blacktop / ipsw Goto Github PK
View Code? Open in Web Editor NEWiOS/macOS Research Swiss Army Knife
Home Page: https://blacktop.github.io/ipsw
License: MIT License
iOS/macOS Research Swiss Army Knife
Home Page: https://blacktop.github.io/ipsw
License: MIT License
Hi again :)
Is it possible to download macos beta images also? I tried both ipsw download beta <build>
and ipsw download macos --build <build>
but with no success.
Recently attempting to port fs_usage to iOS, it has a feature that requires a map file for reading dyld shared cache. We already have this both for macOS and iOS simulators but only iOS doesn't have any shipped map file for its dsc.
Running under windows. First command I executed was:
./ipsw.exe generate
Which resulted in
⨯ parsing table row failed error=this is the table header
⨯ parsing table row failed error=this is the table header
⨯ parsing table row failed error=this is the table header
⨯ parsing table row failed error=this is the table header
...
⨯ parsing table row failed error=this is the table header
⨯ parsing table row failed error=this is the table header
⨯ parsing table row failed error=this is the table header
⨯ parsing table row failed error=this is the table header
⨯ parsing table row failed error=this is the table header
Originally posted by kushalagrawal January 20, 2022
Hi blacktop,
we have multiple maco and fat binaries which are internal binaries. These binaries are signed by the internal CA and then uploaded to a remote location.
before I serve it to end user, I wants to make sure they are not tempered therefore I wants to validate using the internal CA's public key. if they are signed by that internal CA. Is There any direct way that I can extract the certificate chain associate with maco and fat binary.
Thanks
Kushal
felt this was worth filing as ipsw
itself creates symlinks when providing the extracted dsc for iPhone10,3,iPhone10,6_13.7_17H35_Restore.ipsw
(which is weird behavior but, seems to function?)
Hi team,
Can we get the watch firmware ?
Hi! Would be possible to add a update.go
file under /cmd/ipsw/cmd
as Cobra option to download the latest version?
It would be something like this:
package main
import (
"crypto/tls"
"encoding/json"
"errors"
"flag"
"fmt"
"io"
"io/ioutil"
"net/http"
"net/url"
"os"
"path"
"strings"
"github.com/AlecAivazis/survey"
)
type Assets []struct {
AssetsURL string `json:"assets_url"`
}
type Autogenerated []struct {
BrowserDownloadURL string `json:"browser_download_url"`
}
var (
platform string
)
func init() {
flag.StringVar(&platform, "platform", "", "platform")
}
func main() {
if platform == "" {
platform = SelectPlatform()
}
var data Assets
var assetsUrl = `https://api.github.com/repos/blacktop/ipsw/releases`
response := MakeRequest(assetsUrl)
bodyBytes, err := ioutil.ReadAll(response.Body)
defer response.Body.Close()
err = json.Unmarshal(bodyBytes, &data)
CheckErr(err)
var download Autogenerated
response = MakeRequest(data[0].AssetsURL)
bodyBytes, err = ioutil.ReadAll(response.Body)
defer response.Body.Close()
err = json.Unmarshal(bodyBytes, &download)
CheckErr(err)
for k := range download {
if strings.Contains(download[k].BrowserDownloadURL, platform) {
myUrl, err := url.Parse(download[k].BrowserDownloadURL)
CheckErr(err)
fmt.Printf("Downloading ipsw as %v in the current working directory\n", path.Base(myUrl.Path))
downloadFile(download[k].BrowserDownloadURL, path.Base(myUrl.Path))
}
}
}
func SelectPlatform() string {
var choice = 0
var options = []string{"linux_arm64", "linux_x86_64", "macOS_arm64", "macOS_x86_64", "windows_x86_64"}
prompt := &survey.Select{
Message: fmt.Sprintf("Select Platform to download:"),
Options: options,
}
survey.AskOne(prompt, &choice)
return options[choice]
}
func MakeRequest(host string) *http.Response {
tr := &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
}
client := &http.Client{Transport: tr}
request, _ := http.NewRequest("GET", host, nil)
request.Header.Set("Accept", "application/vnd.github.v3+json")
response, err := client.Do(request)
CheckErr(err)
return response
}
func downloadFile(URL, fileName string) error {
//Taken from https://golangbyexample.com/download-image-file-url-golang/
response, err := http.Get(URL)
CheckErr(err)
defer response.Body.Close()
if response.StatusCode != 200 {
return errors.New("Received non 200 response code")
}
//Create a empty file
file, err := os.Create(fileName)
CheckErr(err)
defer file.Close()
//Write the bytes to the fiel
_, err = io.Copy(file, response.Body)
CheckErr(err)
return nil
}
func CheckErr(err error) {
if err != nil {
fmt.Printf("Error: %v\n", err)
}
}
So, it is using surveys to choose which version to download:
And downloading it to the current directory:
Thanks!
