Difference between revisions of "Dumping firmware"
| (12 intermediate revisions by 4 users not shown) | |||
| Line 1: | Line 1: | ||
| The first step to examining iPod's firmware is getting an image of it. You can retrieve either retrieve an image from the iPod or from the internet. | The first step to examining iPod's firmware is getting an image of it. You can retrieve either retrieve an image from the iPod or from the internet. | ||
| − | + | ==From the iPod== | |
| − | Getting a firmware dump is very easy in Linux. Just: | + | Getting a firmware dump of a nano 2g is very easy in Linux. Just: | 
| # Make sure the iPod is plugged in. | # Make sure the iPod is plugged in. | ||
| Line 8: | Line 8: | ||
| # A dump.img file should be created after a while. If you have a lot of data on your iPod, it can take a very long time. | # A dump.img file should be created after a while. If you have a lot of data on your iPod, it can take a very long time. | ||
| − | + | To dump the firmware of any iPod classic or iPod nano from version 3 on you need to run own code on the device to be able to dump the flash with the firmware code on it. | |
| + | |||
| + | ==From the internet== | ||
| You can download pretty much every firmware version from http://www.felixbruns.de/iPod/firmware/. These files are called .ipsw files, but they are really .zip files in disguise. Open the .ipsw file as a .zip file, and you can view it's contents: | You can download pretty much every firmware version from http://www.felixbruns.de/iPod/firmware/. These files are called .ipsw files, but they are really .zip files in disguise. Open the .ipsw file as a .zip file, and you can view it's contents: | ||
| − | + | ===1G-3G Nano firmware structure=== | |
| − | {|  | + | {| class="wikitable" | 
| ! Filename !! Description | ! Filename !! Description | ||
| |- | |- | ||
| Line 20: | Line 22: | ||
| |} | |} | ||
| − | + | ===4G Nano firmware structure=== | |
| − | {|  | + | The 4G Nanos seem to have a different structure with an interesting new file: | 
| + | {| class="wikitable" | ||
| ! Filename !! Description | ! Filename !! Description | ||
| |- | |- | ||
| − | | Firmware.MSE || The actual firmware file | + | | Firmware.MSE || The actual firmware file containing encrypted osos, etc. | 
| |- | |- | ||
| | manifest.plist || An XML file that gives basic info about the Firmware. Probably for iTunes. | | manifest.plist || An XML file that gives basic info about the Firmware. Probably for iTunes. | ||
| |- | |- | ||
| − | | N58s.bootloader.release.rb3 ||  | + | | N58s.bootloader.release.rb3 || [[IMG1]] containing encrypted bootloader. | 
| |} | |} | ||
| You can copy over the firmware file and that is the same as extracting a dump.img file from the iPod. | You can copy over the firmware file and that is the same as extracting a dump.img file from the iPod. | ||
| + | |||
| ==Helpful pages== | ==Helpful pages== | ||
| http://home.gna.org/linux4nano/download/crypto_synth-1.0.pdf | http://home.gna.org/linux4nano/download/crypto_synth-1.0.pdf | ||
| + | |||
| + | http://www.ipodlinux.org/wiki/Firmware | ||
| + | |||
| + | http://www.trejan.com/projects/ipod/phobos.html#REGFIRMWARE | ||
Latest revision as of 00:05, 11 October 2022
The first step to examining iPod's firmware is getting an image of it. You can retrieve either retrieve an image from the iPod or from the internet.
Contents
From the iPod
Getting a firmware dump of a nano 2g is very easy in Linux. Just:
- Make sure the iPod is plugged in.
- Type "dd if=/dev/sdX1 of=dump.img" in the terminal, but make sure you edit the drive to match your configuration.
- A dump.img file should be created after a while. If you have a lot of data on your iPod, it can take a very long time.
To dump the firmware of any iPod classic or iPod nano from version 3 on you need to run own code on the device to be able to dump the flash with the firmware code on it.
From the internet
You can download pretty much every firmware version from http://www.felixbruns.de/iPod/firmware/. These files are called .ipsw files, but they are really .zip files in disguise. Open the .ipsw file as a .zip file, and you can view it's contents:
1G-3G Nano firmware structure
| Filename | Description | 
|---|---|
| Firmware-XX.X.X.X | The actual firmware file | 
| manifest.plist | An XML file that gives basic info about the Firmware. Probably for iTunes. | 
4G Nano firmware structure
The 4G Nanos seem to have a different structure with an interesting new file:
| Filename | Description | 
|---|---|
| Firmware.MSE | The actual firmware file containing encrypted osos, etc. | 
| manifest.plist | An XML file that gives basic info about the Firmware. Probably for iTunes. | 
| N58s.bootloader.release.rb3 | IMG1 containing encrypted bootloader. | 
You can copy over the firmware file and that is the same as extracting a dump.img file from the iPod.
Helpful pages
http://home.gna.org/linux4nano/download/crypto_synth-1.0.pdf
