Firmware

From freemyipod.org
Jump to: navigation, search

This article is about the different parts of the iPod's firmware. There is also a very basic analysis of the firmware headers. If you are trying to get a copy of the firmware files, please see Dumping firmware and Extracting firmware. NOTE: Please excuse the chaotic layout of this article. It is not very comprehensive, but it's still useful.

Nano 2G

osos

OSOS is the main firmware image of the iPod. This part has been encrypted ever since the iPod Nano 2G.

caption

Firmware layout.png

aupd

Here is a comparison between the different aupd partitions of firmware version in the iPod Nano 2G:

caption

IN2G cipher aupd diffs.png

rsrc

This is the resource filesystem of the iPod firmware. It is unencrypted and of not much use to this project.

Nano 3G

The Nano 3G has the same osos, aupd, and rsrc sections as the Nano 2G, but it also has an added hash section. The hash section is populated with 0x1800 bytes of 0xFF.

Classic 1G (6G)

The Classic 1G has the same firmware structure as the Nano 3G. This makes sense because they were released at the same time.

Nano 4G

The Nano 4G kept the osos but all the old sections were removed. Instead, seven new sections were added:

  • Binaries
    • diag - Diagnostic mode. This depends on EFI modules being loaded so it can't be booted directly.
    • disk - Disk mode
  • Bitmaps
    • appl - Apple logo for booting
    • bdhw - Bad hardware image
    • bdsw - Bad software image (Use iTunes to restore)
    • lbat - Low battery image
    • chrg - Same as lbat but showing that the iPod is charging

The Nano 4G firmware IPSW contains an additional bootloader file called N58s.bootloader.release.rb3, which is not present in previous iPod Nano generations. These files can be decrypted by treating them as IMG1 files.

Furthermore, two sets of special firmware also exist. x12250000_Recovery.ipsw is downloaded and the WTF.x1225.release.dfu is loaded when the iPod is found in DFU mode. Furthermore, another file exists in x12430000_Recovery.ipsw, called FIRMWARE.x1243.release.dfu.

Nano 5G

The iPod Nano 5G has the same firmware above. However, the two special firmware files are x12310000_Recovery.ipsw (loaded in DFU mode) and x12460000_Recovery.ipsw.

Helpful pages

http://home.gna.org/linux4nano/download/crypto_synth-1.0.pdf

http://www.ipodlinux.org/wiki/Firmware