diff --git a/README.md b/README.md index 482af81..18c7b4f 100644 --- a/README.md +++ b/README.md @@ -15,11 +15,12 @@ - This includes downgrading iPhone 3GS, iPhone 4 GSM and CDMA, iPod touch 2, touch 3, iPad 1 - Restore with SHSH blobs on supported devices - Restore to other iOS versions with iOS 7 blobs (powdersn0w) -- Tethered restores to other iOS versions for A5/A6 and other devices +- Tethered downgrades/restores to other iOS versions for A5/A6 and other devices - Jailbreak all 32-bit iOS devices on (almost) any iOS version - Available on iOS versions 3.1 to 9.3.4 - Only unsupported versions are iOS 9.0.x - Hacktivation for iPhone 2G, 3G, 3GS, 4 GSM (activate without valid SIM card) +- [FourThree Utility](https://github.com/LukeZGD/FourThree-iPad2) - Dualboot iOS 4.3.x for the iPad 2 - Restore to iOS 10.3.3 (signed OTA version) on supported A7 devices - Install IPA files for supported devices with AppSync Unified installed - Sideload IPA files for supported devices on Linux diff --git a/resources/jailbreak/dualbootstuff.tar b/resources/jailbreak/dualbootstuff.tar new file mode 100644 index 0000000..562e53a Binary files /dev/null and b/resources/jailbreak/dualbootstuff.tar differ diff --git a/resources/jailbreak/fourthree.tar b/resources/jailbreak/fourthree.tar new file mode 100644 index 0000000..31c90c3 Binary files /dev/null and b/resources/jailbreak/fourthree.tar differ diff --git a/resources/patch/fourthree/iPad2,1/4.3.1/LLB.k93ap.RELEASE.patch b/resources/patch/fourthree/iPad2,1/4.3.1/LLB.k93ap.RELEASE.patch new file mode 100644 index 0000000..40d3518 Binary files /dev/null and b/resources/patch/fourthree/iPad2,1/4.3.1/LLB.k93ap.RELEASE.patch differ diff --git a/resources/patch/fourthree/iPad2,1/4.3.1/kernelcache.release.patch b/resources/patch/fourthree/iPad2,1/4.3.1/kernelcache.release.patch new file mode 100644 index 0000000..dbbc525 Binary files /dev/null and b/resources/patch/fourthree/iPad2,1/4.3.1/kernelcache.release.patch differ diff --git a/resources/patch/fourthree/iPad2,1/4.3.2/LLB.k93ap.RELEASE.patch b/resources/patch/fourthree/iPad2,1/4.3.2/LLB.k93ap.RELEASE.patch new file mode 100644 index 0000000..89ab808 Binary files /dev/null and b/resources/patch/fourthree/iPad2,1/4.3.2/LLB.k93ap.RELEASE.patch differ diff --git a/resources/patch/fourthree/iPad2,1/4.3.2/kernelcache.release.patch b/resources/patch/fourthree/iPad2,1/4.3.2/kernelcache.release.patch new file mode 100644 index 0000000..fb520f2 Binary files /dev/null and b/resources/patch/fourthree/iPad2,1/4.3.2/kernelcache.release.patch differ diff --git a/resources/patch/fourthree/iPad2,1/4.3.3/LLB.k93ap.RELEASE.patch b/resources/patch/fourthree/iPad2,1/4.3.3/LLB.k93ap.RELEASE.patch new file mode 100644 index 0000000..89ab808 Binary files /dev/null and b/resources/patch/fourthree/iPad2,1/4.3.3/LLB.k93ap.RELEASE.patch differ diff --git a/resources/patch/fourthree/iPad2,1/4.3.3/kernelcache.release.patch b/resources/patch/fourthree/iPad2,1/4.3.3/kernelcache.release.patch new file mode 100644 index 0000000..572e3bd Binary files /dev/null and b/resources/patch/fourthree/iPad2,1/4.3.3/kernelcache.release.patch differ diff --git a/resources/patch/fourthree/iPad2,1/4.3.4/LLB.k93ap.RELEASE.patch b/resources/patch/fourthree/iPad2,1/4.3.4/LLB.k93ap.RELEASE.patch new file mode 100644 index 0000000..b0aa3c7 Binary files /dev/null and b/resources/patch/fourthree/iPad2,1/4.3.4/LLB.k93ap.RELEASE.patch differ diff --git a/resources/patch/fourthree/iPad2,1/4.3.4/kernelcache.release.patch b/resources/patch/fourthree/iPad2,1/4.3.4/kernelcache.release.patch new file mode 100644 index 0000000..d499819 Binary files /dev/null and b/resources/patch/fourthree/iPad2,1/4.3.4/kernelcache.release.patch differ diff --git a/resources/patch/fourthree/iPad2,1/4.3.5/LLB.k93ap.RELEASE.patch b/resources/patch/fourthree/iPad2,1/4.3.5/LLB.k93ap.RELEASE.patch new file mode 100644 index 0000000..b0aa3c7 Binary files /dev/null and b/resources/patch/fourthree/iPad2,1/4.3.5/LLB.k93ap.RELEASE.patch differ diff --git a/resources/patch/fourthree/iPad2,1/4.3.5/kernelcache.release.patch b/resources/patch/fourthree/iPad2,1/4.3.5/kernelcache.release.patch new file mode 100644 index 0000000..c44a2d1 Binary files /dev/null and b/resources/patch/fourthree/iPad2,1/4.3.5/kernelcache.release.patch differ diff --git a/resources/patch/fourthree/iPad2,1/4.3/LLB.k93ap.RELEASE.patch b/resources/patch/fourthree/iPad2,1/4.3/LLB.k93ap.RELEASE.patch new file mode 100644 index 0000000..40d3518 Binary files /dev/null and b/resources/patch/fourthree/iPad2,1/4.3/LLB.k93ap.RELEASE.patch differ diff --git a/resources/patch/fourthree/iPad2,1/4.3/kernelcache.release.patch b/resources/patch/fourthree/iPad2,1/4.3/kernelcache.release.patch new file mode 100644 index 0000000..3fb0d0a Binary files /dev/null and b/resources/patch/fourthree/iPad2,1/4.3/kernelcache.release.patch differ diff --git a/resources/patch/fourthree/iPad2,1/6.1.3/RestoreDeviceTree.patch b/resources/patch/fourthree/iPad2,1/6.1.3/RestoreDeviceTree.patch new file mode 100644 index 0000000..6d6ae4f Binary files /dev/null and b/resources/patch/fourthree/iPad2,1/6.1.3/RestoreDeviceTree.patch differ diff --git a/resources/patch/fourthree/iPad2,1/6.1.3/iBoot.k93ap.RELEASE.patch b/resources/patch/fourthree/iPad2,1/6.1.3/iBoot.k93ap.RELEASE.patch new file mode 100644 index 0000000..eff9bb5 Binary files /dev/null and b/resources/patch/fourthree/iPad2,1/6.1.3/iBoot.k93ap.RELEASE.patch differ diff --git a/resources/patch/fourthree/iPad2,2/4.3.1/LLB.k94ap.RELEASE.patch b/resources/patch/fourthree/iPad2,2/4.3.1/LLB.k94ap.RELEASE.patch new file mode 100644 index 0000000..40d3518 Binary files /dev/null and b/resources/patch/fourthree/iPad2,2/4.3.1/LLB.k94ap.RELEASE.patch differ diff --git a/resources/patch/fourthree/iPad2,2/4.3.1/kernelcache.release.patch b/resources/patch/fourthree/iPad2,2/4.3.1/kernelcache.release.patch new file mode 100644 index 0000000..9b36720 Binary files /dev/null and b/resources/patch/fourthree/iPad2,2/4.3.1/kernelcache.release.patch differ diff --git a/resources/patch/fourthree/iPad2,2/4.3.2/LLB.k94ap.RELEASE.patch b/resources/patch/fourthree/iPad2,2/4.3.2/LLB.k94ap.RELEASE.patch new file mode 100644 index 0000000..89ab808 Binary files /dev/null and b/resources/patch/fourthree/iPad2,2/4.3.2/LLB.k94ap.RELEASE.patch differ diff --git a/resources/patch/fourthree/iPad2,2/4.3.2/kernelcache.release.patch b/resources/patch/fourthree/iPad2,2/4.3.2/kernelcache.release.patch new file mode 100644 index 0000000..0379268 Binary files /dev/null and b/resources/patch/fourthree/iPad2,2/4.3.2/kernelcache.release.patch differ diff --git a/resources/patch/fourthree/iPad2,2/4.3.3/LLB.k94ap.RELEASE.patch b/resources/patch/fourthree/iPad2,2/4.3.3/LLB.k94ap.RELEASE.patch new file mode 100644 index 0000000..89ab808 Binary files /dev/null and b/resources/patch/fourthree/iPad2,2/4.3.3/LLB.k94ap.RELEASE.patch differ diff --git a/resources/patch/fourthree/iPad2,2/4.3.3/kernelcache.release.patch b/resources/patch/fourthree/iPad2,2/4.3.3/kernelcache.release.patch new file mode 100644 index 0000000..889f1a7 Binary files /dev/null and