IPSW


IPSW, iPod Software, is a file format used in iTunes to install iOS firmware. All Apple devices share the same IPSW file format for iOS firmware, allowing users to flash their devices through iTunes on macOS and Windows.

Structure

The.ipsw file itself is a compressed archive file containing three Apple Disk Image files with one containing the root file system of iOS and two ram disks for restore and update.
The file also holds a "Firmware" folder in which contains iBSS, iBEC, DFU, Battery Images, and also the baseband firmware files in.bbfw format.
There are two more files named "Build Manifest" and "Restore Manifest", both in Apple Property List format that checks the compatibility, holds the hashes in base64 format and instructs the device where to find the specific Firmware parts during the restore.
BuildManifest.plist is sent to Apple TSS server and checked in order to obtain SHSH blob at every restore. Without SHSH blobs, the firmware will refuse to restore, thus making downgrades impossible in official fashion, due to Apple's limitation.

Security and rooting

The archive is not password-protected, but the DMG images inside it are encrypted with AES. While Apple does not release these keys, they can be extracted using different iBoot or bootloader exploits, such as limera1n. Since then, many tools were created for the decryption and modification of the root file system.

Government data access

After the 2015 San Bernardino attack, the FBI recovered the shooter's iPhone 5C, which belonged to the San Bernardino County Department of Public Health. The FBI recovered iCloud backups from one and a half months before the shooting, and wanted to access encrypted files on the device. The U.S. government ordered Apple to produce an IPSW file that would allow investigators to brute force the passcode of the iPhone. The order used the All Writs Act, originally created by the Judiciary Act of 1789, to demand the firmware, in the same way as other smartphone manufacturers have been ordered to comply.
Tim Cook responded on the company's webpage, outlining a need for encryption, and arguing that if they produce a backdoor for one device, it would inevitably be used to compromise the privacy of other iPhone users: