Results 1 to 10 of 10
Discuss Decrypting 018-7338-033.dmg (root filesystem) at the iOS 4.x (iPhone OS 4.x) - Hackint0sh.org; Thanks to iH8sn0w, we have the key and IV for 018-7262-033.dmg. I was able to ...
  1. #1
    Newbie Array

    Join Date
    Apr 2008
    Posts
    3
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default Decrypting 018-7338-033.dmg (root filesystem)

    Thanks to iH8sn0w, we have the key and IV for 018-7262-033.dmg. I was able to use xpwntool to create a decrypted ramdisk, which, theoretically, could be fed into genpass to generate a vfdecrypt key for the root filesystem image. I cannot, however, compile genpass. Does anyone have a working copy of genpass they can use to try this?

    Update: I used a genpass binary on Windows to generate a key, but the key is wrong. Vfdecrypt generates a dmg, but it is not mountable.
    Last edited by hazkid; 04-10-2010 at 01:23 AM.



  2. #2
    Rookie Array

    Join Date
    Mar 2009
    Posts
    23
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    where can I find the keys? I would like to try some of this myself.

  3. #3
    Super Moderator Array Olethros's Avatar

    Join Date
    Sep 2007
    Location
    Norway
    Posts
    8,360
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    439

    Default

    Quote Originally Posted by duckdude View Post
    where can I find the keys? I would like to try some of this myself.
    Look on twitter
    Please read the stickies & search forum before posting!
    How to report an iTunes restore/update fail in a useful manner
    -

    iPad 3G 64GB (4.3.3, Redsn0w) oldest SHSH 3.2.2
    iPhone 4 32GB (4.2.1, Redsn0w JB-monte) oldest SHSH 4.1
    iPhone 3GS 32GB (4.3.3; Pwnagetool) factory unlocked oldest SHSH 3.1
    iPhone 8GB (3.1.3; Pwnagetool) AT&T Locked - Unlocked with bootneuter

    -
    Did we solve your problem? Got a dollar or two spare ? Donate!

  4. #4
    Super Moderator Array Olethros's Avatar

    Join Date
    Sep 2007
    Location
    Norway
    Posts
    8,360
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    439

    Default Re: Decrypting 018-7338-033.dmg (root filesystem)

    You won't find rootfs key on twitter though. genpass has not been updated since 3.1 and the replacement is not public.
    Last edited by Olethros; 04-11-2010 at 07:38 AM.
    Please read the stickies & search forum before posting!
    How to report an iTunes restore/update fail in a useful manner
    -

    iPad 3G 64GB (4.3.3, Redsn0w) oldest SHSH 3.2.2
    iPhone 4 32GB (4.2.1, Redsn0w JB-monte) oldest SHSH 4.1
    iPhone 3GS 32GB (4.3.3; Pwnagetool) factory unlocked oldest SHSH 3.1
    iPhone 8GB (3.1.3; Pwnagetool) AT&T Locked - Unlocked with bootneuter

    -
    Did we solve your problem? Got a dollar or two spare ? Donate!

  5. #5
    Newbie Array

    Join Date
    Jan 2009
    Posts
    1
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default Well i got the decryption key and it works i need to figure out how to encrypt

    I'm not sure if this is allowed but here it is...

    here is the syntax
    Code:
    vfdecrypt -i 018-7338-033.dmg -o rootfs.dmg -k 0da2d3316d5ee7cd1858e4035e451387cd8156e97535fb09028859e68e5b7b39a6649552
    iphone 3g key: 0da2d3316d5ee7cd1858e4035e451387cd8156e97535fb0902 8859e68e5b7b39a6649552
    iphone 3gs key: 62ea9bf9971e6c410231646f916f80330f9cbc1d1c585f0c03 dab6b6f7158dc0a9c5efaf

    this is were i got my info for my iphone 3g
    VFDecrypt Keys: 4.x BETA - The iPhone Wiki

    also this is mountable just I can't get passed the read only part...
    Last edited by xhacker482; 04-12-2010 at 04:29 AM.


  6. #6
    Administrator Array

    Join Date
    Oct 2007
    Posts
    4,145
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    10

    Default

    FW 4.0 (8A230m) - iPhone 3G Keys

    ———————————
    018-7262-033.dmg [Restore Ramdisk]:
    ———————————
    IV: 9b855e7bd477ee1aa7e9e7fb12f83555
    KEY: 8fdfffcdaeef27851895a20a0bdea857
    ———————————
    Kernel.release.n82:
    ———————————
    IV: 75738828002b34798564fd551b6cb4c9
    KEY: dc59cac6760e5a7741e7d61d069c85a5
    ———————————
    applelogo.s5l8900x.img3:
    ———————————
    IV: 0e5600cdf829e9382604b2345084648a
    KEY: 7fb2b626a03d85c064c5483cbd5671c7
    ———————————
    recoverymode.s5l8900x.img3:
    ———————————
    IV: f9021648e0cb1f2fbbf7b4b5c507ec2c
    KEY: dd7a6d8d8d8eb909b156fb13f3251b1e
    ———————————
    iBoot.n82ap.RELEASE.img3:
    ———————————
    IV: c9159cb995c16fa320de917367c5599a
    KEY: bb9ce10e110cc547e5d69cbc007b9021
    ———————————
    DeviceTree.n82ap.img3:
    ———————————
    IV: 7bedf566de4a9ec35cec5fd9a984c803
    KEY: f572fbcbe3df7be157b73377ff0c669c

    some notes on how to do:
    - unzip iPhone1,2_4.0_8A230m_Restore.ipsw
    - xpwntool 018-7262-033.dmg ramdisk.dmg -k 8fdfffcdaeef27851895a20a0bdea857 -iv 9b855e7bd477ee1aa7e9e7fb12f83555
    - hdid ramdisk.dmg
    - vfdecrypt -i 018-7338-033.dmg -k 0da2d3316d5ee7cd1858e4035e451387cd8156e97535fb0902 8859e68e5b7b39a6649552 -o rootfs.dmg
    - hdid rootfs.dmg
    Last edited by dtube; 04-12-2010 at 05:05 AM.
    ** If you just want to support hackint0sh.org with a donation click here **

  7. #7
    IRC Netadmin
    Team of Hackint0sh
    Array f41qu3's Avatar

    Join Date
    Nov 2006
    Posts
    1,572
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    10

    Default

    Quote Originally Posted by dtube View Post
    FW 4.0 (8A230m) - iPhone 3G Keys

    覧覧覧覧覧
    018-7262-033.dmg [Restore Ramdisk]:
    覧覧覧覧覧
    IV: 9b855e7bd477ee1aa7e9e7fb12f83555
    KEY: 8fdfffcdaeef27851895a20a0bdea857
    覧覧覧覧覧
    Kernel.release.n82:
    覧覧覧覧覧
    IV: 75738828002b34798564fd551b6cb4c9
    KEY: dc59cac6760e5a7741e7d61d069c85a5
    覧覧覧覧覧
    applelogo.s5l8900x.img3:
    覧覧覧覧覧
    IV: 0e5600cdf829e9382604b2345084648a
    KEY: 7fb2b626a03d85c064c5483cbd5671c7
    覧覧覧覧覧
    recoverymode.s5l8900x.img3:
    覧覧覧覧覧
    IV: f9021648e0cb1f2fbbf7b4b5c507ec2c
    KEY: dd7a6d8d8d8eb909b156fb13f3251b1e
    覧覧覧覧覧
    iBoot.n82ap.RELEASE.img3:
    覧覧覧覧覧
    IV: c9159cb995c16fa320de917367c5599a
    KEY: bb9ce10e110cc547e5d69cbc007b9021
    覧覧覧覧覧
    DeviceTree.n82ap.img3:
    覧覧覧覧覧
    IV: 7bedf566de4a9ec35cec5fd9a984c803
    KEY: f572fbcbe3df7be157b73377ff0c669c

