Skip to content

YtnbFirewings/kcache

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 

Repository files navigation

// By: petter wahlman, http://www.twitter.com/badeip
//
// About:
// Encrypt/decrypt iOS kernelcache
//
// Notes: the code is POC, and the syntax sucks.
//
// Example usage: (a $ prefix is used to indicate commands that must be executed in a terminal)

$ mkdir -p ~/iphone/ipsw/
$ cd ~/iphone/ipsw
$ mv ~/Downloads/iPhone3,1_5.1_9B5117b_Restore.ipsw .
$ 7z x iPhone3,1_5.0.1_9A405_Restore.ipsw
$ kcache --in kernelcache.release.n90 --iv 5533d04f6c805307c2f2a573339a6850 --key 0ef7774fea99e988487f92f8765e4678aeefc8a14de40b95ba210955445eff22

// kcache/kernelcache.bin will now contain the decrypted kernelcache image:

$ file kcache/kernelcache.bin 
kcache/kernelcache.bin: Mach-O executable arm


// Example output:

iv:          5533d04f6c805307c2f2a573339a6850
key:         0ef7774fea99e988487f92f8765e4678aeefc8a14de40b95ba210955445eff22
in:          kernelcache.release.n90
wd:          ./kcache

opening:     kernelcache.release.n90
magic:       Img3
filesize:    6516484
contentsize: 6516464
certarea:    6514360
filetype:    krnl

0x00000000 0x00000004: TYPE
0x00000020 0x0063659b: DATA
0x006365cc 0x00000004: SEPO
0x006365e8 0x00000038: KBAG
0x00636634 0x00000038: KBAG
0x006366b8 0x00000080: SHSH
0x00636744 0x00000794: CERT
creating:    ./kcache/kernelcache.data

AES decrypt:(len: 6514075 pad: 11)

plaintext (excerpt):
        dc e5 5d 51 97 c1 04 0d e4 72 bb 64 36 13 25 2a | ..]Q.....r.d6.%*
        b4 ab eb 67 a7 55 e6 81 7b 3c 9a 5b ac 99 55 40 | ...g.U..{<.[..U@
        65 97 f3 a8 c6 bf fc 7c 5b c8 03 56 2b 2c 88 6d | e......|[..V+,.m
        b3 2b 35 5d 52 89 5d 1b d3 43 77 63 6c 62 a4 46 | .+5]R.]..Cwclb.F
        b9 39 e4 82 64 e9 7f 49 35 b5 58 95 25 00 e1 1d | .9..d..I5.X.%...
        f3 aa 31 16 78 65 2c b1 10 d0 b5 9a ed 65 f1 ad | ..1.xe,......e..
        9b e5 83 af b5 c0 a6 0e c2 79 bb 16 ff c9 f1 5a | .........y.....Z
        ce 09 1e 16 3e 8f ce ab 95 df 5b 2a 9f 04 ad 87 | ....>.....[*....

decrypted (excerpt):
        63 6f 6d 70 6c 7a 73 73 5b 4c f0 db 00 b1 f0 00 | complzss[L......
        00 63 64 1b 00 00 00 00 00 00 00 00 00 00 00 00 | .cd.............
        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................

creating:    ./kcache/kernelcache.data.pt
creating:    ./kcache/kernelcache.hdr
creating:    ./kcache/kernelcache.lzss
creating:    ./kcache/kernelcache.bin

About

kernelcache encrypt/decrypt utility

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published