apple logo appears during reboot. For the iPod nano (6th generation) you enter Diagnostics mode by holding down all three boutons. For the iPod nano (7th generation) you press and hold all butons other then the "play/pause" buton between the volume butons. In diagnostics mode you can find info about the battery power check the LCD, buton inputs, radio signals, DRAM, Nand, Accelorometor, dock information and an about section. On touchscreen iPods there is also a section for touchscreen testing.





USB IDs

When connected to a computer, the iPod presents a vendor ID of 05ac (Apple Inc.) and a product ID that depends on its model and which mode it is in:

Model Normal/disk mode DFU mode WTF mode
iPod nano (2nd generation) 1260 1220 1240
iPod nano (3rd generation) 1262 1223/1224 1242
iPod nano (4th generation) 1263 1225 1243
iPod nano (5th generation) 1265 1231 1246
iPod nano (6th generation) 1266 1232 1248
iPod nano (7th generation) Initial 1267 1234 1249
Rev A 124a
iPod classic (6th generation) Initial 1261 1223 1241
Rev A 1245
Rev B 1247
Rev C 1250
  1. https://www.rockbox.org/irc/log-20080904#13:31:44
Retrieved from "https://freemyipod.org/index.php?title=Modes&oldid=22274"