Extracting firmware
The tool for extracting iPod firmware is called extract2g. Extract2g can be found on the freemyipod SVN at http://svn.freemyipod.org/tools/extract2g/. The Windows and the Linux versions can be built with a simple make command. Extract2g supports all of the Nanos and the 5G and 6G iPods (haven't tested any others). If the output says something similar to "Extracting from osos.fw," you should be fine.
To obtain a list of availible files, type in:
extract2g -l dump.img
Please note that "dump.img" can be replaced with whatever your dump file is named. To actually extract the firmwares, type in:
extract2g -A dump.img
You should now have 3 files:
- osos.fw
- aupd.fw
- rsrc.fw
On Nano 4G, you should use the -4 or --4g-compat option in order to dump the correct data from the firmware. This option is considered as a workaround, because the Nano 4G firmwares are detected as Nano 3G's, but the offset is different.
To list the files, type in:
extract2g -l -4 dump.img
To extract all files, type in:
extract2g -A -4 dump.img
You should now have 9 files:
- appl.fw
- bdhw.fw
- bdsw.fw
- chrg.fw
- diag.fw
- disk.fw
- lbat.fw
- osos.fw
- rsrc.fw
These are your extracted firmware images. To learn more about these, please visit the Firmware page. If you need more information about using extract2g, type in:
extract2g - -help
Removing header
Also if you are using the osos.fw outputted by extract2g in iLoader you need to remove the 2 KiB header from it:
dd if=osos.fw of=osos.out bs=2048 skip=1
Or alternatively, under Windows open osos.fw in HxD and select 'select block' from the edit menu, select from 0x0 to 0x7FF, then delete this region and save.
Then put osos.out into /.boot/AppleOS.bin
Helpful pages
http://home.gna.org/linux4nano/download/crypto_synth-1.0.pdf