Just thinking......(unpacked ipsw)

Discussion in 'iOS Jailbreak & Cydia' started by timberwolf9, Mar 31, 2010.

  1. timberwolf9

    timberwolf9 New Member

    Joined:
    Jan 25, 2010
    Messages:
    56
    Likes Received:
    0
    Device:
    iPhone
    I was bored lastnight, and I didn't think this would work, but I was able to unpack a IPSW using Gnomes archive software on Ubuntu. If we are able to do such, couldn't we just extract and replace the ".img" files, such as bootrom, that jailbreaks use?

    If so, its a long shot but could prove useful if such could be done. But like I said, I was bored and didn't take it further than that...

    Any ideas?
  2. Nburnes

    Nburnes Well-Known Member

    Joined:
    Jan 3, 2009
    Messages:
    9,022
    Likes Received:
    767
    Device:
    OnePlus One
    Or just change .ipsw to .zip and do it that way. Like people have done since forever.
  3. Coca Cola

    Coca Cola Member

    Joined:
    Dec 12, 2009
    Messages:
    801
    Likes Received:
    19
    Device:
    iPhone 4S (Black)
    Redsn0w does that for you. It would still be tethered if you did it manually, if it's 3.1.3, a vulnerability will be needed so you know what the .img3's should have.
  4. timberwolf9

    timberwolf9 New Member

    Joined:
    Jan 25, 2010
    Messages:
    56
    Likes Received:
    0
    Device:
    iPhone
    Why not just use the ones from the 3.1.2 OFW?
    ------------------double post merged------------------
    Isn't Blackra1n a bootrom exploit? Or is it userland?

    I mean if we just replace the correct ".img" file then the exploit would still be valid, right?
  5. Coca Cola

    Coca Cola Member

    Joined:
    Dec 12, 2009
    Messages:
    801
    Likes Received:
    19
    Device:
    iPhone 4S (Black)
    See, it's not the files that are checked...
  6. timberwolf9

    timberwolf9 New Member

    Joined:
    Jan 25, 2010
    Messages:
    56
    Likes Received:
    0
    Device:
    iPhone

    What do you mean, as the files aren't singled out, or as in the entire archive is checked on restore?
  7. Axis

    Axis Super Moderator Staff Member

    Joined:
    Dec 2, 2007
    Messages:
    6,288
    Likes Received:
    133
    Device:
    iPhone 4S (White)
    presumably, a file checksum is compared at device boot. that means the slightest modification to any file in the archive—even altering a single byte—will cause the validation to fail.
  8. iPwn

    iPwn Community Development Staff Member

    Joined:
    Feb 5, 2010
    Messages:
    7,336
    Likes Received:
    525
    Device:
    Nexus 4
    The bootrom is hardware inside the CPU. Not editable.
  9. Shawa

    Shawa Super Moderator

    Joined:
    Jan 31, 2009
    Messages:
    3,188
    Likes Received:
    22
    Device:
    Nexus 4
    Adding to that, ROM stands for "Read Only Memory".
  10. timberwolf9

    timberwolf9 New Member

    Joined:
    Jan 25, 2010
    Messages:
    56
    Likes Received:
    0
    Device:
    iPhone
    As EEPROM can be rewritten by lifting a pin

Share This Page