Legacy-iOS-Kit/restore.sh

#!/bin/bash

if [[ $OSTYPE == "linux-gnu" ]]
then
    platform="linux"
elif [[ $OSTYPE == "darwin"* ]]
then
    platform="macos"
else
    echo "OSTYPE unknown/not supported"
    exit
fi

iv_k93=781b9672a86ba1b41f8b7fa0af714c94
key_k93=bbd7bf676dbcc6ba93c76d496b7af39ae7772eaaad2ec9fb71dc1fd004827784

iv_k94=883c92ed915e4d2481570a062583495b
key_k94=ccfadf3732904885d38f963cce035d7e03b387b67212d526503c85773b58e52f

iv_k95=460116385cca6d5596221c58ae122669
key_k95=7852f1fd93d9d49ebea44021081e8f1dffa336d0d3e9517374f8be451dd92eb7

iv_k93a=976aa656929ac699fff36715de96876d
key_k93a=5fe5c47b5620c2b40b1ca2bd1764a92d568901a24e1caf8faf0cf0f84ae11b4e

iv_p105=b21abc8689b0dea8f6e613f9f970e241
key_p105=b9ed63e4a31f5d9d4d7dddc527e65fd31d1ea48c70204e6b44551c1e6dfc52b5

iv_p106=56231fd62c6296ed0c8c411bcef602e0
key_p106=cdb2142489e5e936fa8f3540bd036f62ed0f27ddb6fec96b9fbfec5a65bc5f17

iv_p107=fa39c596b6569e572d90f0820e4e4357
key_p107=34b359fcc729a0f0d2853e786a78b245ed36a9212c8296aaab95dc0401cf07de

iv_j1=c3ea87ed43788dfc3e268abdf1af27dd
key_j1=cd3dd7eee07b9ce8b180d1526632cf86dc7fef7d52352d06af354598ab9cf2ef

iv_j2=32fcd912cb9a472ef2a6db72596ae01c
key_j2=076720d5a07e8011bdda6f6eafaf4845b40a441615cd1d7c1a9cca438ce7db17

iv_j2a=e6b041970cd611c8a1561a4c210bc476
key_j2a=aec6a888d45bd26106ac620d7d4ec0c160ab80276deedc1b50ce8f5d99dcc9af

iv_p101=a5892a58c90b6d3fb0e0b20db95070d7
key_p101=75612774968009e3f85545ac0088d0d0bb9cb4e2c2970e8f88489be0b9dfe103

iv_p102=fba6d9aaec7237891c80390e6ffa88bf
key_p102=92909dca9bfdb9193131f9ad9b628b1a4971b1cbab52c0ddd114a6253fad96c0

iv_p103=1d99e780d96c32a25ca7e4b1c7fe14c0
key_p103=4e2c14927693d61e1da375e340061521c9376007163f6ab55afbe1a03b901fd3

iv_n78=e0175b03bc29817adc312638884e0898
key_n78=0a0e0aedc8171669c9af6a229930a395959df55dcd8a3ee1fe0f4c009007df3c

iv_n94=147cdef921ed14a5c10631c5e6e02d1e
key_n94=6ea1eb62a9f403ee212c1f6b3039df093963b46739c6093407190fe3d750c69c

iv_n41=bd0c8b039a819604a30f0d39adf88572
key_n41=baf05fe0282f78c18c2e3842be4f9021919d586b55594281f5b5abd0f6e61495

iv_n42=fdad2b7a35384fa2ffc7221213ca1082
key_n42=74cd68729b800a20b1f8e8a3cb5517024a09f074eaa05b099db530fb5783275e

iv_n48=dbecd5f265e031835584e6bfbdb4c47f
key_n48=248f86d983626b75d26718fa52732eca64466ab73df048f278e034a272041f7e

iv_n49=039241f2b0212bb7c7b62ab4deec263f
key_n49=d0b49d366469ae2b1580d7d31b1bcf783d835e4fac13cfe9f9a160fa95010ac4

