Image3maker (Internal Tool)

Image3maker is an Apple internal tool used to create img3 firmware files. It's implemented in mostly C with its symbols stripped. There is an open source version by the same name, Image3maker.

From the disassembly, it appears that the Key and IV are generated via /dev/random. The GID key is loaded in from a plist at /usr/local/standalone/firmware/platform_keys.plist in order to encrypt the KEY/IV fields within the KBAG (referred to as "Keybag").

Usage
The usage information from running the binary. Usage: image3maker [options]

image3maker: Modes: image3maker:    --create                             Create a new image3 file image3maker:    --update                             Update an existing image3 file image3maker:    --hashForSigning                     Generate and print the SHA-1 hash of the signable area image3maker:    --signWithData                       Sign with supplied data image3maker:    --finalizeWithoutSignature           Finalize image3 file for use with authorized installation image3maker:    --printEpoch                         Print the numeric value of the epoch specified by --epoch image3maker:    --print                              Print the value of the tag specified by --tag image3maker: image3maker: General options: image3maker:    --unsign                             Removes signature information, allowing operations on images image3maker:                                         that have previously been signed. image3maker: image3maker: Arguments for --create and --update: image3maker:    --imagefile                   Image3 format file image3maker:                                           In --create mode this file is created or truncated image3maker:    --type                        Hex or 4-byte ASCII type tag image3maker:                                           This is required for --create mode, not permitted in --update mode image3maker:    --version                  Set version string image3maker:    --epoch             Explicit epoch or chip name to pick system default image3maker:                                           default for 's5l8747x' is 16 image3maker:                                           default for 's5l8920x' is 4 image3maker:                                           default for 's5l8922x' is 2 image3maker:                                           default for 's5l8930x' is 2 image3maker:                                           default for 's5l8940x' is 17 image3maker:                                           default for 's5l8942x' is 16 image3maker:                                           default for 's5l8945x' is 16 image3maker:                                           default for 's5l8947x' is 16 image3maker:                                           default for 's5l8950x' is 16 image3maker:                                           default for 's5l8955x' is 16 image3maker:    --hardwareEpoch     Set the hardware epoch image3maker:                                         Should only be used for Image3 objects embedded in certs. image3maker:    --domain {manufacturer|darwin|rtxc} image3maker:    --data                   Add payload data from image3maker:    --personalize                        Personalize the image for local storage image3maker:    --production                         Marks the image as a production image image3maker:    --development                        Marks the image as a development image image3maker:    --override                Set the override value. image3maker:                                         Should only be used for Image3 objects embedded in certs. image3maker:    --chipType  image3maker:    --boardID  image3maker:    --uniqueID  image3maker:    --padWithRandomBytes                 Adds random pad data image3maker: image3maker: Arguments for --hashForSigning: image3maker:    --partialHashReservationSize  Requests a partial (unfinalized) hash rather than a normal hash. image3maker:                                           The partial hash is computed assuming that an additional size bytes image3maker:                                           will be added to the final signed portion of the image. image3maker: image3maker: Arguments for --signWithData: image3maker:    --expectHash            Require that the image hash to image3maker:     --signWithSignature  Sign the image using the supplied signature file image3maker:    --signWithCertChain      Place the supplied cert chain file into the signed image image3maker: image3maker: Arguments for --finalizeWithoutSignature: image3maker:    --expectHash            Require that the image hash to image3maker: image3maker: Arguments for --print: image3maker:    --tag                     Tag to be printed, either a 4 character string or a hexadecimal image3maker:                                           number prefixed with 0x image3maker:    --skip                            Requests the nth occurrence of the specified tag. Defaults to 0.