    some notes on how to do:
    - unzip iPhone1,2_4.0_8A230m_Restore.ipsw
    - xpwntool 018-7262-033.dmg ramdisk.dmg -k 8fdfffcdaeef27851895a20a0bdea857 -iv 9b855e7bd477ee1aa7e9e7fb12f83555
    - hdid ramdisk.dmg
    - vfdecrypt -i 018-7338-033.dmg -k 0da2d3316d5ee7cd1858e4035e451387cd8156e97535fb0902 8859e68e5b7b39a6649552 -o rootfs.dmg
    - hdid rootfs.dmg
    dtube, this steps above working to create a valid and mountable ramdisk, after it, just need remount the ipsw and restoring that to iphone, iエm right or no?
    If you just want to support hackint0sh.org with a donation click here.

    Twitter: @f41qu3 @hackint0sh @hmbt_org @iphone_dev

  8. #8
    Administrator Array

    Join Date
    Oct 2007
    Posts
    4,145
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    10

    Default

    Quote Originally Posted by f41qu3 View Post
    dtube, this steps above working to create a valid and mountable ramdisk, after it, just need remount the ipsw and restoring that to iphone, iエm right or no?
    Steps above to extract and decrypt the fw ramdisk so you can look can things. The only way to restore is only if iphone is already pwned. If the phone is not pwned, then the tool must be able to use the exploit to send the payload and pwned iboot on the fly then restore.
    ** If you just want to support hackint0sh.org with a donation click here **

  9. #9
    IRC Netadmin
    Team of Hackint0sh
    Array f41qu3's Avatar

    Join Date
    Nov 2006
    Posts
    1,572
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    10

    Default

    Quote Originally Posted by dtube View Post
    Steps above to extract and decrypt the fw ramdisk so you can look can things. The only way to restore is only if iphone is already pwned. If the phone is not pwned, then the tool must be able to use the exploit to send the payload and pwned iboot on the fly then restore.
    dtube, did u know some lectures about unpack and repack ipsw file?
    If you just want to support hackint0sh.org with a donation click here.

    Twitter: @f41qu3 @hackint0sh @hmbt_org @iphone_dev

  10. #10
    Administrator Array

    Join Date
    Oct 2007
    Posts
    4,145
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    10

    Default

    Quote Originally Posted by f41qu3 View Post
    dtube, did u know some lectures about unpack and repack ipsw file?
    no I don't.
    I just know how to unpack and decrypt.
    I never tried to repack. I have to look into that to find out what are involved.
    ** If you just want to support hackint0sh.org with a donation click here **


 

 

Similar Threads

  1. [DiskAid] Access root filesystem without Jailbreak!
    By Scape-Server in forum General
    Replies: 11
    Last Post: 11-13-2009, 04:23 AM
  2. [Mobilefinder] Browse root filesystem on Jaibroken Phones
    By outofbreath in forum AppStore Software
    Replies: 6
    Last Post: 10-31-2009, 05:24 PM
  3. Problems about decrypting the Root Filesystem of 3.x
    By chenxingyu in forum iOS 3.x (iPhone OS 3.x)
    Replies: 2
    Last Post: 10-21-2009, 04:50 PM
  4. iphone root filesystem
    By martuskah in forum Free Toolchain Software (Cydia App's)
    Replies: 2
    Last Post: 08-08-2008, 01:41 PM
  5. Replies: 4
    Last Post: 04-20-2008, 11:22 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Powered by vBulletin®
Copyright © 2014 vBulletin Solutions, Inc. All rights reserved.
Search Engine Friendly URLs by vBSEO
(c) 2006-2012 Hackint0sh.org
All times are GMT +2. The time now is 09:59 AM.
twitter, follow us!