Talk:Firmware/2010

Protected URLs
What do you mean by protected? iTunes has to dl it somehow
 * itunes probably checks to see if u bought it somehow...
 * o yea, forgot you had to pay for it :-) i wonder if the iPhone one would run easily?
 * funny you should mention that. my friend np1011357 got a 2.0 fw working, but I don't think people are brave enough to test any further
 * I do know you have to be pwned for it to work though...
 * I've never had any luck myself, but I suppose anything's possible :-)
 * As for the actual word 'protected', the URLs in the XML are prefixed protected://. Perhaps those URLs are still of value?
 * BTW, as far as I know, having a 2.0 beta installed will still allow "free" upgrades to 2.0. --Haldo 13:39, 5 August 2008 (UTC)
 * After reading a post on Zibri's blog today, I tested (and confirmed) that the iPod touch 2.0.1 firmware could be downloaded from Apple's servers. Should this URL be provided on this page? -Dialexio 00:29, 6 August 2008 (UTC)
 * That is a tough question... I may have to defer to geohot for that. It is unfortunately very much a gray area.  Maybe we link to the file linked by Zibri? --Haldo 20:47, 7 August 2008 (UTC)
 * well if its on apples servers, then we are not really 'hosting' warez, not could we be connected to hosting it at all, unlike if someone uploaded it to rapidshare, then there would be reason to believe we were involved. although its a community wiki, for something like this, it is geohot's call.
 * My thinking is this. If Apple sells it, no download link should be posted here. But perhaps a link to Zibri's page about it in the resources area. ~geohot

WOW
ffs guys. i was hoping someone would figure this out. Anyone at all could just type 'strings iTunes' on the iTunes binary, and see that there is a link saying http://itunes.com/version, then another directly after is '?touchUpdate=yes". It's not even that hard if u disassembeld it in IDA

Tethered Jailbreak
at this point with ipt3g a tethered jailbreak may be the only option we have. the chances of another bootrom exploit being found are rather slim. And find an untethering exploit beyond that is stupid/pointless. I know a tethered exploit sucks, but there's a real chance that this may be the only thing that's left! Should we mark is as "yes jailbreakable" or not? I say take it and be happy with what you got!! --posixninja 13:22, 12 October 2009 (UTC)
 * I see what you mean, and I tend to agree for the most part, but a tethered jailbreak just isn't a complete jailbreak in my opinion. Plus if people keep looking I know a tether-less jailbreak will be found eventually, nothing is unhackable ;) --adriaaan 19:39, 12 October 2009 (UTC)
 * I wish that was true, but most people average 1 exploit for every so many kilobytes, and bootrom really isn't very large. Even then there's a limited number of injection vectors to exploits.  So the chances of bootrom becoming exploitable is actually a real risk!!   every exploit that is found greatly decreases the chances another exploit will be found.  Within the next 2-3 years jailbreaking on iphone will probably be extinct. 4 years max

--posixninja 04:36, 15 October 2009 (UTC)
 * Well then in the next two years we'll "borrow one of nsa's super computers and extract the private signing key :D. Or get hold of a developer model and maybe there will be some interesting stuff on it.

Updated Bootroms
How can we note on this page that for some 3gs and touch 2G users (ones after September 9) they can only have a tethered jailbreak at the moment. Iemit737 18:07, 31 October 2009 (UTC)

Easily find rare firmwares using Google.
A handy way to search for firmwares, is to just search in Google using the corresponding listed SHA1 Hash (or even just the file size) as your query. Perhaps someone feels like editing the wiki so that the SHA1 strings become links to the right Google search results. Example: http://www.google.com/search?q=7367dd9ba58a3b9777307368a0128e696fdfc9a6 and http://www.google.com/search?q=249%2C780%2C497 Harlekeyn 22:59, 28 March 2010 (UTC)
 * I say no. Links for some of the iPod touch firmwares are missing because Apple sells or sold them. Not to mention, Apple's links to download them expire over time. (A third-party site hosting the firmware is copyright violation, which is a big no-no.) --Dialexio 06:51, 29 March 2010 (UTC)

4.0 Jailbreak
There is a userland exploit out there, and @comex (et al.) have verified that will likely work on iPhone 4 too. There is no such case as iPhone 4 having an exploit that an iPod touch 3G does not. Also this page displays if a jailbreak tool is available, not if a jailbreak has been demonstrated by geohot/chronic/dev-team/comex or Santa. -- Iemit737 21:55, 2 July 2010 (UTC
 * Dialexio, ok it sounds better now. But you also removed the two other jailbreak possibilites for 4.0:

And what does OTB stand for? -- http 22:51, 21 July 2010 (UTC)
 * with 3.1.2 shsh (this one is listed)
 * if still running 3.1.2, but no shsh
 * old bootrom
 * OTB stands for "Out of The Box." I'll fix it up now. -- Dialexio 23:07, 21 July 2010 (UTC)
 * I saw that you changed it to virgin, but not everywhere. Can you make it consistent? -- http 05:18, 12 August 2010 (UTC)
 * Done. :) -- Dialexio 05:23, 12 August 2010 (UTC)

