diff --git a/README.md b/README.md
index e36f00e..f6d9e87 100644
--- a/README.md
+++ b/README.md
@@ -10,7 +10,7 @@
- Legacy iOS Kit supports all 32-bit iOS devices, and some A7/A8 64-bit devices
- Restore to signed OTA versions (iOS 8.4.1 and/or 6.1.3) on A5/A6 devices
- Restore some 32-bit devices to other iOS versions without blobs
- - This includes downgrading iPhone 3GS, iPhone 4 GSM and CDMA, iPod touch 2
+ - This includes downgrading iPhone 3GS, iPhone 4 GSM and CDMA, iPod touch 2, touch 3, iPad 1
- Restore with SHSH blobs on supported devices
- Restore to other iOS versions with iOS 7 blobs (powdersn0w)
- Jailbreak all 32-bit iOS devices on (almost) any iOS version
@@ -78,9 +78,12 @@
- iPhone 4 GSM - targets iOS 4.3 to 7.1.1
- iPhone 4 CDMA - targets iOS 5.0 to 7.1.1
- iPhone 4S, 5, 5C, iPad 2 Rev A, iPad 4, iPod touch 5 - targets iOS 5.0 to 9.3.5
+ - iPad 1 - targets iOS 4.3.1 to 5.1
+ - iPod touch 3 - targets iOS 4.3 to 5.1
- Using powdersn0w requires iOS 7.1.x blobs for your device
- For iPhone 5 and 5C, both 7.0.x and 7.1.x blobs can be used
- For iPad 4, only 7.0.x blobs can be used
+ - For iPad 1 and iPod touch 3, 5.1.1 blobs are used instead
- Restoring to other unsigned versions without blobs is supported on the following devices:
- iPhone 3GS - targets iOS 3.1.3 to 5.1.1
- iPod touch 2 - targets iOS 3.1.3 to 4.1
@@ -101,8 +104,9 @@
- curl
- bspatch
- [powdersn0w_pub](https://github.com/dora2-iOS/powdersn0w_pub) - dora2ios; [LukeZGD fork](https://github.com/LukeZGD/powdersn0w_pub)
- - [Exploits used are from kok3shidoll's repo](https://github.com/kok3shidoll/untitled)
- - [5C 7.0.x exploit is from Ralph0045's repo](https://github.com/Ralph0045/iloader)
+ - [Most of the exploit ramdisks used are from kok3shidoll's repo](https://github.com/kok3shidoll/untitled)
+ - [5C 7.0.x exploit ramdisk is from Ralph0045's iloader repo](https://github.com/Ralph0045/iloader)
+ - [iPad 1 exploit ramdisk is from Ralph0045's iBoot-5-Stuff repo](https://github.com/Ralph0045/iBoot-5-Stuff)
- [ipwndfu](https://github.com/LukeZGD/ipwndfu) - axi0mX, Linus Henze, synackuk; LukeZGD fork
- [ipwnder_lite](https://github.com/dora2-iOS/ipwnder_lite/tree/7265a06d184e433989db640d5e83ea58d5862609) - dora2ios (used on macOS)
- [iPwnder32](https://github.com/dora2-iOS/iPwnder32/tree/243ea5c6d1bd15f8bdd0b3a1ff4a7729bc14bac4) - dora2ios (old version with libusb used on Linux)
@@ -134,7 +138,6 @@
- [Cydia HTTPatch](https://cydia.invoxiplaygames.uk/package/cydiahttpatch) for 3.1.3 downgrades/jailbreaks
- [Pangu](https://www.theiphonewiki.com/wiki/Pangu)
- [p0sixspwn](https://www.theiphonewiki.com/wiki/p0sixspwn)
-- [unthredeh4il](https://www.theiphonewiki.com/wiki/Unthredera1n#unthredeh4il)
- [evasi0n](https://www.theiphonewiki.com/wiki/Evasi0n)
- [g1lbertJB](https://github.com/g1lbertJB/g1lbertJB)
- [UntetherHomeDepot](https://www.theiphonewiki.com/wiki/UntetherHomeDepot)
diff --git a/resources/firmware/powdersn0wBundles/BASE_iPhone3,1_7.1.2_11D257.bundle/Info.plist b/resources/firmware/powdersn0wBundles/BASE_iPhone3,1_7.1.2_11D257.bundle/Info.plist
deleted file mode 100644
index 30dae69..0000000
--- a/resources/firmware/powdersn0wBundles/BASE_iPhone3,1_7.1.2_11D257.bundle/Info.plist
+++ /dev/null
@@ -1,80 +0,0 @@
-
-
-
-
- Filename
- iPhone3,1_7.1.2_11D257_Restore.ipsw
- RootFilesystem
- 058-4520-010.dmg
- RootFilesystemKey
- 38d0320d099b9dd34ffb3308c53d397f14955b347d6a433fe173acc2ced1ae78756b3684
- RootFilesystemSize
- 1660
- RamdiskOptionsPath
- /usr/local/share/restore/options.n90.plist
- SHA256
- 8df4acce2cc2989ad159f980dd65a4bdc8c9eab4000e35169baa70ceb8749b2d
- RamdiskExploit
-
- exploit
- src/target/n90/11D257/exploit
- inject
- src/target/n90/11D257/partition
-
- Firmware
-
- FirmwarePath
-
- AppleLogo
-
- File
- Firmware/all_flash/all_flash.n90ap.production/applelogo@2x~iphone.s5l8930x.img3
-
- BatteryCharging0
-
- File
- Firmware/all_flash/all_flash.n90ap.production/batterycharging0@2x~iphone.s5l8930x.img3
-
- BatteryCharging1
-
- File
- Firmware/all_flash/all_flash.n90ap.production/batterycharging1@2x~iphone.s5l8930x.img3
-
- BatteryFull
-
- File
- Firmware/all_flash/all_flash.n90ap.production/batteryfull@2x~iphone.s5l8930x.img3
-
- BatteryLow0
-
- File
- Firmware/all_flash/all_flash.n90ap.production/batterylow0@2x~iphone.s5l8930x.img3
-
- BatteryLow1
-
- File
- Firmware/all_flash/all_flash.n90ap.production/batterylow1@2x~iphone.s5l8930x.img3
-
- BatteryPlugin
-
- File
- Firmware/all_flash/all_flash.n90ap.production/glyphplugin@2x~iphone-30pin.s5l8930x.img3
-
- RecoveryMode
-
- File
- Firmware/all_flash/all_flash.n90ap.production/recoverymode@2x~iphone-30pin.s5l8930x.img3
-
- LLB
-
- File
- Firmware/all_flash/all_flash.n90ap.production/LLB.n90ap.RELEASE.img3
-
- iBoot
-
- File
- Firmware/all_flash/all_flash.n90ap.production/iBoot.n90ap.RELEASE.img3
-
-
-
-
diff --git a/resources/firmware/powdersn0wBundles/iPhone3,1_4.3.3_8J2.bundle/038-1449-003.patch b/resources/firmware/powdersn0wBundles/iPhone3,1_4.3.3_8J2.bundle/038-1449-003.patch
deleted file mode 100644
index 4b51658..0000000
Binary files a/resources/firmware/powdersn0wBundles/iPhone3,1_4.3.3_8J2.bundle/038-1449-003.patch and /dev/null differ
diff --git a/resources/firmware/powdersn0wBundles/iPhone3,1_4.3.3_8J2.bundle/Info.plist b/resources/firmware/powdersn0wBundles/iPhone3,1_4.3.3_8J2.bundle/Info.plist
deleted file mode 100644
index 56c74bc..0000000
--- a/resources/firmware/powdersn0wBundles/iPhone3,1_4.3.3_8J2.bundle/Info.plist
+++ /dev/null
@@ -1,132 +0,0 @@
-
-
-
-
- Filename
- iPhone3,1_4.3.3_8J2_Restore.ipsw
- RootFilesystem
- 038-1423-003.dmg
- RootFilesystemKey
- 246f17ec6660672b3207ece257938704944a83601205736409b61fc3565512559abd0f82
- RootFilesystemSize
- 930
- RamdiskOptionsPath
- /usr/local/share/restore/options.n90.plist
- SHA256
- 29dccda5dd28fbb62afc1e09668e96b7e23f9ba84bc8f4f19f5264c3e904c04a
- FilesystemPackage
-
- RamdiskPackage
-
- package
- src/bin.tar
- ios
- ios4
-
- Firmware
-
- iBSS
-
- File
- Firmware/dfu/iBSS.n90ap.RELEASE.dfu
- IV
- cdd50b45ca1bac4f718d9eb23ce9f0a8
- Key
- 8ef00005aa2c01ae409d55e330171589af79d76ac86639e76003835d5d82ffc4
- Decrypt
-
- Patch
-
-
- Restore Ramdisk
-
- File
- 038-1449-003.dmg
-
-
- FirmwareReplace
-
- APTicket
-
- File
- Firmware/all_flash/all_flash.n90ap.production/applelogoT-640x960.s5l8930x.img3
-
- AppleLogo
-
- File
- Firmware/all_flash/all_flash.n90ap.production/applelogo7-640x960.s5l8930x.img3
-
- NewAppleLogo
-
- File
- Firmware/all_flash/all_flash.n90ap.production/applelogo-640x960.s5l8930x.img3
-
- BatteryCharging0
-
- File
- Firmware/all_flash/all_flash.n90ap.production/batterycharging0-640x960.s5l8930x.img3
-
- BatteryCharging1
-
- File
- Firmware/all_flash/all_flash.n90ap.production/batterycharging1-640x960.s5l8930x.img3
-
- BatteryFull
-
- File
- Firmware/all_flash/all_flash.n90ap.production/batteryfull-640x960.s5l8930x.img3
-
- BatteryLow0
-
- File
- Firmware/all_flash/all_flash.n90ap.production/batterylow0-640x960.s5l8930x.img3
-
- BatteryLow1
-
- File
- Firmware/all_flash/all_flash.n90ap.production/batterylow1-640x960.s5l8930x.img3
-
- BatteryPlugin
-
- File
- Firmware/all_flash/all_flash.n90ap.production/glyphplugin-640x960.s5l8930x.img3
-
- RecoveryMode
-
- File
- Firmware/all_flash/all_flash.n90ap.production/recoverymode7-640x960.s5l8930x.img3
-
- NewRecoveryMode
-
- File
- Firmware/all_flash/all_flash.n90ap.production/recoverymode-640x960.s5l8930x.img3
-
- LLB
-
- File
- Firmware/all_flash/all_flash.n90ap.production/LLB.n90ap.RELEASE.img3
-
- iBoot
-
- File
- Firmware/all_flash/all_flash.n90ap.production/iBoot.n90ap.RELEASE.img3
-
- NewiBoot
-
- File
- Firmware/all_flash/all_flash.n90ap.production/iBoot4.n90ap.RELEASE.img3
- IV
- bb3fc29dd226fac56086790060d5c744
- Key
- c2ead1d3b228a05b665c91b4b1ab54b570a81dffaf06eaf1736767bcb86e50de
-
- manifest
-
- File
- Firmware/all_flash/all_flash.n90ap.production/manifest
- manifest
- manifest
-
-
-
-
diff --git a/resources/firmware/powdersn0wBundles/iPhone3,1_4.3.3_8J2.bundle/iBSS.n90ap.RELEASE.patch b/resources/firmware/powdersn0wBundles/iPhone3,1_4.3.3_8J2.bundle/iBSS.n90ap.RELEASE.patch
deleted file mode 100644
index 6a27a56..0000000
Binary files a/resources/firmware/powdersn0wBundles/iPhone3,1_4.3.3_8J2.bundle/iBSS.n90ap.RELEASE.patch and /dev/null differ
diff --git a/resources/firmware/powdersn0wBundles/iPhone3,1_4.3.3_8J2.bundle/manifest b/resources/firmware/powdersn0wBundles/iPhone3,1_4.3.3_8J2.bundle/manifest
