Normal Mode

This is the protocol iTunes uses to talk to the booted iPhone. It uses usbmux to provide TCP like connectivity over a USB port using SSL. There is a pairing process iTunes uses to establish the secure channel. File transfer is provided by AFC.

Device IDs
It appears that it uses different device IDs:
 * iPhone - 0x1290
 * iPhone 3G - 0x1292
 * iPhone 3GS - 0x1294
 * iPhone 4 GSM - 0x1297
 * iPhone 4 CDMA - 0x129c


 * iPod touch - 0x1291
 * iPod touch 2G - 0x1293
 * iPod touch 3G - 0x1299
 * iPod touch 4G - 0x129e


 * iPad - 0x129a
 * iPad 2 Wi-Fi - 0x129f
 * iPad 2 GSM - 0x12a2
 * iPad 2 CDMA - 0x12a3


 * Apple TV 2G -

Patch: Disable SSL
There is a way to disable SSL encyption during iTunes communication on jailbroken devices by patching lockdownd binary:


 * (#) Disable SSL protection
 * (#) FW 2.1
 * (#) binary /usr/libexec/lockdownd
 * -0x1000

Offset 000112F8: 0C 30 98 E5 > 00 30 A0 E3 ; Conn.UseSSL = false

After applying the patch all packets between iPhone and iTunes become plain and clear. Musthave for R&D ppl.