1. Home
  2. Electronics Design
  3. OT: iPod ".signature" files

OT: iPod ".signature" files

Hi,

It's relatively easy to find firmware images for {old,new} iPods (*.ipsw). But, the "signature" files always seem to be hiding behind Apple's servers. :<

I can understand the logic (neglecting the obvious

*business* interest Apple has in doing so!) behind this. (i.e., prevents modified images from being installable).

I assume these are just secure hashes of the firmware images -- i.e., there is *one* .signature file for each .ipsw file (?).

My question: is there any way to install an image onto an iPod *without* the corresponding .signature file? I.e., is this something that "iTunes" requires and enforces? Or, is it an inherent part of the image install process (i.e., does the *iPod* examine the .signature file!)?

Thx,

--don

Reply to
D Yuniskis
Loading thread data ...

I don't know if this is what you are talking about, but here goes:

At one point, Apple introduced some sort of security checksum or hash to iPods. This was generated by the iTunes s/w and, when read by the iPod firmware, allowed it to read the databases and play content. This change broke applications such as gtkpod, an open source app used to manage content on iPods from Linux boxes. The app was broken for a few weeks, until some kind folks reverse engineered the hash code generation and built it into gtkpod.

Take a look at

formatting link
There may be some documentation or links to the goings-on needed to manage this hash code business. IIRC, the hash is based on some hardware ID (which has to be retrieved once) when setting up gtkpod.

--
Paul Hovnanian     mailto:Paul@Hovnanian.com
------------------------------------------------------------------
Optimist:  "The glass is half-full."
Pessimist: "The glass is half-empty."
Engineer:  "The glass is twice as big as it needs to be."
Reply to
Paul Hovnanian P.E.

Hmmm... I don't think that is the same thing. These "signature" files seem more like hashes of the *firmware image* -- each image has a unique "signature". I.e., like shipping an md5 of a file to verify the file hasn't (realistically) been altered. The hash you speak of seems like it would be tied to a particular *instance* of an iPod.

What has puzzled me is why it is easy to find the images but the corresponding signatures aren't as easy to locate. I.e., perhaps incompetence on the parts of those folks posting the images (failing to realize the need for the signatures??)

I don't see any mention in the "features list" of the ability to update the firmware on an iPod with that tool (since they seem proud to list lots of *other* stuff, I would assume that would be added to the list just for completeness).

I'll take a peek through the sources and see what turns up. Meanwhile, I'll just squirrel away the signatures "for a rainy day" :-/

Thanks!

Reply to
D Yuniskis

I scanned my iPod Nano. There are no .signature files on it. Of course, I've never used the iTunes app or Apples iPod updater on it. Its possible that these files are read by iTunes/Updater prior to installing s/w as a validity check, but are not needed by the iPod apps themselves to run.

If you have a .signature file, copy it to your desktop and open it with Notepad to see what's in it. Some iPod DB files appear to be XML.

--
Paul Hovnanian     mailto:Paul@Hovnanian.com
------------------------------------------------------------------
Just say 'No' to Windows.
        -- Department of Defenestration.
Reply to
Paul Hovnanian P.E.

I am sure it is only used during the firmware update. The question I have is, does iTunes examine the "signature" and compare it to the "image"? Or, does it *pass* the signature to the iPod along with the image and let the iPod do the verification?

I.e., in the first case, you can theoretically come up with an updater that doesn't *need* the signatures. In the latter case, you would need to know how the signature is computed in order to fabricate one that "works".

It just looks like a hash. Here's one for a 4Gen Nano (I have split the hash into multiple lines):

iPod_31.1.0.4.ipsw

732CE17220500DEB8A9AF23B11D2BABA62B4485A0C4738D8175F817E6C9BF2 F95E924D5E832697C79689DCE65AAB253083F554A295A1A0AD6EEB491DDDA7 6AE9512FCCA81EC49675F5C000ED66F450A914F48B9AA0E607CDC3DC7B4DD1 7B1423F1B8C1E99245F7674579BDCA408AF2585CED08299E295C9F263D6DC3 6EFB9F2 -- Some stuff elided -- 2954B5F20B4CE1642073E2371F0F11 294152FB55C89EF3876EC2B0BBE8CBA16C44687146F254F58EDD30ED3E1F73 4440CA3A1E364C045E4FCECC2AC669A285831E89E401688F69D2510592D793 D9A301286DE13EBCA9AFE3F14340B08F03DE2EF079CAF411D35DAED94D34CF B0103209F7359F54
Reply to
D Yuniskis

Good question. See if there are any .signature files on your iPod. Mount it as a disk and do a search ('find' in Unix-speak).

That's how we do it in the Linux world. Just use 'dd' to install new firmware images. No .signature needed. Of course, the iPod could wind up getting hosed by a bad firmware image.

You could experiment with a couple of hash generators (if you can get a binary copy of "iPod_31.1.0.4.ipsw" onto your desktop).

--
Paul Hovnanian     mailto:Paul@Hovnanian.com
------------------------------------------------------------------
If the first attempt at making a drawing board had been a failure,
what would they go back to?
Reply to
Paul Hovnanian P.E.
[attributions elided]

It wouldn't need to store the .signature on the device. Just have a copy of it (it's only half a KB) that it uses

*during* the firmware upgrade to verify the image.

Ah, that's what I was looking for! ^^^^^^^^^^^^^^^^^^^ I.e., the iPod itself doesn't need/use the signature.

Understood. I as just trying to determine if there was value in the .signature files themselves or if the functionality (upgrades) could be obtained without them.

Not worth the time :> You've already indicated that *you* can upgrade a firmware image with dd(1) so I'll assume these signatures are just there to help iTunes ensure the image is intact *before* it mangles the iPod.

Thanks!

Reply to
D Yuniskis

ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.