Page 1 of 1

iBoot images

PostPosted: Tue Aug 15, 2017 4:46 pm
by forestcorgi
I'm trying to decrypt a 64-bit iBoot image on iOS 10 for the sake of being able to reverse engineer it.

However, when I decrypt it using img4lib and examine the resulting file, it looks like code and strings, but isn't a Mach-O.

Jtool says "iBoot 64-bit image detected."

Does anyone know what format this is and how/if I can get it into an approachable format for jtool and other tools?

Re: iBoot images

PostPosted: Tue Aug 15, 2017 5:02 pm
by Siguza
iBoot and other bootloaders aren't Mach-O's, they're just... raw.
To the best of my knowledge Jtool still doesn't work on them, but disarm does (and "other tools" have to support raw files in order to work with iBoot, but if you're using radare2: r2 -aarm -b64 iBoot).
qwertyoruiop also has a few notes regarding iBoot RE.

Re: iBoot images

PostPosted: Thu Aug 17, 2017 5:15 pm
by forestcorgi
Thank you!