deleted file mode 100644
index e5c7609..0000000
--- a/resources/firmware/powdersn0wBundles/iPhone3,1_4.3.3_8J2.bundle/manifest
+++ /dev/null
@@ -1,16 +0,0 @@
-applelogoT-640x960.s5l8930x.img3
-LLB.n90ap.RELEASE.img3
-iBoot.n90ap.RELEASE.img3
-DeviceTree.n90ap.img3
-applelogo7-640x960.s5l8930x.img3
-recoverymode7-640x960.s5l8930x.img3
-batterylow0-640x960.s5l8930x.img3
-batterylow1-640x960.s5l8930x.img3
-glyphcharging-640x960.s5l8930x.img3
-glyphplugin-640x960.s5l8930x.img3
-batterycharging0-640x960.s5l8930x.img3
-batterycharging1-640x960.s5l8930x.img3
-batteryfull-640x960.s5l8930x.img3
-iBoot4.n90ap.RELEASE.img3
-applelogo-640x960.s5l8930x.img3
-recoverymode-640x960.s5l8930x.img3
diff --git a/resources/firmware/powdersn0wBundles/iPhone3,1_4.3.5_8L1.bundle/038-2265-002.patch b/resources/firmware/powdersn0wBundles/iPhone3,1_4.3.5_8L1.bundle/038-2265-002.patch
deleted file mode 100644
index a9c0d11..0000000
Binary files a/resources/firmware/powdersn0wBundles/iPhone3,1_4.3.5_8L1.bundle/038-2265-002.patch and /dev/null differ
diff --git a/resources/firmware/powdersn0wBundles/iPhone3,1_4.3.5_8L1.bundle/Info.plist b/resources/firmware/powdersn0wBundles/iPhone3,1_4.3.5_8L1.bundle/Info.plist
deleted file mode 100644
index 797f9d0..0000000
--- a/resources/firmware/powdersn0wBundles/iPhone3,1_4.3.5_8L1.bundle/Info.plist
+++ /dev/null
@@ -1,132 +0,0 @@
-
-
-
-
- Filename
- iPhone3,1_4.3.5_8L1_Restore.ipsw
- RootFilesystem
- 038-2288-002.dmg
- RootFilesystemKey
- e5e061077217c4937e14d9c4ae1eeb8d69827aa4838168033dd5f1806ab485306a8aa3cf
- RootFilesystemSize
- 930
- RamdiskOptionsPath
- /usr/local/share/restore/options.n90.plist
- SHA256
- 54040d08602e6a9894a4671393b0c335d51bdb55a3e28a336676c5facc592349
- FilesystemPackage
-
- RamdiskPackage
-
- package
- src/bin.tar
- ios
- ios4
-
- Firmware
-
- iBSS
-
- File
- Firmware/dfu/iBSS.n90ap.RELEASE.dfu
- IV
- 00ba61665022e97cacb71493f3e92533
- Key
- 85d0388a2b1ce6b4fc68aebb3cb87014b6dd57fde5d9599381db4083a30c3803
- Decrypt
-
- Patch
-
-
- Restore Ramdisk
-
- File
- 038-2265-002.dmg
-
-
- FirmwareReplace
-
- APTicket
-
- File
- Firmware/all_flash/all_flash.n90ap.production/applelogoT-640x960.s5l8930x.img3
-
- AppleLogo
-
- File
- Firmware/all_flash/all_flash.n90ap.production/applelogo7-640x960.s5l8930x.img3
-
- NewAppleLogo
-
- File
- Firmware/all_flash/all_flash.n90ap.production/applelogo-640x960.s5l8930x.img3
-
- BatteryCharging0
-
- File
- Firmware/all_flash/all_flash.n90ap.production/batterycharging0-640x960.s5l8930x.img3
-
- BatteryCharging1
-
- File
- Firmware/all_flash/all_flash.n90ap.production/batterycharging1-640x960.s5l8930x.img3
-
- BatteryFull
-
- File
- Firmware/all_flash/all_flash.n90ap.production/batteryfull-640x960.s5l8930x.img3
-
- BatteryLow0
-
- File
- Firmware/all_flash/all_flash.n90ap.production/batterylow0-640x960.s5l8930x.img3
-
- BatteryLow1
-
- File
- Firmware/all_flash/all_flash.n90ap.production/batterylow1-640x960.s5l8930x.img3
-
- BatteryPlugin
-
- File
- Firmware/all_flash/all_flash.n90ap.production/glyphplugin-640x960.s5l8930x.img3
-
- RecoveryMode
-
- File
- Firmware/all_flash/all_flash.n90ap.production/recoverymode7-640x960.s5l8930x.img3
-
- NewRecoveryMode
-
- File
- Firmware/all_flash/all_flash.n90ap.production/recoverymode-640x960.s5l8930x.img3
-
- LLB
-
- File
- Firmware/all_flash/all_flash.n90ap.production/LLB.n90ap.RELEASE.img3
-
- iBoot
-
- File
- Firmware/all_flash/all_flash.n90ap.production/iBoot.n90ap.RELEASE.img3
-
- NewiBoot
-
- File
- Firmware/all_flash/all_flash.n90ap.production/iBoot4.n90ap.RELEASE.img3
- IV
- 986032eecd861c37ca2a86b6496a3c0d
- Key
- b4e300c54a9dd2e648ead50794e9bf2205a489c310a1c70a9fae687368229468
-
- manifest
-
- File
- Firmware/all_flash/all_flash.n90ap.production/manifest
- manifest
- manifest
-
-
-
-
diff --git a/resources/firmware/powdersn0wBundles/iPhone3,1_4.3.5_8L1.bundle/iBSS.n90ap.RELEASE.patch b/resources/firmware/powdersn0wBundles/iPhone3,1_4.3.5_8L1.bundle/iBSS.n90ap.RELEASE.patch
deleted file mode 100644
index 00663ab..0000000
Binary files a/resources/firmware/powdersn0wBundles/iPhone3,1_4.3.5_8L1.bundle/iBSS.n90ap.RELEASE.patch and /dev/null differ
diff --git a/resources/firmware/powdersn0wBundles/iPhone3,1_4.3.5_8L1.bundle/manifest b/resources/firmware/powdersn0wBundles/iPhone3,1_4.3.5_8L1.bundle/manifest
deleted file mode 100644
index e5c7609..0000000
--- a/resources/firmware/powdersn0wBundles/iPhone3,1_4.3.5_8L1.bundle/manifest
+++ /dev/null
@@ -1,16 +0,0 @@
-applelogoT-640x960.s5l8930x.img3
-LLB.n90ap.RELEASE.img3
-iBoot.n90ap.RELEASE.img3
-DeviceTree.n90ap.img3
-applelogo7-640x960.s5l8930x.img3
-recoverymode7-640x960.s5l8930x.img3
-batterylow0-640x960.s5l8930x.img3
-batterylow1-640x960.s5l8930x.img3
-glyphcharging-640x960.s5l8930x.img3
-glyphplugin-640x960.s5l8930x.img3
-batterycharging0-640x960.s5l8930x.img3
-batterycharging1-640x960.s5l8930x.img3
-batteryfull-640x960.s5l8930x.img3
-iBoot4.n90ap.RELEASE.img3
-applelogo-640x960.s5l8930x.img3
-recoverymode-640x960.s5l8930x.img3
diff --git a/resources/firmware/powdersn0wBundles/iPhone3,1_4.3_8F190.bundle/038-0715-006.patch b/resources/firmware/powdersn0wBundles/iPhone3,1_4.3_8F190.bundle/038-0715-006.patch
deleted file mode 100644
index bb8d306..0000000
Binary files a/resources/firmware/powdersn0wBundles/iPhone3,1_4.3_8F190.bundle/038-0715-006.patch and /dev/null differ
diff --git a/resources/firmware/powdersn0wBundles/iPhone3,1_4.3_8F190.bundle/Info.plist b/resources/firmware/powdersn0wBundles/iPhone3,1_4.3_8F190.bundle/Info.plist
deleted file mode 100644
index 8499ed3..0000000
--- a/resources/firmware/powdersn0wBundles/iPhone3,1_4.3_8F190.bundle/Info.plist
+++ /dev/null
@@ -1,136 +0,0 @@
-
-
-
-
- Filename
- iPhone3,1_4.3_8F190_Restore.ipsw
- RootFilesystem
- 038-0688-006.dmg
- RootFilesystemKey
- 34904e749a8c5cfabecc6c3340816d85e7fc4de61c968ca93be621a9b9520d6466a1456a
- RootFilesystemSize
- 930
- RamdiskOptionsPath
- /usr/local/share/restore/options.n90.plist
- SHA256
- dd891fbe6e035bdca7acba4567f6297d11b5e4fc089511b700908101c82950c0
- FilesystemPackage
-
- RamdiskPackage
-
- package
- src/bin.tar
- ios
- ios4
-
- Firmware
-
- iBSS
-
- File
- Firmware/dfu/iBSS.n90ap.RELEASE.dfu
- IV
- 37f4d36494ac9d83ab8a9e4936c885f8
- Key
- f5e50c94dfee05ed52b4003750007f4c2d1801f7e90e768774ac656dc62c69db
- Decrypt
-
- Patch
-
-
- Restore Ramdisk
-
- File
- 038-0715-006.dmg
- IV
- d11772b6a3bdd4f0b4cd8795b9f10ad9
- Key
- 9873392c91743857cf5b35c9017c6683d5659c9358f35c742be27bfb03dee77c
-
-
- FirmwareReplace
-
- APTicket
-
- File
- Firmware/all_flash/all_flash.n90ap.production/applelogoT-640x960.s5l8930x.img3
-
- AppleLogo
-
- File
- Firmware/all_flash/all_flash.n90ap.production/applelogo7-640x960.s5l8930x.img3
-
- NewAppleLogo
-
- File
- Firmware/all_flash/all_flash.n90ap.production/applelogo-640x960.s5l8930x.img3
-
- BatteryCharging0
-
- File
- Firmware/all_flash/all_flash.n90ap.production/batterycharging0-640x960.s5l8930x.img3
-
- BatteryCharging1
-
- File
- Firmware/all_flash/all_flash.n90ap.production/batterycharging1-640x960.s5l8930x.img3
-
- BatteryFull
-
- File
- Firmware/all_flash/all_flash.n90ap.production/batteryfull-640x960.s5l8930x.img3
-
- BatteryLow0
-
- File
- Firmware/all_flash/all_flash.n90ap.production/batterylow0-640x960.s5l8930x.img3
-
- BatteryLow1
-
- File
- Firmware/all_flash/all_flash.n90ap.production/batterylow1-640x960.s5l8930x.img3
-
- BatteryPlugin
-
- File
- Firmware/all_flash/all_flash.n90ap.production/glyphplugin-640x960.s5l8930x.img3
-
- RecoveryMode
-
- File
- Firmware/all_flash/all_flash.n90ap.production/recoverymode7-640x960.s5l8930x.img3
-
- NewRecoveryMode
-
- File
- Firmware/all_flash/all_flash.n90ap.production/recoverymode-640x960.s5l8930x.img3
-
- LLB
-
- File
- Firmware/all_flash/all_flash.n90ap.production/LLB.n90ap.RELEASE.img3
-
- iBoot
-
- File
- Firmware/all_flash/all_flash.n90ap.production/iBoot.n90ap.RELEASE.img3
-
- NewiBoot
-
- File
- Firmware/all_flash/all_flash.n90ap.production/iBoot4.n90ap.RELEASE.img3
- IV
- 9f11c07bde79bdac4abb3f9707c4b13c
- Key
- 0958d70e1a292483d4e32ed1e911d2b16b6260856be67d00a33b6a1801711d32
-
- manifest
-
- File
- Firmware/all_flash/all_flash.n90ap.production/manifest
- manifest
- manifest
-
-
-
-
diff --git a/resources/firmware/powdersn0wBundles/iPhone3,1_4.3_8F190.bundle/iBSS.n90ap.RELEASE.patch b/resources/firmware/powdersn0wBundles/iPhone3,1_4.3_8F190.bundle/iBSS.n90ap.RELEASE.patch
