Legacy-iOS-Kit/restore.sh

394 lines
16 KiB
Bash
Raw Normal View History

2019-11-22 11:48:41 +01:00
#!/bin/bash
2020-03-09 02:30:19 +01:00
function BasebandDetect {
2020-04-01 04:16:29 +02:00
Firmware=resources/firmware/$ProductType
BasebandURL=$(cat $Firmware/13G37/url 2>/dev/null) # iOS 9.3.6
if [ $ProductType == iPad2,2 ]; then
BasebandURL=$(cat $Firmware/13G36/url) # iOS 9.3.5
2020-03-31 07:46:59 +02:00
Baseband=ICE3_04.12.09_BOOT_02.13.Release.bbfw
BasebandSHA1=e6f54acc5d5652d39a0ef9af5589681df39e0aca
elif [ $ProductType == iPad2,3 ]; then
2020-03-31 07:46:59 +02:00
Baseband=Phoenix-3.6.03.Release.bbfw
BasebandSHA1=8d4efb2214344ea8e7c9305392068ab0a7168ba4
2020-03-31 07:46:59 +02:00
elif [ $ProductType == iPad2,6 ] || [ $ProductType == iPad2,7 ]; then
Baseband=Mav5-11.80.00.Release.bbfw
BasebandSHA1=aa52cf75b82fc686f94772e216008345b6a2a750
2020-03-31 07:46:59 +02:00
elif [ $ProductType == iPad3,2 ] || [ $ProductType == iPad3,3 ]; then
Baseband=Mav4-6.7.00.Release.bbfw
BasebandSHA1=a5d6978ecead8d9c056250ad4622db4d6c71d15e
elif [ $ProductType == iPhone4,1 ]; then
2020-03-31 07:46:59 +02:00
Baseband=Trek-6.7.00.Release.bbfw
BasebandSHA1=22a35425a3cdf8fa1458b5116cfb199448eecf49
2020-03-31 07:46:59 +02:00
elif [ $ProductType == iPad3,5 ] || [ $ProductType == iPad3,6 ] ||
[ $ProductType == iPhone5,1 ] || [ $ProductType == iPhone5,2 ]; then
BasebandURL=$(cat $Firmware/14G61/url) # iOS 10.3.4
2020-03-31 07:46:59 +02:00
Baseband=Mav5-11.80.00.Release.bbfw
BasebandSHA1=8951cf09f16029c5c0533e951eb4c06609d0ba7f
else # For Wi-Fi only devices
Baseband=0
2020-03-09 02:30:19 +01:00
fi
}
function Clean {
rm -rf iP*/ tmp/ $(ls *_${ProductType}_${OSVer}-*.shsh2 2>/dev/null) $(ls *.bbfw 2>/dev/null) BuildManifest.plist
2020-03-09 02:30:19 +01:00
}
2020-04-01 04:49:55 +02:00
function Log {
echo "[Log] $1"
2020-04-01 04:49:55 +02:00
}
function Error {
echo "[Error] $1"
[[ ! -z $2 ]] && echo $2
2020-04-01 04:49:55 +02:00
exit
}
2020-04-01 04:16:29 +02:00
function MainMenu {
2020-03-13 05:12:49 +01:00
if [ $(lsusb | grep -c '1227') == 1 ]; then
read -p "[Input] Device in DFU mode detected. Is the device in kDFU mode? (y/N) " kDFUManual
2020-03-09 02:30:19 +01:00
if [[ $kDFUManual == y ]] || [[ $kDFUManual == Y ]]; then
read -p "[Input] Enter ProductType (eg. iPad2,1): " ProductType
2020-04-08 14:01:21 +02:00
read -p "[Input] Enter UniqueChipID (ECID): " UniqueChipID
2020-03-09 02:30:19 +01:00
BasebandDetect
2020-04-01 04:49:55 +02:00
Log "Downgrading device $ProductType in kDFU mode..."
