User:LeoI07/Drafts/Dumping Firmwares

If you have a device with a preinstalled-only or internal OS installed, it's a good idea to take a dump of it for archival purposes, as it can't simply be downloaded from Apple. This guide will outline the steps to dump both the filesystem(s) and the NOR/iBoot partition.

You will need to have shell access to the device. On macOS and most internal OS's this is included by default, whereas for release versions of iOS and its derivatives, you will need to either boot an SSH ramdisk, or jailbreak the device and install OpenSSH.

= Filesystem = The most complete filesystem dump you can make is a copy of the internal storage to a disk image. This will dump both the root filesystem and any additional partitions (i.e. preboot, recovery). Keep in mind that this also includes any user files and settings, so make sure to reset the device to factory settings if you don't want that to be included.

Macs
1. Connect an external drive to the Mac. The drive must have at least as much free space as the Mac's storage capacity, or else Disk Utility won't let you proceed.

2. Boot into the recoveryOS or from a macOS install USB.

3. Select Disk Utility from the macOS Utilities menu.

4. In the menu bar, select View > Show All Devices.

5. In the sidebar, select the Mac's internal drive (e.g. APPLE SSD ... Media).

6. In the menu bar, select File > New Image > Image from " ".

7. In the save popup, navigate to your external drive. At the bottom of the popup, select the "compressed" option from the Format drop-down menu. Click Save.

Other devices
From a terminal on a computer running macOS or Linux, type the first command if the device is running iOS 4 or earlier, the second command if the device is older than the iPhone 4S and running iOS 5 or later, the fourth command if the device is jailbroken with Dopamine, or the third command if neither of these. ssh root@ "cat /dev/disk0" | dd bs=8192 status=progress of=Dump.dmg

ssh root@ "cat /dev/disk0" | dd bs=8192 skip=3 status=progress of=Dump.dmg

ssh root@ "cat /dev/disk0" | dd bs=4096 skip=6 status=progress of=Dump.dmg

ssh mobile@ "sudo cat /dev/disk0" | dd bs=4096 skip=6 status=progress of=Dump.dmg The disk image resulting from this is not compressed, unlike the one resulting from the steps listed for Macs.

= NOR/iBoot partition =

Apple Silicon Macs
On Apple Silicon Macs, the LLB is stored on SPI NOR, so dumping it requires the nordump tool.

Preparation
The nordump tool won't run unless you take different steps depending on the macOS version installed on the Mac you're dumping from.

macOS 13.0 beta 3 or earlier
After compiling the tool, enter this command: codesign -f -s - nordump

macOS 13.0 beta 4 or later
Reboot into the recoveryOS and open Terminal. Then run the following commands: nvram boot-args=amfi_get_out_of_my_way=1 bputil -a reboot

Dumping
Run this command: nordump NOR This will dump the complete contents of the NOR to files in a directory named "NOR".

After dumping, if the Mac is running macOS 13.0 beta 4 or later, you will need to reverse the changes made in the preparation step using these commands: sudo nvram -d boot-args sudo bputil -f

Other devices with IMG4 support
If dumping from an Apple silicon Mac, open Terminal and type this command. cat /dev/disk1 > Firmware.bin Type the latter command if the device is jailbroken with Dopamine, otherwise the former command, from a terminal on a computer running macOS or Linux. ssh root@ "cat /dev/disk1" > Firmware.bin

ssh mobile@ "sudo cat /dev/disk1" > Firmware.bin