deleted file mode 100644
index 59e9ad3..0000000
Binary files a/resources/firmware/powdersn0wBundles/iPhone3,1_4.3_8F190.bundle/iBSS.n90ap.RELEASE.patch and /dev/null differ
diff --git a/resources/firmware/powdersn0wBundles/iPhone3,1_4.3_8F190.bundle/manifest b/resources/firmware/powdersn0wBundles/iPhone3,1_4.3_8F190.bundle/manifest
deleted file mode 100644
index e5c7609..0000000
--- a/resources/firmware/powdersn0wBundles/iPhone3,1_4.3_8F190.bundle/manifest
+++ /dev/null
@@ -1,16 +0,0 @@
-applelogoT-640x960.s5l8930x.img3
-LLB.n90ap.RELEASE.img3
-iBoot.n90ap.RELEASE.img3
-DeviceTree.n90ap.img3
-applelogo7-640x960.s5l8930x.img3
-recoverymode7-640x960.s5l8930x.img3
-batterylow0-640x960.s5l8930x.img3
-batterylow1-640x960.s5l8930x.img3
-glyphcharging-640x960.s5l8930x.img3
-glyphplugin-640x960.s5l8930x.img3
-batterycharging0-640x960.s5l8930x.img3
-batterycharging1-640x960.s5l8930x.img3
-batteryfull-640x960.s5l8930x.img3
-iBoot4.n90ap.RELEASE.img3
-applelogo-640x960.s5l8930x.img3
-recoverymode-640x960.s5l8930x.img3
diff --git a/resources/firmware/src/bin4.tar b/resources/firmware/src/bin4.tar
new file mode 100644
index 0000000..8c36129
Binary files /dev/null and b/resources/firmware/src/bin4.tar differ
diff --git a/resources/firmware/src/target/k48/9B206/exploit b/resources/firmware/src/target/k48/9B206/exploit
new file mode 100644
index 0000000..ef23ee7
Binary files /dev/null and b/resources/firmware/src/target/k48/9B206/exploit differ
diff --git a/resources/firmware/src/target/k48/9B206/partition b/resources/firmware/src/target/k48/9B206/partition
new file mode 100644
index 0000000..d2ff38a
--- /dev/null
+++ b/resources/firmware/src/target/k48/9B206/partition
@@ -0,0 +1,73 @@
+#!/bin/bash
+
+isIOS5=0
+
+if [ -e "/dev/rdisk0s2" ]; then
+nvram -d boot-partition
+nvram -d boot-ramdisk
+sleep 1s
+reboot_
+fi
+
+mount_hfs /dev/disk0s1s1 /mnt1
+
+if [ ! -e "/dev/rdisk0s1s3" ]; then
+mount_hfs /dev/disk0s1s2 /mnt1/private/var
+else
+isIOS5=1
+mount_hfs /dev/disk0s1s3 /mnt1/private/var
+fi
+sleep 1s
+
+sleep 1s
+
+rm -rf /mnt1/System/Library/LaunchDaemons/com.apple.mobile.softwareupdated.plist
+rm -rf /mnt1/System/Library/LaunchDaemons/com.apple.softwareupdateservicesd.plist
+
+Data_GUID="$((echo -e "i\n2\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*Partition unique GUID: //p')"
+LogicalSector="$((echo -e "p\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*Logical sector size: //p' | sed 's/ .*//')"
+System_LastSector="$((echo -e "i\n1\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*Last sector: //p' | sed 's/ .*//')"
+Data_LastSector="$((echo -e "i\n2\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*Last sector: //p' | sed 's/ .*//')"
+Data_Attributeflags="$((echo -e "i\n2\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*flags: //p')"
+Exploit_LastSector="$((65536/$LogicalSector))"
+New_Data_LastSector="$(($Data_LastSector-$Exploit_LastSector))"
+New_Data_SectorSize="$(($New_Data_LastSector-$System_LastSector))"
+New_Data_Size="$(($New_Data_SectorSize*$LogicalSector))"
+
+hfs_resize /mnt1/private/var $New_Data_Size
+sleep 1s
+
+if [ "$Data_Attributeflags" = "0001000000000000" ]; then
+echo -e "d\n2\nn\n\n$New_Data_LastSector\n\nc\n2\nData\nx\na\n2\n48\n\nc\n2\n$Data_GUID\ns\n4\nm\nn\n3\n\n$Data_LastSector\n\nw\nY\n" | gptfdisk /dev/rdisk0s1
+else
+echo -e "d\n2\nn\n\n$New_Data_LastSector\n\nc\n2\nData\nx\na\n2\n48\n49\n\nc\n2\n$Data_GUID\ns\n4\nm\nn\n3\n\n$Data_LastSector\n\nw\nY\n" | gptfdisk /dev/rdisk0s1
+fi
+
+sleep 1s
+
+if [ $isIOS5 == 0 ]; then
+newfs_hfs -s -v exploit /dev/rdisk0s1s3
+sleep 1s
+fsck_hfs -f /dev/rdisk0s1s3
+sleep 2s
+
+dd of=/dev/rdisk0s1s3 if=/exploit bs=512k count=1
+sleep 1s
+fi
+
+if [ $isIOS5 == 1 ]; then
+newfs_hfs -s -v exploit /dev/rdisk0s1s4
+sleep 1s
+fsck_hfs -f /dev/rdisk0s1s4
+sleep 2s
+
+dd of=/dev/rdisk0s1s4 if=/exploit bs=512k count=1
+sleep 1s
+fi
+
+nvram -c
+nvram boot-partition=2
+
+sleep 1s
+
+reboot_
diff --git a/resources/firmware/src/target/k48/reboot4 b/resources/firmware/src/target/k48/reboot4
new file mode 100755
index 0000000..6670fb2
Binary files /dev/null and b/resources/firmware/src/target/k48/reboot4 differ
diff --git a/resources/firmware/src/target/n18/9B206/exploit b/resources/firmware/src/target/n18/9B206/exploit
new file mode 100644
index 0000000..ef23ee7
Binary files /dev/null and b/resources/firmware/src/target/n18/9B206/exploit differ
diff --git a/resources/firmware/src/target/n18/9B206/partition b/resources/firmware/src/target/n18/9B206/partition
new file mode 100644
index 0000000..d2ff38a
--- /dev/null
+++ b/resources/firmware/src/target/n18/9B206/partition
@@ -0,0 +1,73 @@
+#!/bin/bash
+
+isIOS5=0
+
+if [ -e "/dev/rdisk0s2" ]; then
+nvram -d boot-partition
+nvram -d boot-ramdisk
+sleep 1s
+reboot_
+fi
+
+mount_hfs /dev/disk0s1s1 /mnt1
+
+if [ ! -e "/dev/rdisk0s1s3" ]; then
+mount_hfs /dev/disk0s1s2 /mnt1/private/var
+else
+isIOS5=1
+mount_hfs /dev/disk0s1s3 /mnt1/private/var
+fi
+sleep 1s
+
+sleep 1s
+
+rm -rf /mnt1/System/Library/LaunchDaemons/com.apple.mobile.softwareupdated.plist
+rm -rf /mnt1/System/Library/LaunchDaemons/com.apple.softwareupdateservicesd.plist
+
+Data_GUID="$((echo -e "i\n2\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*Partition unique GUID: //p')"
+LogicalSector="$((echo -e "p\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*Logical sector size: //p' | sed 's/ .*//')"
+System_LastSector="$((echo -e "i\n1\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*Last sector: //p' | sed 's/ .*//')"
+Data_LastSector="$((echo -e "i\n2\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*Last sector: //p' | sed 's/ .*//')"
+Data_Attributeflags="$((echo -e "i\n2\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*flags: //p')"
+Exploit_LastSector="$((65536/$LogicalSector))"
+New_Data_LastSector="$(($Data_LastSector-$Exploit_LastSector))"
+New_Data_SectorSize="$(($New_Data_LastSector-$System_LastSector))"
+New_Data_Size="$(($New_Data_SectorSize*$LogicalSector))"
+
+hfs_resize /mnt1/private/var $New_Data_Size
+sleep 1s
+
+if [ "$Data_Attributeflags" = "0001000000000000" ]; then
+echo -e "d\n2\nn\n\n$New_Data_LastSector\n\nc\n2\nData\nx\na\n2\n48\n\nc\n2\n$Data_GUID\ns\n4\nm\nn\n3\n\n$Data_LastSector\n\nw\nY\n" | gptfdisk /dev/rdisk0s1
+else
+echo -e "d\n2\nn\n\n$New_Data_LastSector\n\nc\n2\nData\nx\na\n2\n48\n49\n\nc\n2\n$Data_GUID\ns\n4\nm\nn\n3\n\n$Data_LastSector\n\nw\nY\n" | gptfdisk /dev/rdisk0s1
+fi
+
+sleep 1s
+
+if [ $isIOS5 == 0 ]; then
+newfs_hfs -s -v exploit /dev/rdisk0s1s3
+sleep 1s
+fsck_hfs -f /dev/rdisk0s1s3
+sleep 2s
+
+dd of=/dev/rdisk0s1s3 if=/exploit bs=512k count=1
+sleep 1s
+fi
+
+if [ $isIOS5 == 1 ]; then
+newfs_hfs -s -v exploit /dev/rdisk0s1s4
+sleep 1s
+fsck_hfs -f /dev/rdisk0s1s4
+sleep 2s
+
+dd of=/dev/rdisk0s1s4 if=/exploit bs=512k count=1
+sleep 1s
+fi
+
+nvram -c
+nvram boot-partition=2
+
+sleep 1s
+
+reboot_
diff --git a/resources/firmware/src/target/n18/reboot4 b/resources/firmware/src/target/n18/reboot4
new file mode 100755
index 0000000..6670fb2
Binary files /dev/null and b/resources/firmware/src/target/n18/reboot4 differ
diff --git a/resources/firmware/src/target/n90/reboot4 b/resources/firmware/src/target/n90/reboot4
new file mode 100755
index 0000000..a24e64b
Binary files /dev/null and b/resources/firmware/src/target/n90/reboot4 differ
diff --git a/resources/jailbreak/g1lbertJB/iPad1,1_8F190.tar b/resources/jailbreak/g1lbertJB/iPad1,1_8F190.tar
new file mode 100644
index 0000000..bc6081f
Binary files /dev/null and b/resources/jailbreak/g1lbertJB/iPad1,1_8F190.tar differ
diff --git a/resources/jailbreak/g1lbertJB/iPad1,1_8G4.tar b/resources/jailbreak/g1lbertJB/iPad1,1_8G4.tar
new file mode 100644
index 0000000..9b5c911
Binary files /dev/null and b/resources/jailbreak/g1lbertJB/iPad1,1_8G4.tar differ
diff --git a/resources/jailbreak/g1lbertJB/iPad1,1_8H7.tar b/resources/jailbreak/g1lbertJB/iPad1,1_8H7.tar
new file mode 100644
index 0000000..88293a1
Binary files /dev/null and b/resources/jailbreak/g1lbertJB/iPad1,1_8H7.tar differ
diff --git a/resources/jailbreak/g1lbertJB/iPad1,1_8J3.tar b/resources/jailbreak/g1lbertJB/iPad1,1_8J3.tar
new file mode 100644
index 0000000..3d85f9e
Binary files /dev/null and b/resources/jailbreak/g1lbertJB/iPad1,1_8J3.tar differ
diff --git a/resources/jailbreak/g1lbertJB/iPad1,1_8K2.tar b/resources/jailbreak/g1lbertJB/iPad1,1_8K2.tar