2020-03-09 02:30:19 +01:00
Mode='Downgrade'
SelectVersion
else
Error "Please put the device in normal mode and jailbroken before proceeding."
2020-03-09 02:30:19 +01:00
fi
elif [ ! $ProductType ]; then
Error "Please plug the device in and trust this computer before proceeding."
fi
BasebandDetect
echo "Main Menu"
echo
2020-03-31 08:05:29 +02:00
echo "HardwareModel: ${HWModel}ap"
echo "ProductType: $ProductType"
echo "ProductVersion: $ProductVer"
echo "UniqueChipID (ECID): $UniqueChipID"
echo
echo "[Input] Select an option:"
select opt in "Downgrade device" "Save OTA blobs" "Just put device in kDFU mode" "(Re-)Install Dependencies" "(Any other key to exit)"; do
case $opt in
2020-03-31 07:46:59 +02:00
"Downgrade device" ) Mode='Downgrade'; break;;
"Save OTA blobs" ) Mode='SaveOTABlobs'; break;;
"Just put device in kDFU mode" ) Mode='kDFU'; break;;
"(Re-)Install Dependencies" ) InstallDependencies; exit;;
* ) exit;;
esac
done
2020-03-31 07:46:59 +02:00
SelectVersion
}
function SelectVersion {
2020-04-01 04:16:29 +02:00
Selection=("iOS 8.4.1")
if [[ $Mode == 'kDFU' ]]; then
Select841
2020-04-01 04:16:29 +02:00
elif [ $ProductType == iPad2,1 ] || [ $ProductType == iPad2,2 ] ||
[ $ProductType == iPad2,3 ] || [ $ProductType == iPhone4,1 ]; then
Selection+=("iOS 6.1.3")
fi
2020-04-01 04:16:29 +02:00
[[ $Mode == 'Downgrade' ]] && Selection+=("Other")
Selection+=("Back")
echo "[Input] Select iOS version:"
select opt in "${Selection[@]}"; do
case $opt in
"iOS 8.4.1" ) Select841; break;;
"iOS 6.1.3" ) Select613; break;;
"Other" ) SelectOther; break;;
"Back" ) MainMenu; break;;
*) SelectVersion;;
esac
done
}
function Select841 {
echo "iOS 8.4.1 $Mode"
OSVer="8.4.1"
BuildVer="12H321"
Action
}
function Select613 {
echo "iOS 6.1.3 $Mode"
OSVer="6.1.3"
BuildVer="10B329"
Action
}
function SelectOther {
echo "Other $Mode"
OSVer=0
read -p "[Input] Path to IPSW (drag IPSW to terminal window): " IPSW
IPSW="$(basename "$IPSW" .ipsw)"
read -p "[Input] Path to SHSH (drag SHSH to terminal window): " SHSH
2020-03-31 07:46:59 +02:00
Action
2019-11-22 11:48:41 +01:00
}
function Action {
iBSS="iBSS.$HWModel.RELEASE"
IV=$(cat $Firmware/12H321/iv)
Key=$(cat $Firmware/12H321/key)
if [[ $Mode == 'Downgrade' ]]; then
Downgrade
elif [[ $Mode == 'SaveOTABlobs' ]]; then
2020-04-01 05:17:19 +02:00
SaveOTABlobs
elif [[ $Mode == 'kDFU' ]]; then
2020-04-01 05:17:19 +02:00
kDFU
2019-11-22 11:48:41 +01:00
fi
2020-04-01 05:17:19 +02:00
exit
2019-11-22 11:48:41 +01:00
}
2019-11-23 05:15:35 +01:00
function SaveOTABlobs {
BuildManifest="resources/manifests/BuildManifest_${ProductType}_${OSVer}.plist"
Log "Saving $OSVer blobs with tsschecker..."
env "LD_PRELOAD=libcurl.so.3" resources/tools/tsschecker_$platform -d $ProductType -i $OSVer -o -s -e $UniqueChipID -m $BuildManifest
SHSH=$(ls *_${ProductType}_${OSVer}-*.shsh2)
[ ! -e "$SHSH" ] && Error "Saving $OSVer blobs failed. Please run the script again" "It is also possible that $OSVer for $ProductType is no longer signed"
mkdir -p saved/shsh 2>/dev/null
cp "$SHSH" saved/shsh
Log "Successfully saved $OSVer blobs."