Add defunct firmwares?
There are some defunct firmware builds referenced in Apple's XML file (i.e.- iPhone 2G 3A101a). Should these be added to this page, or not? -Dialexio 20:05, 23 September 2008 (UTC)
 * can we add recovery firmware like x12220000_5_Recovery.ipsw and the ipod touch 1g had firmware 1.0 iPod_1.0_36A00403.ipsw --liamchat 15:18, October 29, 2010 (UTC)
 * I wouldn't add the recovery IPSWs on this page... maybe they could have its own page, though. The "1.0" firmware that you linked to is definitely not for the iPod touch 1G; it's not set up like an IPSW that contains/uses iOS (there are only three files inside of it, one of which references "N20", not "N45"), and the URL has a reference to the date September 7, 2010. I believe the URL is for the iPod nano 6G's firmware. -- Dialexio 15:33, 29 October 2010 (UTC)
 * iPod nano 4G and newer IPSWs have about 8 files inside (Just like the devices this website is about have Applelogo, Recovery, ChargingGlyph,...). If it has 3 files (osos, aupd, rsrc) it's for a "middle age" iPod and the first models required 4 files. Enjoy! --Ryccardo 15:56, 29 October 2010 (UTC)
 * BTW, the file Liamchat mentioned is for the "iPod touch not labeled as such and without the App Store" Source. --Ryccardo 16:04, 29 October 2010 (UTC)

Forbidden
There are some IPSW links which instead of a download link contain just the text "forbidden". It would be good to know at least the name of this IPSW. To make sure nobody puts a working download link there instead (later), we could leave the "forbidden" text there and add a link to Google with the full name in the search query. I think that would be ok. What do you think? --http 19:35, 13 June 2010 (UTC)
 * I suppose supplying the firmware name would be fine, but I'm not a fan of linking to a Google search of the name as it would still promote piracy/copyright infringement. Perhaps we could use the "protected://" URL that Apple supplies in the version XML, like how Trejan lists it. -- Dialexio 19:48, 13 June 2010 (UTC)

iPod touch 2G/iOS 2.2 jailbreak status
2.2 Timberline 5G77a iPod2,1_2.2_5G77a_Restore.ipsw 34a0a489605f34d6cc6c9954edcaaf9a050deedc No shouldn't this be a yes with a superscript 1 for tethered as there were no real protections against using iBSS/iBEC from 2.1.1 on a 2.2 device, infact the run rs program was adapted to chainload a 2.2 iBEC/iBSS for devices that the NAND didn't detect with 2.1.1 iBSS
 * Please sign any entry you make on the talk pages. There is a button that will insert the markup for signatures. :) To my knowledge, redsn0w Lite provided a tethered jailbreak for 2.2.1, not 2.2. -- Dialexio 19:14, 30 September 2010 (UTC)

Naming inconsistency
We have a separate page for each firmware, named with a name, a build number, and in brackets for which device (like "Kirkwood 7A341 (iPhone 3GS)"). Fine. But where does this name (Kirkwood) come from? I saw that there is a conflict for some names. Some are named Apex and others ApexVail, some Baker, others BakerVail, some Jasper, others JasperVail, some NorthVail, others Northstar, etc. Can we rename some of those? And to what? -- http 23:22, 2 November 2010 (UTC)
 * I would remove the ones without vail as a decrypted firmware shows vail in the name... --5urd 23:24, 2 November 2010 (UTC)
 * "Vail" identifies a private (non-GM) beta. --Ryccardo 14:42, 3 November 2010 (UTC)
 * All beta rootFS images end with "N88DeveloperOS" in the label instead of "N88OS". --Ryccardo 14:44, 3 November 2010 (UTC)
 * Now we have the mess. We have a page called Apex 8A293 (iPhone 3GS) for the final version and a page called ApexVail 8A293 (iPhone 3GS) for the GM release. Both have the same build number. What should we do in this case? -- http 21:27, 6 November 2010 (UTC)
 * I wouldn't say that is a mess, in that case, the GM was the same as the Final as they didn't find anything wrong with it --5urd 23:42, 18 November 2010 (UTC)
 * If I'm not mistaken, "ApexVail" is actually an incorrect name; I think the GM was named "Apex." I think the "Apex" page should stay, and denote the GM VFDecrypt key on it. -- Dialexio 23:55, 18 November 2010 (UTC)
 * ApexVail is correct --5urd 00:11, 19 November 2010 (UTC)
 * ApexVail, because *this* GM uses UUID whitelist activation. --Ryccardo 13:29, 21 November 2010 (UTC)
 * Hmm... I took another peek at GM builds of iOS 4.0, and both the BuildManifest.plist and filesystem carry the name "Apex," not "ApexVail..." -- Dialexio 22:24, 21 November 2010 (UTC)
 * Now that is a confusing predicament :P --5urd 22:26, 21 November 2010 (UTC)

4.2.1 JB on IPT2G MC
i cant find whats used to jb IPT2G MC on 4.2.1 im not sure one is even available yet
 * It was probably a result of some copypasta fail. Sorry about that! -- Dialexio 19:50, 13 December 2010 (UTC)