iv_k93_613=b69f753dccd09c9b98d345ec73bbf044
key_k93_613=6e4cce9ea6f2ec346cba0b279beab1b43e44a0680f1fde789a00f66a1e68ffab

iv_k94_613=bc3c9f168d7fb86aa219b7ad8039584b
key_k94_613=b1bd1dc5e6076054392be054d50711ae70e8fcf31a47899fb90ab0ff3111b687

iv_k95_613=56f964ee19bfd31f06e43e9d8fe93902
key_k95_613=0bb841b8f1922ae73d85ed9ed0d7a3583a10af909787857c15af2691b39bba30

iv_n94_613=d3fe01e99bd0967e80dccfc0739f93d5
key_n94_613=35343d5139e0313c81ee59dbae292da26e739ed75b3da5db9da7d4d26046498c

function Downgrade841 {
    iBSS="iBSS.$HardwareModelLower.RELEASE"
    DowngradeVersion="8.4.1"
    DowngradeBuildVer="12H321"
    BuildManifest="BuildManifest_${ProductType}.plist"
    iv=iv_$HardwareModelLower
    key=key_$HardwareModelLower
    if [[ $JustSaveOTABlobs == 1 ]]
    then
        SaveOTABlobs
        exit
    else
        Downgrade
    fi
}

function Downgrade613 {
    if [ $ProductType == iPad2,1 ] || [ $ProductType == iPad2,2 ] || [ $ProductType == iPad2,3 ] || [ $ProductType == iPhone4,1 ]
    then
        iBSS="iBSS.${HardwareModelLower}ap.RELEASE"
        DowngradeVersion="6.1.3"
        DowngradeBuildVer="10B329"
        BuildManifest="BuildManifest613_${ProductType}.plist"
        iv=iv_${HardwareModelLower}_613
        key=key_${HardwareModelLower}_613
        if [[ $JustSaveOTABlobs == 1 ]]
        then
            SaveOTABlobs
            exit
        else
            Downgrade
        fi
    else
        echo "Your device does not support downgrading to 6.1.3 OTA"
    fi
}

function SaveOTABlobs {
    if [ ! -e tools/tsschecker_$platform ]
    then
        echo "Downloading tsschecker..."
        curl -L -# "https://github.com/tihmstar/tsschecker/releases/download/v212/tsschecker_v212_mac_win_linux.zip" -o "tmp/tsschecker.zip"
        echo "Extracting tsschecker..."
        unzip -j tmp/tsschecker.zip tsschecker_$platform -d "tools/"
        echo
    fi
    chmod +x tools/tsschecker_$platform
    if [ ! -e tools/tsschecker_$platform ]
    then
        echo "Download/extract tsschecker failed. Please run the script again"
        exit
    fi
    
    if [ ! -e ota.json ]
    then
        echo "Downloading ota.json..."
        curl -L -# "https://api.ipsw.me/v2.1/ota.json/condensed" -o "ota.json"
    fi
    
    echo 'Copying ota.json to tmp...'
    if [ $platform == macos ] 
    then
        cp ota.json $TMPDIR
    else
        cp ota.json /tmp
    fi
    echo
    
    if [ ! -e /tmp/ota.json ] && [ ! -e $TMPDIR/ota.json ]
    then
        echo "Download ota.json failed. Please run the script again"
        rm -rf tmp/ 
        exit
    fi

    echo "Extracting BuildManifest.plist..."
    unzip -j BuildManifests.zip $BuildManifest -d "tmp/"
    echo
    if [ ! -e tmp/$BuildManifest ]
    then
        echo "Download/extract BuildManifest.plist failed. Please run the script again"
        rm -rf tmp/
        exit
    fi

