8900 files are found everywhere in iPhone land. Almost all files in the restore bundles are stored in 8900 containers, and so is the installed kernelcache on a running iPhone or iPod Touch. Their primary purpose is to provide a means for Apple to sign critical files on the platform, but can also provide symmetric encryption of their payloads. They typically contain Img2 images, but the 8900 format has no specific ties to the Img2 format.

Graphviz would be neat here. Note that this is a little-endian format.

typedef struct {
  uchar  magic[4];              // string "8900"
  uchar  version[3];            // string "1.0"
  uint8  format;                // plaintext format is 0x4, encrypted format is 0x3
  uint32 unknown1;
  uint32 sizeOfData;            // size of data (ie, filesize - header(0x800) - footer signature(0x80) - footer certificate(0xC0A))
  uint32 footerSignatureOffset; // offset to footer signature 
  uint32 footerCertOffset;      // offset to footer certificate, from end of header (0x800)
  uint32 footerCertLen;
  uchar  salt[0x20];            // a seemingly random salt (an awfully big one though... needs more attention)
  uint16 unknown2;
  uint16 epoch;                 // the security epoch of the file
  uchar  headerSignature[0x10]; // encrypt(sha1(header[0:0x40])[0:0x10], key_0x837, zero_iv)
  uchar  padding[0x7B0];
} Apple8900Header;

Starting at footerSignatureOffset is a SHA1/RSA1024 signature (with ASN.1 description and PKCS1 padding) of the entire 8900 file up until sizeOfData. The signature is typically performed by the “S5L8900 Secure Boot” certificate, which is included in the DER-encoded certificate chain starting at footerSignatureOffset. This chain also includes “Apple Secure Boot Certification Authority” and the Apple Root CA.

Starting at 0x800, of length sizeOfData, is the payload of the 8900 file. If format is 0x4, this payload is encrypted with AES-128-CBC, using the 0x837 key and an all-zero IV.