IPSW explained

IPSW
Extension:.ipsw
Mime:application/x-itunes-ipsw[1] [2]
Developer:Apple
Type:Archive
Magic:504B0304

IPSW is a file format used to install iOS, iPadOS, tvOS, HomePod, watchOS, and most recently, macOS firmware for devices equipped with Apple silicon.[3] All Apple devices share the same IPSW file format for iOS firmware and their derivatives, allowing users to flash their devices through Finder or iTunes on macOS or Windows, respectively. Users can flash Apple silicon Macs through Apple Configurator 2.[4]

Structure

The .ipsw file itself is a compressed archive file (renamed Zip archive) containing at least three Apple Disk Image files with one containing the root file system of the OS and two ram disks for restore and update. tvOS, audioOS and macOS also include a disk image for the recovery environment (recoveryOS).

The file also holds the kernel caches, and a "Firmware" folder which contains iBoot, LLB (Low-Level Bootloader), iBSS (iBoot Single Stage), iBEC (iBoot Epoch Change), the Secure Enclave Processor firmware, the Device Tree, Firmware Images (Apple logo, battery images, Recovery mode screen and more), baseband firmware files in .bbfw format (renamed zip file), and other firmware files.

There are two more files named "BuildManifest.plist" and "Restore.plist", both property lists that contain compatibility information and SHA-256 hashes for different components.

BuildManifest.plist is sent to Apple's TSS server and checked in order to obtain SHSH blobs before every restore. Without SHSH blobs, the device will refuse to restore, thus making downgrades very difficult to achieve.[5]

Security and rooting

The archive is not password-protected, but iBoot, LLB, iBEC, iBSS, iBootData and the Secure Enclave Processor firmware images inside it are encrypted with AES. Until iOS 10, all the firmware files (including the root file system and Restore and Update ramdisks) were encrypted. While Apple does not release these keys, they can be extracted using different iBoot or bootloader exploits, such as limera1n (created by George Hotz, more commonly known as geohot). Since then, many tools were created for the decryption and modification of the root file system.

Government data access

See main article: FBI–Apple encryption dispute.

After the 2015 San Bernardino attack, the FBI recovered the shooter's iPhone 5C, which belonged to the San Bernardino County Department of Public Health.[6] The FBI recovered iCloud backups from one and a half months before the shooting, and wanted to access encrypted files on the device. The U.S. government ordered Apple to produce an IPSW file that would allow investigators to brute force the passcode of the iPhone.[7] The order used the All Writs Act, originally created by the Judiciary Act of 1789, to demand the firmware, in the same way as other smartphone manufacturers have been ordered to comply.

Tim Cook responded on the company's webpage, outlining a need for encryption, and arguing that if they produce a backdoor for one device, it would inevitably be used to compromise the privacy of other iPhone users:[8]

External links

Notes and References

  1. Web site: IPSW file - How do I open a .ipsw file? [Step-by-step].
  2. Web site: Open .IPSW File.
  3. Web site: ipsw. August 19, 2021. OS X Daily. en.
  4. Web site: Revive or restore a Mac with Apple silicon with Apple Configurator 2. November 16, 2022. Apple Support. zh.
  5. Web site: Last iOS 9.3.2 iPSW. www.howtoisolve.com. November 10, 2016.
  6. Web site: Judge Forces Apple to Help Unlock San Bernardino Shooter iPhone. Andrew Blankstein. NBC News. February 16, 2016.
  7. Web site: Apple ordered to unlock San Bernardino shooter's iPhone. Ars Technica UK. February 17, 2016.
  8. Web site: A Message to Our Customers. https://web.archive.org/web/20160217084120/http://www.apple.com/customer-letter/. February 17, 2016. The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand.. Tim Cook. February 16, 2016.