new file mode 100644
index 0000000..44e30bf
Binary files /dev/null and b/resources/jailbreak/g1lbertJB/iPad1,1_8K2.tar differ
diff --git a/resources/jailbreak/g1lbertJB/iPad1,1_8L1.tar b/resources/jailbreak/g1lbertJB/iPad1,1_8L1.tar
new file mode 100644
index 0000000..754b382
Binary files /dev/null and b/resources/jailbreak/g1lbertJB/iPad1,1_8L1.tar differ
diff --git a/resources/jailbreak/g1lbertJB/iPhone2,1_8F190.tar b/resources/jailbreak/g1lbertJB/iPhone2,1_8F190.tar
new file mode 100644
index 0000000..af36e98
Binary files /dev/null and b/resources/jailbreak/g1lbertJB/iPhone2,1_8F190.tar differ
diff --git a/resources/jailbreak/g1lbertJB/iPhone2,1_8G4.tar b/resources/jailbreak/g1lbertJB/iPhone2,1_8G4.tar
new file mode 100644
index 0000000..8b5576d
Binary files /dev/null and b/resources/jailbreak/g1lbertJB/iPhone2,1_8G4.tar differ
diff --git a/resources/jailbreak/g1lbertJB/iPhone2,1_8H7.tar b/resources/jailbreak/g1lbertJB/iPhone2,1_8H7.tar
new file mode 100644
index 0000000..d785082
Binary files /dev/null and b/resources/jailbreak/g1lbertJB/iPhone2,1_8H7.tar differ
diff --git a/resources/jailbreak/g1lbertJB/iPhone2,1_8J2.tar b/resources/jailbreak/g1lbertJB/iPhone2,1_8J2.tar
new file mode 100644
index 0000000..74dd0fe
Binary files /dev/null and b/resources/jailbreak/g1lbertJB/iPhone2,1_8J2.tar differ
diff --git a/resources/jailbreak/g1lbertJB/iPhone2,1_8K2.tar b/resources/jailbreak/g1lbertJB/iPhone2,1_8K2.tar
new file mode 100644
index 0000000..1f82a71
Binary files /dev/null and b/resources/jailbreak/g1lbertJB/iPhone2,1_8K2.tar differ
diff --git a/resources/jailbreak/g1lbertJB/iPhone2,1_8L1.tar b/resources/jailbreak/g1lbertJB/iPhone2,1_8L1.tar
new file mode 100644
index 0000000..58c9aa5
Binary files /dev/null and b/resources/jailbreak/g1lbertJB/iPhone2,1_8L1.tar differ
diff --git a/resources/jailbreak/g1lbertJB/iPhone3,1_8F190.tar b/resources/jailbreak/g1lbertJB/iPhone3,1_8F190.tar
new file mode 100644
index 0000000..0f03bca
Binary files /dev/null and b/resources/jailbreak/g1lbertJB/iPhone3,1_8F190.tar differ
diff --git a/resources/jailbreak/g1lbertJB/iPhone3,1_8G4.tar b/resources/jailbreak/g1lbertJB/iPhone3,1_8G4.tar
new file mode 100644
index 0000000..44846a9
Binary files /dev/null and b/resources/jailbreak/g1lbertJB/iPhone3,1_8G4.tar differ
diff --git a/resources/jailbreak/g1lbertJB/iPhone3,1_8H7.tar b/resources/jailbreak/g1lbertJB/iPhone3,1_8H7.tar
new file mode 100644
index 0000000..12fbfb5
Binary files /dev/null and b/resources/jailbreak/g1lbertJB/iPhone3,1_8H7.tar differ
diff --git a/resources/jailbreak/g1lbertJB/iPhone3,1_8J2.tar b/resources/jailbreak/g1lbertJB/iPhone3,1_8J2.tar
new file mode 100644
index 0000000..4eaeaab
Binary files /dev/null and b/resources/jailbreak/g1lbertJB/iPhone3,1_8J2.tar differ
diff --git a/resources/jailbreak/g1lbertJB/iPhone3,1_8K2.tar b/resources/jailbreak/g1lbertJB/iPhone3,1_8K2.tar
new file mode 100644
index 0000000..2aa7cfa
Binary files /dev/null and b/resources/jailbreak/g1lbertJB/iPhone3,1_8K2.tar differ
diff --git a/resources/jailbreak/g1lbertJB/iPhone3,1_8L1.tar b/resources/jailbreak/g1lbertJB/iPhone3,1_8L1.tar
new file mode 100644
index 0000000..a0b96df
Binary files /dev/null and b/resources/jailbreak/g1lbertJB/iPhone3,1_8L1.tar differ
diff --git a/resources/jailbreak/g1lbertJB/iPhone3,3_8E200.tar b/resources/jailbreak/g1lbertJB/iPhone3,3_8E200.tar
new file mode 100644
index 0000000..f3196f5
Binary files /dev/null and b/resources/jailbreak/g1lbertJB/iPhone3,3_8E200.tar differ
diff --git a/resources/jailbreak/g1lbertJB/iPhone3,3_8E303.tar b/resources/jailbreak/g1lbertJB/iPhone3,3_8E303.tar
new file mode 100644
index 0000000..3e193ef
Binary files /dev/null and b/resources/jailbreak/g1lbertJB/iPhone3,3_8E303.tar differ
diff --git a/resources/jailbreak/g1lbertJB/iPhone3,3_8E401.tar b/resources/jailbreak/g1lbertJB/iPhone3,3_8E401.tar
new file mode 100644
index 0000000..d840349
Binary files /dev/null and b/resources/jailbreak/g1lbertJB/iPhone3,3_8E401.tar differ
diff --git a/resources/jailbreak/g1lbertJB/iPhone3,3_8E501.tar b/resources/jailbreak/g1lbertJB/iPhone3,3_8E501.tar
new file mode 100644
index 0000000..5589400
Binary files /dev/null and b/resources/jailbreak/g1lbertJB/iPhone3,3_8E501.tar differ
diff --git a/resources/jailbreak/g1lbertJB/iPhone3,3_8E600.tar b/resources/jailbreak/g1lbertJB/iPhone3,3_8E600.tar
new file mode 100644
index 0000000..5178c97
Binary files /dev/null and b/resources/jailbreak/g1lbertJB/iPhone3,3_8E600.tar differ
diff --git a/resources/jailbreak/g1lbertJB/iPod3,1_8F190.tar b/resources/jailbreak/g1lbertJB/iPod3,1_8F190.tar
new file mode 100644
index 0000000..aec9836
Binary files /dev/null and b/resources/jailbreak/g1lbertJB/iPod3,1_8F190.tar differ
diff --git a/resources/jailbreak/g1lbertJB/iPod3,1_8G4.tar b/resources/jailbreak/g1lbertJB/iPod3,1_8G4.tar
new file mode 100644
index 0000000..ac4bd6c
Binary files /dev/null and b/resources/jailbreak/g1lbertJB/iPod3,1_8G4.tar differ
diff --git a/resources/jailbreak/g1lbertJB/iPod3,1_8H7.tar b/resources/jailbreak/g1lbertJB/iPod3,1_8H7.tar
new file mode 100644
index 0000000..e15ae34
Binary files /dev/null and b/resources/jailbreak/g1lbertJB/iPod3,1_8H7.tar differ
diff --git a/resources/jailbreak/g1lbertJB/iPod3,1_8J2.tar b/resources/jailbreak/g1lbertJB/iPod3,1_8J2.tar
new file mode 100644
index 0000000..593f266
Binary files /dev/null and b/resources/jailbreak/g1lbertJB/iPod3,1_8J2.tar differ
diff --git a/resources/jailbreak/g1lbertJB/iPod3,1_8K2.tar b/resources/jailbreak/g1lbertJB/iPod3,1_8K2.tar
new file mode 100644
index 0000000..b63fb31
Binary files /dev/null and b/resources/jailbreak/g1lbertJB/iPod3,1_8K2.tar differ
diff --git a/resources/jailbreak/g1lbertJB/iPod3,1_8L1.tar b/resources/jailbreak/g1lbertJB/iPod3,1_8L1.tar
new file mode 100644
index 0000000..1cbb52a
Binary files /dev/null and b/resources/jailbreak/g1lbertJB/iPod3,1_8L1.tar differ
diff --git a/resources/jailbreak/g1lbertJB/iPod4,1_8F190.tar b/resources/jailbreak/g1lbertJB/iPod4,1_8F190.tar
new file mode 100644
index 0000000..1e3cba3
Binary files /dev/null and b/resources/jailbreak/g1lbertJB/iPod4,1_8F190.tar differ
diff --git a/resources/jailbreak/g1lbertJB/iPod4,1_8G4.tar b/resources/jailbreak/g1lbertJB/iPod4,1_8G4.tar
new file mode 100644
index 0000000..60548f7
Binary files /dev/null and b/resources/jailbreak/g1lbertJB/iPod4,1_8G4.tar differ
diff --git a/resources/jailbreak/g1lbertJB/iPod4,1_8H7.tar b/resources/jailbreak/g1lbertJB/iPod4,1_8H7.tar
new file mode 100644
index 0000000..81f224b
Binary files /dev/null and b/resources/jailbreak/g1lbertJB/iPod4,1_8H7.tar differ
diff --git a/resources/jailbreak/g1lbertJB/iPod4,1_8J2.tar b/resources/jailbreak/g1lbertJB/iPod4,1_8J2.tar
new file mode 100644
index 0000000..42de9a6
Binary files /dev/null and b/resources/jailbreak/g1lbertJB/iPod4,1_8J2.tar differ
diff --git a/resources/jailbreak/g1lbertJB/iPod4,1_8K2.tar b/resources/jailbreak/g1lbertJB/iPod4,1_8K2.tar
new file mode 100644
index 0000000..b0e1008
Binary files /dev/null and b/resources/jailbreak/g1lbertJB/iPod4,1_8K2.tar differ
diff --git a/resources/jailbreak/g1lbertJB/iPod4,1_8L1.tar b/resources/jailbreak/g1lbertJB/iPod4,1_8L1.tar
new file mode 100644
index 0000000..113008e
Binary files /dev/null and b/resources/jailbreak/g1lbertJB/iPod4,1_8L1.tar differ
diff --git a/resources/jailbreak/unthredeh4il.tar b/resources/jailbreak/unthredeh4il.tar
deleted file mode 100644
index f2d2e79..0000000
Binary files a/resources/jailbreak/unthredeh4il.tar and /dev/null differ
diff --git a/resources/patch/iBSS.n90ap.8L1.patch b/resources/patch/iBSS.n90ap.8L1.patch
deleted file mode 100644
index d76fe4d..0000000
Binary files a/resources/patch/iBSS.n90ap.8L1.patch and /dev/null differ
diff --git a/restore.sh b/restore.sh
index 1b1d19d..f23b43d 100755
--- a/restore.sh
+++ b/restore.sh
@@ -573,7 +573,7 @@ device_get_info() {
device_ecid=$(printf "%d" $($irecovery -q | grep "ECID" | cut -c 7-)) # converts hex ecid to dec
fi
device_model=$($irecovery -q | grep "MODEL" | cut -c 8-)
- device_vers=$(echo "/exit" | $irecovery -s | grep "iBoot-")
+ device_vers=$(echo "/exit" | $irecovery -s | grep -a "iBoot-")
[[ -z $device_vers ]] && device_vers="Unknown"
device_serial="$($irecovery -q | grep "SRNM" | cut -c 7- | cut -c 3- | cut -c -3)"
device_manufacturing
@@ -990,9 +990,6 @@ device_enter_mode() {
log "Entering recovery mode..."
