Results 1 to 9 of 9
Discuss 1.1.4 firmwire decryption at the General - Hackint0sh.org; Hello everyone, This is my first post in here. My problem is: I want to ...
  1. #1
    Newbie Array

    Join Date
    Mar 2008
    Posts
    4
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Post 1.1.4 firmwire decryption

    Hello everyone,

    This is my first post in here. My problem is:

    I want to check out the 1.1.4 firmwire. I don't have an iPhone yet, so I'm not able to download the decrypted firmwire from there. I've read some guides on the internet on how to do it, but it fails when using vfdecrypt on windows!

    The steps in the guides are as following:

    - Download the 1.1.4 firmware from apple
    - Rename the .ispw to .zip and unpack
    - Download vfdecrypt and libeay32.dll and use it on 022-3894-4.dmg
    - Open the new dmg with MagicISO or some other software

    The key to be used in vfdecrypt is:
    d0a0c0977bd4b6350b256d6650ec9eca419b6f961f593e74b7 e5b93e010b698ca6cca1fe

    The problem with this is, that the vfdecrypt does not accept any KEY as input, while the script goes like this:

    Code:
        if ((in = fopen(argv[1], "rb")) == NULL) {
          fprintf(stderr, "Error: unable to open %s\n", inFile);
          exit(1);
        }
    
        if ((out = fopen(argv[2], "wb")) == NULL) {
          fprintf(stderr, "Error: unable to open %s\n", outFile);
          exit(1);
        }
    I can see in the code, that you have to manually set the key in the C source. It goes like this

    Code:
      //--------INSERT KEY HERE--------------
      //Find the key using command:
      // strings 009-7662-6.dmg | grep "^[0-9a-fA-F]*$"
      //It's the longest string that pops out
      //The first bit of the key replaces the first set of hyphens
      convert_hex("--------------------------------", aes_key, 16);
      //The second bit is the second set - there is no separation in the file though
      convert_hex("---------------------------------------", hmacsha1_key, 20);
    Where the -------- should be replaced with the key (the first 16 first characters, the next the 20 last characters of the keys)

    I have tried to edit this in the source, but I CANNOT compile it, because I need a lot of openssl files and a C compiler and so on.


    To sum up
    I cannot compile or use vfdecrypt.exe on my windows machine



    My question is therefore, is anybody of you running on linux or mac, and is able to send me the untouched decrypted 1.1.4 firmwire? Maybe uploading it on the rapid$hare or megaupload?

    Sorry for my english, and sorry for my long post.
    Thanks in advance!



  2. #2
    Developer Array javacom's Avatar

    Join Date
    Mar 2008
    Posts
    304
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    28

  3. #3
    Newbie Array

    Join Date
    Mar 2008
    Posts
    4
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Unhappy Thank you, but its not working

    Quote Originally Posted by javacom View Post
    Thank you, but its not working.

    The problem is, that you CANNOT enter the key to decrypt in this vfdecrypt.exe version! You can try it yourself in the console, that you cannot use the -i and -o and -k arguments.

    If i decrypt the file using:

    vfdecrypt 022-3894-4.dmg lol.dmg

    the file will output a file called lol.dmg. But it decrypts with the wrong key! The right key is in the thread.

  4. #4
    Board Hero Array

    Join Date
    Dec 2007
    Posts
    1,044
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    74

    Default

    This has worked for me:
    Code:
    vfdecrypt -i 022-3894-4.dmg -k d0a0c0977bd4b6350b256d6650ec9eca419b6f961f593e74b7e5b93e010b698ca6cca1fe -o 022-3894-4.decrypted.dmg
    If my recollection is right, I downloaded vfdecrypt from http://code.google.com/p/iphoneelite/downloads/list
    iPhone 3GS / 3.1.2 JB (PwnageTool) / 04.26.08 carrier-locked, Carrier Logo Fixer / Cydia / 1000 posts on Hackint0sh

    Installing Cydia programs on a phone that has no internet connection: read this.

    Editing binary .plist, .strings, .nib and .xib files:
    * on your computer: Windows tool / conversion website.
    * on your iPhone: convert those files in a terminal with plutil (installed with Erica Utilities) or edit them with iFile (Cydia links).

  5. #5
    Developer Array javacom's Avatar

    Join Date
    Mar 2008
    Posts
    304
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    28

    Default

    Quote Originally Posted by winmedia View Post
    Thank you, but its not working.

    The problem is, that you CANNOT enter the key to decrypt in this vfdecrypt.exe version! You can try it yourself in the console, that you cannot use the -i and -o and -k arguments.

    If i decrypt the file using:

    vfdecrypt 022-3894-4.dmg lol.dmg

    the file will output a file called lol.dmg. But it decrypts with the wrong key! The right key is in the thread.

