Inside iOS: ipsw file structure

decrypt dmg

IPSW is an extension of compressed file basically a Zip archive. This file contains 3 .DMG files; an Apple disk image witch is a disk image commonly used by the Mac OS X operating system. When opened, an Apple disk image is “mounted” as a volume within the Finder.

One of the 3 .DMG files contains the root file system of iOS and two ramdisk for restore and update.

RAMDisk is a program that takes a portion of your system memory and uses it as a disk drive. The more RAM your computer has, the larger the RAMDisk you can create.

The file also holds a “Firmware” folder in which contains iBSS, iBEC, DFU, Battery Images (low. full, charging), and also the baseband files in .bbfw format (Baseband firmware).

How to decrypt, mount and edit the root filesystem in .ipsw files

  1. Rename your .ipsw file to .zip and unzip it
  2. Download vfdecrypt here: vfdecrypt.zip
  3. Place the .dmg you want to decrypt in the vfdecrypt folder
  4. Open Terminal, cd (switch) to the vfdecrypt folder by typing in “cd”{space} and dragging the vfdecrypt folfer into the Terminal, press enter
  5. Type in “./vfdecrypt -i {dmg) -o rootfs.dmg -k {key}” replace {dmg} with the filename of the .dmg that you want to decrypt and {key} with the key for the firmware you want to edit. Firmware keys can be found here. Press enter
  6. Your decrypted .dmg will be created in the vfdecrypt folder under the name “rootfs.dmg”
  7. Right click on it and open it with hdd utility. Click on “convert” and choose “read/write” and “without” in the encryption tab.

Note : you can’t create custom .ipsw files because you can not re-encrypt .dmg files with the same key you used to decrypt them after changing something! Your created .ipsw files will be corrupted.