IMG2 | iFirmware

Contents

1. File Format
- 1. Known Image Types

IMG2 files were the original method of holding a payload for iDevices. While the extension .img2 was commonly used in IPSW files, these files were actually 8900 files wrapping an IMG2 file. IMG2 files can only be parsed by iBoot-304 (iPhone OS 2.0 beta 3) or earlier and the S5L8900. Later iBoot versions (and consequently, later processors) have no support for this format.

File Format

Img2 {
   0  u8[4]       magic       // '2gmI' ('Img2' in little endian)
   4  u8[4]       imageType   // contained image (in little endian)
   8  u16         --unknown
   A  u16         epoch
   C  u32         flags1
  10  u32         payloadLengthPadded
  14  u32         payloadLength
  18  u32         --unknown
  1C  u32         flags2      // 0x01000000 is unset?
  20  u8[64]      --unknown
  60  u32                     // possibly the string length of VersionTag.version
  64  u32         headerCSum  // crc32(file[0:0x64])
  68  u32         cSum2
  6C  u32         --unknown   // always 0xFFFFFFFF?
  70  VersionTag  version
  90  u8[0x370]   padding
 400  u8[]        payload     // sizeof(payload) == payloadLengthPadded
}

VersionTag {
   0  u8[4]  magic    // 'srev' ('vers' in little endian)
   4  --unknown
   8  u8[24] version  // "EmbeddedImages-##" (terminated with a null and 0xFF)
}

Known Image Types

The imageType value (located at offset 0x4) specifies what payload is contained in this file. It is stored in little endian form, but presented in big endian; Reverse the four bytes to get the stored form. These are the known possible values:

logo: AppleLogo
batC: BatteryCharging
batl: BatteryLow0
batL: BatteryLow1
dtre: DeviceTree
ibot: iBoot
llbz: LLB
nsrv: NeedService
recm: RecoveryMode