Original source: https://github.com/0xced/iOS-Artwork-Extractor/wiki/Extracting-more-artwork
You can extract even more artwork if you decrypt and mount an iOS firmware (.ipsw file).
- ipsw_decrypt.py
- Python 3.2 (required by ipsw_decrypt.py)
- VFDecrypt (required by ipsw_decrypt.py)
Make sure to install thevfdecryptbinary somewhere in your PATH or use the-doption of the theipsw_decrypt.pyscript.
VFDecrypt Usage:
Linux: ./vfdecrypt -i<dmg location> -k<key> -o<out location>.dmg
Windows: vfdecrypt -i<dmg location> -k<key> -o<out location>.dmg
- Download an iPhone or iPad firmware that matches your simulator version and make sure that there is a VFDecrypt Key by checking the corresponding Build column. For beta versions, check the VFDecrypt Keys page instead.
| Version | Build | Codename | Baseband | Release Date | IPSW Download URL | SHA1 Hash | File Size |
|---|---|---|---|---|---|---|---|
| 9.0 | 13A343 | Monarch | 1.00.05 | 16 Sep 2015 | iPhone8,2_9.0_13A343_Restore.ipsw | 62c84322d95913ddcee8337c0998988c6acd330e | 2,369,374,167 |
| 9.0.1 | 13A405 | Monarch | 1.00.05 | 24 Sep 2015 | iPhone8,2_9.0.1_13A405_Restore.ipsw | c13f78d5967632732841fcae9840bfd37d09b5af | 2,368,629,853 |
| 9.0.2 | 13A452 | Monarch | 1.02.00 | 30 Sep 2015 | iPhone8,2_9.0.2_13A452_Restore.ipsw | 46b922b4755fcb66e9f33dd491002e120b88908a | 2,369,099,889 |
| 9.1 | 13B143 | Boulder | 1.14.00 | 21 Oct 2015 | iPhone8,2_9.1_13B143_Restore.ipsw | 634807da8e723d688419b56f14b0913aee317760 | 2,383,904,492 |
| 9.2 | 13C75 | Castlerock | 1.23.00 | 8 Dec 2015 | iPhone8,2_9.2_13C75_Restore.ipsw | f89ea6f273dde92167c408decdb5db3daa756a19 | 2,382,945,535 |
- Start iTunes on your computer, and then connect your iPhone to your computer using its sync cable.
- Click the button for your device near the upper-right corner of the iTunes screen, and then click the "Summary" tab if it isn't already selected.
- Select "This Computer" in the Backups section, and then click "Back Up Now." ITunes backs up your entire iPhone, including iOS, to the hard drive.
- Confirm that the backup was successful by selecting "Preferences" from the main iTunes menu, clicking the "Devices" tab, and then making sure that the time and date next to your iPhone's entry correspond to when you finished the backup.
- Disconnect your iPhone from your computer.
-
Run the
ipsw_decrypt.pyscript on the firmware you downloaded or backed up.The output should look like this:
<Info> Extracting content from iPhone3,1_5.1_9B176_Restore.ipsw, it may take a minute... <Info> Extracted firmware to 'iPhone 4, 5.1 (9B176)'. You may use the '-o "iPhone 4, 5.1 (9B176)"' switch in the future to skip this step. <Info> iPhone 4 (iPhone3,1), class n90ap <Info> iOS version 5.1, build Hoodoo 9B176 <Info> Downloading decryption keys from 'http://theiphonewiki.com/wiki/index.php?title=Hoodoo_9B176_(iPhone_4)'... <Info> Retrieved 18 keys. <Notice> Skipping BasebandFirmware (ICE3_04.12.01_BOOT_02.13.Release.bbfw): No decryption key <Info> Decrypting 'iBEC.n90ap.RELEASE.dfu'... <Info> Decrypting 'iBSS.n90ap.RELEASE.dfu'... <Info> Decrypting 'recoverymode@2x~iphone.s5l8930x.img3'... <Notice> Image color format: argb; size: 172x786 <Info> Decrypting '038-1768-165.dmg', it may take a minute... sig encrcdsa blocksize datasize 774709676 dataoffset 122880 keyDerivationAlgorithm 0 keyDerivationPRNGAlgorithm 0 keyDerivationIterationCount 0 keyDerivationSaltSize 0 keyDerivationSalt blobEncryptionIVSize 0 blobEncryptionIV blobEncryptionKeySizeInBits 0 blobEncryptionAlgorithm 0 blobEncryptionPadding 0 blobEncryptionMode 0 encryptedBlobSize 0 encryptedBlob <Info> Decrypting 'batterylow0@2x.s5l8930x.img3'... <Notice> Image color format: argb; size: 504x556 <Info> Decrypting 'LLB.n90ap.RELEASE.img3'... <Info> Decrypting '038-1800-166.dmg'... <Info> Decrypting 'glyphplugin@2x.s5l8930x.img3'... <Notice> Image color format: grey; size: 238x68 <Info> Decrypting 'kernelcache.release.n90'... <Info> Decompressing LZSS... (100%) <Info> Decrypting 'batteryfull@2x.s5l8930x.img3'... <Notice> Image color format: argb; size: 70x556 <Info> Decrypting 'applelogo@2x.s5l8930x.img3'... <Notice> Image color format: grey; size: 132x164 <Info> Decrypting 'DeviceTree.n90ap.img3'... <Info> Decrypting 'batterylow1@2x.s5l8930x.img3'... <Notice> Image color format: argb; size: 70x556 <Info> Decrypting '038-1813-172.dmg'... <Info> Decrypting 'batterycharging1@2x.s5l8930x.img3'... <Notice> Image color format: grey; size: 296x346 <Info> Decrypting 'glyphcharging@2x.s5l8930x.img3'... <Notice> Image color format: grey; size: 86x102 <Info> Decrypting 'batterycharging0@2x.s5l8930x.img3'... <Notice> Image color format: grey; size: 154x216 <Info> Decrypting 'iBoot.n90ap.RELEASE.img3'... -
Go into the
iPhone 4, 5.1 (9B176)folder or whatever folder was created depending on the firmware you chose. -
Open the biggest file ending with
.decrypted.dmgin order to mount the disk image. In this example:038-1768-165.decrypted.dmg -
Run iOS Artwork Extractor. If the mounted iOS firmware version matches your simulator version, then you will discover much more artwork.
VFDecrypt Keys are not widely available for iOS 8. You will have to use vfdecrypt directly on the unzipped iPhone 4S ipsw with the key provided by @iH8sn0w:
@Jato_BZ which keys? Or just rootfs like the 4S one? 5059b2da95c93f754ce4a701cf6564877dfee899ad884d78f3403dcec7bbd6fe6d3079a8