    echo "Saving $DowngradeVersion blobs with tsschecker..."
    env "LD_PRELOAD=libcurl.so.3" tools/tsschecker_$platform -d $ProductType -i $DowngradeVersion -o -s -e $UniqueChipID -m tmp/$BuildManifest
    echo
    SHSH=$(ls *.shsh2)
    if [ ! -e $SHSH ]
    then
        echo "Saving $DowngradeVersion blobs failed. Please run the script again"
        rm -rf tmp/
        exit
    fi
}

function Downgrade {
    IPSW="${ProductType}_${DowngradeVersion}_${DowngradeBuildVer}_Restore"
    
    if [ ! -e ${IPSW}.ipsw ]
    then
        echo "iOS $DowngradeVersion IPSW is missing! Please put the IPSW on the same directory of this script"
        exit
    fi
    
    if [ ! -e tools/futurerestore_$platform ]
    then
        echo "Downloading futurerestore..."
        curl -L -# "http://api.tihmstar.net/builds/futurerestore/futurerestore-latest.zip" -o "tmp/futurerestore.zip"
        echo "Extracting futurerestore..."
        unzip -j tmp/futurerestore.zip futurerestore_$platform -d "tools/"
        echo 
    fi
    chmod +x tools/futurerestore_$platform
    if [ ! -e tools/futurerestore_$platform ]
    then
        echo "Download/extract futurerestore failed. Please run the script again"
        exit
    fi
    
    if [ ! $NotOTADowngrade ]
    then
        SaveOTABlobs
    else
        echo "Please provide the path and name to the SHSH blob:"
        read SHSH
    fi
    
    echo "Extracting $DowngradeVersion IPSW..."
    unzip -q ${IPSW}.ipsw -d "$IPSW/"
    cp $IPSW/Firmware/dfu/$iBSS.dfu tmp/
    echo
    
    pwnDFU

    echo "Will now proceed to futurerestore..."
    echo

    while [[ $ScriptDone != 1 ]]
    do
        if [[ ! $NoBaseband ]]
        then
            sudo env "LD_PRELOAD=libcurl.so.3" tools/futurerestore_$platform -t $SHSH --latest-baseband --use-pwndfu ${IPSW}.ipsw
        else
            echo "Detected device has no baseband"
            sudo env "LD_PRELOAD=libcurl.so.3" tools/futurerestore_$platform -t $SHSH --no-baseband --use-pwndfu ${IPSW}.ipsw
        fi
        
        echo
        echo "futurerestore done!"
        echo "If futurerestore failed to download baseband or for some reason, you can choose to retry"
        echo "Retry? (y/n)"
        read retry
        if [ retry != y ] && [ retry != Y ]
        then
            ScriptDone=1
        fi
    done

    echo "Downgrade script done!"
    exit
}

function pwnDFUSelf {
    DowngradeVersion="8.4.1"
    IPSW="${ProductType}_8.4.1_12H321_Restore"
    iBSS="iBSS.$HardwareModelLower.RELEASE"
    iv=iv_$HardwareModelLower
    key=key_$HardwareModelLower
    if [ ! -e ${IPSW}.ipsw ]
    then
        echo "Please provide an iOS 8.4.1 IPSW for your device to get to pwnDFU mode"
    else
        echo "Extracting iBSS from IPSW..."
        unzip -j ${IPSW}.ipsw Firmware/dfu/$iBSS.dfu -d "tmp/"
        pwnDFU
    fi
}

function pwnDFU {
    echo "Decrypting iBSS..."
    echo "IV = ${!iv}"
    echo "Key = ${!key}"
    chmod +x tools/xpwntool_$platform
    tools/xpwntool_$platform "tmp/${iBSS}.dfu" tmp/iBSS.dec -k ${!key} -iv ${!iv} -decrypt
    dd bs=64 skip=1 if=tmp/iBSS.dec of=tmp/iBSS.dec2
    echo

    echo "Patching iBSS..."
    bspatch tmp/iBSS.dec2 tmp/pwnediBSS patches/$iBSS.patch
    echo

