Guide to extract the root file system and decompress the kernel cache for iOS 10 (beta 3).

iOS-10-extraction.md

iOS 10 Extraction

Originally from /u/RowRocka on Reddit. Gently edited for clarity.

Links to download all iOS 10 OTA ZIPs.

Download an iOS 9.9.10.0 (14A5309d) firmware image with no prerequisites to download iOS 10 beta 3.

Extract the Root File System

1. Unzip the OTA .zip.
2. Download Jonatan Levin's OTApack and unzip it into the same directory that you unzipped the OTA image to.
3. Open up Terminal and cd to the aforementioned directory.
4. Execute ./pbzx AssetData/payloadv2/payload > pb.xz
5. Unarchive the pb.xz file with The Unarchiver.
6. Go back to Terminal and execute these commands:

mkdir rootfs
mv ./pb ./rootfs
cd rootfs
 ../otaa -e '*' ./pb

7. Done

Decompress the Kernel Cache

1. Unzip the OTA .zip.
2. Go to AssetData/boot.
3. Open a Terminal and cd to the unzipped OTA image directory.
4. Execute cp /AssetData/boot/kernelcache.release.***** (check what your filename is) ./
5. Compile lzssdec.cpp from here.
6. Open the kernel cache file with a Hex editor (I recomend Hex Fiend) and find 0xFEEDFACE. Note the offset.
7. Execute ./lzssdec -o OFFSET_YOUVE_NOTED_IN_STEP_6 < kernelcache.release.***** > kernelcache.decrypted
8. Done