Talk:Obtaining IMG3 Keys

= Method 1 Discussion =

Hey, thats my "exploit" ;-) Dev used openiboot.

Much easier, just use iran to download the modified iBoot directly, no reason to pwn with it. I was originally strapping this with the diags exploit.

And thanks for writing this up.

~geohot

I adapted this method from your write-up earlier, because CPICH and Chronic were wanting to decrypt IMG3 keys, and the openiboot method has quite a bit of setup overhead, and requires modifying my C source, and I thought helping them fill out the missing pieces for your method would be simpler. I just slightly modified your assembly to do stack/register cleanup (and combined that mw into protected memory) and had them put a direct BX from a random iBoot function, since explaining how to patch the permissions bits is more conceptually difficult, and I wasn't sure how easy it would be to make "go" behave the way we want it to (I didn't have access to IDA when I was helping them). I asked them to write it up after they got it to work. Hope that's okay. :)

I've since made something easier: http://www.iphone-dev.org/planetbeing/crypto.tar.gz

--Planetbeing 03:20, 7 August 2008 (UTC)

iBoot
Why do you need a modified iBoot? Doesn't Pwnage Tool/xpwn/winpwn already patch/modify iBoot?

no
yeah. their iboot is simply patched so the pwned ipsw wil work. there is soooooo much more you can do to the iboot :)

iBoot
Ok, but does the iBoot need to be patched more than Pwnage already does for the userland AES KBAG decryption to work (using the program linked to by planetbeing?)

no...no...
this is...different. not like that at all. just trust planetbeing :)

Got it
Ok, thanks Chronic...and good idea, I will trust planetbeing.

of course
pb is very talented and prolific dev team member, what's not to trust? :)

2.0.2
Is there any way to use planetbeing's utility on 2.0.2? It seems like something about the kernel has changed, since Pwnage doesn't decrypt it before patching. Is it as simple as patching it in a hex editor or modifying crypto binary? --James 06:34, 1 September 2008 (UTC)

uh..
planetbeing's thing works fine in 2.0.2. just edit the script so it doesnt require a key and IV. if you dont know how to do that, no offense, but maybe its a sign you should not be doing this, only because it can majorly screw up your iPhone and require a DFU restore if you mess up.

re:uh...
That's exactly why I asked, because I don't know exactly what I'm doing. I edited the script but didn't want to boot with the resulting kernel, fearing that it'd cause problems. I use my iPod anyways so I don't lose any information, even if I do have to restore. Thanks for the answer though. :)

np
no prob

good luck

chronics modified script for 2.0.2 crypto
XPWNTOOL=./xpwntool PATCHKERNEL=./patch-kernel-crypto KERNEL=/System/Library/Caches/com.apple.kernelcaches/kernelcache.s5l8900x ${XPWNTOOL} ${KERNEL} /tmp/a ${PATCHKERNEL} /tmp/a ${XPWNTOOL} /tmp/a /tmp/b -t ${KERNEL} rm /tmp/a cp ${KERNEL} /kernel.backup cp /tmp/b ${KERNEL} rm /tmp/b
 * 1) !/bin/bash

there u go :)

James: what did you to fix this problem?

The DeviceTree wasn't patched, since QuickPwn flashed a stock one over it. After patching it, all was fine. --James 04:00, 10 April 2009 (UTC)

= Method 2 Discussion = uh, how is this a method, let alone an easier one? first thing to note is that each img3 file has its own key/iv pair, so whoever dumped this appears to not have much of a clue... the main reason for this post seems to be the signature at the bottom, which by the way is very inappropriate for a documentation wiki (i.e., not an egowiki)

someone just copied that from my blog, people need to realize they have two choices about this

1) use the phone, patch iboot or use openiboot

2) extract the hardware aes key. if you can't do #1, you can't do #2

3) ask someone for the key

thinking outside the box
the 4.6 bootloader unlock was 'impossible'. the 3G unlock is 'impossible'. people need to think outside the box. although there are only two known methods for this, what if there is another method that nobody knows about yet?

Very good thinking!

re: musclenerd
sorry...not sure what GenericTalk means :)

i saw your previous edit, and just know that you don't have to treat this wiki like it is run by nazis :P criticism and sarcasm is allowed...

if you know how to use the openiBoot method, why nor share with us?

thanks dude!
lol awesome now we at least have some kind of documentation. I was afraid to ask about the "official" method because I thought it was obvious and I didn't want to look like an idiot lol

drg
Too bad AES is not vulnerable to a known-plaintext attack. I don't even know how a side-chanel attack would look like! Any crypto experts out there?