The iPhone “Secret” key
Strip the first 0x800 bytes from your >= 1.1.1 firmware ramdisk
openssl enc -d -in ramdisk.dmg -out de.dmg -aes-128-cbc -K 188458A6D15034DFE386F23B61D43774 -iv 0
Ignore the error. Then there will be some garbage, signatures and certificates, at the end of the file. Remove it and mount your ramdisk.
Why would this key be published without any explanation of what it is? Apple knows what it is, not telling us how to use it doesn’t serve a purpose for anyone. I don’t know exactly what this key is or where it came from. But I do know it decrypts ramdisks 🙂
Nice job to Zibri, the dev team, and whoever owns Austin Heap for finding this key, I’d love to see the hack used. Sadly this will not help us unlock BL 4.6 phones, or sign our own SDK apps; sign anything for that matter. But hopefully this key is deeply embedded in the iPhone, and decrypting all future ramdisks will be a piece of cake.