Thursday, April 22, 2010

How to decrypt, mount and edit the root filesystem in .ipsw files

Before the redsn0w jailbreak was public you could see a video on iH8snow`s twitter blog at http://www.twitvid.com/UI21P showing him modifying the root_fs.dmg from an .ipsw file:




All the guides you find on the net are not complete, missing a few important steps and, most important, the reason why it cant`t be done this way. Complete Guide:

  1. Rename your .ipsw file to .zip and unzip it
  2. Download vfdecrypt here: vfdecrypt.zip
  3. Place the .dmg you want to decrypt in the vfdecrypt folder
  4. Open Terminal, cd (switch) to the vfdecrypt folder by typing in "cd"{space} and dragging the vfdecrypt folfer into the Terminal, press enter
  5. Type in "./vfdecrypt -i {dmg) -o rootfs.dmg -k {key}" replace {dmg} with the filename of the .dmg that you want to decrypt and {key} with the key for the firmware you want to edit. Firmware keys can be found here. Press enter
  6. Your decrypted .dmg will be created in the vfdecrypt folder under the name "rootfs.dmg"
  7. Right click on it and open it with hdd utility. Click on "convert" and choose "read/write" and "without" in the encryption tab.

That`s it. Save the .dmg to a new file and mount it. Your are now able to browse and edit the .dmg (for example edit the SystemVersion.plist like shown in the video). The problem and the reason why this guide can`t be used to create custom .ipsw files is that you can not re-encrypt .dmg files with the same key you used to decrypt them after changing something! Your created .ipsw files will be corrupted.


To finish the custom .ipsw you have to be able to re-encrypt the .dmg with the same key which is not possible and to add it back to the .ipsw (.zip) without changing the checksum which is impossible too (iH8sn0w posted a few days after the video that you also need to patch a few system files to make this work.)

3 comments:

  1. great tuto dude

    ReplyDelete
  2. would this work on iphone os 4.0 beta 3?

    ReplyDelete
  3. what's the point if you can't use this ipsw file on your iphone?

    ReplyDelete