2019-11-23 05:15:35 +01:00
}
function kDFU {
2020-03-29 07:05:45 +02:00
if [ ! -e saved/$ProductType/$iBSS.dfu ]; then
2020-04-01 04:49:55 +02:00
Log "Downloading iBSS..."
resources/tools/pzb_$platform -g Firmware/dfu/${iBSS}.dfu -o $iBSS.dfu $(cat $Firmware/12H321/url)
mkdir -p saved/$ProductType 2>/dev/null
mv $iBSS.dfu saved/$ProductType
fi
2020-04-01 04:49:55 +02:00
Log "Decrypting iBSS..."
Log "IV = $IV"
Log "Key = $Key"
2020-03-31 08:13:51 +02:00
resources/tools/xpwntool_$platform saved/$ProductType/$iBSS.dfu tmp/iBSS.dec -k $Key -iv $IV -decrypt
2019-11-22 11:48:41 +01:00
dd bs=64 skip=1 if=tmp/iBSS.dec of=tmp/iBSS.dec2
2020-04-01 04:49:55 +02:00
Log "Patching iBSS..."
bspatch tmp/iBSS.dec2 tmp/pwnediBSS resources/patches/$iBSS.patch
2020-03-13 05:12:49 +01:00
# Regular kloader only works on iOS 6 to 9, so other versions are provided for iOS 5 and 10
if [[ $VersionDetect == 1 ]]; then
kloader='kloader_hgsp'
elif [[ $VersionDetect == 5 ]]; then
kloader='kloader5'
2019-11-22 11:48:41 +01:00
else
kloader='kloader'
2019-11-22 11:48:41 +01:00
fi
if [[ $VersionDetect == 1 ]]; then
# ifuse+MTerminal is used instead of SSH for devices on iOS 10
[ ! $(which ifuse) ] && Error "One of the dependencies (ifuse) cannot be found. Please re-install dependencies and try again" "For macOS systems, install osxfuse and ifuse with brew"
WifiAddr=$(ideviceinfo -s | grep 'WiFiAddress' | cut -c 14-)
2019-11-22 11:48:41 +01:00
WifiAddrDecr=$(echo $(printf "%x\n" $(expr $(printf "%d\n" 0x$(echo "${WifiAddr}" | tr -d ':')) - 1)) | sed 's/\(..\)/\1:/g;s/:$//')
echo '#!/bin/bash' > tmp/pwn.sh
echo "nvram wifiaddr=$WifiAddrDecr
chmod 755 kloader_hgsp
./kloader_hgsp pwnediBSS" >> tmp/pwn.sh
2020-04-01 04:49:55 +02:00
Log "Mounting device with ifuse..."
2020-03-13 05:12:49 +01:00
mkdir mount
2020-03-08 11:59:22 +01:00
ifuse mount
2020-04-01 04:49:55 +02:00
Log "Copying stuff to device..."
2020-03-08 11:59:22 +01:00
cp "tmp/pwn.sh" "resources/tools/$kloader" "tmp/pwnediBSS" "mount/"
2020-04-01 04:49:55 +02:00
Log "Unmounting device..."
2020-03-08 11:59:22 +01:00
sudo umount mount
2019-11-22 11:48:41 +01:00
echo
2020-04-01 04:49:55 +02:00
Log "Open MTerminal and run these commands:"
2019-11-22 11:48:41 +01:00
echo
echo '$ su'
2019-11-22 11:48:41 +01:00
echo "(enter root password, default is 'alpine')"
echo "# cd Media"
echo "# chmod +x pwn.sh"
echo "# ./pwn.sh"
2019-11-22 11:48:41 +01:00
else
# SSH kloader and pwnediBSS
2019-11-22 11:48:41 +01:00
echo "Make sure SSH is installed and working on the device!"
echo "Please enter Wi-Fi IP address of device for SSH connection"
2020-03-10 16:07:11 +01:00
read -p "[Input] IP Address: " IPAddress
2020-04-01 04:49:55 +02:00
Log "Coonecting to device via SSH... Please enter root password when prompted (default is 'alpine')"
Log "Copying stuff to device..."
scp resources/tools/$kloader tmp/pwnediBSS root@$IPAddress:/
[ $? == 1 ] && Error "Cannot connect to device via SSH." "Please check your ~/.ssh/known_hosts file and try again"
2020-04-01 04:49:55 +02:00
Log "Entering kDFU mode..."
ssh root@$IPAddress "chmod 755 /$kloader && /$kloader /pwnediBSS" &
2019-11-22 11:48:41 +01:00
fi
echo
2019-11-22 11:48:41 +01:00
echo "Press home/power button once when screen goes black on the device"
2020-04-01 04:49:55 +02:00
Log "Finding device in DFU mode..."
while [[ $DFUDevice != 1 ]]; do
DFUDevice=$(lsusb | grep -c "1227")
2019-11-22 11:48:41 +01:00
sleep 2
done
2020-04-01 04:49:55 +02:00
Log "Found device in DFU mode."
2019-11-22 11:48:41 +01:00
}
2020-03-31 08:05:29 +02:00
function Downgrade {
if [ $OSVer != 0 ]; then
SaveOTABlobs
IPSW="${ProductType}_${OSVer}_${BuildVer}_Restore"
if [ ! -e "$IPSW.ipsw" ]; then
Log "iOS $OSVer IPSW cannot be found. Downloading IPSW..."
curl -L $(cat $Firmware/$BuildVer/url) -o tmp/$IPSW.ipsw
2020-03-13 05:12:49 +01:00
mv tmp/$IPSW.ipsw .
fi
2020-04-01 04:49:55 +02:00
Log "Verifying IPSW..."
IPSWSHA1=$(cat $Firmware/$BuildVer/sha1sum)
IPSWSHA1L=$(sha1sum "$IPSW.ipsw" | awk '{print $1}')
[ $IPSWSHA1L != $IPSWSHA1 ] && Error "Verifying IPSW failed. Delete/replace the IPSW and run the script again"
2020-04-08 14:01:21 +02:00
if [ ! $kDFUManual ]; then
Log "Extracting iBSS from IPSW..."
mkdir -p saved/$ProductType 2>/dev/null
unzip -o -j "$IPSW.ipsw" Firmware/dfu/$iBSS.dfu -d saved/$ProductType
fi
2019-11-22 11:48:41 +01:00
fi
2020-04-01 04:16:29 +02:00
[ ! $kDFUManual ] && kDFU
2020-04-01 04:49:55 +02:00
Log "Extracting IPSW..."
2020-03-10 16:07:11 +01:00
unzip -q "$IPSW.ipsw" -d "$IPSW/"
2020-04-01 04:49:55 +02:00
Log "Preparing for futurerestore (starting local server)..."
cd resources
2020-03-29 07:05:45 +02:00
sudo bash -c "python3 -m http.server 80 &"
cd ..
if [ $Baseband == 0 ]; then
2020-04-01 04:49:55 +02:00
Log "Device $ProductType has no baseband"
Log "Proceeding to futurerestore..."
sudo env "LD_PRELOAD=libcurl.so.3" resources/tools/futurerestore_$platform -t "$SHSH" --no-baseband --use-pwndfu "$IPSW.ipsw"
else
if [ ! -e saved/$ProductType/*.bbfw ]; then
2020-04-01 04:49:55 +02:00
Log "Downloading baseband..."
