Difference between revisions of "Extracting firmware"

From freemyipod.org
Jump to: navigation, search
 
Line 29: Line 29:
 
These are your extracted firmware images. To learn more about these, please visit the [[Firmware]] page. If you need more information about using extract2g, type in:
 
These are your extracted firmware images. To learn more about these, please visit the [[Firmware]] page. If you need more information about using extract2g, type in:
 
<pre>extract2g - -help</pre>
 
<pre>extract2g - -help</pre>
 +
 +
===Decrypting blobs===
 +
 +
On iPod Nano3G and above some of these resources (notably [[OSOS|osos.fw]] and other executables) are encrypted and signed. [[wInd3x]] can be used to decrypt them as long as a compatible devices is connected in DFU mode.
 +
 
===Removing header===
 
===Removing header===
 +
 
Also if you are using the osos.fw outputted by extract2g in [[emCORE]] you need to remove the 2 KiB header from it:
 
Also if you are using the osos.fw outputted by extract2g in [[emCORE]] you need to remove the 2 KiB header from it:
 
<pre>dd if=osos.fw of=osos.out bs=2048 skip=1</pre>
 
<pre>dd if=osos.fw of=osos.out bs=2048 skip=1</pre>

Latest revision as of 17:46, 9 January 2023

The tool for extracting iPod firmware is called extract2g. Extract2g can be found on the freemyipod SVN at http://svn.freemyipod.org/tools/extract2g/. The Windows and the Linux versions can be built with a simple make command. Extract2g supports all of the Nanos and the 5G and 6G iPods (haven't tested any others). If the output says something similar to "Extracting from osos.fw," you should be fine.

To obtain a list of availible files, type in:

extract2g -l dump.img

Please note that "dump.img" can be replaced with whatever your dump file is named. To actually extract the firmwares, type in:

extract2g -A dump.img

You should now have 3 files:

  • osos.fw
  • aupd.fw
  • rsrc.fw

On Nano 4G, you should use the -4 or --4g-compat option in order to dump the correct data from the firmware. This option is considered as a workaround, because the Nano 4G firmwares are detected as Nano 3G's, but the offset is different.

To list the files, type in:

extract2g -l -4 dump.img

To extract all files, type in:

extract2g -A -4 dump.img

You should now have 9 files:

  • appl.fw
  • bdhw.fw
  • bdsw.fw
  • chrg.fw
  • diag.fw
  • disk.fw
  • lbat.fw
  • osos.fw
  • rsrc.fw

These are your extracted firmware images. To learn more about these, please visit the Firmware page. If you need more information about using extract2g, type in:

extract2g - -help

Decrypting blobs

On iPod Nano3G and above some of these resources (notably osos.fw and other executables) are encrypted and signed. wInd3x can be used to decrypt them as long as a compatible devices is connected in DFU mode.

Removing header

Also if you are using the osos.fw outputted by extract2g in emCORE you need to remove the 2 KiB header from it:

dd if=osos.fw of=osos.out bs=2048 skip=1

Or alternatively, under Windows open osos.fw in HxD and select 'select block' from the edit menu, select from 0x0 to 0x7FF, then delete this region and save.

Then put osos.out into /.boot/AppleOS.bin

Helpful pages

http://home.gna.org/linux4nano/download/crypto_synth-1.0.pdf

http://www.ipodlinux.org/wiki/Firmware