From 007cc2959763d769eaf790b817c3efa0045125b3 Mon Sep 17 00:00:00 2001
From: LukeZGD <26163116+LukeZGD@users.noreply.github.com>
Date: Mon, 24 Jun 2024 08:21:47 +0800
Subject: [PATCH] Place multipatch here
---
restore.sh | 195 +++++++++++++++++++++++++++++++++++++++++++++++++----
1 file changed, 182 insertions(+), 13 deletions(-)
diff --git a/restore.sh b/restore.sh
index 4459a03..4cdc9b1 100755
--- a/restore.sh
+++ b/restore.sh
@@ -3357,12 +3357,12 @@ ipsw_prepare_ios4multipart() {
popd >/dev/null
# ------ part 2 (nor flash) ends here. start creating part 1 ipsw ------
- #if [[ $device_type == "iPhone3,3" ]]; then
- # ipsw_prepare_32bit $iboot
- # ipsw_prepare_ios4multipart_patch=1
- # ipsw_prepare_multipatch
- # return
- #fi
+ if [[ $device_type == "iPhone3,3" ]]; then
+ ipsw_prepare_32bit $iboot
+ ipsw_prepare_ios4multipart_patch=1
+ ipsw_prepare_multipatch
+ return
+ fi
ipsw_prepare_jailbreak $iboot
mv "$ipsw_custom.ipsw" temp.ipsw
rm asr* iBSS* iBEC* ramdisk* *.dmg 2>/dev/null
@@ -3465,6 +3465,175 @@ ipsw_prepare_ios4multipart() {
mv temp.ipsw "$ipsw_custom.ipsw"
}
+ipsw_prepare_multipatch() {
+ local vers
+ local build
+ local options_plist
+ local saved_path
+ local url
+ local ramdisk_name
+ local name
+ local iv
+ local key
+ local comps=("iBSS" "iBEC" "DeviceTree" "Kernelcache" "RestoreRamdisk")
+
+ log "Starting multipatch"
+ mv "$ipsw_custom.ipsw" temp.ipsw
+ rm asr* iBSS* iBEC* ramdisk* *.dmg 2>/dev/null
+ options_plist="options.$device_model.plist"
+ if [[ $device_type == "iPad1,1" && $device_target_vers == "4"* ]]; then
+ :
+ elif [[ $device_target_vers == "3"* || $device_target_vers == "4"* ]]; then
+ options_plist="options.plist"
+ fi
+
+ vers="4.2.1"
+ build="8C148"
+ if [[ $ipsw_isbeta == 1 ]]; then
+ :
+ elif [[ $device_type == "iPad1,1" || $device_type == "iPhone3,3" ]] ||
+ [[ $device_type == "iPod3,1" && $device_target_vers == "3"* ]]; then
+ vers="$device_target_vers"
+ build="$device_target_build"
+ fi
+ case $device_target_vers in
+ 4.3* ) vers="4.3.5"; build="8L1";;
+ 5.0* ) vers="5.0.1"; build="9A405";;
+ 5* ) vers="5.1.1"; build="9B206";;
+ 6* ) vers="6.1.3"; build="10B329";;
+ 7* ) vers="7.1.2"; build="11D257";;
+ 8* ) vers="8.4.1"; build="12H321";;
+ 9* ) vers="9.3.5"; build="13G36";;
+ esac
+ saved_path="../saved/$device_type/$build"
+ ipsw_get_url $build
+ url="$ipsw_url"
+ device_fw_key_check
+ ramdisk_name=$(echo $device_fw_key | $jq -j '.keys[] | select(.image == "RestoreRamdisk") | .filename')
+
+ mkdir -p $saved_path Downgrade Firmware/dfu 2>/dev/null
+ device_fw_key_check temp $build
+ log "Getting $vers restore components"
+ for getcomp in "${comps[@]}"; do
+ name=$(echo $device_fw_key_temp | $jq -j '.keys[] | select(.image == "'$getcomp'") | .filename')
+ iv=$(echo $device_fw_key_temp | $jq -j '.keys[] | select(.image == "'$getcomp'") | .iv')
+ key=$(echo $device_fw_key_temp | $jq -j '.keys[] | select(.image == "'$getcomp'") | .key')
+ case $getcomp in
+ "iBSS" | "iBEC" ) path="Firmware/dfu/";;
+ "DeviceTree" ) path="$all_flash/";;
+ * ) path="";;
+ esac
+ log "$getcomp"
+ if [[ $vers == "$device_target_vers" ]]; then
+ unzip -o -j "$ipsw_path.ipsw" ${path}$name
+ elif [[ -e $saved_path/$name ]]; then
+ cp $saved_path/$name .