bootywarrior@Bootys-MacBook-Air ~ % /Users/bootywarrior/Downloads/ipsw_3.1.19_macOS_arm64/ipsw symbolicate /Users/bootywarrior/Desktop/web.ips /Users/bootywarrior/Downloads/dyld_shared_cache_arm64
Flags:
-d, --demangle Demangle symbol names
-h, --help help for symbolicate
-u, --unslide Unslide the crashlog for easier static analysis
Global Flags:
--config string config file (default is $HOME/.ipsw.yaml)
-V, --verbose verbose output
⨯ failed to parse objc selectors: segment __OBJC_RO does not exist
To help you further based off our last interaction when I had an issue on windows.
This isn't a cache off the ipsw it's from the iOS Device itself this time it's for the iPhone8,1 running 12.1.4 (16D57) dyld_shared_cache from "/System/Library/caches/com.apple.dyld"
> ipsw download dev
? Please type your username: <REDACTED>
? Please type your password: appspecificpassword
Usage:
ipsw download dev [flags]
<SNIP>
⨯ failed to sign in; expected status code 409 (for two factor auth): response received 401
Just a really small thing. The command help can be out of sync. Take for example the command:
$ ipsw download beta
Error: requires at least 1 arg(s), only received 0
⨯ requires at least 1 arg(s), only received 0
This is a command that exists, but when we try and get this command listed from the parent "download" command:
$ ipsw download
Download Apple Firmware files (and more)
Usage:
ipsw download [flags]
ipsw download [command]
Available Commands:
dev Download IPSWs (and more) from https://developer.apple.com/download
git Download github.com/orgs/apple-oss-distributions tarballs
ipsw Download and parse IPSW(s) from the internets
macos Download macOS installers
oss Download opensource.apple.com file list for macOS version
ota Download OTAs
rss Read Releases - Apple Developer RSS Feed
tss 🚧 Download SHSH Blobs
Flags:
--black-list stringArray iOS device black list
-b, --build string iOS BuildID (i.e. 16F203)
-y, --confirm do not prompt user for confirmation
-d, --device string iOS Device (i.e. iPhone11,2)
-h, --help help for download
--insecure do not verify ssl certs
-m, --model string iOS Model (i.e. D321AP)
--proxy string HTTP/HTTPS proxy
-_, --remove-commas replace commas in IPSW filename with underscores
--restart-all always restart resumable IPSWs
--resume-all always resume resumable IPSWs
--skip-all always skip resumable IPSWs
-v, --version string iOS Version (i.e. 12.3.1)
--white-list stringArray iOS device white list
Global Flags:
--config string config file (default is $HOME/.ipsw.yaml)
-V, --verbose verbose output
Use "ipsw download [command] --help" for more information about a command.
the "beta" subcommand isn't listed
Having a 821 line long manpage (ipsw man | mandoc | col -b | wc -l
) is not practical for feature discoverability. I think they should be split into different manpages for each subcommand. Ie ipsw-dyld(1)
, ipsw-macho(1)
, etc.
Hi! Have a small feature request. Similar to
$ ipsw download beta <build>
It would be awesome to be able to download Beta OTAs using links on the iphonewiki.com. On top of that being able to specify a pattern similar to the command:
$ ipsw download -d iPhone14,2 --latest --pattern iBoot
Would be such an awesome addition.
the iteration in 'download_latest.go' over --black-list will break when a match is found.
This is false as multiple items should be removed.
While fixing it I changed --black-list to support a list strings delimited with ','
diff --git a/cmd/ipsw/cmd/download_latest.go b/cmd/ipsw/cmd/download_latest.go
index 21c460c..c882b7c 100644
--- a/cmd/ipsw/cmd/download_latest.go
+++ b/cmd/ipsw/cmd/download_latest.go
@@ -74,12 +74,22 @@ var latestCmd = &cobra.Command{
}
if len(doNotDownload) > 0 {
- for i, v := range builds {
- if strings.Contains(v.Identifier, doNotDownload) {
- builds = append(builds[:i], builds[i+1:]...)