    if [[ $VersionDetect == 1 ]]
    then
        kloader="kloader_hgsp"
    elif [[ $VersionDetect == 5 ]]
    then
        kloader="kloader5"
    else
        kloader="kloader"
    fi

    if [[ $VersionDetect == 1 ]]
    then
        WifiAddr=$(ideviceinfo | grep 'WiFiAddress' | cut -c 14-)
        WifiAddrDecr=$(echo $(printf "%x\n" $(expr $(printf "%d\n" 0x$(echo "${WifiAddr}" | tr -d ':')) - 1)) | sed 's/\(..\)/\1:/g;s/:$//')
        mkdir tmp/mountdir
        echo "Mounting device using ifuse..."
        ifuse tmp/mountdir
        echo "Copying stuff to device..."
        cp "tools/$kloader" "tmp/pwnediBSS" "tmp/mountdir/"
        echo "Unmounting device..."
        sudo umount tmp/mountdir
        #rm -rf tmp/mountdir
        echo
        echo "Enter MTerminal and run these commands:"
        echo
        echo "su"
        echo "(enter root password, default is 'alpine')"
        echo "nvram wifiaddr=$WifiAddrDecr"
        echo "cd Media"
        echo "chmod 755 kloader_hgsp"
        echo "./kloader_hgsp pwnediBSS"
        echo
    else
        echo "Make sure SSH is installed and working on the device!"
        echo "Please enter Wi-Fi IP address of device for SSH connection:"
        read IPAddress
        echo "Will now connect to device using SSH"
        echo "Please enter root password when prompted (default is 'alpine')"
        echo
        echo "Copying stuff to device..."
        scp tools/$kloader tmp/pwnediBSS root@$IPAddress:/
        echo
        echo "Entering pwnDFU mode... (press Ctrl+C after entering root password to continue)"
        echo "Try using tools like kDFUApp if the script fails to put device to pwnDFU"
        ssh root@$IPAddress "chmod 755 /$kloader && /$kloader /pwnediBSS"
        echo
    fi

    echo "Press home/power button once when screen goes black on the device"
    echo "Finding device in pwnDFU mode..."

    while [[ $pwnDFUDevice != 1 ]]
    do
        pwnDFUDevice=$(lsusb | grep -c "1227")
        sleep 2
    done

    echo "Entering pwnDFU mode successful"
    echo
}

HardwareModel=$(ideviceinfo | grep 'HardwareModel' | cut -c 16-)
HardwareModelLower=$(echo $HardwareModel | tr '[:upper:]' '[:lower:]' | sed 's/.\{2\}$//')
ProductType=$(ideviceinfo | grep 'ProductType' | cut -c 14-)
ProductVersion=$(ideviceinfo | grep 'ProductVersion' | cut -c 17-)
VersionDetect=$(echo $ProductVersion | cut -c 1)
UniqueChipID=$(ideviceinfo | grep 'UniqueChipID' | cut -c 15-)

function MainMenu {
    rm -rf iP*/ tmp/ $(ls *.shsh2 2>/dev/null)
    mkdir tmp
    
    clear
    echo "******* 32bit-OTA-Downgrader *******"
    echo "           - by LukeZGD             "
    echo
    
    if [ ! $HardwareModel ]
    then
        echo "Please plug the device in and trust this computer before proceeding"
        exit
    elif [ $ProductType == iPad2,1 ] || [ $ProductType == iPad2,4 ] || [ $ProductType == iPad2,5 ] || [ $ProductType == iPad3,1 ] || [ $ProductType == iPad3,4 ] || [ $ProductType == iPod5,1 ]
    then
        NoBaseband=1
    fi
	
