/iOS-devicetree-extracting-documentation

Documenting the process of getting something useful out of an iOS DeviceTree.

⚠️ The following may be incomplete and/or require some knowledge of what you're doing, this is not exactly a noob-friendly guide.

To get started, there's 2 types of 'device trees' that i will cover here:

1. Actual data extracted from a decrypted DeviceTree.productname.img3 that has no actual useful values sadly.

2. A 'device tree' from ioreg, that HAS said useful values

1. The DeviceTree.productname.img3 method

This method requires you to clone xpwntool and iOS-devicetree-dump. Use xpwntool to decrypt your extracted .img3 from your IPSW using firmware keys with the command ./xpwntool DeviceTree.productname.img3 DeviceTree.bin -k yourfirmwarekey -iv yourivkey.
Use iOS-devicetree-dump like ./dtdump -v DeviceTree.bin > file.txt to get your devicetree.

2. The ioreg devicetree method.

This is the method you really care about if you want any hex values. YOU WILL NEED TO JAILBREAK YOUR DEVICE FOR THIS!

You'll need 3 packages from Cydia: IOKit Tools, OpenSSH and Core Utilities.

Use any way you know of to open a SSH tunnel to your phone, I used 3uTools for it.
Paste the following command in the SSH terminal ioreg -i -w 0 | grep '+-o' | sed 's/, id.*//g' | sed 's/ <class /class: /g' | tee ioreg-DEVICETYPE-OSVER.txt
Now use a FTP client to connect to the phone and get your file from /root/.

Done! now you should have the devicetree