Skip to content
/ AppleC4000 Public

tools for reverse engineering AppleC4000 baseband firmware.

7 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

nlitsme/AppleC4000

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
README.md
README.md
 
 
aa01tool.py
aa01tool.py
 
 
datareader.py
datareader.py
 
 
dumpftab.py
dumpftab.py
 
 
loadfwsg.py
loadfwsg.py
 
 

Repository files navigation

Tools for reverse engineering apple C4000 baseband firmware

The baseband firmware is stored in an approx 185M file, with 'rkosftab

known sections:

  • CRnn, RPnn, Rnnn - lzfse compressed files, unknown purpose
  • rcpi - contains sha384 hashes of all sections
  • bver, ibdt, l1c2, ARC2 - various small files
  • ARC1, CAR2, CAR3 - unknown
  • GNS1 - arcv2 binary
  • apmu, pmfw - arm thumb binaries
  • illb - arm64 binary
  • cdph - 'fwsg' arm thumb binary
  • cdpd, cdpu, rkos, l1cs - 'fwsg' arm64 binaries

The 'fwsg' files have the segment information at the end of the file.

dumpftab.py

Splits the main ftab.bin file into separate parts.

loadfwsg.py

hex-rays IDA Loader for the fwsg type binaries. Installing this file in the IDA/loader directory will allow you to easily disassemble fwsg files.

aa01tool.py

This tool can decode and unpack OTA firmware updates. These updates come as .aea files, you can decrypt these sing the ipsw tool, the use aa01tool to unpack.

author

Willem Hengeveld [email protected]

About

tools for reverse engineering AppleC4000 baseband firmware.

Resources

Readme
Activity

Stars

7 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages