Skip to content

Kernel

##iOS Kernel

Source

iOS Bootchain

Normal Boot:
BootRom -> LLB -> iBoot (unlocks the KPP and SEP keys) -> Kernel

DFU Boot:
BootRoom -> iBSS -> iBEC -> Kernel

  • UID for iOS Data protection (File Encryption)

GID

  • GID key for Decrypting firmware and/kernel, iBoot etc...
    • IV and KEY are random and wrapped with AES using GID key
    • Firmware keys are on The iPhone Wiki
  • New iOS devices have a separate GID key for the SEP
  • GID key is deactivated in hardware by iBoot

Using the Keys to extract the Firmware:

xpwntool
img4tool

BootRom