Talk:OTA Updates

Encryption
Are the updates encrypted in any way (VFDecrypt?) --Balloonhead66 18:31, 30 August 2011 (MDT)
 * No. Just regular Zips. --M2m 22:36, 30 August 2011 (MDT)
 * Only NOR payloads and RAM disks are encrypted, rest of the "asset" is unencrypted --pjakuszew 04:19, 31 August 2011 (MDT)
 * But if you need to update iTunes to 'decrypt' the newest firmware (as iTunes contains the 'password' to do so), then that means that the encrypted stuff has a 'password' that is somewhere on the file system. Maybe if we could access it, we could get them. (maybe disassembling iTunes could get us them also :D) --Balloonhead66 11:12, 31 August 2011 (MDT)
 * iTunes doesn't contain any "passwords" Balloonhead66. Everything is done on the device and usually uses the device's built in hardware AES crypt keys. -- iH8sn0w 13:32, 31 August 2011 (EST)
 * Dang, but then why do we need to update iTunes to update our device? --Balloonhead66 11:35, 31 August 2011 (MDT)
 * Its purpose is to send out firmware files to the device, and only that. --pjakuszew 11:36, 31 August 2011 (MDT)
 * I still don't get the point of updating iTunes (other than avoiding an error) --Balloonhead66 11:45, 31 August 2011 (MDT)
 * Updating is required because of incompatibilites with newer iOS versions. I think it's about Fairplay and encryption of iPod library database. Another example is support of new hardware; how would you update a 3GS with iTunes 7.5? --pjakuszew 11:56, 31 August 2011 (MDT)
 * Ok, that makes sense. Thanks! --Balloonhead66 12:14, 31 August 2011 (MDT)

Tracker
Anyone into making a watchguard that tracks mesu.apple.com for changes (and records them)? --M2m 00:55, 12 November 2011 (MST)
 * I did a crude one. It works by comparing against a list of already done URLs in an array --Balloonhead66 13:16, 12 November 2011 (MST)
 * I would just curl --user-agent="softwareupdateservicesd (unknown version) CFNetwork/539 Darwin/11.0.0" http://mesu.apple.com/assets/com_apple_MobileAsset_SoftwareUpdate/com_apple_MobileAsset_SoftwareUpdate.xml -o OTA.xml and pipe it into shasum. In case shasum change, save as new version with date and time (and display)... --M2m 19:00, 12 November 2011 (MST)
 * One problem with that is that I can't test it on my computer here at my house as I am on windows. To test it with curl I would need to upload it to my website. What I did was open a connection with fsockopen, sent some request headers, then read the response to a string. After that, I parsed the plist to an array. Unfortunately, the parser leaves some artifacts on the hash as it is a compressed hash. So I decided to use the file location instead. It still works pretty well. I had to remove the URL form area as it messed with the array in unwanted ways. I am working on moving it from an array to just line by line URLs preventing the failure as I just append the line to it. When I finish it, I will post the code on my website. --Balloonhead66 21:43, 12 November 2011 (MST)
 * curl is avialable for windows --M2m 04:43, 13 November 2011 (MST)
 * doesn't matter, it already works and spits out a nice table. --Balloonhead66 16:05, 13 November 2011 (MST)
 * So is your tracker available online already ? --M2m 19:59, 26 November 2011 (MST)
 * Yes. When you add a link to the wiki, you can add it to the textbox one per line and click submit and it wont show up again. --Balloonhead66 13:37, 27 November 2011 (MST)
 * Spammers. It doesn't work because it works like this:

for (  $i = 0;   $i < sizeof(array_keys($plist['Assets']));   $i++) {  if (     !in_array( $plist['Assets'][$i]['__BaseURL']. $plist['Assets'][$i]['__RelativePath'], $usedurls)    ) {    // Output table } }
 * --Balloonhead66 17:34, 27 November 2011 (MST)