osos/disk swapping bug
The osos/disk swapping bug is a bug in the boot process of the iPod nano (3rd generation and later) allowing for untethered boot of the retailOS with a modified resource partition.
Explanation
In the firmware, the retailOS is stored in the osos partition, and disk mode is stored in the disk partition.
The retailOS on the iPod nano reads from from the rsrc partition, a FAT16 filesystem containing UI images, translation strings, fonts, and more. Unlike all other partitions ever included in official firmware, the rsrc partition is signed, but not encrypted. The disk mode does not use the rsrc partition.
When the device is powered on, it decides whether to boot into disk mode or retailOS based on whether a button is pressed (on the iPod nano (6th generation), this is the Volume Up button). The basic logic is this:
if volume up pressed:
boot "disk"
else:
if "rsrc" signature check passed:
boot "osos"
else:
error out
If the firmware is modified so that the disk and osos partitions are swapped - that is, the names of the two partitions are switched - the behavior reverses, meaning the iPod will boot into disk mode by default and retailOS if the power up button is held. This is where the bug exists: because the iPod expects to boot disk mode, which does not usually utilize the rsrc partition, it doesn't perform a signature check on rsrc before booting.
Notes
On at least the iPod nano (6th generation), booting osos this way seems to make the filesystem read only to the device: no actions taken on the device persist after a reboot.
