Difference between revisions of "Extracting firmware"

From freemyipod.org
Jump to: navigation, search
m (Unprotected "Extracting firmware")
 
(7 intermediate revisions by 4 users not shown)
Line 1: Line 1:
The tool for extracting iPod firmware is called extract2g. Extract2g can be found on the Linux4nano SVN at http://svn.gna.org/viewcvs/linux4nano/trunk/tools/extract2g/. The Windows binary is provided, and the Linux version can be built with a simple make command. Extract2g supports all of the Nanos and the 5G and 6G iPods (haven't tested any others). If the output says something similar to "Extracting from osos.fw," you should be fine.
+
The tool for extracting iPod firmware is called extract2g. Extract2g can be found on the freemyipod SVN at  
 +
http://svn.freemyipod.org/tools/extract2g/. The Windows and the Linux versions can be built with a simple make command. Extract2g supports all of the Nanos and the 5G and 6G iPods (haven't tested any others). If the output says something similar to "Extracting from osos.fw," you should be fine.
  
 
To obtain a list of availible files, type in:
 
To obtain a list of availible files, type in:
Line 8: Line 9:
 
*osos.fw
 
*osos.fw
 
*aupd.fw
 
*aupd.fw
 +
*rsrc.fw
 +
 +
On Nano 4G, you should use the -4 or --4g-compat option in order to dump the correct data from the firmware. This option is considered as a workaround, because the Nano 4G firmwares are detected as Nano 3G's, but the offset is different.
 +
 +
To list the files, type in:
 +
<pre>extract2g -l -4 dump.img</pre>
 +
To extract all files, type in:
 +
<pre>extract2g -A -4 dump.img</pre>
 +
You should now have 9 files:
 +
*appl.fw
 +
*bdhw.fw
 +
*bdsw.fw
 +
*chrg.fw
 +
*diag.fw
 +
*disk.fw
 +
*lbat.fw
 +
*osos.fw
 
*rsrc.fw
 
*rsrc.fw
 
These are your extracted firmware images. To learn more about these, please visit the [[Firmware]] page. If you need more information about using extract2g, type in:
 
These are your extracted firmware images. To learn more about these, please visit the [[Firmware]] page. If you need more information about using extract2g, type in:
 
<pre>extract2g - -help</pre>
 
<pre>extract2g - -help</pre>
  
Also if you are using the osos.fw outputted by extract2g in iLoader you need to do the following to it first:
+
===Decrypting blobs===
 +
 
 +
On iPod Nano3G and above some of these resources (notably [[OSOS|osos.fw]] and other executables) are encrypted and signed. [[wInd3x]] can be used to decrypt them as long as a compatible devices is connected in DFU mode.
 +
 
 +
===Removing header===
 +
 
 +
Also if you are using the osos.fw outputted by extract2g in [[emCORE]] you need to remove the 2 KiB header from it:
 
<pre>dd if=osos.fw of=osos.out bs=2048 skip=1</pre>
 
<pre>dd if=osos.fw of=osos.out bs=2048 skip=1</pre>
Then put osos.out into /iLoader/osos.fw
+
Or alternatively, under Windows open osos.fw in HxD and select 'select block' from the edit menu, select from 0x0 to 0x7FF, then delete this region and save.
  
Or alternatively, under windows open osos.fw in HxD and select 'select block' from the edit menu, select from 0 to 7FF, then delete this region and save.
+
Then put osos.out into /.boot/AppleOS.bin
  
 
==Helpful pages==
 
==Helpful pages==

Latest revision as of 17:46, 9 January 2023

The tool for extracting iPod firmware is called extract2g. Extract2g can be found on the freemyipod SVN at http://svn.freemyipod.org/tools/extract2g/. The Windows and the Linux versions can be built with a simple make command. Extract2g supports all of the Nanos and the 5G and 6G iPods (haven't tested any others). If the output says something similar to "Extracting from osos.fw," you should be fine.

To obtain a list of availible files, type in:

extract2g -l dump.img

Please note that "dump.img" can be replaced with whatever your dump file is named. To actually extract the firmwares, type in:

extract2g -A dump.img

You should now have 3 files:

  • osos.fw
  • aupd.fw
  • rsrc.fw

On Nano 4G, you should use the -4 or --4g-compat option in order to dump the correct data from the firmware. This option is considered as a workaround, because the Nano 4G firmwares are detected as Nano 3G's, but the offset is different.

To list the files, type in:

extract2g -l -4 dump.img

To extract all files, type in:

extract2g -A -4 dump.img

You should now have 9 files:

  • appl.fw
  • bdhw.fw
  • bdsw.fw
  • chrg.fw
  • diag.fw
  • disk.fw
  • lbat.fw
  • osos.fw
  • rsrc.fw

These are your extracted firmware images. To learn more about these, please visit the Firmware page. If you need more information about using extract2g, type in:

extract2g - -help

Decrypting blobs

On iPod Nano3G and above some of these resources (notably osos.fw and other executables) are encrypted and signed. wInd3x can be used to decrypt them as long as a compatible devices is connected in DFU mode.

Removing header

Also if you are using the osos.fw outputted by extract2g in emCORE you need to remove the 2 KiB header from it:

dd if=osos.fw of=osos.out bs=2048 skip=1

Or alternatively, under Windows open osos.fw in HxD and select 'select block' from the edit menu, select from 0x0 to 0x7FF, then delete this region and save.

Then put osos.out into /.boot/AppleOS.bin

Helpful pages

http://home.gna.org/linux4nano/download/crypto_synth-1.0.pdf

http://www.ipodlinux.org/wiki/Firmware