2020-03-31 07:46:59 +02:00
resources/tools/pzb_$platform -g Firmware/$Baseband -o $Baseband $BasebandURL
resources/tools/pzb_$platform -g BuildManifest.plist -o BuildManifest.plist $BasebandURL
mkdir -p saved/$ProductType 2>/dev/null
cp $(ls *.bbfw) BuildManifest.plist saved/$ProductType
else
cp saved/$ProductType/*.bbfw saved/$ProductType/BuildManifest.plist .
fi
BasebandSHA1L=$(sha1sum $(ls *.bbfw) | awk '{print $1}')
if [ ! -e *.bbfw ] || [ $BasebandSHA1L != $BasebandSHA1 ]; then
rm saved/$ProductType/*.bbfw saved/$ProductType/BuildManifest.plist
echo "[Error] Downloading/verifying baseband failed."
echo "Your device is still in kDFU mode and you may run the script again"
echo "You can also continue and futurerestore can attempt to download the baseband again"
read -p "[Input] Continue anyway? (y/N)" Continue
if [[ $Continue == y ]] || [[ $Continue == Y ]]; then
2020-04-01 04:49:55 +02:00
Log "Proceeding to futurerestore..."
sudo env "LD_PRELOAD=libcurl.so.3" resources/tools/futurerestore_$platform -t "$SHSH" --latest-baseband --use-pwndfu "$IPSW.ipsw"
else
exit
fi
fi
if [[ $Continue != y ]] && [[ $Continue != Y ]]; then
2020-04-01 04:49:55 +02:00
Log "Proceeding to futurerestore..."
sudo env "LD_PRELOAD=libcurl.so.3" resources/tools/futurerestore_$platform -t "$SHSH" -b $(ls *.bbfw) -p BuildManifest.plist --use-pwndfu "$IPSW.ipsw"
fi
fi
echo
2020-04-01 04:49:55 +02:00
Log "futurerestore done!"
Log "Stopping local server..."
2020-03-29 07:05:45 +02:00
ps aux | awk '/python3/ {print "sudo kill -9 "$2" 2>/dev/null"}' | bash
2020-04-01 04:49:55 +02:00
Log "Downgrade script done!"
}
function InstallDependencies {
echo "Install Dependencies"
2020-03-09 02:30:19 +01:00
. /etc/os-release 2>/dev/null
2020-04-01 04:16:29 +02:00
if [[ $(which pacman) ]]; then
# Arch Linux
Log "Installing dependencies for Arch with pacman..."
sudo pacman -Sy --noconfirm bsdiff curl ifuse libcurl-compat libpng12 libzip openssh openssl-1.0 python unzip usbutils
sudo pacman -S --noconfirm libimobiledevice usbmuxd
sudo ln -sf /usr/lib/libzip.so.5 /usr/lib/libzip.so.4
elif [[ $VERSION_ID == "16.04" ]] || [[ $VERSION_ID == "18.04" ]] || [[ $VERSION_ID == "20.04" ]]; then
# Ubuntu Xenial, Bionic, Focal
Log "Running APT update..."
sudo apt update
Log "Installing dependencies for Ubuntu $VERSION_ID with APT..."
sudo apt -y install bsdiff curl ifuse libimobiledevice-utils python3 usbmuxd
if [[ $VERSION_ID != "16.04" ]]; then
sudo apt -y install binutils
mkdir tmp
cd tmp
curl -L http://archive.ubuntu.com/ubuntu/pool/universe/c/curl3/libcurl3_7.58.0-2ubuntu2_amd64.deb -o libcurl3.deb
ar x libcurl3.deb data.tar.xz
tar xf data.tar.xz
sudo cp usr/lib/x86_64-linux-gnu/libcurl.so.4.* /usr/lib/libcurl.so.3
if [[ $VERSION_ID == "20.04" ]]; then
URLlibpng12=http://ppa.launchpad.net/linuxuprising/libpng12/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.54-1ubuntu1.1+1~ppa0~focal_amd64.deb
curl -L http://archive.ubuntu.com/ubuntu/pool/universe/libz/libzip/libzip4_1.1.2-1.1_amd64.deb -o libzip4.deb
sudo dpkg -i libzip4.deb
curl -L http://archive.ubuntu.com/ubuntu/pool/main/o/openssl1.0/libssl1.0.0_1.0.2n-1ubuntu5.3_amd64.deb -o libssl1.0.0.deb
sudo dpkg -i libssl1.0.0.deb
else
URLlibpng12=http://mirrors.edge.kernel.org/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.54-1ubuntu1.1_amd64.deb
sudo apt -y install libzip4
fi
curl -L $URLlibpng12 -o libpng12.deb
sudo dpkg -i libpng12.deb
2020-04-27 07:40:14 +02:00
else
sudo apt -y install libzip4
fi
elif [[ $OSTYPE == "darwin"* ]]; then
# macOS
if [[ ! $(which brew) ]]; then
Log "Homebrew is not detected/installed, installing Homebrew..."