$ideviceenterrecovery "$device_udid" >/dev/null
device_find_mode Recovery 50
- elif [[ $device_mode == "DFU" ]]; then
- log "Device is in DFU mode, cannot enter recovery mode"
- return
fi
;;
@@ -1849,12 +1846,11 @@ ipsw_prepare_jailbreak() {
JBFiles+=("fstab_rw.tar" "freeze.tar")
case $device_target_vers in
"6.1.6" | "6.1.3" ) JBFiles+=("p0sixspwn.tar");;
- "5"* ) JBFiles+=("g1lbertJB/${device_type}_${device_target_build}.tar");;
"4.2.1" | "4.1" | "4.0"* )
JBFiles[0]="fstab_new.tar"
JBFiles+=("greenpois0n/${device_type}_${device_target_build}.tar")
;;
- "4.3"* | "4.2"* ) JBFiles+=("unthredeh4il.tar");;
+ "5"* | "4.3"* | "4.2"* ) JBFiles+=("g1lbertJB/${device_type}_${device_target_build}.tar");;
esac
for i in {0..2}; do
JBFiles[i]=$jelbrek/${JBFiles[$i]}
@@ -1932,7 +1928,7 @@ ipsw_prepare_keys() {
;;
"KernelCache" )
- if [[ $vers == "5"* || $vers == "7"* ]]; then
+ if [[ $vers == "3"* || $vers == "4"* || $vers == "5"* || $vers == "7"* ]]; then
return
fi
echo -e "$compFile$nameIV$ivKey$keyDecryptPathDowngrade/$compPatch" >> $NewPlist
@@ -1946,7 +1942,7 @@ ipsw_prepare_paths() {
local getcomp="$1"
case $comp in
"BatteryPlugin" ) getcomp="GlyphPlugin";;
- "NewAppleLogo" ) getcomp="AppleLogo";;
+ "NewAppleLogo" | "APTicket" ) getcomp="AppleLogo";;
"NewRecoveryMode" ) getcomp="RecoveryMode";;
"NewiBoot" ) getcomp="iBoot";;
esac
@@ -1960,14 +1956,21 @@ ipsw_prepare_paths() {
if [[ $2 == "target" ]]; then
case $comp in
"AppleLogo" ) str2="${name/applelogo/applelogo7}";;
+ "APTicket" ) str2="${name/applelogo/applelogoT}";;
"RecoveryMode" ) str2="${name/recoverymode/recoverymode7}";;
"NewiBoot" ) str2="${name/iBoot/iBoot$(echo $device_target_vers | cut -c 1)}";;
esac
case $comp in
- "AppleLogo" | "RecoveryMode" | "NewiBoot" )
+ "AppleLogo" | "APTicket" | "RecoveryMode" )
str+="$str2"
echo "$str2" >> $FirmwareBundle/manifest
;;
+ "NewiBoot" )
+ if [[ $device_type != "iPad1,1" ]]; then
+ str+="$str2"
+ echo "$str2" >> $FirmwareBundle/manifest
+ fi
+ ;;
"manifest" ) str+="manifest";;
* ) str+="$name";;
esac
@@ -2039,7 +2042,7 @@ ipsw_prepare_bundle() {
build="$device_base_build"
FirmwareBundle+="BASE_"
elif [[ $1 == "target" ]]; then
- if [[ $ipsw_jailbreak == 1 && $vers != "5"* && $vers != "7"* ]]; then
+ if [[ $ipsw_jailbreak == 1 && $vers != "3"* && $vers != "4"* && $vers != "5"* && $vers != "7"* ]]; then
ipsw_prepare_config true true
else
ipsw_prepare_config false true
@@ -2058,12 +2061,17 @@ ipsw_prepare_bundle() {
log "IPSWSHA256: $IPSWSHA256"
unzip -o -j "$ipsw_p.ipsw" Firmware/all_flash/all_flash.${device_model}ap.production/manifest
mv manifest $FirmwareBundle/
- local RamdiskName=$(echo "$key" | $jq -j '.keys[] | select(.image | startswith("RestoreRamdisk")) | .filename')
+ local ramdisk_name=$(echo "$key" | $jq -j '.keys[] | select(.image | startswith("RestoreRamdisk")) | .filename')
local RamdiskIV=$(echo "$key" | $jq -j '.keys[] | select(.image | startswith("RestoreRamdisk")) | .iv')
local RamdiskKey=$(echo "$key" | $jq -j '.keys[] | select(.image | startswith("RestoreRamdisk")) | .key')
- unzip -o -j "$ipsw_p.ipsw" $RamdiskName
- "$dir/xpwntool" $RamdiskName Ramdisk.raw -iv $RamdiskIV -k $RamdiskKey
+ unzip -o -j "$ipsw_p.ipsw" $ramdisk_name
+ "$dir/xpwntool" $ramdisk_name Ramdisk.raw -iv $RamdiskIV -k $RamdiskKey
"$dir/hfsplus" Ramdisk.raw extract usr/local/share/restore/options.$device_model.plist
+ if [[ ! -s options.$device_model.plist ]]; then
+ rm options.$device_model.plist
+ "$dir/hfsplus" Ramdisk.raw extract usr/local/share/restore/options.plist
+ mv options.plist options.$device_model.plist
+ fi
if [[ $platform == "macos" ]]; then
plutil -extract 'SystemPartitionSize' xml1 options.$device_model.plist -o size
RootSize=$(cat size | sed -ne '//,/<\/integer>/p' | sed -e "s///" | sed "s/<\/integer>//" | sed '2d')
@@ -2076,7 +2084,11 @@ ipsw_prepare_bundle() {
echo -e "RootFilesystem$(echo "$key" | $jq -j '.keys[] | select(.image == "RootFS") | .filename')" >> $NewPlist
echo -e "RootFilesystemKey$(echo "$key" | $jq -j '.keys[] | select(.image == "RootFS") | .key')" >> $NewPlist
echo -e "RootFilesystemSize$RootSize" >> $NewPlist
- echo -e "RamdiskOptionsPath/usr/local/share/restore/options.$device_model.plist" >> $NewPlist
+ printf "RamdiskOptionsPath/usr/local/share/restore/options" >> $NewPlist
+ if [[ $device_target_vers != "3"* && $device_target_vers != "4"* ]]; then
+ printf ".$device_model" >> $NewPlist
+ fi
+ echo -e ".plist" >> $NewPlist
echo -e "SHA256$IPSWSHA256" >> $NewPlist
if [[ $1 == "base" ]]; then
@@ -2087,6 +2099,7 @@ ipsw_prepare_bundle() {
esac
case $device_base_build in
"11A"* | "11B"* ) base_build="11B554a";;
+ "9"* ) base_build="9B206";;
esac
echo -e "RamdiskExploit" >> $NewPlist
echo -e "exploitsrc/target/$hw/$base_build/exploit" >> $NewPlist
@@ -2098,6 +2111,8 @@ ipsw_prepare_bundle() {
esac
printf "RamdiskPackagepackagesrc/bin.tariosios" >> $NewPlist
case $vers in
+ 3* ) printf "3" >> $NewPlist;;
+ 4* ) printf "4" >> $NewPlist;;
5* ) printf "5" >> $NewPlist;;
6* ) printf "6" >> $NewPlist;;
7* ) printf "7" >> $NewPlist;;
@@ -2111,6 +2126,11 @@ ipsw_prepare_bundle() {
if [[ $1 == "base" ]]; then
echo -e "Firmware" >> $NewPlist
+ elif [[ $1 == "target" ]] && [[ $vers == "3" || $vers == "4"* ]]; then
+ echo -e "Firmware" >> $NewPlist
+ ipsw_prepare_keys iBSS $1
+ ipsw_prepare_keys RestoreRamdisk $1
+ echo -e "" >> $NewPlist
else
echo -e "Firmware" >> $NewPlist
ipsw_prepare_keys iBSS $1
@@ -2141,6 +2161,9 @@ ipsw_prepare_bundle() {
echo -e "" >> $NewPlist
elif [[ $1 == "target" ]]; then
echo -e "FirmwareReplace" >> $NewPlist
+ if [[ $vers == "4"* ]]; then
+ ipsw_prepare_paths APTicket $1
+ fi
ipsw_prepare_paths AppleLogo $1
ipsw_prepare_paths NewAppleLogo $1
ipsw_prepare_paths BatteryCharging0 $1
@@ -2274,7 +2297,7 @@ ipsw_prepare_ios4powder() {
fi
if [[ $ipsw_jailbreak == 1 ]]; then
- JBFiles=("unthredeh4il.tar" "fstab_rw.tar" "freeze.tar" "cydiasubstrate.tar")
+ JBFiles=("g1lbertJB/${device_type}_${device_target_build}.tar" "fstab_rw.tar" "freeze.tar" "cydiasubstrate.tar")
for i in {0..3}; do
JBFiles[i]=$jelbrek/${JBFiles[$i]}
done
@@ -2284,8 +2307,13 @@ ipsw_prepare_ios4powder() {
cp $jelbrek/freeze.tar .
fi
- cp -R ../resources/firmware/powdersn0wBundles ./FirmwareBundles
+ ipsw_prepare_bundle target
+ ipsw_prepare_bundle base
cp -R ../resources/firmware/src .