    This is a compiled binary for windows
    Code:
    vfdecrypt -i 022-3894-4.dmg -o decrypted114.dmg -k d0a0c0977bd4b6350b256d6650ec9eca419b6f961f593e74b7e5b93e010b698ca6cca1fe


  6. #6
    peu
    peu is offline
    Respected Professional Array peu's Avatar

    Join Date
    Aug 2007
    Location
    Buenos Aires Argentina (I like ribs)
    Posts
    501
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    34

    Default

    after issuing this command:

    Code:
    vfdecrypt 022-3894-4.dmg  decrypted.dmg  d0a0c0977bd4b6350b256d6650ec9eca419b6f961f593e74b7e5b93e010b698ca6cca1fe
    using vfdecrypt downloaded from:
    Code:
    http://rapid$hare.com/files/41004473/vfdecrypt.exe.html
    I receive this output:
    Code:
    D:\Zips\iPhone\Firmware 2.0>vfdecrypt 022-3894-4.dmg decrypted.dmg d0a0c0977bd4b
    6350b256d6650ec9eca419b6f961f593e74b7e5b93e010b698ca6cca1fe
    sig     encrcdsa
    blocksize       4096
    datasize        128371697
    dataoffset      122880
    keyDerivationAlgorithm      0
    keyDerivationPRNGAlgorithm  0
    keyDerivationIterationCount 0
    keyDerivationSaltSize       0
    keyDerivationSalt
    
    
    blobEncryptionIVSize        0
    blobEncryptionIV
    
    
    blobEncryptionKeySizeInBits 0
    blobEncryptionAlgorithm     0
    blobEncryptionPadding       0
    blobEncryptionMode          0
    encryptedBlobSize           0
    encryptedBlob
    And I can't mount the resulting decrypted.dmg image using poweriso or ultraiso. What am I doing wrong?

    thanks!

    5>evaders>JB 6.12
    4S>5.01>>5.11>redsnow>JB 5.1.1
    4>Limera1n B1>4.3.2>IOS5 GM>redsnow>JB 5.0
    3GS>blackra1n RC3>3.1.2>Spirit>Unlock 3.1.2>Jailbreakme.com>Ultrasn0w 2.0>JB 4.01
    3G>redsn0w 0.72>ultrasn0w>Unlock 3.0>pwnage 3.14>JB 3.1.2
    2G>hardware unlock>elite-team virginizer>upgrade to 1.1.1>toc2rta JB>anysim 1.1>unlock 1.1.1>Restored to 1.1.3>Ziphone 2.2>Unlock 1.1.3>Modified Ziphone>iClarified unlock patch>Unlocked 1.1.4>QuickPWN>2.0.2>2.1>2.2>2.2.1>redsn0w 0.71>JB 3.0

  7. #7
    Senior Professional Array spyboy's Avatar

    Join Date
    Dec 2007
    Posts
    454
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    30

    Default

    same here!

    Edit: For ppl not bein able to open the decrypted files on windows just use Transmac
    Last edited by spyboy; 04-15-2008 at 01:24 AM.

  8. #8
    Newbie Array

    Join Date
    Mar 2008
    Posts
    4
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    Quote Originally Posted by spyboy View Post
    same here!

    Edit: For ppl not bein able to open the decrypted files on windows just use Transmac
    Doesn't work for me either, still the same problem!

  9. #9
    Board Hero Array

    Join Date
    Dec 2007
    Posts
    1,044
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    74

    Default

    Try the version of vfdecrypt from the link in my post. Worked for me.
    iPhone 3GS / 3.1.2 JB (PwnageTool) / 04.26.08 carrier-locked, Carrier Logo Fixer / Cydia / 1000 posts on Hackint0sh

    Installing Cydia programs on a phone that has no internet connection: read this.

    Editing binary .plist, .strings, .nib and .xib files:
    * on your computer: Windows tool / conversion website.
    * on your iPhone: convert those files in a terminal with plutil (installed with Erica Utilities) or edit them with iFile (Cydia links).

 

 

Similar Threads

  1. [1.1.3] Firmware Image Decryption Key
    By ChronicProductions in forum General
    Replies: 139
    Last Post: 01-23-2008, 08:09 AM
  2. can i unlock this firmwire?
    By mitchellmoxo in forum iPhone "2G" (Rev. 1)
    Replies: 1
    Last Post: 01-19-2008, 12:57 PM
  3. Replies: 3
    Last Post: 01-14-2008, 10:26 PM
  4. Replies: 1
    Last Post: 01-14-2008, 03:25 PM
  5. Unlocking 1.1.1 firmwire!
    By boby17 in forum General
    Replies: 2
    Last Post: 11-20-2007, 01:49 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Powered by vBulletin®
Copyright © 2014 vBulletin Solutions, Inc. All rights reserved.
Search Engine Friendly URLs by vBSEO
(c) 2006-2012 Hackint0sh.org
All times are GMT +2. The time now is 08:26 AM.
twitter, follow us!