b/resources/patch/fourthree/iPad2,2/4.3.3/kernelcache.release.patch differ diff --git a/resources/patch/fourthree/iPad2,2/4.3.4/LLB.k94ap.RELEASE.patch b/resources/patch/fourthree/iPad2,2/4.3.4/LLB.k94ap.RELEASE.patch new file mode 100644 index 0000000..b0aa3c7 Binary files /dev/null and b/resources/patch/fourthree/iPad2,2/4.3.4/LLB.k94ap.RELEASE.patch differ diff --git a/resources/patch/fourthree/iPad2,2/4.3.4/kernelcache.release.patch b/resources/patch/fourthree/iPad2,2/4.3.4/kernelcache.release.patch new file mode 100644 index 0000000..6a40836 Binary files /dev/null and b/resources/patch/fourthree/iPad2,2/4.3.4/kernelcache.release.patch differ diff --git a/resources/patch/fourthree/iPad2,2/4.3.5/LLB.k94ap.RELEASE.patch b/resources/patch/fourthree/iPad2,2/4.3.5/LLB.k94ap.RELEASE.patch new file mode 100644 index 0000000..b0aa3c7 Binary files /dev/null and b/resources/patch/fourthree/iPad2,2/4.3.5/LLB.k94ap.RELEASE.patch differ diff --git a/resources/patch/fourthree/iPad2,2/4.3.5/kernelcache.release.patch b/resources/patch/fourthree/iPad2,2/4.3.5/kernelcache.release.patch new file mode 100644 index 0000000..05313e4 Binary files /dev/null and b/resources/patch/fourthree/iPad2,2/4.3.5/kernelcache.release.patch differ diff --git a/resources/patch/fourthree/iPad2,2/4.3/LLB.k94ap.RELEASE.patch b/resources/patch/fourthree/iPad2,2/4.3/LLB.k94ap.RELEASE.patch new file mode 100644 index 0000000..40d3518 Binary files /dev/null and b/resources/patch/fourthree/iPad2,2/4.3/LLB.k94ap.RELEASE.patch differ diff --git a/resources/patch/fourthree/iPad2,2/4.3/kernelcache.release.patch b/resources/patch/fourthree/iPad2,2/4.3/kernelcache.release.patch new file mode 100644 index 0000000..d15778e Binary files /dev/null and b/resources/patch/fourthree/iPad2,2/4.3/kernelcache.release.patch differ diff --git a/resources/patch/fourthree/iPad2,2/6.1.3/RestoreDeviceTree.patch b/resources/patch/fourthree/iPad2,2/6.1.3/RestoreDeviceTree.patch new file mode 100644 index 0000000..2360ffc Binary files /dev/null and b/resources/patch/fourthree/iPad2,2/6.1.3/RestoreDeviceTree.patch differ diff --git a/resources/patch/fourthree/iPad2,2/6.1.3/iBoot.k94ap.RELEASE.patch b/resources/patch/fourthree/iPad2,2/6.1.3/iBoot.k94ap.RELEASE.patch new file mode 100644 index 0000000..cf8c9b1 Binary files /dev/null and b/resources/patch/fourthree/iPad2,2/6.1.3/iBoot.k94ap.RELEASE.patch differ diff --git a/resources/patch/fourthree/iPad2,3/4.3.1/LLB.k95ap.RELEASE.patch b/resources/patch/fourthree/iPad2,3/4.3.1/LLB.k95ap.RELEASE.patch new file mode 100644 index 0000000..40d3518 Binary files /dev/null and b/resources/patch/fourthree/iPad2,3/4.3.1/LLB.k95ap.RELEASE.patch differ diff --git a/resources/patch/fourthree/iPad2,3/4.3.1/kernelcache.release.patch b/resources/patch/fourthree/iPad2,3/4.3.1/kernelcache.release.patch new file mode 100644 index 0000000..b449c02 Binary files /dev/null and b/resources/patch/fourthree/iPad2,3/4.3.1/kernelcache.release.patch differ diff --git a/resources/patch/fourthree/iPad2,3/4.3.2/LLB.k95ap.RELEASE.patch b/resources/patch/fourthree/iPad2,3/4.3.2/LLB.k95ap.RELEASE.patch new file mode 100644 index 0000000..89ab808 Binary files /dev/null and b/resources/patch/fourthree/iPad2,3/4.3.2/LLB.k95ap.RELEASE.patch differ diff --git a/resources/patch/fourthree/iPad2,3/4.3.2/kernelcache.release.patch b/resources/patch/fourthree/iPad2,3/4.3.2/kernelcache.release.patch new file mode 100644 index 0000000..6aa77df Binary files /dev/null and b/resources/patch/fourthree/iPad2,3/4.3.2/kernelcache.release.patch differ diff --git a/resources/patch/fourthree/iPad2,3/4.3.3/LLB.k95ap.RELEASE.patch b/resources/patch/fourthree/iPad2,3/4.3.3/LLB.k95ap.RELEASE.patch new file mode 100644 index 0000000..89ab808 Binary files /dev/null and b/resources/patch/fourthree/iPad2,3/4.3.3/LLB.k95ap.RELEASE.patch differ diff --git a/resources/patch/fourthree/iPad2,3/4.3.3/kernelcache.release.patch b/resources/patch/fourthree/iPad2,3/4.3.3/kernelcache.release.patch new file mode 100644 index 0000000..2c3aa68 Binary files /dev/null and b/resources/patch/fourthree/iPad2,3/4.3.3/kernelcache.release.patch differ diff --git a/resources/patch/fourthree/iPad2,3/4.3.4/LLB.k95ap.RELEASE.patch b/resources/patch/fourthree/iPad2,3/4.3.4/LLB.k95ap.RELEASE.patch new file mode 100644 index 0000000..b0aa3c7 Binary files /dev/null and b/resources/patch/fourthree/iPad2,3/4.3.4/LLB.k95ap.RELEASE.patch differ diff --git a/resources/patch/fourthree/iPad2,3/4.3.4/kernelcache.release.patch b/resources/patch/fourthree/iPad2,3/4.3.4/kernelcache.release.patch new file mode 100644 index 0000000..6a40836 Binary files /dev/null and b/resources/patch/fourthree/iPad2,3/4.3.4/kernelcache.release.patch differ diff --git a/resources/patch/fourthree/iPad2,3/4.3.5/LLB.k95ap.RELEASE.patch b/resources/patch/fourthree/iPad2,3/4.3.5/LLB.k95ap.RELEASE.patch new file mode 100644 index 0000000..b0aa3c7 Binary files /dev/null and b/resources/patch/fourthree/iPad2,3/4.3.5/LLB.k95ap.RELEASE.patch differ diff --git a/resources/patch/fourthree/iPad2,3/4.3.5/kernelcache.release.patch b/resources/patch/fourthree/iPad2,3/4.3.5/kernelcache.release.patch new file mode 100644 index 0000000..3272de9 Binary files /dev/null and b/resources/patch/fourthree/iPad2,3/4.3.5/kernelcache.release.patch differ diff --git a/resources/patch/fourthree/iPad2,3/4.3/LLB.k95ap.RELEASE.patch b/resources/patch/fourthree/iPad2,3/4.3/LLB.k95ap.RELEASE.patch new file mode 100644 index 0000000..40d3518 Binary files /dev/null and b/resources/patch/fourthree/iPad2,3/4.3/LLB.k95ap.RELEASE.patch differ diff --git a/resources/patch/fourthree/iPad2,3/4.3/kernelcache.release.patch b/resources/patch/fourthree/iPad2,3/4.3/kernelcache.release.patch new file mode 100644 index 0000000..762d25e Binary files /dev/null and b/resources/patch/fourthree/iPad2,3/4.3/kernelcache.release.patch differ diff --git a/resources/patch/fourthree/iPad2,3/6.1.3/RestoreDeviceTree.patch b/resources/patch/fourthree/iPad2,3/6.1.3/RestoreDeviceTree.patch new file mode 100644 index 0000000..8c4443e Binary files /dev/null and b/resources/patch/fourthree/iPad2,3/6.1.3/RestoreDeviceTree.patch differ diff --git a/resources/patch/fourthree/iPad2,3/6.1.3/iBoot.k95ap.RELEASE.patch b/resources/patch/fourthree/iPad2,3/6.1.3/iBoot.k95ap.RELEASE.patch new file mode 100644 index 0000000..cf8c9b1 Binary files /dev/null and b/resources/patch/fourthree/iPad2,3/6.1.3/iBoot.k95ap.RELEASE.patch differ diff --git a/restore.sh b/restore.sh index 1c73169..839fb55 100755 --- a/restore.sh +++ b/restore.sh @@ -1795,6 +1795,10 @@ ipsw_preference_set() { return fi + if [[ $ipsw_fourthree == 1 ]]; then + ipsw_jailbreak=1 + fi + if [[ -z $ipsw_jailbreak && $ipsw_canjailbreak == 1 ]]; then input "Jailbreak Option" print "* When this option is enabled, your device will be jailbroken on restore." @@ -2219,6 +2223,9 @@ ipsw_prepare_jailbreak() { if [[ $ipsw_openssh == 1 ]]; then JBFiles+=("$jelbrek/sshdeb.tar") fi + if [[ $ipsw_fourthree == 1 ]]; then + JBFiles+=("$jelbrek/dualbootstuff.tar") + fi fi ipsw_prepare_bundle $daibutsu @@ -2255,11 +2262,123 @@ ipsw_prepare_jailbreak() { fi ipsw_prepare_logos_add + ipsw_prepare_fourthree