IPSW is a file format used to install iOS, iPadOS, tvOS, HomePod, watchOS, and most recently, macOS firmware for devices equipped with Apple silicon.[3] All Apple devices share the same IPSW file format for iOS firmware and their derivatives, allowing users to flash their devices through Finder or iTunes on macOS or Windows, respectively. Users can flash Apple silicon Macs through Apple Configurator 2.[4]

IPSW
Filename extension
.ipsw
Internet media type
application/x-itunes-ipsw[1][2]
Magic number504B0304
Developed byApple
Type of formatArchive

Structure

edit

The .ipsw file itself is a compressed archive file (renamed Zip archive) containing at least three Apple Disk Image files with one containing the root file system of the OS and two ram disks for restore and update. tvOS, audioOS and macOS also include a disk image for the recovery environment (recoveryOS).

The file also holds the kernel caches, and a "Firmware" folder which contains iBoot, LLB (Low-Level Bootloader), iBSS (iBoot Single Stage), iBEC (iBoot Epoch Change), the Secure Enclave Processor firmware, the Device Tree, Firmware Images (Apple logo, battery images, Recovery mode screen and more), baseband firmware files in .bbfw format (renamed zip file), and other firmware files.

There are two more files named "BuildManifest.plist" and "Restore.plist", both property lists that contain compatibility information and SHA-256 hashes for different components.[citation needed]

BuildManifest.plist is sent to Apple's TSS server and checked in order to obtain SHSH blobs before every restore. Without SHSH blobs, the device will refuse to restore, thus making downgrades very difficult to achieve.[5]

Security and rooting

edit

The archive is not password-protected, but iBoot, LLB, iBEC, iBSS, iBootData and the Secure Enclave Processor firmware images inside it are encrypted with AES. Until iOS 10, all the firmware files (including the root file system and Restore and Update ramdisks) were encrypted. While Apple does not release these keys, they can be extracted using different iBoot or bootloader exploits, such as limera1n (created by George Hotz, more commonly known as geohot). Since then, many tools were created for the decryption and modification of the root file system.[citation needed]

Government data access

edit

After the 2015 San Bernardino attack, the FBI recovered the shooter's iPhone 5C, which belonged to the San Bernardino County Department of Public Health.[6] The FBI recovered iCloud backups from one and a half months before the shooting, and wanted to access encrypted files on the device. The U.S. government ordered Apple to produce an IPSW file that would allow investigators to brute force the passcode of the iPhone.[7] The order used the All Writs Act, originally created by the Judiciary Act of 1789, to demand the firmware, in the same way as other smartphone manufacturers have been ordered to comply.

Tim Cook responded on the company's webpage, outlining a need for encryption, and arguing that if they produce a backdoor for one device, it would inevitably be used to compromise the privacy of other iPhone users:[8]

The FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession...

The government would have us remove security features and add new capabilities to the operating system, allowing a passcode to be input electronically. This would make it easier to unlock an iPhone by “brute force,” trying thousands or millions of combinations with the speed of a modern computer.

The implications of the government’s demands are chilling. If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.

Opposing this order is not something we take lightly. We feel we must speak up in the face of what we see as an overreach by the U.S. government.

References

edit
  1. ^ "IPSW file - How do I open a .ipsw file? [Step-by-step]".
  2. ^ "Open .IPSW File".
  3. ^ "ipsw". OS X Daily. Retrieved August 19, 2021.
  4. ^ "Revive or restore a Mac with Apple silicon with Apple Configurator 2". Apple Support (in Chinese). Retrieved November 16, 2022.
  5. ^ "Last iOS 9.3.2 iPSW". www.howtoisolve.com. November 10, 2016.
  6. ^ Andrew Blankstein (February 16, 2016). "Judge Forces Apple to Help Unlock San Bernardino Shooter iPhone". NBC News.
  7. ^ "Apple ordered to unlock San Bernardino shooter's iPhone". Ars Technica UK. February 17, 2016.
  8. ^ Tim Cook (February 16, 2016). "A Message to Our Customers". Archived from the original on February 17, 2016. The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand.
edit