iBoot images

Questions and Answers about all things *OS (macOS, iOS, tvOS, watchOS)

iBoot images

Postby forestcorgi » Tue Aug 15, 2017 4:46 pm

I'm trying to decrypt a 64-bit iBoot image on iOS 10 for the sake of being able to reverse engineer it.

However, when I decrypt it using img4lib and examine the resulting file, it looks like code and strings, but isn't a Mach-O.

Jtool says "iBoot 64-bit image detected."

Does anyone know what format this is and how/if I can get it into an approachable format for jtool and other tools?
forestcorgi
 
Posts: 7
Joined: Wed Jul 05, 2017 5:44 pm

Re: iBoot images

Postby Siguza » Tue Aug 15, 2017 5:02 pm

iBoot and other bootloaders aren't Mach-O's, they're just... raw.
To the best of my knowledge Jtool still doesn't work on them, but disarm does (and "other tools" have to support raw files in order to work with iBoot, but if you're using radare2: r2 -aarm -b64 iBoot).
qwertyoruiop also has a few notes regarding iBoot RE.
User avatar
Siguza
Unicorn
 
Posts: 159
Joined: Thu Jan 28, 2016 10:38 am

Re: iBoot images

Postby forestcorgi » Thu Aug 17, 2017 5:15 pm

Thank you!
forestcorgi
 
Posts: 7
Joined: Wed Jul 05, 2017 5:44 pm


Return to Questions and Answers

Who is online

Users browsing this forum: No registered users and 1 guest