+ else
+ "$dir/pzb" -g "${path}$name" -o "$name" "$url"
+ cp $name $saved_path/
+ fi
+ case $getcomp in
+ "DeviceTree" )
+ mv $name Downgrade/RestoreDeviceTree
+ zip -r0 temp.ipsw Downgrade/RestoreDeviceTree
+ ;;
+ "Kernelcache" )
+ mv $name Downgrade/RestoreKernelCache
+ zip -r0 temp.ipsw Downgrade/RestoreKernelCache
+ ;;
+ * )
+ mv $name $getcomp.orig
+ "$dir/xpwntool" $getcomp.orig $getcomp.dec -iv $iv -k $key
+ ;;
+ esac
+ if [[ $getcomp == "iB"* ]]; then
+ log "Patch $getcomp"
+ "$dir/iBoot32Patcher" $getcomp.dec $getcomp.patched --rsa --debug -b "rd=md0 -v nand-enable-reformat=1 amfi=0xff amfi_get_out_of_my_way=1 cs_enforcement_disable=1 pio-error=0"
+ "$dir/xpwntool" $getcomp.patched ${path}$name -t $getcomp.orig
+ zip -r0 temp.ipsw ${path}$name
+ fi
+ done
+
+ log "Grow ramdisk"
+ "$dir/hfsplus" RestoreRamdisk.dec grow 30000000
+
+ log "Patch ASR"
+ if [[ $ipsw_prepare_usepowder == 1 ]]; then
+ unzip -o -j temp.ipsw $ramdisk_name
+ rm RestoreRamdisk.dec
+ "$dir/xpwntool" ramdisk2.orig ramdisk2.dec
+ cp ramdisk2.dec RestoreRamdisk.dec
+ "$dir/hfsplus" RestoreRamdisk.dec grow 30000000
+ else
+ cp ../resources/firmware/FirmwareBundles/Down_${device_type}_${vers}_${build}.bundle/asr.patch .
+ ipsw_patch_file RestoreRamdisk.dec usr/sbin asr asr.patch
+ fi
+
+ log "Extract options.plist from $device_target_vers IPSW"
+ if [[ ! -s ramdisk2.dec ]]; then
+ unzip -o -j temp.ipsw $ramdisk_name
+ mv $ramdisk_name ramdisk2.orig
+ "$dir/xpwntool" ramdisk2.orig ramdisk2.dec
+ fi
+ "$dir/hfsplus" ramdisk2.dec extract usr/local/share/restore/$options_plist
+
+ log "Modify options.plist"
+ "$dir/hfsplus" RestoreRamdisk.dec rm usr/local/share/restore/$options_plist
+ if [[ $ipsw_prepare_ios4multipart_patch == 1 ]]; then
+ cat $options_plist | sed '$d' | sed '$d' > options2.plist
+ echo "FlashNOR" >> options2.plist
+ cat options2.plist
+ "$dir/hfsplus" RestoreRamdisk.dec add options2.plist usr/local/share/restore/$options_plist
+ else
+ "$dir/hfsplus" RestoreRamdisk.dec add $options_plist usr/local/share/restore/$options_plist
+ fi
+ if [[ $device_target_powder == 1 ]] && [[ $device_target_vers == "3"* || $device_target_vers == "4"* ]]; then
+ log "Adding exploit and partition stuff"
+ cp -R ../resources/firmware/src .
+ rm src/bin.tar
+ mv src/bin4.tar src/bin.tar
+ tar -rvf src/bin.tar iBoot
+ "$dir/hfsplus" RestoreRamdisk.dec untar src/bin.tar
+ # reboot chain: reboot4 as reboot, activate_exploit as reboot_, original reboot as reboot__
+ # thanks to testingthings (@throwaway167074) this ios 4 powder nvram fix implementation, https://gist.github.com/LukeZGD/da484f6deb02edefd6689c6bf921d5d4
+ "$dir/hfsplus" RestoreRamdisk.dec mv sbin/reboot sbin/reboot__
+ case $device_target_vers in
+ 4.3* ) "$dir/hfsplus" RestoreRamdisk.dec add src/activate_exploit sbin/reboot_;; # auto-boot=1
+ * ) "$dir/hfsplus" RestoreRamdisk.dec add src/activate_exploit2 sbin/reboot_;; # auto-boot=0
+ esac
+ "$dir/hfsplus" RestoreRamdisk.dec add src/target/$device_model/reboot4 sbin/reboot
+ "$dir/hfsplus" RestoreRamdisk.dec chmod 755 sbin/reboot
+ "$dir/hfsplus" RestoreRamdisk.dec chmod 755 sbin/reboot_
+ "$dir/hfsplus" RestoreRamdisk.dec chmod 755 sbin/reboot__
+ elif [[ $device_target_powder == 1 ]]; then
+ local hw="$device_model"
+ local base_build="11D257"
+ case $device_type in
+ iPhone5,[12] ) hw="iphone5";;
+ iPhone5,[34] ) hw="iphone5b";;
+ iPad3,[456] ) hw="ipad3b";;
+ esac
+ case $device_base_build in
+ "11A"* | "11B"* ) base_build="11B554a";;
+ "9"* ) base_build="9B206";;
+ esac
+ local exploit="src/target/$hw/$base_build/exploit"
+ local partition="src/target/$hw/$base_build/partition"
+ log "Adding exploit and partition stuff"
+ "$dir/hfsplus" RestoreRamdisk.dec untar src/bin.tar
+ "$dir/hfsplus" RestoreRamdisk.dec mv sbin/reboot sbin/reboot_
+ "$dir/hfsplus" RestoreRamdisk.dec add $partition sbin/reboot
+ "$dir/hfsplus" RestoreRamdisk.dec chmod 755 sbin/reboot
+ "$dir/hfsplus" RestoreRamdisk.dec add $exploit exploit
+ fi
+
+ log "Repack Restore Ramdisk"
+ "$dir/xpwntool" RestoreRamdisk.dec $ramdisk_name -t RestoreRamdisk.orig
+ log "Add Restore Ramdisk to IPSW"
+ zip -r0 temp.ipsw $ramdisk_name
+ mv temp.ipsw "$ipsw_custom.ipsw"
+}
+
ipsw_prepare_tethered() {
local name
local iv
@@ -4306,8 +4475,8 @@ restore_prepare() {
;;
* ) restore_idevicerestore;;
esac
- if [[ $device_target_vers == "4.3"* && $device_target_powder == 1 ]] &&
- [[ $device_type == "iPad1,1" || $device_type == "iPod3,1" ]]; then
+ if [[ $device_target_vers == "4"* && $device_target_powder == 1 ]] &&
+ [[ $device_type == "iPad1,1" || $device_type == "iPod3,1" || $device_type == "iPhone3,3" ]]; then
log "The device may enter recovery mode after the restore"
print "* To fix this, go to: Other Utilities -> Disable/Enable Exploit -> Enable Exploit"
fi
@@ -4455,9 +4624,9 @@ ipsw_prepare() {
elif [[ $device_target_vers != "$device_latest_vers" ]]; then
ipsw_prepare_custom
fi
- #if [[ $ipsw_isbeta == 1 && $ipsw_prepare_ios4multipart_patch != 1 ]]; then
- # ipsw_prepare_multipatch
- #fi
+ if [[ $ipsw_isbeta == 1 && $ipsw_prepare_ios4multipart_patch != 1 ]]; then
+ ipsw_prepare_multipatch
+ fi
;;
[56] )
@@ -4473,8 +4642,8 @@ ipsw_prepare() {
fi
if [[ $ipsw_fourthree == 1 ]]; then
ipsw_prepare_fourthree_part2
- #elif [[ $ipsw_isbeta == 1 ]]; then
- # ipsw_prepare_multipatch
+ elif [[ $ipsw_isbeta == 1 ]]; then
+ ipsw_prepare_multipatch
fi
;;