    echo "Main Menu"
    echo
    echo "HardwareModel: $HardwareModel"
    echo "ProductType: $ProductType"
    echo "ProductVersion: $ProductVersion"
    echo "UniqueChipID (ECID): $UniqueChipID"
    echo
    select opt in "Downgrade device to iOS 8.4.1" "Downgrade device to iOS 6.1.3" "Just put device in pwnDFU mode" "Just save iOS 8.4.1 blobs" "Just save iOS 6.1.3 blobs" "Exit"; do
    case $opt in
        "Downgrade device to iOS 8.4.1" ) Downgrade841; break;;
        "Downgrade device to iOS 6.1.3" ) Downgrade613; break;;
        "Just put device in pwnDFU mode" ) pwnDFUSelf; break;;
        "Just save iOS 8.4.1 blobs" ) JustSaveOTABlobs=1; Downgrade841; break;;
        "Just save iOS 6.1.3 blobs" ) JustSaveOTABlobs=1; Downgrade613; break;;
        "Exit" ) exit;;
        *) MainMenu;;
    esac
done
}

function Ubuntu {
    sudo apt update
    sudo apt -y install bsdiff curl ifuse libimobiledevice-utils libzip4 usbmuxd
}

function Ubuntu1804 {
    sudo apt -y install binutils
    mkdir tmp
    cd tmp
    apt download -o=dir::cache=. libcurl3
    ar x libcurl3* data.tar.xz
    tar xf data.tar.xz
    sudo cp -L usr/lib/x86_64-linux-gnu/libcurl.so.4 /usr/lib/libcurl.so.3
    if [ $(uname -m) == 'x86_64' ]
    then
        mtype='amd64'
    else
        mtype='i386'
    fi
    curl -L -# http://mirrors.edge.kernel.org/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.54-1ubuntu1.1_${mtype}.deb -o libpng12.deb
    sudo dpkg -i libpng12.deb
    cd ..
    rm -rf tmp
}

if [ ! $(which bspatch) ] || [ ! $(which ideviceinfo) ] || [ ! $(which ssh) ] || [ ! $(which scp) ] || [ ! $(which lsusb) ]
then
    clear
    echo "******* 32bit-OTA-Downgrader *******"
    echo "           - by LukeZGD             "
    echo
    echo "Install dependencies"

    . /etc/os-release 2> /dev/null
    if [[ $(which pacman) ]] || [[ $NAME == "Arch Linux" ]]
    then
        sudo pacman -Sy --noconfirm bsdiff curl ifuse libcurl-compat libimobiledevice libpng12 libzip openssh openssl-1.0 unzip usbmuxd usbutils
        sudo ln -sf /usr/lib/libzip.so.5 /usr/lib/libzip.so.4
    elif [[ $NAME == "Ubuntu" ]] && [[ $VERSION_ID == "16.04" ]]
    then
        Ubuntu
    elif [[ $(which apt) ]] || [[ $NAME == "Ubuntu" ]] && [[ $VERSION_ID == "18.04" ]] 
    then
        Ubuntu
        Ubuntu1804
    elif [[ $OSTYPE == "darwin"* ]]
    then
        if [[ ! $(which brew) ]]
        then
            xcode-select --install
            /usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
        fi
        brew uninstall --ignore-dependencies usbmuxd
        brew uninstall --ignore-dependencies libimobiledevice
        brew install --HEAD usbmuxd
        brew install --HEAD libimobiledevice
        brew install libzip
        brew install openssl
        brew install lsusb
    else
        echo "Distro not detected/supported. Please select manually"
        select opt in "Ubuntu 16.04" "Ubuntu 18.04" "Arch Linux" "macOS"; do
        case $opt in
            "Ubuntu 16.04" ) ubuntu; break;;
            "Ubuntu 18.04" ) ubuntu; ubuntu1804; break;;
            "Arch Linux" ) arch; break;;
            "macOS" ) macos; break;;
        esac
    done
    fi
    echo "Install script done! Will now proceed to main menu..."
    sleep 5
    MainMenu
else
    MainMenu
fi