Share my knowledge, feel my life. Eric Shan' Blog - powered by myBloggie

Share my knowledge, feel my life. Eric Shan' Blog

Time [GMT +8] : 30 Apr , 13:48:55

| | |

	April 2025
S	M	T	W	T	F	S
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30

Categories
	About	[5]
	Blackberry	[1]
	dotNet and C Charp	[1]
	IPhone	[10]
	Life	[4]
	Unix&Linux	[19]
	WEB programming	[16]
	Windows API	[5]
	Windows Mobile	[1]
	Windows Multimedia	[4]

Recent
	CentOS mount CDrom and USB
	CentOS GHOST(幽灵)漏洞修复方法
	centos 改变语言并立即生效
	centos vpn 接通后无法连接internet
	让vlc播放中文字幕不出乱码
	centos 取消屏保
	php中ob_flush和flush的用法
	CentOS检查，添加，删除自启动服务
	CentOS中开机自动启动某个服务
	Top命令中的翻页

Archives
	February 2010	[4]
	September 2009	[1]
	August 2009	[1]
	January 2009	[7]
	October 2008	[10]
	June 2008	[2]
	December 2007	[14]
	November 2007	[5]
	May 2007	[9]
	April 2007	[3]
	March 2007	[10]

User List
	Eric Shan	[66]


28 May 2008 12:57:57 am
Iphone firmwares


http://tungchingkai.blogspot.com/2008/01/decrypt-iphone-filesystem-firmware.html (1) For Firmware 1.0.1 (i) get the vfdecrypt101.exe from Rapid share(http://rapidshare.com/files/63681184/vfdecrypt101.exe.html) (ii) get the Apple's iPhone firmware 1.0.1 and rename it with extension .zip and unzip it (run) vfdecrypt101 main_dmg_of_101.dmg decrypted101.dmg (2) For Firmware 1.0.2 (i) get the vfdecrypt102.exe from Rapid share(http://rapidshare.com/files/58198544/vfdecrypt102.exe.html) (ii) get the Apple's iPhone firmware 1.0.2 and rename it with extension .zip and unzip it (run) vfdecrypt102.exe 694-5298-5.dmg decrypted102.dmg (3) For Firmware 1.1.1 (i) get the vfdecrypt111.exe from Rapid share(http://rapidshare.com/files/63677864/vfdecrypt111.exe.html) (ii) get the Apple's iPhone firmware 1.1.1 and rename it with extension .zip and unzip it (run) vfdecrypt111.exe 022-3602-17.dmg decrypted111.dmg (4) For Firmware 1.1.2 (i) get the vfdecrypt112.exe from Rapid share(http://rapidshare.com/files/68797940/vfdecrypt112.exe.html) (ii) get the Apple's iPhone firmware 1.1.2 and rename it with extension .zip and unzip it (run) vfdecrypt112.exe 022-3725-1.dmg decrypted112.dmg (5) For Firmware 1.1.3(http://rapidshare.com/files/41004473/vfdecrypt.exe.html) (i) get the vfdecrypt.exe from Rapid Share (ii) get the Apple's iPhone firmware 1.1.3 and rename it with extension .zip and unzip it (run) vfdecrypt -i 022-3743-100.dmg -o decrypted113.dmg -k 11070c11d93b9be5069b643204451ed95aad37df7b332d10e48fd3d23c62fca517055816 (6) For Firmware 1.1.4 (i) get the vfdecrypt.exe from Rapid Share (ii) get the Apple's iPhone firmware 1.1.4 and rename it with extension .zip and unzip it (run) vfdecrypt -i 022-3894-4.dmg -o decrypted114.dmg -k d0a0c0977bd4b6350b256d6650ec9eca419b6f961f593e74b7e5b93e010b698ca6cca1fe (7) For Firmware 2.0 beta (Build 5A225c) (MD5 8254ccf38735bc74b38fb432ce982081) expired 8 April 2008 (i) Google Search iPhone1,1_2.0_5A225c_Restore.ipsw (ii) Rename it with extension .zip and unzip it (run) vfdecrypt -i 018-3473-4.dmg -o decrypted20b2.dmg -k ea14f3ec624c7fdbd52e108aa92d13b16f6b0b940c841f7bbc7792099dae45da928d13e7 (8 ) For Firmware 2.0 beta (Build 5A240d) (MD5 429142d57db7cf94d4c29ee4da7f21cc) (to be expired 15 May 2008 ) (i) Google Search iPhone1_1_2.0_5A240d_Restore.ipsw (ii) Rename it with extension .zip and unzip it (run) vfdecrypt -i 018-3553-6.dmg -o decrypted20b3.dmg -k e24bfab40a2e5d3dc25e089291846e5615b640897ae8b424946c587bcf53b201a1041d36 (9) For Firmware 2.0 beta (Build 5A258f) (MD5 f7a2937c32615545ba339c330356d9ad) (to be expired 4 June 2008 ) (i) Google Search iPhone 2.0 Beta 4 (5a258f) (ii) Rename it with extension .zip and unzip it (unzip -o iPhone1,1_2.0_5A258f_Restore.ipsw 018-3585-6.dmg) (run) vfdecrypt -i 018-3585-6.dmg -o decrypted20b4.dmg -k 198d6602ba2ad2d427adf7058045fff5f20d05846622c186cca3d423ad03b5bc3f43c61c For vfdecrypt.exe, libeay32.dll http://pecl4win.php.net/download.php/dll/061dae89b309a98382dedc04942bd8a2/libeay32.dll To extract the contents in the dmg image in PC you need hfsexplorer(plus java runtime) or dmg2img.exe http://hem.bredband.net/catacombae/hfsx.html http://devices.natetrue.com/iphone/ibrickr-jb113.zip http://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_Developer-Site/en_US/-/USD/VerifyItem-Start/jre-6u4-windows-i586-p-iftw.exe?BundledLineItemUUID=H25IBe.l.7oAAAEX_wIJ2rG5&OrderID=wqFIBe.lQkEAAAEX9AIJ2rG5&ProductID=lr9IBe.nFxoAAAEWAhINQrEN&FileName=/jre-6u4-windows-i586-p-iftw.exe You can also use PowerISO 4.0 in Windows to examine and extract contents of Mac OS X .dmg file http://www.poweriso.com/ You can mount the decrypted image directly in Mac OS or Linux. To mount DMG dd if=694-5259-38.dmg of=ramdisk.dmg bs=512 skip=4 conv=sync mount -o loop decrpyted112.img /mnt/decrypted112 Keys The key for the 1.01 revision is : 28c909fc6d322fa18940f03279d70880e59a4507998347c70d5b8ca7ef090ecccc15e82d The key for the 1.02 revision is : 7d5962d0b582ec2557c2cade50de90f4353a1c1de07b74212513fef9cc71fb890574bfe5 The key for the 1.1.1 revision is : f45de7637a62b200950e550f4144696d7ff3dc5f0b19c8efdf194c88f3bc2fa808fea3b3 The key for the 1.1.2 revision is : 70e11d7209602ada5b15fbecc1709ad4910d0ad010bb9a9125b78f9f50e25f3e05c595e2 The key for the 1.1.3 revision is : 11070c11d93b9be5069b643204451ed95aad37df7b332d10e48fd3d23c62fca517055816 The key for the 1.1.4 revision is : d0a0c0977bd4b6350b256d6650ec9eca419b6f961f593e74b7e5b93e010b698ca6cca1fe The key for the 1.2.0 beta (Build 5A147p) (md5 iPhone1,1_1.2_5A147p_Restore.ipsw = 3539f0b912812fd56ac1019d8fce4fc2 ) is: 86bec353ddfbe3fb750e9d7905801f79791e69acf65d16930d288e697644c76f16c4f16d The key for the 2.0 beta (Build 5A225c) (md5 iPhone1,1_2.0_5A225c_Restore.ipsw = 8254ccf38735bc74b38fb432ce982081 ) is: ea14f3ec624c7fdbd52e108aa92d13b16f6b0b940c841f7bbc7792099dae45da928d13e7 The key for the 2.0 beta (Build 5A240d) (md5 iPhone1_1_2.0_5A240d_Restore.ipsw = 429142d57db7cf94d4c29ee4da7f21cc) is: e24bfab40a2e5d3dc25e089291846e5615b640897ae8b424946c587bcf53b201a1041d36 The key for the 2.0 beta (Build 5A258f) (md5 iPhone1,1_2.0_5A258f_Restore.ipsw = f7a2937c32615545ba339c330356d9ad) is: 198d6602ba2ad2d427adf7058045fff5f20d05846622c186cca3d423ad03b5bc3f43c61c The key for the 2.0 beta (Build 5A274d) (md5 iPhone1,1_2.0_5A274d_Restore.ipsw = 1e671faa31d876602161d9bb463e15da) is: 589df25eaa4ff0a5e29e1425fb99bf50957888ff098ba2fcb72cf130f40e15e00bcf2fc7 Regarding how to find the key:* Read this on how to find the key for firmware 1.1.1 or above For example, firmware 1.1.4, you can find the decrypt key by running this in Mac OS X Terminal #!/bin/bash# first extract the ramdisk image file from the ipsw fileunzip -o iPhone1,1_1.1.4_4A102_Restore.ipsw 022-3896-4.dmg -d .# strip off the first 0x800 bytes and the trailing certificatedd if=022-3896-4.dmg of=022-3896-4.stripped.dmg bs=512 skip=4 count=36640 conv=sync# use the method of GEORGE HOTZ and ignore the erroropenssl enc -d -in 022-3896-4.stripped.dmg -out ramdisk-022-3896-4.dmg -aes-128-cbc -K 188458A6D15034DFE386F23B61D43774 -iv 0# print out the ramdisk key from the imagestrings ramdisk-022-3896-4.dmg \| egrep "^[0-9a-fA-F]{72}$" If you have the 8900decryptor binary, you can get the same decrypted image file and key from #!/bin/bash./8900decryptor 022-3896-4.dmg 022-3896-4.8900decrypted.dmgstrings 022-3896-4.8900decrypted.dmg \| egrep "^[0-9a-fA-F]{72}$"

		Category : IPhone \| Posted By : Eric Shan \| Comments [0] \| Trackbacks [0]

Trackbacks
	The URI to TrackBack this entry is : http://blog.tntsoft.com/trackback.php/24

Comments

Add Your Comment

Template theme : aura
Powered by myBloggie Copyright © 2004 2006
-- myWebland --

Sponsed by TNTSoft Store