How to find disk decryption keys

Discussion in 'iPod touch' started by jfb392, Apr 9, 2008.

  1. jfb392

    jfb392 New Member

    Oct 20, 2007
    Likes Received:
    iPod touch
    Yes, I know they aren't allowed here.
    I think this is perfectly fine, as it is an explanation, although mods may have a different opinion.
    Sorry in advance if it breaks any rules..

    The method for finding system restore keys has never been published on anywhere, but I have pieced together a working method that I find quite easy.
    First, you'll need the appropriate version of the 8900 decrypter for your system.
    Extract the ramdisk from the .ipsw of the version you wish to recover a key from and decrypt it using the 8900 decrypter.
    Mount the decrypted image and navigate to /usr/sbin/, then copy out the asr file.
    Now, all you have to do is search for the correct key length using grep.
    This can simply be done by navigating to the directory you extracted the asr file to and executing the following:
    strings asr | grep "^[0-9a-fA-F]*$"

    I received four results; three were short and the last was the actual key.
    This step may be difficult for Windows users, but I'm sure a basic installation of Cygwin would include strings.
    Of course, you could always use a remote *NIX shell, like I did.

    I thought this would be useful to those who don't want to wait for a team to release the keys to a new firmware, much like the current situation with Build 5A240d, or for those who don't want to look for decryption keys.
    And yes, this method still works with beta builds, along with all existing builds.

    Please Register or Log in to view images

Share This Page