ipsw_bbreplace mv temp.ipsw "$ipsw_custom.ipsw" } +ipsw_prepare_fourthree() { + local comps=("AppleLogo" "DeviceTree" "iBoot" "RecoveryMode") + local saved_path="../saved/$device_type/8L1" + local bpatch="../resources/patch/fourthree/$device_type/6.1.3" + local name + local iv + local key + if [[ $ipsw_fourthree != 1 ]]; then + return + fi + ipsw_get_url 8L1 + url="$ipsw_url" + device_fw_key_check + device_fw_key_check temp 8L1 + mkdir -p $all_flash Downgrade $saved_path 2>/dev/null + log "Extracting files" + unzip -o -j "$ipsw_path.ipsw" $all_flash/manifest -d $all_flash + unzip -o -j temp.ipsw Downgrade/RestoreDeviceTree + log "RestoreDeviceTree" + iv=$(echo $device_fw_key | $jq -j '.keys[] | select(.image | startswith("DeviceTree")) | .iv') + key=$(echo $device_fw_key | $jq -j '.keys[] | select(.image | startswith("DeviceTree")) | .key') + "$dir/xpwntool" RestoreDeviceTree RestoreDeviceTree.dec -iv $iv -k $key -decrypt + $bspatch RestoreDeviceTree.dec Downgrade/RestoreDeviceTree $bpatch/RestoreDeviceTree.patch + for getcomp in "${comps[@]}"; do + name=$(echo $device_fw_key_temp | $jq -j '.keys[] | select(.image | startswith("'$getcomp'")) | .filename') + iv=$(echo $device_fw_key_temp | $jq -j '.keys[] | select(.image | startswith("'$getcomp'")) | .iv') + key=$(echo $device_fw_key_temp | $jq -j '.keys[] | select(.image | startswith("'$getcomp'")) | .key') + path="$all_flash/" + log "$getcomp" + if [[ $vers == "$device_base_vers" ]]; then + unzip -o -j "$ipsw_base_path.ipsw" ${path}$name + elif [[ -e $saved_path/$name ]]; then + cp $saved_path/$name . + else + "$dir/pzb" -g "${path}$name" -o "$name" "$url" + cp $name $saved_path/ + fi + "$dir/xpwntool" $name $getcomp.dec -iv $iv -k $key -decrypt + case $getcomp in + "AppleLogo" ) + getcomp="applelogo" + mv AppleLogo.dec applelogo.dec + echo "0000010: 6267" | xxd -r - applelogo.dec + echo "0000020: 6267" | xxd -r - applelogo.dec + ;; + "DeviceTree" ) + echo "0000010: 6272" | xxd -r - DeviceTree.dec + echo "0000020: 6272" | xxd -r - DeviceTree.dec + ;; + "RecoveryMode" ) + getcomp="recoverymode" + mv RecoveryMode.dec recoverymode.dec + echo "0000010: 6263" | xxd -r - recoverymode.dec + echo "0000020: 6263" | xxd -r - recoverymode.dec + ;; + "iBoot" ) + mv iBoot.dec iBoot.dec0 + $bspatch iBoot.dec0 iBoot.dec $bpatch/iBoot.${device_model}ap.RELEASE.patch + #"$dir/xpwntool" iBoot.dec0 iBoot.dec2 + #"$dir/iBoot32Patcher" iBoot.dec2 iBoot.patched --rsa -b "rd=disk0s3 -v amfi=0xff cs_enforcement_disable=1 pio-error=0" + #"$dir/xpwntool" iBoot.patched iBoot.dec -t iBoot.dec0 + #echo "0000010: 626F" | xxd -r - iBoot.dec + #echo "0000020: 626F" | xxd -r - iBoot.dec + ;; + esac + mv $getcomp.dec $path/${getcomp}B.img3 + echo "${getcomp}B.img3" >> $path/manifest + done + log "Add files to IPSW" + zip -r0 temp.ipsw $all_flash/* Downgrade/* +} + +ipsw_prepare_fourthree_part2() { + device_fw_key_check base + local saved_path="../saved/$device_type/$device_base_build" + local bpatch="../resources/patch/fourthree/$device_type/$device_base_vers" + local iv + local key + mkdir -p $saved_path 2>/dev/null + if [[ ! -s $saved_path/Kernelcache ]]; then + log "Kernelcache" + iv=$(echo $device_fw_key_base | $jq -j '.keys[] | select(.image == "Kernelcache") | .iv') + key=$(echo $device_fw_key_base | $jq -j '.keys[] | select(.image == "Kernelcache") | .key') + unzip -o -j "$ipsw_base_path.ipsw" kernelcache.release.$device_model + "$dir/xpwntool" kernelcache.release.$device_model kernelcache.dec -iv $iv -k $key + $bspatch kernelcache.dec kernelcache.patched $bpatch/kernelcache.release.patch + #$bspatch kernelcache.dec kernelcache.patched ../resources/patch/kernelcache.release.