Finally, apple officially released iPhone 2.0 (5A347). This page had previously given instructions on how to crack the filesystem of 5A331, at the time the most recent beta. Today, hundreds of people gathered at Zibri's blog hoping to get the MD5 disk key and other information about 5A347.
As you should know, the firmware files are encrypted with a password that is in an md5 hash. Here is what Zibri gives us:
System disk name: BigBear5A347.M68OS
System disk key: 2cfca55aabb22fde7746e6a034f738b7795458be9902726002a8341995558990f41e3755
So Zibri just did the hard stuff for us. If you see where he put "System disk key", that is the md5 hash. Now we have two choices, decrypt the hash, or use a hash inserter program. I am going to use the inserter because trying to decrypt the hash means you must use brute force, dictionary attack, or a rainbow table. A dictionary attack would be useless because the decrypted password is not in any language; a brute force attack would take an extremely long time, for the password is probably longer than eight characters; and I do not have access to any rainbow tables, nor do I want to take the time to create my own.
Vfdecrypt is a simple executable file that can be used easily on Mac OS X but on a PC it is a little more complicated. I am not a real PC person so go HERE for some PC instructions. Here are the directions for Mac OS X:
1. Download Vfdecrypt HERE or at the "downloads" page of this site
2. Go to Applications/Utilities/ and open the Terminal application
3. Un-archive the Vfdecrypt file
4. Place the Vfdecrypt executable and the .ipsw firmware into your home folder. The name of the .ipsw should be "iPhone1,1_2.0_5A347_Restore.ipsw" If it is not, change it now.
5. Type in terminal unzip -o iPhone1,1_2.0_5A347_Restore.ipsw 018-3785-2.dmg and press enter. Wait for it to finish inflating. If you get an error, you downloaded a faulty firmware, sorry.
6. In Terminal type chmod +x vfdecrypt and press enter
7. Now in terminal type ./vfdecrypt -i 018-3785-2.dmg -o decrypted20b4.dmg -k 2cfca55aabb22fde7746e6a034f738b7795458be9902726002a8341995558990f41e3755
8. Now go to your home folder and there should be a file called decrypted20b4.dmg. Open it up and it will mount the cracked firmware files. Congratulations!