Permalink
Find file
Fetching contributors…
Cannot retrieve contributors at this time
72 lines (58 sloc) 2.65 KB
// By: petter wahlman, http://www.twitter.com/badeip
//
// About:
// Encrypt/decrypt iOS kernelcache
//
// Notes: the code is POC, and the syntax sucks.
//
// Example usage: (a $ prefix is used to indicate commands that must be executed in a terminal)
$ mkdir -p ~/iphone/ipsw/
$ cd ~/iphone/ipsw
$ mv ~/Downloads/iPhone3,1_5.1_9B5117b_Restore.ipsw .
$ 7z x iPhone3,1_5.0.1_9A405_Restore.ipsw
$ kcache --in kernelcache.release.n90 --iv 5533d04f6c805307c2f2a573339a6850 --key 0ef7774fea99e988487f92f8765e4678aeefc8a14de40b95ba210955445eff22
// kcache/kernelcache.bin will now contain the decrypted kernelcache image:
$ file kcache/kernelcache.bin
kcache/kernelcache.bin: Mach-O executable arm
// Example output:
iv: 5533d04f6c805307c2f2a573339a6850
key: 0ef7774fea99e988487f92f8765e4678aeefc8a14de40b95ba210955445eff22
in: kernelcache.release.n90
wd: ./kcache
opening: kernelcache.release.n90
magic: Img3
filesize: 6516484
contentsize: 6516464
certarea: 6514360
filetype: krnl
0x00000000 0x00000004: TYPE
0x00000020 0x0063659b: DATA
0x006365cc 0x00000004: SEPO
0x006365e8 0x00000038: KBAG
0x00636634 0x00000038: KBAG
0x006366b8 0x00000080: SHSH
0x00636744 0x00000794: CERT
creating: ./kcache/kernelcache.data
AES decrypt:(len: 6514075 pad: 11)
plaintext (excerpt):
dc e5 5d 51 97 c1 04 0d e4 72 bb 64 36 13 25 2a | ..]Q.....r.d6.%*
b4 ab eb 67 a7 55 e6 81 7b 3c 9a 5b ac 99 55 40 | ...g.U..{<.[..U@
65 97 f3 a8 c6 bf fc 7c 5b c8 03 56 2b 2c 88 6d | e......|[..V+,.m
b3 2b 35 5d 52 89 5d 1b d3 43 77 63 6c 62 a4 46 | .+5]R.]..Cwclb.F
b9 39 e4 82 64 e9 7f 49 35 b5 58 95 25 00 e1 1d | .9..d..I5.X.%...
f3 aa 31 16 78 65 2c b1 10 d0 b5 9a ed 65 f1 ad | ..1.xe,......e..
9b e5 83 af b5 c0 a6 0e c2 79 bb 16 ff c9 f1 5a | .........y.....Z
ce 09 1e 16 3e 8f ce ab 95 df 5b 2a 9f 04 ad 87 | ....>.....[*....
decrypted (excerpt):
63 6f 6d 70 6c 7a 73 73 5b 4c f0 db 00 b1 f0 00 | complzss[L......
00 63 64 1b 00 00 00 00 00 00 00 00 00 00 00 00 | .cd.............
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
creating: ./kcache/kernelcache.data.pt
creating: ./kcache/kernelcache.hdr
creating: ./kcache/kernelcache.lzss
creating: ./kcache/kernelcache.bin