+ rm src/target/$device_model/$device_base_build/partition
+ mv src/target/$device_model/reboot4 src/target/$device_model/$device_base_build/partition
+ rm src/bin.tar
+ mv src/bin4.tar src/bin.tar
ipsw_prepare_config false true
if [[ $ipsw_memory == 1 ]]; then
ExtraArgs+=" -memory"
@@ -2294,6 +2322,22 @@ ipsw_prepare_ios4powder() {
device_dump activation
ExtraArgs+=" ../saved/$device_type/activation.tar"
fi
+ if [[ $device_target_vers != "4.3.5" ]]; then
+ ExtraArgs2+="--433 "
+ fi
+ if [[ $ipsw_verbose == 1 ]]; then
+ ExtraArgs2+="-b -v"
+ fi
+ patch_iboot "$ExtraArgs2"
+ tar -rvf src/bin.tar iBoot
+ if [[ $device_type == "iPad1,1" ]]; then
+ cp iBoot iBEC
+ tar -cvf iBoot.tar iBEC
+ ExtraArgs+=" iBoot.tar"
+ else
+ echo "0000010: 626F" | xxd -r - iBoot
+ echo "0000020: 626F" | xxd -r - iBoot
+ fi
log "Preparing custom IPSW: $dir/powdersn0w $ipsw_path.ipsw temp.ipsw -base $ipsw_base_path.ipsw $ExtraArgs ${JBFiles[*]}"
"$dir/powdersn0w" "$ipsw_path.ipsw" temp.ipsw -base "$ipsw_base_path.ipsw" $ExtraArgs ${JBFiles[@]}
@@ -2303,38 +2347,35 @@ ipsw_prepare_ios4powder() {
fi
log "Applying iOS 4 patches"
- if [[ $device_target_vers != "4.3.5" ]]; then
- ExtraArgs2+="--433 "
- fi
- if [[ $ipsw_verbose == 1 ]]; then
- ExtraArgs2+="-b -v"
- fi
- patch_iboot "$ExtraArgs2"
- mkdir -p Firmware/all_flash/all_flash.n90ap.production Firmware/dfu
- cp iBoot Firmware/all_flash/all_flash.n90ap.production/iBoot4.n90ap.RELEASE.img3
+ mkdir -p Firmware/all_flash/all_flash.${device_model}ap.production Firmware/dfu
log "Patch iBSS"
- unzip -o -j "$ipsw_path.ipsw" Firmware/dfu/iBSS.n90ap.RELEASE.dfu
- $bspatch iBSS.n90ap.RELEASE.dfu Firmware/dfu/iBSS.n90ap.RELEASE.dfu FirmwareBundles/${device_type}_${device_target_vers}_${device_target_build}.bundle/iBSS.n90ap.RELEASE.patch
- log "Patch Ramdisk"
- local RamdiskName=$(echo "$device_fw_key" | $jq -j '.keys[] | select(.image | startswith("RestoreRamdisk")) | .filename')
- unzip -o -j "$ipsw_path.ipsw" $RamdiskName
- if [[ $device_target_vers == "4.3" ]]; then
- "$dir/xpwntool" $RamdiskName ramdisk.orig -iv d11772b6a3bdd4f0b4cd8795b9f10ad9 -k 9873392c91743857cf5b35c9017c6683d5659c9358f35c742be27bfb03dee77c -decrypt
- else
- mv $RamdiskName ramdisk.orig
- fi
- $bspatch ramdisk.orig ramdisk.patched FirmwareBundles/${device_type}_${device_target_vers}_${device_target_build}.bundle/${RamdiskName%????}.patch
- "$dir/xpwntool" ramdisk.patched ramdisk.raw
- "$dir/hfsplus" ramdisk.raw rm iBoot
- "$dir/hfsplus" ramdisk.raw add iBoot iBoot
- "$dir/xpwntool" ramdisk.raw $RamdiskName -t ramdisk.patched
+ unzip -o -j "$ipsw_path.ipsw" Firmware/dfu/iBSS.${device_model}ap.RELEASE.dfu
+ local ibss_iv=$(echo $device_fw_key | $jq -j '.keys[] | select(.image | startswith("iBSS")) | .iv')
+ local ibss_key=$(echo $device_fw_key | $jq -j '.keys[] | select(.image | startswith("iBSS")) | .key')
+ mv iBSS.${device_model}ap.RELEASE.dfu iBSS.orig
+ "$dir/xpwntool" iBSS.orig iBSS.dec -iv $ibss_iv -k $ibss_key
+ "$dir/iBoot32Patcher" iBSS.dec iBSS.patched --rsa --debug -b "rd=md0 -v amfi=0xff cs_enforcement_disable=1"
+ "$dir/xpwntool" iBSS.patched Firmware/dfu/iBSS.${device_model}ap.RELEASE.dfu -t iBSS.orig
+ log "Patch iBEC"
+ unzip -o -j "$ipsw_path.ipsw" Firmware/dfu/iBEC.${device_model}ap.RELEASE.dfu
+ local ibec_iv=$(echo $device_fw_key | $jq -j '.keys[] | select(.image | startswith("iBEC")) | .iv')
+ local ibec_key=$(echo $device_fw_key | $jq -j '.keys[] | select(.image | startswith("iBEC")) | .key')
+ mv iBEC.${device_model}ap.RELEASE.dfu iBEC.orig
+ "$dir/xpwntool" iBEC.orig iBEC.dec -iv $ibec_iv -k $ibec_key
+ "$dir/iBoot32Patcher" iBEC.dec iBEC.patched --rsa --debug -b "rd=md0 -v amfi=0xff cs_enforcement_disable=1"
+ "$dir/xpwntool" iBEC.patched Firmware/dfu/iBEC.${device_model}ap.RELEASE.dfu -t iBEC.orig
log "Patch AppleLogo"
- unzip -o -j temp.ipsw Firmware/all_flash/all_flash.n90ap.production/applelogo-640x960.s5l8930x.img3
- echo "0000010: 3467" | xxd -r - applelogo-640x960.s5l8930x.img3
- echo "0000020: 3467" | xxd -r - applelogo-640x960.s5l8930x.img3
- mv applelogo-640x960.s5l8930x.img3 Firmware/all_flash/all_flash.n90ap.production/applelogo-640x960.s5l8930x.img3
+ local applelogo_name=$(echo "$device_fw_key" | $jq -j '.keys[] | select(.image | startswith("AppleLogo")) | .filename')
+ unzip -o -j temp.ipsw Firmware/all_flash/all_flash.${device_model}ap.production/$applelogo_name
+ echo "0000010: 3467" | xxd -r - $applelogo_name
+ echo "0000020: 3467" | xxd -r - $applelogo_name
+ mv $applelogo_name Firmware/all_flash/all_flash.${device_model}ap.production/$applelogo_name
+
log "Add all to custom IPSW"
- zip -r0 temp.ipsw Firmware/all_flash/all_flash.n90ap.production/* Firmware/dfu/iBSS.n90ap.RELEASE.dfu $RamdiskName
+ if [[ $device_type != "iPad1,1" ]]; then
+ cp iBoot Firmware/all_flash/all_flash.${device_model}ap.production/iBoot4.${device_model}ap.RELEASE.img3
+ fi
+ zip -r0 temp.ipsw Firmware/all_flash/all_flash.${device_model}ap.production/* Firmware/dfu/*
mv temp.ipsw "$ipsw_custom.ipsw"
}
@@ -2386,6 +2427,15 @@ ipsw_prepare_powder() {
patch_iboot "$ExtraArgs2"
tar -cvf iBoot.tar iBoot
ExtraArgs+=" iBoot.tar"
+ elif [[ $device_type == "iPad1,1" ]]; then
+ ExtraArgs2+=" --boot-ramdisk "
+ if [[ $ipsw_verbose == 1 ]]; then
+ ExtraArgs2+="-b -v"
+ fi
+ patch_iboot "$ExtraArgs2"
+ mv iBoot iBEC
+ tar -cvf iBoot.tar iBEC
+ ExtraArgs+=" iBoot.tar"
fi
log "Preparing custom IPSW: $dir/powdersn0w $ipsw_path.ipsw temp.ipsw -base $ipsw_base_path.ipsw $ExtraArgs"
"$dir/powdersn0w" "$ipsw_path.ipsw" temp.ipsw -base "$ipsw_base_path.ipsw" $ExtraArgs
@@ -2531,7 +2581,7 @@ ipsw_prepare_custom() {
fi
;;
"4.1" ) "$dir/hfsplus" out.dmg untar $jelbrek/greenpois0n/${device_type}_${device_target_build}.tar;;
- "4.3"* | "4.2"* ) "$dir/hfsplus" out.dmg untar $jelbrek/unthredeh4il.tar;;
+ "4.3"* | "4.2"* ) "$dir/hfsplus" out.dmg untar $jelbrek/g1lbertJB/${device_type}_${device_target_build}.tar;;
esac
case $device_target_vers in
"4"* | "3.1.3" )
@@ -2582,6 +2632,10 @@ ipsw_prepare_custom() {
mv temp.ipsw "$ipsw_custom.ipsw"
}
+ipsw_prepare_tethered() {
+ error "not yet"
+}
+
ipsw_extract() {
local ExtraArgs
local ipsw="$ipsw_path"
@@ -2694,7 +2748,15 @@ restore_idevicerestore() {
re="re"
fi
ipsw_extract custom
- if [[ $device_type == "iPad2"* && $device_target_vers == "4.3"* ]]; then
+ if [[ $device_target_powder == 1 ]] && [[ $device_target_vers == "3"* || $device_target_vers == "4"* ]]; then
+ patch_ibss
+ log "Sending iBSS..."
+ $irecovery -f pwnediBSS.dfu
+ sleep 2
+ log "Sending iBEC..."
+ $irecovery -f $ipsw_custom/Firmware/dfu/iBEC.${device_model}ap.RELEASE.dfu
+ device_find_mode Recovery
+ elif [[ $device_type == "iPad2"* && $device_target_vers == "4.3"* ]]; then
ExtraArgs="-e"
log "Sending iBEC..."
