Restore Process

1.1.4 > 2.0 Restore
This restore was performed, logged and dumped by scotty2. It was originally in a manifesto made while cracking the img3 format, so it may be typed up a little oddly

The Process

 * 1) iTunes maps iBEC (WTF.m68ap.RELEASE.dfu) at 0x90000000.
 * 2) iBoot decrypts it, as it is an Img2 file, then runs it.
 * 3) iBEC does a check to see if it is mapped at 0x18000000, and if it is not, it remaps itself there.
 * 4) Sometime at the beginning of the iBEC's routine, it gives the iPhone whatever it needs to decrypt Img3 files, as you will obviously guess by reading the rest of these
 * 5) iTunes sends iBEC the kernelcache and the ramdisk. Both in Img3 format.
 * 6) iBEC decrypts ramdisk and kernelcache then boots kernelcache.
 * 7) The ramdisk/kernel then copy the rootfs over, then flash the new devicetree, iBEC, iBSS, and iBoot.
 * 8) After the rootfs and the img3 files, it will flash over the baseband and friends.