# Rename to .zip mv iPhone3,1_6.1.6_10B500_Restore.ipsw firmware.zip unzip firmware.zip -d ipsw_extracted cd ipsw_extracted Now you’ll see the raw components. The Restore.ipsw file is a compressed DMG (Apple Disk Image).
# Check what kind of DMG it is file Restore.ipsw dmg extract Restore.ipsw root_fs.dmg Or use 7zip 7z x Restore.ipsw Mount the DMG (on macOS) hdiutil attach root_fs.dmg On Linux (using dmg2img) dmg2img Restore.ipsw root_fs.img sudo mount -t hfsplus -o loop,ro root_fs.img /mnt/ipsw modify ipsw file
If you modify the IPSW without also exploiting the (A5–A11 chips, iPhone 4s–X), the restore will fail with error 3194 or -1 . # Rename to
Technically, yes. But there’s a catch: Apple’s cryptographic signing process . If you change even one byte, the file will no longer be valid for a standard restore on modern devices. Technically, yes
# Unmount hdiutil detach /Volumes/iPhoneRoot hdiutil create -format UDZO -srcfolder modified_root modified_fs.dmg Rename to Restore.ipsw mv modified_fs.dmg Restore.ipsw Rebuild the IPSW zip zip -r custom_firmware.ipsw *
If you just want to customize iOS, look into or Dopamine / palera1n — they modify the running OS without permanently altering the IPSW.
The Deep Dive: How to Modify an IPSW File (And Why You Probably Shouldn’t)