- break
+ var validBuilds []api.Build
+ doNot := strings.Split(doNotDownload, ",")
+ for _, v := range builds {
+ valid := true
+
+ for _, doNotDownload = range doNot {
+ if strings.Contains(v.Identifier, doNotDownload) {
+ valid = false
+ break
+ }
+ }
+ if valid {
+ validBuilds = append(validBuilds, v)
}
}
+ builds = validBuilds
}
log.Debug("URLs to Download:")
The following will now work
ipsw download -V latest --yes --black-list AppleTV,iPhone
Right now the ipsw tool supports extracting the kernelcache from the ipsw, but it seems like it should be possible to extract any file from the kernelcaches using this technique. Perhaps generalizing the kernelcache code to an arbitray file selector might be useful (i.e., for downloading iBoot binaries)
title.
Reversing dylibs from the DSC can be tiresome. Each dylib references another, and without loading each one's dependencies you get an image with too many invalid pointers.
I think ipsw
could create a .symtab
section where every extracted image has references to all the rest of the exported symbols from the other dylibs. That way, We could reverse only one image with all its required dependencies without loading each one individually.
If this works well, I'll also attempt writing an IDA plugin to load modules from the iOS 15 DSC based on ipsw
.
Not sure if it's meant to work, but it probably at least shouldn't panic.
Output (verbose does not give any more output):
[IPSW Info]
===========
%!v(PANIC=String method: runtime error: invalid memory address or nil pointer dereference)
Files tested:
AppleTV3,1_8.4.3_12H876_Restore.ipsw
AppleTV3,1_8.4.3_12H885_Restore.ipsw
AppleTV3,1_8.4.3_12H903_Restore.ipsw
Hi! :)
I'm not sure if you've noticed but github added a copy-to-clipboard option on markdown code snippets.
The current snippets in the README start with >
, but when copying it into terminal we have to go back and delete it.
Please remove the prefix just so it's more convinient :)
This project publishes binaries for macOS and Windows; it would be great if it could publish Linux binaries, too!
Latest release for linux (v3.1.45)
When running: 'ipsw version' the following is output:
dan@ubuntu-test:~/Downloads/ipsw$ ./ipsw version
Version: , BuildTime:
This then results in the 'ipsw update' command fails with the following error:
dan@ubuntu-test:~/Downloads/ipsw$ ./ipsw update
Error: Malformed version:
Usage:
ipsw update [flags]
Flags:
--detect detect my platform
-h, --help help for update
--insecure do not verify ssl certs
-p, --platform string ipsw platform binary to update
--proxy string HTTP/HTTPS proxy
--replace overwrite current ipsw
Global Flags:
--config string config file (default is $HOME/.ipsw.yaml)
-V, --verbose verbose output
⨯ Malformed version:
Checking the latest pipeline for building the following error is displayed:
If you re-run the same echo command with the "--insecure" flag set it can successfully obtain the latest iOS version from Apple:
dan@ubuntu-test:~/Downloads/ipsw$ echo ::set-output name=version::$(LD_LIBRARY_PATH=/usr/local/lib ./ipsw download ipsw --show-latest --insecure)
::set-output name=version::15.2.1
It's failing due to not having a libObjc dylib
iOS 13.2 using bvx compress, good news is that ipsw still can decompress it, but the decompressed kernel can not parsed as kernel cache by IDA
When many (for me it is 6 phones) trusted phones used in Apple ID and used phone with non first ID download dev finished with 412 error:
⨯ failed to verify code: response received 412
This caused with next code where ID=1 is hardcoded internal/download/dev_portal.go
func (app *App) verifyCode(codeType, code string) error {
buf := new(bytes.Buffer)
if codeType == "phone" {
json.NewEncoder(buf).Encode(&phone{
Number: phoneNumber{
ID: 1,
},
Mode: "sms",
SecurityCode: scode{
Code: code,
},
})
...
The "latest" command only attempts to download the current version of iOS 13, even when specifying a device such as iPad Air which can only install 12.4.3 currently.
Is there a way to automate downloading the latest supported version per device?
I should add the ability to try again before failing
Failed to parse kernelcache for iOS 15.0.1 on macOS Monterey beta 9.