$device_model.$device_base_build.patch + "$dir/xpwntool" kernelcache.patched kernelcachb -t kernelcache.release.$device_model -iv $iv -k $key + "$dir/xpwntool" kernelcachb $saved_path/Kernelcache -iv $iv -k $key -decrypt + fi + if [[ ! -s $saved_path/LLB ]]; then + log "LLB" + iv=$(echo $device_fw_key_base | $jq -j '.keys[] | select(.image == "LLB") | .iv') + key=$(echo $device_fw_key_base | $jq -j '.keys[] | select(.image == "LLB") | .key') + unzip -o -j "$ipsw_base_path.ipsw" $all_flash/LLB.${device_model}ap.RELEASE.img3 + "$dir/xpwntool" LLB.${device_model}ap.RELEASE.img3 llb.dec -iv $iv -k $key + $bspatch llb.dec $saved_path/LLB $bpatch/LLB.${device_model}ap.RELEASE.patch + fi + if [[ ! -s $saved_path/RootFS.dmg ]]; then + log "RootFS" + name=$(echo $device_fw_key_base | $jq -j '.keys[] | select(.image == "RootFS") | .filename') + key=$(echo $device_fw_key_base | $jq -j '.keys[] | select(.image == "RootFS") | .key') + unzip -o -j "$ipsw_base_path.ipsw" $name + "$dir/dmg" extract $name rootfs.dec -k $key + rm $name + "$dir/dmg" build rootfs.dec $saved_path/RootFS.dmg + fi + echo "device_base_vers=$device_base_vers" > ../saved/$device_type/fourthree_$device_ecid + echo "device_base_build=$device_base_build" >> ../saved/$device_type/fourthree_$device_ecid +} + ipsw_prepare_keys() { local comp="$1" local getcomp="$1" @@ -4263,6 +4382,9 @@ ipsw_prepare() { elif [[ $device_target_vers != "$device_latest_vers" ]]; then ipsw_prepare_32bit fi + if [[ $ipsw_fourthree == 1 ]]; then + ipsw_prepare_fourthree_part2 + fi ;; 7 ) @@ -4736,6 +4858,13 @@ device_ramdisk() { return ;; + "TwistedMind2" ) + log "Sending dd command for TwistedMind2" + $scp -P $ssh_port TwistedMind2 root@127.0.0.1:/ + $ssh -p $ssh_port root@127.0.0.1 "dd if=/TwistedMind2 of=/dev/rdisk0 bs=8192; reboot_bak" + return + ;; + "jailbreak" | "getversion" ) local vers local build @@ -5244,6 +5373,9 @@ menu_main() { fi menu_items+=("Install IPA (AppSync)") fi + case $device_type in + iPad2,[123] ) menu_items+=("FourThree Utility");; + esac menu_items+=("Other Utilities" "Exit") select opt in "${menu_items[@]}"; do selected="$opt" @@ -5255,11 +5387,41 @@ menu_main() { "Save SHSH Blobs" ) menu_shsh;; "Install IPA (AppSync)" | "Sideload IPA" ) menu_ipa "$selected";; "Other Utilities" ) menu_other;; + "FourThree Utility" ) menu_fourthree;; "Exit" ) mode="exit";; esac done } +menu_fourthree() { + local menu_items + local selected + local back + + ipa_path= + ipsw_fourthree= + while [[ -z "$mode" && -z "$back" ]]; do + menu_items=("Step 1: Restore" "Step 2: Partition" "Step 3: OS Install" "Reinstall App" "Go Back") + menu_print_info + print "* FourThree Utility: Dualboot iPad 2 to iOS 4.3.x" + print "* This is a 3 step process for the device. Follow through the steps to successfully set up a dualboot." + echo + print " > Main Menu > FourThree Utility" + input "Select an option:" + select opt in "${menu_items[@]}"; do + selected="$opt" + break + done + case $selected in + "Step 1: Restore" ) ipsw_fourthree=1; menu_ipsw "iOS 6.1.3" "fourthree";; + "Step 2: Partition" ) mode="device_fourthree_step2";; + "Step 3: OS Install" ) mode="device_fourthree_step3";; + "Reinstall App" ) mode="device_fourthree_app";; + "Go Back" ) back=1;; + esac + done +} + menu_ipa() { local menu_items local selected @@ -5334,6 +5496,13 @@ menu_ipa() { unzip -o -j $sideloader.zip $sideloader -d ../saved fi echo "$latest" > ../saved/Sideloader_version + log "Attempting