⚠️ The following may be incomplete and/or require some knowledge of what you're doing, this is not exactly a noob-friendly guide.
1. Actual data extracted from a decrypted DeviceTree.productname.img3 that has no actual useful values sadly.
This method requires you to clone xpwntool and iOS-devicetree-dump.
Use xpwntool to decrypt your extracted .img3 from your IPSW using firmware keys with the command
./xpwntool DeviceTree.productname.img3 DeviceTree.bin -k yourfirmwarekey -iv yourivkey
.
Use iOS-devicetree-dump like ./dtdump -v DeviceTree.bin > file.txt
to get your devicetree.
This is the method you really care about if you want any hex values. YOU WILL NEED TO JAILBREAK YOUR DEVICE FOR THIS!
Use any way you know of to open a SSH tunnel to your phone, I used 3uTools for it.
Paste the following command in the SSH terminal ioreg -i -w 0 | grep '+-o' | sed 's/, id.*//g' | sed 's/ <class /class: /g' | tee ioreg-DEVICETYPE-OSVER.txt
Now use a FTP client to connect to the phone and get your file from /root/.