$ ipsw kernel dec kernelcache.release.ipad6f
• Decompressing kernelcache
Error: failed parse compressed kernelcache Img4: failed to ASN.1 parse kernelcache: asn1: structure error: length too large
$ ipsw kernel kexts kernelcache.release.ipad6b
Error: section __PRELINK_INFO.__kmod_start not found
This command downloads just the kernel
ipsw download --iversion 12.0.1 --kernel --dec
But this similar command downloads the entire cache
ipsw download --device iPhone11,2 --build 16B92 --kernel --dec
Also, it seems possible to download all builds of a particular version
ipsw download --iversion 12.0 --dec
But downloading all kernels for a particular device just fails silently
ipsw download --device iPhone8,2 --kernel --dec
The ability to sign binaries is in jtool2
and would be very useful in ipsw
too.
Hi :)
Great work for the newly added RSS feed. I'd like to use it to automate download of newly released versions of iOS and macOS images (and possibly other releases also).
Can you implement a feature to download each product when it's released? I have no problem supplying the required credentials (which I guess are required to download the beta releases)
I can not use ipsw dyld symaddr --image <image> <dscpath> <symbol>
because iOS 15 beta has new dsc format.
Can you add command to extract dyld_shared_cache(like dsc_extractor) and lookup symbols?
like:
ipsw extract --dsc < dscpath> <outputdir>
ipsw macho <image> -symaddr <symbol>
Due to the latest up to fix my issue #60 it yields a segmentation fault log will be dropped here in 5 minutes while I look through your source code.
Issue:
==> Downloading https://github.com/blacktop/ipsw/releases/download/v3.0.71/ipsw_
Already downloaded: /Users/gumingjun/Library/Caches/Homebrew/downloads/cf3b3a77e11173cdf291efe4579989d22801842cde309d29766f2e33f682a1b2--ipsw_3.0.71_macOS_x86_64.tar.gz
==> Installing ipsw from blacktop/tap
Error: An exception occurred within a child process:
NoMethodError: undefined method `path' for nil:NilClass
Did you mean? paths
I install other packages well
The CachePatchInfo
struct changed in iOS15 and now starts with a 2 (most likely version number)
Hi, the tool is unable to download any firmware. Each attempt i try, it gives the following error and makes a 0kb file:
"failed to download file: write iPadPro_9.7_13.1.3_17A878_Restore.ipsw.download: The process cannot access the file because another process has locked a portion of the file."
I don't have any antiviruses running, so i', not sure what process could be blocking it. I tried running it as admin but still no luck. Any ideas? Cheers.
Hey! Just something that would be of use:
$ ipsw download ipsw --macos --device Macmini9,1
x you must also supply a --version OR a --build (or use --latest)
Would it be possible for this to download all ipsws for that specific device?
Also would it be possible to add the --dyld
flag to download just the DSC?
minor thing, just creates an extra step for others outside rn to do
C:\Users\turne>C:\Users\turne\Desktop\ipsw_3.1.21_windows_x86_64\ipsw.exe symbolicate C:\Users\turne\Downloads\locationd-2021-11-28-110434.ips.synced C:\Users\turne\dyld_shared_cache_arm64e -d -u -V
• Parsing Cache cache=C:\Users\turne\dyld_shared_cache_arm64e
panic: runtime error: index out of range [6] with length 0
goroutine 1 [running]:
github.com/blacktop/go-macho.(*File).LibraryOrdinalName(0xc0203c44e8, 0x7)
github.com/blacktop/[email protected]/file.go:2501 +0x130
github.com/blacktop/go-macho.(*File).parseBinds(0xc02037c0f0, 0xc0002f4c60)
github.com/blacktop/[email protected]/file.go:2217 +0x192
github.com/blacktop/go-macho.(*File).GetBindInfo(0xc02037c0f0)
github.com/blacktop/[email protected]/file.go:2114 +0x7a5
github.com/blacktop/ipsw/pkg/dyld.(*File).GetAllExportedSymbolsForImage(0xc00047a000, 0xc000003a40, 0x0)
github.com/blacktop/ipsw/pkg/dyld/symbols.go:454 +0x438
github.com/blacktop/ipsw/cmd/ipsw/cmd.glob..func61(0x16f92e0, {0xc0000ae0f0, 0x2, 0x5})
github.com/blacktop/ipsw/cmd/ipsw/cmd/symbolicate.go:214 +0xb1c
github.com/spf13/cobra.(*Command).execute(0x16f92e0, {0xc0000ae0a0, 0x5, 0x5})
github.com/spf13/[email protected]/command.go:856 +0x60e
github.com/spf13/cobra.(*Command).ExecuteC(0x16f88e0)
github.com/spf13/[email protected]/command.go:974 +0x3bc
github.com/spf13/cobra.(*Command).Execute(...)