idevicepair" + "$dir/idevicepair" pair + if [[ $? != 0 ]]; then + log "Press \"Trust\" on the device before pressing Enter/Return." + pause + fi + "$dir/idevicepair" pair log "Launching Dadoum Sideloader" chmod +x ../saved/$sideloader ../saved/$sideloader @@ -5711,6 +5880,9 @@ menu_ipsw() { if [[ $2 == "ipsw" ]]; then nav=" > Main Menu > Other Utilities > Create Custom IPSW > $1" start="Create IPSW" + elif [[ $2 == "fourthree" ]]; then + nav=" > Main Menu > FourThree Utility > Step 1: Restore" + start="Start Restore" else nav=" > Main Menu > Restore/Downgrade > $1" start="Start Restore" @@ -5922,6 +6094,26 @@ menu_ipsw() { menu_items+=("$start") fi + elif [[ $2 == "fourthree" ]]; then + menu_items+=("Download Target IPSW" "Select Base IPSW") + if [[ -n $ipsw_path ]]; then + print "* Selected Target (iOS 6.1.3) IPSW: $ipsw_path.ipsw" + else + print "* Select Target (iOS 6.1.3) IPSW to continue" + fi + echo + if [[ -n $ipsw_base_path ]]; then + print "* Selected Base (iOS 4.3.x) IPSW: $ipsw_base_path.ipsw" + print "* Base Version: $device_base_vers-$device_base_build" + echo + else + print "* Select Base (iOS 4.3.x) IPSW to continue" + echo + fi + if [[ -n $ipsw_path && -n $ipsw_base_path ]]; then + menu_items+=("$start") + fi + elif [[ $1 == *"Tethered"* ]]; then if [[ -n $ipsw_path ]]; then print "* Selected Target IPSW: $ipsw_path.ipsw" @@ -6083,10 +6275,16 @@ ipsw_version_set() { } ipsw_custom_set() { + if [[ $ipsw_fourthree == 1 ]]; then + ipsw_custom="../${device_type}_${device_target_vers}_${device_target_build}_FourThree" + return + fi + ipsw_custom="../${device_type}_${device_target_vers}_${device_target_build}_Custom" if [[ -n $1 ]]; then ipsw_custom="../$1_Custom" fi + if [[ $device_actrec == 1 ]]; then ipsw_custom+="A" fi @@ -6229,10 +6427,17 @@ menu_ipsw_browse() { check_vers="5.1.1" base_vers="$check_vers" ;; + iPad2,[123] ) + # fourthree + check_vers="4.3" + base_vers="4.3.x" + ;; esac if [[ $device_base_vers != "$check_vers"* ]]; then log "Selected IPSW is not for iOS $base_vers." - print "* You need iOS $base_vers IPSW and SHSH blobs for this device to use powdersn0w." + if [[ $ipsw_fourthree != 1 ]]; then + print "* You need iOS $base_vers IPSW and SHSH blobs for this device to use powdersn0w." + fi pause return fi @@ -6975,6 +7180,10 @@ device_altserver_linux() { altserver_linux="env ALTSERVER_ANISETTE_SERVER=$ALTSERVER_ANISETTE_SERVER $altserver" log "Attempting idevicepair" "$dir/idevicepair" pair + if [[ $? != 0 ]]; then + log "Press \"Trust\" on the device before pressing Enter/Return." + pause + fi log "Enter Apple ID details to continue." print "* Your Apple ID and password will only be sent to Apple servers." local apple_id @@ -7009,6 +7218,86 @@ restore_latest64() { mv *.ipsw .. } +device_fourthree_step2() { + if [[ $device_mode != "Normal" ]]; then + error "Device is not in normal mode. Place the device in normal mode to proceed." \ + "The device must also be restored already with Step 1: Restore." + fi + print "* Make sure that the device is already restored with Step 1: Restore before proceeding." + pause + device_iproxy + device_sshpass alpine + log "Transferring package files" + $scp -P $ssh_port $jelbrek/dualbootstuff.tar root@127.0.0.1:/tmp + log "Installing packages" + $ssh -p $ssh_port root@127.0.0.1 "tar -xvf /tmp/dualbootstuff.tar -C /; dpkg -i /tmp/dualbootstuff/*.deb" + log "Running TwistedMind2" + $ssh -p $ssh_port root@127.0.0.1 "rm /TwistedMind2*; TwistedMind2 -d1 3221225472 -s2 879124480 -d2 max" + local tm2="$($ssh -p $ssh_port root@127.0.0.1 "ls /TwistedMind2*")" + $scp -P $ssh_port root@127.0.0.1:$tm2 TwistedMind2 + kill $iproxy_pid + log "Rebooting to SSH ramdisk for next procedure" + device_ramdisk TwistedMind2 + log "Done, proceed to Step 3 after the device boots" +} + +device_fourthree_step3() { + if [[ $device_mode != "Normal" ]]; then + error "Device is not in normal mode. Place the device in normal mode to proceed." \ + "The device must also set up already with Step 2: Partition." + fi + print "* Make sure that the device is set up with Step 2: Partition before proceeding." + pause + . ../saved/$device_type/fourthree_$device_ecid + log "4.3.x version: $device_base_vers-$device_base_build" + local saved_path="../saved/$device_type/$device_base_build" + device_iproxy + device_sshpass alpine + log "Creating filesystems" + $ssh -p $ssh_port root@127.0.0.1 "mkdir /mnt1 /mnt2" + $ssh -p $ssh_port root@127.0.0.1 "/sbin/newfs_hfs -s -v System -J -b 8192 -n a=8192,c=8192,e=8192 /dev/disk0s3" + $ssh -p $ssh_port root@127.0.0.1 "/sbin/newfs_hfs -s -v Data -J -b 8192 -n a=8192,c=8192,e=8192 /dev/disk0s4" + $ssh -p $ssh_port root@127.0.0.1 "mount_hfs /dev/disk0s4 /mnt2" + log "Sending root filesystem, this will take a while." + $scp -P $ssh_port $saved_path/RootFS.dmg root@127.0.0.1:/var + log "Restoring root filesystem" + $ssh -p $ssh_port root@127.0.0.1 "echo 'y' | asr restore --source /var/RootFS.dmg --target /dev/disk0s3 --erase" + log "Checking root filesystem" + $ssh -p $ssh_port root@127.0.0.1 "rm /var/RootFS.dmg; fsck_hfs -f /dev/disk0s3" + log "Restoring data partition" + $ssh -p $ssh_port root@127.0.0.1 "umount /mnt2; mount_hfs /dev/disk0s3 /mnt1; mount_hfs /dev/disk0s4 /mnt2; mv /mnt1/private/var/* /mnt2" + log "Fixing fstab" + $ssh -p $ssh_port root@127.0.0.1 "echo '/dev/disk0s3 / hfs rw 0 1' | tee /mnt1/private/etc/fstab; echo '/dev/disk0s4 /private/var hfs rw 0 2' | tee -a /mnt1/private/etc/fstab" + log "Fixing system keybag" + $ssh -p $ssh_port root@127.0.0.1 "mkdir /mnt2/keybags; ttbthingy; fixkeybag -v2; cp /tmp/systembag.kb /mnt2/keybags" + log "Unmounting filesystems" + $ssh -p $ssh_port root@127.0.0.1 "umount /mnt2" + log "Sending freeze.tar" + $scp -P $ssh_port $jelbrek/freeze.tar root@127.0.0.1:/tmp + log "Installing Cydia and bootstrap" + $ssh -p $ssh_port root@127.0.0.1 "mount_hfs /dev/disk0s4 /mnt1/private/var; tar -xvf /tmp/freeze.tar -C /mnt1" + log "Unmounting filesystems" + $ssh -p $ssh_port root@127.0.0.1 "umount /mnt1/private/var; umount /mnt1" + log "Sending Kernelcache and LLB" + $scp -P $ssh_port $saved_path/Kernelcache root@127.0.0.1:/System/Library/Caches/com.apple.kernelcaches/kernelcachb + $scp -P $ssh_port $saved_path/LLB root@127.0.0.1:/LLB + device_fourthree_app install + log "Done!" +} + +device_fourthree_app() { + if [[ $1 != "install" ]]; then + device_iproxy + device_sshpass alpine + fi + log "Sending app" + $scp -P $ssh_port $jelbrek/fourthree.tar root@127.0.0.1:/tmp + log "Installing app" + $ssh -p $ssh_port root@127.0.0.1 "tar -xvf /tmp/fourthree.tar -C /; chmod 6755 /Applications/FourThree.app/FourThree; chmod 6755 /usr/bin/runasroot; chmod 6755 /Applications/FourThree.app/boot.sh" + log "Running uicache" + $ssh -p $ssh_port mobile@127.0.0.1 "uicache" +} + main() { clear print " *** Legacy iOS Kit ***" @@ -7110,6 +7399,9 @@ main() { "restore-latest" ) restore_latest64;; "convert-onboard-blobs" ) cp "$shsh_path" dump.raw; shsh_convert_onboard;; "ssh" ) device_ssh;; + "device_fourthree_step2" ) device_fourthree_step2;; + "device_fourthree_step3" ) device_fourthree_step3;; + "device_fourthree_app" ) device_fourthree_app;; * ) :;; esac