$irecovery -f $ipsw_custom/Firmware/dfu/iBEC.${device_model}ap.RELEASE.dfu
@@ -2710,11 +2772,11 @@ restore_idevicerestore() {
echo
log "Restoring done! Read the message below if any error has occurred:"
case $device_target_vers in
- 1* | 2* | 3* | 4* ) print "* For device activation, go to: Other Utilities -> Attempt Activation";;
+ 3* | 4* ) print "* For device activation, go to: Other Utilities -> Attempt Activation";;
esac
if [[ $opt != 0 ]]; then
print "* If you are getting the error \"could not retrieve device serial number\":"
- print " -> This means that your device is not compatible with $device_target_vers"
+ print " -> This means that your device is likely not compatible with $device_target_vers"
print "* If the restore failed on updating baseband:"
print " -> Try disabling baseband update: ./restore.sh --disable-bbupdate"
echo
@@ -2818,6 +2880,7 @@ restore_latest() {
ipsw_path="$ipsw_custom"
ipsw_extract custom
else
+ device_enter_mode Recovery
ipsw_extract
fi
log "Running idevicerestore with command: $idevicerestore2 $ExtraArgs \"$ipsw_path.ipsw\""
@@ -2834,7 +2897,7 @@ restore_latest() {
print "* If opening an issue in GitHub, please provide a FULL log/output. Otherwise, your issue may be dismissed."
fi
case $device_target_vers in
- 1* | 2* | 3* | 4* ) print "* For device activation, go to: Other Utilities -> Attempt Activation";;
+ 3* | 4* ) print "* For device activation, go to: Other Utilities -> Attempt Activation";;
esac
if [[ $ipsw_jailbreak == 1 ]]; then
case $device_target_vers in
@@ -2908,11 +2971,11 @@ restore_prepare() {
if [[ $device_target_other == 1 && $device_target_vers == "4"* ]]; then
device_enter_mode pwnDFU
restore_idevicerestore
- elif [[ $device_target_other == 1 ]]; then
+ elif [[ $device_target_other == 1 || $device_target_tethered == 1 ]]; then
device_buttons
restore_idevicerestore
elif [[ $device_target_vers == "$device_latest_vers" ]]; then
- shsh_save version 7.1.2
+ shsh_save version $device_latest_vers
if [[ $ipsw_jailbreak == 1 ]]; then
device_buttons
restore_idevicerestore
@@ -2920,7 +2983,7 @@ restore_prepare() {
restore_latest
fi
else
- shsh_save version 7.1.2
+ shsh_save version $device_latest_vers
if [[ $device_target_vers == "4"* ]]; then
device_enter_mode pwnDFU
else
@@ -2935,20 +2998,34 @@ restore_prepare() {
restore_idevicerestore
if [[ $device_type == "iPhone2,1" ]]; then
log "Ignore the baseband error and do not disconnect your device yet"
- device_find_mode Recovery
+ device_find_mode Recovery 50
log "Attempting to exit recovery mode"
$irecovery -n
log "Done, your device should boot now"
fi
- elif [[ $device_target_other == 1 ]]; then
+ elif [[ $device_target_other == 1 || $device_target_tethered == 1 ]]; then
device_buttons
restore_idevicerestore
+ elif [[ $device_target_powder == 1 ]]; then
+ shsh_save version $device_latest_vers
+ if [[ $device_target_vers != "5"* ]]; then
+ device_enter_mode pwnDFU
+ else
+ device_buttons
+ fi
+ restore_idevicerestore
+ if [[ $device_target_vers != "5"* && $device_type == "iPad1,1" ]]; then
+ log "Do not disconnect your device yet"
+ device_find_mode Recovery 50
+ device_ramdisk setnvram
+ log "Done, your device should boot now"
+ fi
elif [[ $device_target_vers == "4.1" && $ipsw_jailbreak != 1 ]]; then
device_enter_mode DFU
restore_latest
if [[ $device_type == "iPhone2,1" ]]; then
log "Ignore the baseband error and do not disconnect your device yet"
- device_find_mode Recovery
+ device_find_mode Recovery 50
log "Attempting to exit recovery mode"
$irecovery -n
log "Done, your device should boot now"
@@ -2974,7 +3051,7 @@ restore_prepare() {
[56] )
# 32-bit devices A5/A6
- if [[ $device_target_other != 1 && $device_target_powder != 1 ]]; then
+ if [[ $device_target_other != 1 && $device_target_powder != 1 && $device_target_tethered != 1 ]]; then
shsh_save
fi
if [[ $device_target_vers == "$device_latest_vers" ]]; then
@@ -3039,19 +3116,21 @@ ipsw_prepare() {
;;
4 )
- if [[ $device_target_other == 1 ]]; then
+ if [[ $device_target_tethered == 1 ]]; then
+ ipsw_prepare_tethered
+ elif [[ $device_target_other == 1 ]]; then
ipsw_prepare_32bit
+ elif [[ $device_target_powder == 1 ]] && [[ $device_target_vers == "3"* || $device_target_vers == "4"* ]]; then
+ shsh_save version $device_latest_vers
+ ipsw_prepare_ios4powder
+ elif [[ $device_target_powder == 1 ]]; then
+ ipsw_prepare_powder
elif [[ $device_target_vers == "$device_latest_vers" ]]; then
if [[ $ipsw_jailbreak == 1 && $device_type == "iPhone2,1" ]]; then
ipsw_prepare_custom
elif [[ $ipsw_jailbreak == 1 ]]; then
ipsw_prepare_32bit
fi
- elif [[ $device_type == "iPhone3,1" && $device_target_vers == "4.3"* ]]; then
- shsh_save version 7.1.2
- ipsw_prepare_ios4powder
- elif [[ $device_type == "iPhone3,1" || $device_type == "iPhone3,3" ]]; then
- ipsw_prepare_powder
else
ipsw_prepare_custom
fi
@@ -3059,7 +3138,9 @@ ipsw_prepare() {
[56] )
# 32-bit devices A5/A6
- if [[ $device_target_powder == 1 ]]; then
+ if [[ $device_target_tethered == 1 ]]; then
+ ipsw_prepare_tethered
+ elif [[ $device_target_powder == 1 ]]; then
ipsw_prepare_powder
elif [[ $ipsw_jailbreak == 1 && $device_target_other != 1 ]]; then
ipsw_prepare_jailbreak
@@ -3090,31 +3171,7 @@ device_remove4() {
"Enable exploit" ) rec=2;;
* ) return;;
esac
-
- if [[ ! -e ../saved/$device_type/iBSS_8L1.dfu ]]; then
- log "Downloading 8L1 iBSS..."
- "$dir/pzb" -g Firmware/dfu/iBSS.n90ap.RELEASE.dfu -o iBSS_8L1.dfu $(cat $device_fw_dir/8L1/url)
- cp iBSS_8L1.dfu ../saved/$device_type
- else
- cp ../saved/$device_type/iBSS_8L1.dfu .
- fi
-
- device_enter_mode pwnDFU
- log "Patching iBSS..."
- $bspatch iBSS_8L1.dfu pwnediBSS ../resources/patch/iBSS.n90ap.8L1.patch
- log "Sending iBSS..."
- $irecovery -f pwnediBSS
- sleep 5
- log "Running commands..."
- $irecovery -c "setenv boot-partition $rec"
- $irecovery -c "saveenv"
- $irecovery -c "setenv auto-boot true"
- $irecovery -c "saveenv"
- $irecovery -c "reset"
- log "Done!"
- print "* If disabling the exploit did not work and the device is still in recovery mode screen after restore:"
- print "* You may try another method for clearing NVRAM. See the \"Troubleshooting\" wiki page for more details"
- print "* Troubleshooting link: https://github.com/LukeZGD/Legacy-iOS-Kit/wiki/Troubleshooting#clearing-nvram"
+ device_ramdisk setnvram $rec
}
device_send_rdtar() {
@@ -3138,7 +3195,12 @@ device_ramdisk() {
local decrypt
local ramdisk_path
local build_id
+ local mode="$1"
+ local rec=2
+ if [[ $1 == "setnvram" ]]; then
+ rec=$2
+ fi
if [[ $1 != "justboot" ]]; then
comps+=("RestoreRamdisk")
fi
@@ -3331,8 +3393,8 @@ device_ramdisk() {
device_find_mode Restore 25
fi
- case $1 in
- "nvram" | "jailbreak" | "activation" | "baseband" | "getversion" )
+ case $mode in
+ "clearnvram" | "jailbreak" | "activation" | "baseband" | "getversion" | "setnvram" )
log "Running iproxy for SSH..."
$iproxy 2222 22 >/dev/null &
iproxy_pid=$!
@@ -3341,7 +3403,7 @@ device_ramdisk() {
;;
esac
- case $1 in
+ case $mode in
"activation" | "baseband" )
local arg="$1"
local dump="../saved/$device_type"
@@ -3420,9 +3482,8 @@ device_ramdisk() {
7* ) untether="evasi0n7-untether.tar";;
6.1.[3456] ) untether="p0sixspwn.tar";;
6* ) untether="evasi0n6-untether.tar";;
- 5* ) untether="g1lbertJB/${device_type}_${build}.tar";;
4.2.1 | 4.1 | 4.0* | 3.2.2 | 3.1.3 ) untether="greenpois0n/${device_type}_${build}.tar";;
- 4.3* | 4.2* ) untether="unthredeh4il.tar";;
+ 5* | 4.3* | 4.2* ) untether="g1lbertJB/${device_type}_${build}.tar";;
'' )
warn "Something wrong happened. Failed to get iOS version."
print "* Please reboot the device into normal operating mode, then perform a clean \"slide to power off\", then try again."
@@ -3452,8 +3513,8 @@ device_ramdisk() {
9* | 8* ) device_send_rdtar fstab8.tar;;
7* ) device_send_rdtar fstab7.tar;;
6* ) device_send_rdtar fstab_rw.tar;;
- 5* ) untether="${device_type}_${build}.tar";;
4.2.1 ) $ssh -p 2222 root@127.0.0.1 "[[ ! -e /mnt1/sbin/punchd ]] && mv /mnt1/sbin/launchd /mnt1/sbin/punchd";;
+ 5* | 4.3* | 4.2* ) untether="${device_type}_${build}.tar";;
esac
case $vers in
5* ) device_send_rdtar g1lbertJB.tar;;
@@ -3506,13 +3567,20 @@ device_ramdisk() {
return
;;
- "nvram" )
+ "clearnvram" )
log "Sending commands for clearing NVRAM..."
$ssh -p 2222 root@127.0.0.1 "nvram -c; reboot_bak"
log "Done! Your device should reboot now."
print "* If the device did not connect, SSH to the device manually."
;;
+ "setnvram" )
+ log "Sending commands for NVRAM..."
+ $ssh -p 2222 root@127.0.0.1 "nvram -c; nvram boot-partition=$rec; reboot_bak"
+ log "Done, your device should boot now"
+ return
+ ;;
+
* ) log "Device should now be in SSH ramdisk mode.";;
esac
echo
@@ -3800,8 +3868,10 @@ menu_restore() {
case $device_type in
iPhone4,1 | iPhone5,[1234] | iPad2,4 | iPad3,[456] | iPod5,1 )
menu_items+=("Other (powdersn0w 7.x blobs)");;
- iPhone3,[13] )
+ iPhone3,[13] | iPad1,1 | iPod3,1 )
menu_items+=("powdersn0w (any iOS)");;
+ esac
+ case $device_type in
iPhone1,[12] | iPhone2,1 | iPhone3,2 | iPad1,1 | iPod[1234],1 )
if [[ -z $1 ]]; then
menu_items+=("Other (Custom IPSW)")
@@ -3812,6 +3882,7 @@ menu_restore() {
menu_items+=("Other (Use SHSH Blobs)")
if (( device_proc < 7 )); then
menu_items+=("DFU IPSW")
+ #menu_items+=("Other (Tethered)" "DFU IPSW")
fi
fi
menu_items+=("Go Back")
@@ -3861,6 +3932,7 @@ menu_ipsw() {
device_base_build=
device_target_other=
device_target_powder=
+ device_target_tethered=
while [[ -z "$mode" && -z "$back" ]]; do
case $1 in
@@ -3937,6 +4009,8 @@ menu_ipsw() {
device_target_other=1
elif [[ $1 == *"powdersn0w"* ]]; then
device_target_powder=1
+ elif [[ $1 == *"Tethered"* ]]; then
+ device_target_tethered=1
elif [[ -n $device_target_vers && -e "../$newpath.ipsw" ]]; then
ipsw_verify "../$newpath" "$device_target_build" nopause
if [[ $? == 0 ]]; then
@@ -3947,6 +4021,11 @@ menu_ipsw() {
menu_items=("Select Target IPSW")
menu_print_info
if [[ $1 == *"powdersn0w"* ]]; then
+ if [[ $device_type == "iPod3,1" ]]; then
+ warn "There might be an issue with powdersn0w downgrade for iPod touch 3."