github.com/spf13/[email protected]/command.go:902
github.com/blacktop/ipsw/cmd/ipsw/cmd.Execute()
github.com/blacktop/ipsw/cmd/ipsw/cmd/root.go:57 +0x25
main.main()
github.com/blacktop/ipsw/cmd/ipsw/main.go:27 +0x17
C:\Users\turne>C:\Users\turne\Desktop\ipsw_3.1.21_windows_x86_64\ipsw.exe symbolicate C:\Users\turne\Downloads\locationd-2021-11-28-110434.ips.synced C:\Users\turne\dyld_shared_cache_arm64e -d -u -V
Hi, can you describe me what is srvn in img4?
You have to code to scrape developer.apple.com/download/, if you could make that data available it be parsed separately it would be wonderful. (I really don't want to write auth code)
Line 191 in 432a2f4
I think this test should be runtime.GOOS != "darwin"
Hello, I accidentally found this project, it really helps me a lot.I wonder if I could download only one specific beta ipsw for one specific device model, now it is asking me to download 16 ipsw files, which are too much, looking forward to your reply.
Lines 116 to 117 in 05af7d2
It seems like the field before the numSubCaches field is pointing at a list of subcache info structs which has length numSubCaches. The subcache info struct is 24 bytes big, 16 bytes UUID + 8 bytes something else.
This allows you to get the UUID for each subcache.
Hi
First time user here. Installed v3.1.80 from brew to my MacBook Pro. Ran and got:
$ ipsw extract -k iPhone_4.7_P3_15.0.2_19A404_Restore.ipsw
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x20 pc=0x45db8e2]
goroutine 1 [running]:
github.com/blacktop/ipsw/pkg/info.(*Info).GetFolder(0xc0003cdd80)
github.com/blacktop/ipsw/pkg/info/info.go:199 +0xc2
github.com/blacktop/ipsw/cmd/ipsw/cmd.glob..func40(0x557dda0, {0xc00024b8a0, 0x1, 0x2})
github.com/blacktop/ipsw/cmd/ipsw/cmd/extract.go:196 +0x367
github.com/spf13/cobra.(*Command).execute(0x557dda0, {0xc00024b880, 0x2, 0x2})
github.com/spf13/[email protected]/command.go:856 +0x60e
github.com/spf13/cobra.(*Command).ExecuteC(0x55814a0)
github.com/spf13/[email protected]/command.go:974 +0x3bc
github.com/spf13/cobra.(*Command).Execute(...)
github.com/spf13/[email protected]/command.go:902
github.com/blacktop/ipsw/cmd/ipsw/cmd.Execute()
github.com/blacktop/ipsw/cmd/ipsw/cmd/root.go:57 +0x25
main.main()
github.com/blacktop/ipsw/cmd/ipsw/main.go:27 +0x17
It would be really nice if ipsw
could extract all UUIDs of the different images from the dyld_shared_cache_arm64*. Maybe also include several export functions? like into json?
I'm planning to implement a feature for pymobiledevice3 which allows to see which images are loaded to currently running process. The only problem is that the pymobiledevice3 developer dvt core-profile-session stackshot
currently gives all the loaded images as UUIDs and not by their names.
Currently, the only option is to skip-all I would like an option for the others. See command:
ipsw download --verbose latest --yes --device iPhone11,2
• Latest release found is: 14.7.1
• URLs to Download:
• https://updates.cdn-apple.com/2021SummerFCS/fullrestores/071-73966/B2F4517C-A57C-48D3-88B6-9A718A774EA6/iPhone11,2,iPhone11,4,iPhone11,6,iPhone12,3,iPhone12,5_14.7.1_18G82_Restore.ipsw
• Getting IPSW build=18G82 device=iPhone11,2 version=14.7.1
? Previous download of iPhone11,2,iPhone11,4,iPhone11,6,iPhone12,3,iPhone12,5_14.7.1_18G82_Restore.ipsw can be resumed: [Use arrows to move, type to filter]
resume
skip
> skip all
restart
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.