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)"
fi
Log "Installing dependencies for macOS with Homebrew..."
brew uninstall --ignore-dependencies usbmuxd
brew uninstall --ignore-dependencies libimobiledevice
brew install --HEAD usbmuxd
brew install --HEAD libimobiledevice
brew install libzip lsusb python3
brew cask install osxfuse
brew install ifuse
else
Error "Distro not detected/supported by the install script." "See the repo README for OS versions/distros tested on"
fi
Log "Install script done! Please run the script again to proceed"
}
2020-03-13 05:12:49 +01:00
# --- MAIN SCRIPT STARTS HERE ---
2020-03-31 08:19:32 +02:00
trap 'Clean; exit' INT TERM EXIT
2020-02-24 15:52:46 +01:00
clear
echo "******* 32bit-OTA-Downgrader *******"
echo " Downgrade script by LukeZGD "
2020-02-24 15:52:46 +01:00
echo
if [[ $OSTYPE == "linux-gnu" ]]; then
platform='linux'
2020-02-24 15:52:46 +01:00
elif [[ $OSTYPE == "darwin"* ]]; then
platform='macos'
2020-02-24 15:52:46 +01:00
else
Error "OSTYPE unknown/not supported." "Supports Linux and macOS only"
2020-02-24 15:52:46 +01:00
fi
[[ ! $(ping -c1 google.com 2>/dev/null) ]] && Error "Please check your Internet connection before proceeding."
[[ $(uname -m) != 'x86_64' ]] && Error "Only x86_64 distributions are supported. Use a 64-bit distro and try again"
2020-03-04 16:19:01 +01:00
2020-03-31 08:05:29 +02:00
HWModel=$(ideviceinfo -s | grep 'HardwareModel' | cut -c 16- | tr '[:upper:]' '[:lower:]' | sed 's/.\{2\}$//')
ProductType=$(ideviceinfo -s | grep 'ProductType' | cut -c 14-)
2020-03-02 11:08:15 +01:00
[ ! $ProductType ] && ProductType=$(ideviceinfo | grep 'ProductType' | cut -c 14-)
2020-03-31 07:46:59 +02:00
ProductVer=$(ideviceinfo -s | grep 'ProductVer' | cut -c 17-)
VersionDetect=$(echo $ProductVer | cut -c 1)
UniqueChipID=$(ideviceinfo -s | grep 'UniqueChipID' | cut -c 15-)
2020-02-24 15:52:46 +01:00
if [ ! $(which bspatch) ] || [ ! $(which ideviceinfo) ] || [ ! $(which lsusb) ] || [ ! $(which ssh) ] || [ ! $(which python3) ]; then
InstallDependencies
else
chmod +x resources/tools/*
2020-04-01 04:16:29 +02:00
Clean
mkdir tmp
rm -rf resources/firmware
curl -Ls https://github.com/LukeZGD/32bit-OTA-Downgrader/archive/firmware.zip -o tmp/firmware.zip
unzip -q tmp/firmware.zip -d tmp
mkdir resources/firmware
mv tmp/32bit-OTA-Downgrader-firmware/* resources/firmware
MainMenu
fi