+ print "* This is untested, let me know of any issues"
+ echo
+ fi
menu_items+=("Select Base IPSW")
if [[ -n $ipsw_path ]]; then
print "* Selected Target IPSW: $ipsw_path.ipsw"
@@ -3960,6 +4039,8 @@ menu_ipsw() {
iPad2,4 | iPad3,[123] ) print "* Any iOS version from 5.1 to 9.3.5 is supported";;
iPhone5,[12] | iPad3,[456] ) print "* Any iOS version from 6.0 to 9.3.5 is supported";;
iPhone5,[34] ) print "* Any iOS version from 7.0 to 9.3.5 is supported";;
+ iPad1,1 ) print "* Any iOS version from 4.3.1 to 5.1 is supported";;
+ iPod3,1 ) print "* Any iOS version from 4.3 to 5.1 is supported";;
esac
fi
echo
@@ -3968,6 +4049,7 @@ menu_ipsw() {
iPhone3,[13] ) text2="(iOS 7.1.2)";;
iPhone5,[1234] ) text2="(iOS 7.x)";;
iPad3,[456] ) text2="(iOS 7.0.x)";;
+ iPad1,1 | iPod3,1 ) text2="(iOS 5.1.1)";;
esac
if [[ -n $ipsw_base_path ]]; then
print "* Selected Base $text2 IPSW: $ipsw_base_path.ipsw"
@@ -3976,13 +4058,13 @@ menu_ipsw() {
warn "There might be an issue when selecting iOS 7.0-7.0.2 base."
print "* The device might get stuck at recovery mode after the restore."
fi
- if [[ $device_type != "iPhone3,1" && $device_type != "iPhone3,3" ]]; then
+ if [[ $device_proc != 4 ]]; then
menu_items+=("Select Base SHSH")
fi
else
print "* Select Base $text2 IPSW to continue"
fi
- if [[ $device_type == "iPhone3,1" || $device_type == "iPhone3,3" ]]; then
+ if [[ $device_proc == 4 ]]; then
shsh_path=1
else
if [[ -n $shsh_path ]]; then
@@ -4002,6 +4084,32 @@ menu_ipsw() {
menu_items+=("$start")
fi
+ elif [[ $1 == *"Tethered"* ]]; then
+ menu_items+=("Select Base IPSW (tethered)")
+ if [[ -n $ipsw_path ]]; then
+ print "* Selected Target IPSW: $ipsw_path.ipsw"
+ print "* Target Version: $device_target_vers-$device_target_build"
+ else
+ print "* Select Target IPSW to continue"
+ fi
+ echo
+ local text2="(iOS 8.4.1)"
+ case $device_type in
+ iPhone4,1 | iPad2,[123] ) text2="(iOS 6.1.3)";;
+ iPhone2,1 | iPod4,1 ) text2="(iOS 6.1.6)";;
+ iPad1,1 | iPod3,1 ) text2="(iOS 5.1.1)";;
+ iPhone3,[123] ) text2="(iOS 7.1.2)";;
+ esac
+ if [[ -n $ipsw_base_path ]]; then
+ print "* Selected Base $text2 IPSW: $ipsw_base_path.ipsw"
+ print "* Base Version: $device_base_vers-$device_base_build"
+ else
+ print "* Select Base $text2 IPSW to continue"
+ fi
+ if [[ -n $ipsw_path && -n $ipsw_base_path ]] && [[ -n $shsh_path || $2 == "ipsw" ]]; then
+ menu_items+=("$start")
+ fi
+
elif [[ $1 == "Other"* ]]; then
# menu for other (shsh) restores
if [[ -n $ipsw_path ]]; then
@@ -4065,6 +4173,7 @@ menu_ipsw() {
"Create IPSW" ) mode="custom-ipsw";;
"Select Target IPSW" ) menu_ipsw_browse "$1";;
"Select Base IPSW" ) menu_ipsw_browse "base";;
+ "Select Base IPSW (tethered)" ) menu_ipsw_browse "base2";;
"Select Target SHSH" ) menu_shsh_browse "$1";;
"Select Base SHSH" ) menu_shsh_browse "base";;
"Download Target IPSW" ) ipsw_download "../$newpath";;
@@ -4125,11 +4234,14 @@ ipsw_custom_set() {
ipsw_custom+="0"
fi
fi
+ if [[ $device_target_tethered == 1 ]]; then
+ ipsw_custom+="T"
+ fi
if [[ $ipsw_verbose == 1 ]]; then
ipsw_custom+="V"
fi
- if [[ $device_target_vers == "4.3"* && $device_type == "iPhone3,1" && $device_target_powder == 1 ]]; then
- ipsw_custom+="_$device_ecid"
+ if [[ $device_target_powder == 1 ]] && [[ $device_target_vers == "3"* || $device_target_vers == "4"* ]]; then
+ ipsw_custom+="-$device_ecid"
fi
}
@@ -4192,23 +4304,47 @@ menu_ipsw_browse() {
"3.1.3" ) versionc="3.1.3";;
"Latest iOS"* ) versionc="$device_latest_vers";;
"base" )
- if [[ $device_type == "iPhone5"* ]]; then
- if [[ $device_base_vers != "7"* ]]; then
- log "Selected IPSW is not for iOS 7.x."
- print "* You need iOS 7.x IPSW and SHSH blobs for this device to use powdersn0w."
- pause
- return
- fi
- elif [[ $device_type == "iPad3"* ]]; then
- if [[ $device_base_vers != "7.0"* ]]; then
- log "Selected IPSW is not for iOS 7.0.x."
- print "* You need iOS 7.0.x IPSW and SHSH blobs for this device to use powdersn0w."
- pause
- return
- fi
- elif [[ $device_base_vers != "7.1"* ]]; then
- log "Selected IPSW is not for iOS 7.1.x."
- print "* You need iOS 7.1.x IPSW and SHSH blobs for this device to use powdersn0w."
+ local check_vers="7.1"
+ local base_vers="7.1.x"
+ case $device_type in
+ iPhone5* )
+ check_vers="7"
+ base_vers="7.x"
+ ;;
+ iPad3* )
+ check_vers="7.0"
+ base_vers="7.0.x"
+ ;;
+ iPhone3* )
+ check_vers="7.1.2"
+ base_vers="$check_vers"
+ ;;
+ iPad1,1 | iPod3,1 )
+ check_vers="5.1.1"
+ base_vers="$check_vers"
+ ;;
+ esac
+ if [[ $device_base_vers != "$check_vers"* ]]; then
+ log "Selected IPSW is not for iOS $base_vers."
+ print "* You need iOS $base_vers IPSW and SHSH blobs for this device to use powdersn0w."
+ pause
+ return
+ fi
+ ipsw_verify "$newpath" "$device_base_build"
+ ipsw_base_path="$newpath"
+ return
+ ;;
+ "base2" )
+ local basec
+ case $device_type in
+ iPhone4,1 | iPad2,[123] ) basec="6.1.3";;
+ iPhone2,1 | iPod4,1 ) basec="6.1.6";;
+ iPad1,1 | iPod3,1 ) basec="5.1.1";;
+ iPhone3,[123] ) basec="7.1.2";;
+ * ) basec="8.4.1";;
+ esac
+ if [[ $device_base_vers != "$basec" ]]; then
+ log "Selected IPSW is the correct version for base."
pause
return
fi
@@ -4217,12 +4353,14 @@ menu_ipsw_browse() {
return
;;
*"powdersn0w"* )
+ if [[ $device_type == "iPad1,1" && $device_target_vers == "4.3" ]]; then
+ log "Selected IPSW ($device_target_vers) is not supported as target version."
+ pause
+ return
+ fi
case $device_target_build in
- "8A"* | "8B"* | "8C"* | "8G4" | "8H7" | "8K2" | "14"* )
+ "7"* | "8A"* | "8B"* | "8C"* | "14"* )
log "Selected IPSW ($device_target_vers) is not supported as target version."
- if [[ $device_target_build == "8"* ]]; then
- print "* Supported iOS 4.3.x versions: 4.3, 4.3.3, 4.3.5"
- fi
pause
return
;;
@@ -4300,7 +4438,7 @@ menu_other() {
menu_items+=("Enter pwnDFU Mode")
fi
case $device_type in
- iPhone3,1 ) menu_items+=("Disable/Enable Exploit");;
+ iPhone3,1 | iPad1,1 | iPod3,1 ) menu_items+=("Disable/Enable Exploit");;
iPhone2,1 ) menu_items+=("Install alloc8 Exploit");;
esac
fi
@@ -4486,7 +4624,7 @@ restore_customipsw() {
$idevicerestore -ce "$ipsw_path.ipsw"
log "Restoring done!"
case $device_target_vers in
- 1* | 2* | 3* | 4* ) print "* For device activation, go to: Other Utilities -> Attempt Activation";;
+ 3* | 4* ) print "* For device activation, go to: Other Utilities -> Attempt Activation";;
esac
}
@@ -4544,6 +4682,7 @@ restore_dfuipsw() {
return
fi
ipsw_path="$ipsw_dfuipsw"
+ device_enter_mode Recovery
ipsw_extract
log "Running idevicerestore with command: $idevicerestore -e \"$ipsw_path.ipsw\""
$idevicerestore -e "$ipsw_path.ipsw"
@@ -4584,12 +4723,19 @@ main() {
set_tool_paths
log "Checking Internet connection..."
- $ping www.apple.com >/dev/null
- if [[ $? != 0 ]]; then
- $ping 208.67.222.222 >/dev/null
- if [[ $? != 0 ]]; then
- error "Please check your Internet connection before proceeding."
+ local try=("www.apple.com"
+ "google.com"
+ "208.67.222.222")
+ local check
+ for i in "${try[@]}"; do
+ ping -c1 $try >/dev/null
+ check=$?
+ if [[ $check == 0 ]]; then
+ break
fi
+ done
+ if [[ $check != 0 ]]; then
+ error "Please check your Internet connection before proceeding."
fi
version_check
@@ -4634,7 +4780,7 @@ main() {
"kdfu" ) device_enter_mode kDFU;;
"remove4" ) device_remove4;;
"ramdisk4" ) device_enter_ramdisk;;
- "ramdisknvram" ) device_ramdisk nvram;;
+ "ramdisknvram" ) device_ramdisk clearnvram;;
"pwned-ibss" ) device_enter_mode pwnDFU;;
"save-onboard-blobs" ) shsh_save_onboard;;
"save-cydia-blobs" ) shsh_save_cydia;;