Extracting files from the recent HomePod OTA firmware

If you haven’t already heard, Apple accidentally published a prerelease build of audioOS through their public update servers. Whether or not this leak was “intentional” is up for debate, but I personally believe it to be a mistake.

WARNING: This tutorial is not for the faint of heart! Only proceed if you are familiar with UNIX-based operating systems. I cannot provide guidance to those who are unfamiliar with the command line.

To start off, you’re going to want to fetch the OTA firmware from this direct link. The link is hosted by Apple and has not been tampered with.

UPDATE: Apple has obfuscated the HomePod OTA so that it does not unzip properly. As the original firmware contains copyrighted content, I am unable to share it; please do not ask. The original file had the following hashes:

SHA1: 7b3447ba4bb08efd139f74b23442e52cd19157d1
SHA256: 4d864a6d59d83b2e09ebc54848cf73c07a737d0d602e982e995e7ed45b668a8e

Once you’ve finished downloading acquiring the firmware, go ahead and unzip it. For the sake of brevity, I recommended you rename the folder to something more memorable, like firmware.

Let’s open the firmware folder. We’re looking for a file named payload. Navigate to firmware/AssetData/payloadv2 and you’ll find the payload file. Copy this file to your Desktop or to the root of your ~/Downloads folder.

Ensure you have the appropriate Developer Tools installed. On macOS, launch Terminal and run sudo xcode-select --install. I already have Xcode installed, so xcode-select kindly warns me with the message shown above.

Additionally, you will need to install xz via Homebrew using the commands below:

/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
brew install xz

To extract the payload, we are going to use two of Jonathon Levin’s tools; pbzx and ota. For the sake of convenience, you may grab the tools from matteyeux’s unofficial GitHub repo.

With the terminal window still open, clone the repository linked above with the following command:

git clone https://github.com/matteyeux/iOS-Utilities

Then, compile the code:

cd iOS-Utilities

At this point, you probably want to move the compiled binaries to somewhere easily accessible on your system. The following commands will move them all to your Downloads folder:

mv ./pbzx ~/Downloads
mv ./ota ~/Downloads
cd ~/Downloads

Now, let’s run pbzx:

./pbzx < payload > payload2

This will take a while. Be patient and wait for all of the commands to finish completely.

Finally, run ota to extract the payload files in all their glory:

./ota -e '*' payload2

When the command finishes, you should see the following new folders. They are highlighted in blue below.

In Conclusion

Sifting through the HomePod’s firmware is actually quite simple! Once you figure out all of the steps, everything else is a piece of cake. I encourage you to go and explore what else is lurking in audioOS!

Share on Twitter

Donate with PayPal