Home > iPhone > The first steps (part 2)

The first steps (part 2)

I had initially planned on talking about reverse engineering iPhone native apps in this post but have decided to write about something else instead. There is another way to gain access to the iPhone filesystem besides jailbreaking your phone. It turns out that there are dmg files on your system that iTunes downloads when installing new firmware that will allow you to access the file system. You can either find them on your computer or download one from theiphonewiki’s System page.  Next, you’ll have to decrypt the dmg file. Theiphonewiki has the keys to do it here and there is a tool called vfdecrypt which can decrypt dmg files. One note about vfdecrypt, I had to modify the source file line 357 to get it working in linux. In the call to getopt() replace any double colons (::) with a single colon. Then recompile (gcc -o vfdecrypt -lcrypto vfdecrypt.c).

The firmware images on your hard drive and the downloadable ones are ipsw files. Change the file extension to “zip” and unzip the archive. You will find several dmg files in there. The largest one (~200mb) is the one you want. Decrypt that dmg file with vfdecrypt. The output file should be a new dmg file. You will now need to extract that new dmg file. To do this I used HFSExplorer. Extract that somewhere and you now have access to the iPhone filesystem.

Categories: iPhone Tags: ,
  1. December 8, 2009 at 4:49 pm

    It worked, yes. Hunt the wanted files, done. Question: how to make it writeable? How to re-encrypt them back into a valid ipsw file? I made the decrypted.dmg into a writeable image, then after some brave tampering, restored the image back to read-only, tuck the dmg into the proper folder, then compressed them, renamed it back to ipsw extention and itunes succesfully reject the restore from that ipsw… Sound idiotic? Well I thought Apple is (intuitively) that simple… XD

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: