Downgrades with iOS 5 iBoot exploit

touch 3 is not tested and prob not working (yet)
also fixes some other stuff
This commit is contained in:
LukeZGD 2023-10-31 01:36:38 +08:00
parent 4475a844e6
commit 3f72b37a22
60 changed files with 429 additions and 662 deletions

View File

@ -10,7 +10,7 @@
- Legacy iOS Kit supports all 32-bit iOS devices, and some A7/A8 64-bit devices - Legacy iOS Kit supports all 32-bit iOS devices, and some A7/A8 64-bit devices
- Restore to signed OTA versions (iOS 8.4.1 and/or 6.1.3) on A5/A6 devices - Restore to signed OTA versions (iOS 8.4.1 and/or 6.1.3) on A5/A6 devices
- Restore some 32-bit devices to other iOS versions without blobs - Restore some 32-bit devices to other iOS versions without blobs
- This includes downgrading iPhone 3GS, iPhone 4 GSM and CDMA, iPod touch 2 - This includes downgrading iPhone 3GS, iPhone 4 GSM and CDMA, iPod touch 2, touch 3, iPad 1
- Restore with SHSH blobs on supported devices - Restore with SHSH blobs on supported devices
- Restore to other iOS versions with iOS 7 blobs (powdersn0w) - Restore to other iOS versions with iOS 7 blobs (powdersn0w)
- Jailbreak all 32-bit iOS devices on (almost) any iOS version - Jailbreak all 32-bit iOS devices on (almost) any iOS version
@ -78,9 +78,12 @@
- iPhone 4 GSM - targets iOS 4.3 to 7.1.1 - iPhone 4 GSM - targets iOS 4.3 to 7.1.1
- iPhone 4 CDMA - targets iOS 5.0 to 7.1.1 - iPhone 4 CDMA - targets iOS 5.0 to 7.1.1
- iPhone 4S, 5, 5C, iPad 2 Rev A, iPad 4, iPod touch 5 - targets iOS 5.0 to 9.3.5 - iPhone 4S, 5, 5C, iPad 2 Rev A, iPad 4, iPod touch 5 - targets iOS 5.0 to 9.3.5
- iPad 1 - targets iOS 4.3.1 to 5.1
- iPod touch 3 - targets iOS 4.3 to 5.1
- Using powdersn0w requires iOS 7.1.x blobs for your device - Using powdersn0w requires iOS 7.1.x blobs for your device
- For iPhone 5 and 5C, both 7.0.x and 7.1.x blobs can be used - For iPhone 5 and 5C, both 7.0.x and 7.1.x blobs can be used
- For iPad 4, only 7.0.x blobs can be used - For iPad 4, only 7.0.x blobs can be used
- For iPad 1 and iPod touch 3, 5.1.1 blobs are used instead
- Restoring to other unsigned versions without blobs is supported on the following devices: - Restoring to other unsigned versions without blobs is supported on the following devices:
- iPhone 3GS - targets iOS 3.1.3 to 5.1.1 - iPhone 3GS - targets iOS 3.1.3 to 5.1.1
- iPod touch 2 - targets iOS 3.1.3 to 4.1 - iPod touch 2 - targets iOS 3.1.3 to 4.1
@ -101,8 +104,9 @@
- curl - curl
- bspatch - bspatch
- [powdersn0w_pub](https://github.com/dora2-iOS/powdersn0w_pub) - dora2ios; [LukeZGD fork](https://github.com/LukeZGD/powdersn0w_pub) - [powdersn0w_pub](https://github.com/dora2-iOS/powdersn0w_pub) - dora2ios; [LukeZGD fork](https://github.com/LukeZGD/powdersn0w_pub)
- [Exploits used are from kok3shidoll's repo](https://github.com/kok3shidoll/untitled) - [Most of the exploit ramdisks used are from kok3shidoll's repo](https://github.com/kok3shidoll/untitled)
- [5C 7.0.x exploit is from Ralph0045's repo](https://github.com/Ralph0045/iloader) - [5C 7.0.x exploit ramdisk is from Ralph0045's iloader repo](https://github.com/Ralph0045/iloader)
- [iPad 1 exploit ramdisk is from Ralph0045's iBoot-5-Stuff repo](https://github.com/Ralph0045/iBoot-5-Stuff)
- [ipwndfu](https://github.com/LukeZGD/ipwndfu) - axi0mX, Linus Henze, synackuk; LukeZGD fork - [ipwndfu](https://github.com/LukeZGD/ipwndfu) - axi0mX, Linus Henze, synackuk; LukeZGD fork
- [ipwnder_lite](https://github.com/dora2-iOS/ipwnder_lite/tree/7265a06d184e433989db640d5e83ea58d5862609) - dora2ios (used on macOS) - [ipwnder_lite](https://github.com/dora2-iOS/ipwnder_lite/tree/7265a06d184e433989db640d5e83ea58d5862609) - dora2ios (used on macOS)
- [iPwnder32](https://github.com/dora2-iOS/iPwnder32/tree/243ea5c6d1bd15f8bdd0b3a1ff4a7729bc14bac4) - dora2ios (old version with libusb used on Linux) - [iPwnder32](https://github.com/dora2-iOS/iPwnder32/tree/243ea5c6d1bd15f8bdd0b3a1ff4a7729bc14bac4) - dora2ios (old version with libusb used on Linux)
@ -134,7 +138,6 @@
- [Cydia HTTPatch](https://cydia.invoxiplaygames.uk/package/cydiahttpatch) for 3.1.3 downgrades/jailbreaks - [Cydia HTTPatch](https://cydia.invoxiplaygames.uk/package/cydiahttpatch) for 3.1.3 downgrades/jailbreaks
- [Pangu](https://www.theiphonewiki.com/wiki/Pangu) - [Pangu](https://www.theiphonewiki.com/wiki/Pangu)
- [p0sixspwn](https://www.theiphonewiki.com/wiki/p0sixspwn) - [p0sixspwn](https://www.theiphonewiki.com/wiki/p0sixspwn)
- [unthredeh4il](https://www.theiphonewiki.com/wiki/Unthredera1n#unthredeh4il)
- [evasi0n](https://www.theiphonewiki.com/wiki/Evasi0n) - [evasi0n](https://www.theiphonewiki.com/wiki/Evasi0n)
- [g1lbertJB](https://github.com/g1lbertJB/g1lbertJB) - [g1lbertJB](https://github.com/g1lbertJB/g1lbertJB)
- [UntetherHomeDepot](https://www.theiphonewiki.com/wiki/UntetherHomeDepot) - [UntetherHomeDepot](https://www.theiphonewiki.com/wiki/UntetherHomeDepot)

View File

@ -1,80 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Filename</key>
<string>iPhone3,1_7.1.2_11D257_Restore.ipsw</string>
<key>RootFilesystem</key>
<string>058-4520-010.dmg</string>
<key>RootFilesystemKey</key>
<string>38d0320d099b9dd34ffb3308c53d397f14955b347d6a433fe173acc2ced1ae78756b3684</string>
<key>RootFilesystemSize</key>
<integer>1660</integer>
<key>RamdiskOptionsPath</key>
<string>/usr/local/share/restore/options.n90.plist</string>
<key>SHA256</key>
<string>8df4acce2cc2989ad159f980dd65a4bdc8c9eab4000e35169baa70ceb8749b2d</string>
<key>RamdiskExploit</key>
<dict>
<key>exploit</key>
<string>src/target/n90/11D257/exploit</string>
<key>inject</key>
<string>src/target/n90/11D257/partition</string>
</dict>
<key>Firmware</key>
<dict/>
<key>FirmwarePath</key>
<dict>
<key>AppleLogo</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/applelogo@2x~iphone.s5l8930x.img3</string>
</dict>
<key>BatteryCharging0</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/batterycharging0@2x~iphone.s5l8930x.img3</string>
</dict>
<key>BatteryCharging1</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/batterycharging1@2x~iphone.s5l8930x.img3</string>
</dict>
<key>BatteryFull</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/batteryfull@2x~iphone.s5l8930x.img3</string>
</dict>
<key>BatteryLow0</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/batterylow0@2x~iphone.s5l8930x.img3</string>
</dict>
<key>BatteryLow1</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/batterylow1@2x~iphone.s5l8930x.img3</string>
</dict>
<key>BatteryPlugin</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/glyphplugin@2x~iphone-30pin.s5l8930x.img3</string>
</dict>
<key>RecoveryMode</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/recoverymode@2x~iphone-30pin.s5l8930x.img3</string>
</dict>
<key>LLB</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/LLB.n90ap.RELEASE.img3</string>
</dict>
<key>iBoot</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/iBoot.n90ap.RELEASE.img3</string>
</dict>
</dict>
</dict>
</plist>

View File

@ -1,132 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Filename</key>
<string>iPhone3,1_4.3.3_8J2_Restore.ipsw</string>
<key>RootFilesystem</key>
<string>038-1423-003.dmg</string>
<key>RootFilesystemKey</key>
<string>246f17ec6660672b3207ece257938704944a83601205736409b61fc3565512559abd0f82</string>
<key>RootFilesystemSize</key>
<integer>930</integer>
<key>RamdiskOptionsPath</key>
<string>/usr/local/share/restore/options.n90.plist</string>
<key>SHA256</key>
<string>29dccda5dd28fbb62afc1e09668e96b7e23f9ba84bc8f4f19f5264c3e904c04a</string>
<key>FilesystemPackage</key>
<dict/>
<key>RamdiskPackage</key>
<dict>
<key>package</key>
<string>src/bin.tar</string>
<key>ios</key>
<string>ios4</string>
</dict>
<key>Firmware</key>
<dict>
<key>iBSS</key>
<dict>
<key>File</key>
<string>Firmware/dfu/iBSS.n90ap.RELEASE.dfu</string>
<key>IV</key>
<string>cdd50b45ca1bac4f718d9eb23ce9f0a8</string>
<key>Key</key>
<string>8ef00005aa2c01ae409d55e330171589af79d76ac86639e76003835d5d82ffc4</string>
<key>Decrypt</key>
<true/>
<key>Patch</key>
<true/>
</dict>
<key>Restore Ramdisk</key>
<dict>
<key>File</key>
<string>038-1449-003.dmg</string>
</dict>
</dict>
<key>FirmwareReplace</key>
<dict>
<key>APTicket</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/applelogoT-640x960.s5l8930x.img3</string>
</dict>
<key>AppleLogo</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/applelogo7-640x960.s5l8930x.img3</string>
</dict>
<key>NewAppleLogo</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/applelogo-640x960.s5l8930x.img3</string>
</dict>
<key>BatteryCharging0</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/batterycharging0-640x960.s5l8930x.img3</string>
</dict>
<key>BatteryCharging1</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/batterycharging1-640x960.s5l8930x.img3</string>
</dict>
<key>BatteryFull</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/batteryfull-640x960.s5l8930x.img3</string>
</dict>
<key>BatteryLow0</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/batterylow0-640x960.s5l8930x.img3</string>
</dict>
<key>BatteryLow1</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/batterylow1-640x960.s5l8930x.img3</string>
</dict>
<key>BatteryPlugin</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/glyphplugin-640x960.s5l8930x.img3</string>
</dict>
<key>RecoveryMode</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/recoverymode7-640x960.s5l8930x.img3</string>
</dict>
<key>NewRecoveryMode</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/recoverymode-640x960.s5l8930x.img3</string>
</dict>
<key>LLB</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/LLB.n90ap.RELEASE.img3</string>
</dict>
<key>iBoot</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/iBoot.n90ap.RELEASE.img3</string>
</dict>
<key>NewiBoot</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/iBoot4.n90ap.RELEASE.img3</string>
<key>IV</key>
<string>bb3fc29dd226fac56086790060d5c744</string>
<key>Key</key>
<string>c2ead1d3b228a05b665c91b4b1ab54b570a81dffaf06eaf1736767bcb86e50de</string>
</dict>
<key>manifest</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/manifest</string>
<key>manifest</key>
<string>manifest</string>
</dict>
</dict>
</dict>
</plist>

View File

@ -1,16 +0,0 @@
applelogoT-640x960.s5l8930x.img3
LLB.n90ap.RELEASE.img3
iBoot.n90ap.RELEASE.img3
DeviceTree.n90ap.img3
applelogo7-640x960.s5l8930x.img3
recoverymode7-640x960.s5l8930x.img3
batterylow0-640x960.s5l8930x.img3
batterylow1-640x960.s5l8930x.img3
glyphcharging-640x960.s5l8930x.img3
glyphplugin-640x960.s5l8930x.img3
batterycharging0-640x960.s5l8930x.img3
batterycharging1-640x960.s5l8930x.img3
batteryfull-640x960.s5l8930x.img3
iBoot4.n90ap.RELEASE.img3
applelogo-640x960.s5l8930x.img3
recoverymode-640x960.s5l8930x.img3

View File

@ -1,132 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Filename</key>
<string>iPhone3,1_4.3.5_8L1_Restore.ipsw</string>
<key>RootFilesystem</key>
<string>038-2288-002.dmg</string>
<key>RootFilesystemKey</key>
<string>e5e061077217c4937e14d9c4ae1eeb8d69827aa4838168033dd5f1806ab485306a8aa3cf</string>
<key>RootFilesystemSize</key>
<integer>930</integer>
<key>RamdiskOptionsPath</key>
<string>/usr/local/share/restore/options.n90.plist</string>
<key>SHA256</key>
<string>54040d08602e6a9894a4671393b0c335d51bdb55a3e28a336676c5facc592349</string>
<key>FilesystemPackage</key>
<dict/>
<key>RamdiskPackage</key>
<dict>
<key>package</key>
<string>src/bin.tar</string>
<key>ios</key>
<string>ios4</string>
</dict>
<key>Firmware</key>
<dict>
<key>iBSS</key>
<dict>
<key>File</key>
<string>Firmware/dfu/iBSS.n90ap.RELEASE.dfu</string>
<key>IV</key>
<string>00ba61665022e97cacb71493f3e92533</string>
<key>Key</key>
<string>85d0388a2b1ce6b4fc68aebb3cb87014b6dd57fde5d9599381db4083a30c3803</string>
<key>Decrypt</key>
<true/>
<key>Patch</key>
<true/>
</dict>
<key>Restore Ramdisk</key>
<dict>
<key>File</key>
<string>038-2265-002.dmg</string>
</dict>
</dict>
<key>FirmwareReplace</key>
<dict>
<key>APTicket</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/applelogoT-640x960.s5l8930x.img3</string>
</dict>
<key>AppleLogo</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/applelogo7-640x960.s5l8930x.img3</string>
</dict>
<key>NewAppleLogo</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/applelogo-640x960.s5l8930x.img3</string>
</dict>
<key>BatteryCharging0</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/batterycharging0-640x960.s5l8930x.img3</string>
</dict>
<key>BatteryCharging1</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/batterycharging1-640x960.s5l8930x.img3</string>
</dict>
<key>BatteryFull</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/batteryfull-640x960.s5l8930x.img3</string>
</dict>
<key>BatteryLow0</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/batterylow0-640x960.s5l8930x.img3</string>
</dict>
<key>BatteryLow1</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/batterylow1-640x960.s5l8930x.img3</string>
</dict>
<key>BatteryPlugin</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/glyphplugin-640x960.s5l8930x.img3</string>
</dict>
<key>RecoveryMode</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/recoverymode7-640x960.s5l8930x.img3</string>
</dict>
<key>NewRecoveryMode</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/recoverymode-640x960.s5l8930x.img3</string>
</dict>
<key>LLB</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/LLB.n90ap.RELEASE.img3</string>
</dict>
<key>iBoot</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/iBoot.n90ap.RELEASE.img3</string>
</dict>
<key>NewiBoot</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/iBoot4.n90ap.RELEASE.img3</string>
<key>IV</key>
<string>986032eecd861c37ca2a86b6496a3c0d</string>
<key>Key</key>
<string>b4e300c54a9dd2e648ead50794e9bf2205a489c310a1c70a9fae687368229468</string>
</dict>
<key>manifest</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/manifest</string>
<key>manifest</key>
<string>manifest</string>
</dict>
</dict>
</dict>
</plist>

View File

@ -1,16 +0,0 @@
applelogoT-640x960.s5l8930x.img3
LLB.n90ap.RELEASE.img3
iBoot.n90ap.RELEASE.img3
DeviceTree.n90ap.img3
applelogo7-640x960.s5l8930x.img3
recoverymode7-640x960.s5l8930x.img3
batterylow0-640x960.s5l8930x.img3
batterylow1-640x960.s5l8930x.img3
glyphcharging-640x960.s5l8930x.img3
glyphplugin-640x960.s5l8930x.img3
batterycharging0-640x960.s5l8930x.img3
batterycharging1-640x960.s5l8930x.img3
batteryfull-640x960.s5l8930x.img3
iBoot4.n90ap.RELEASE.img3
applelogo-640x960.s5l8930x.img3
recoverymode-640x960.s5l8930x.img3

View File

@ -1,136 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Filename</key>
<string>iPhone3,1_4.3_8F190_Restore.ipsw</string>
<key>RootFilesystem</key>
<string>038-0688-006.dmg</string>
<key>RootFilesystemKey</key>
<string>34904e749a8c5cfabecc6c3340816d85e7fc4de61c968ca93be621a9b9520d6466a1456a</string>
<key>RootFilesystemSize</key>
<integer>930</integer>
<key>RamdiskOptionsPath</key>
<string>/usr/local/share/restore/options.n90.plist</string>
<key>SHA256</key>
<string>dd891fbe6e035bdca7acba4567f6297d11b5e4fc089511b700908101c82950c0</string>
<key>FilesystemPackage</key>
<dict/>
<key>RamdiskPackage</key>
<dict>
<key>package</key>
<string>src/bin.tar</string>
<key>ios</key>
<string>ios4</string>
</dict>
<key>Firmware</key>
<dict>
<key>iBSS</key>
<dict>
<key>File</key>
<string>Firmware/dfu/iBSS.n90ap.RELEASE.dfu</string>
<key>IV</key>
<string>37f4d36494ac9d83ab8a9e4936c885f8</string>
<key>Key</key>
<string>f5e50c94dfee05ed52b4003750007f4c2d1801f7e90e768774ac656dc62c69db</string>
<key>Decrypt</key>
<true/>
<key>Patch</key>
<true/>
</dict>
<key>Restore Ramdisk</key>
<dict>
<key>File</key>
<string>038-0715-006.dmg</string>
<key>IV</key>
<string>d11772b6a3bdd4f0b4cd8795b9f10ad9</string>
<key>Key</key>
<string>9873392c91743857cf5b35c9017c6683d5659c9358f35c742be27bfb03dee77c</string>
</dict>
</dict>
<key>FirmwareReplace</key>
<dict>
<key>APTicket</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/applelogoT-640x960.s5l8930x.img3</string>
</dict>
<key>AppleLogo</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/applelogo7-640x960.s5l8930x.img3</string>
</dict>
<key>NewAppleLogo</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/applelogo-640x960.s5l8930x.img3</string>
</dict>
<key>BatteryCharging0</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/batterycharging0-640x960.s5l8930x.img3</string>
</dict>
<key>BatteryCharging1</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/batterycharging1-640x960.s5l8930x.img3</string>
</dict>
<key>BatteryFull</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/batteryfull-640x960.s5l8930x.img3</string>
</dict>
<key>BatteryLow0</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/batterylow0-640x960.s5l8930x.img3</string>
</dict>
<key>BatteryLow1</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/batterylow1-640x960.s5l8930x.img3</string>
</dict>
<key>BatteryPlugin</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/glyphplugin-640x960.s5l8930x.img3</string>
</dict>
<key>RecoveryMode</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/recoverymode7-640x960.s5l8930x.img3</string>
</dict>
<key>NewRecoveryMode</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/recoverymode-640x960.s5l8930x.img3</string>
</dict>
<key>LLB</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/LLB.n90ap.RELEASE.img3</string>
</dict>
<key>iBoot</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/iBoot.n90ap.RELEASE.img3</string>
</dict>
<key>NewiBoot</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/iBoot4.n90ap.RELEASE.img3</string>
<key>IV</key>
<string>9f11c07bde79bdac4abb3f9707c4b13c</string>
<key>Key</key>
<string>0958d70e1a292483d4e32ed1e911d2b16b6260856be67d00a33b6a1801711d32</string>
</dict>
<key>manifest</key>
<dict>
<key>File</key>
<string>Firmware/all_flash/all_flash.n90ap.production/manifest</string>
<key>manifest</key>
<string>manifest</string>
</dict>
</dict>
</dict>
</plist>

View File

@ -1,16 +0,0 @@
applelogoT-640x960.s5l8930x.img3
LLB.n90ap.RELEASE.img3
iBoot.n90ap.RELEASE.img3
DeviceTree.n90ap.img3
applelogo7-640x960.s5l8930x.img3
recoverymode7-640x960.s5l8930x.img3
batterylow0-640x960.s5l8930x.img3
batterylow1-640x960.s5l8930x.img3
glyphcharging-640x960.s5l8930x.img3
glyphplugin-640x960.s5l8930x.img3
batterycharging0-640x960.s5l8930x.img3
batterycharging1-640x960.s5l8930x.img3
batteryfull-640x960.s5l8930x.img3
iBoot4.n90ap.RELEASE.img3
applelogo-640x960.s5l8930x.img3
recoverymode-640x960.s5l8930x.img3

Binary file not shown.

Binary file not shown.

View File

@ -0,0 +1,73 @@
#!/bin/bash
isIOS5=0
if [ -e "/dev/rdisk0s2" ]; then
nvram -d boot-partition
nvram -d boot-ramdisk
sleep 1s
reboot_
fi
mount_hfs /dev/disk0s1s1 /mnt1
if [ ! -e "/dev/rdisk0s1s3" ]; then
mount_hfs /dev/disk0s1s2 /mnt1/private/var
else
isIOS5=1
mount_hfs /dev/disk0s1s3 /mnt1/private/var
fi
sleep 1s
sleep 1s
rm -rf /mnt1/System/Library/LaunchDaemons/com.apple.mobile.softwareupdated.plist
rm -rf /mnt1/System/Library/LaunchDaemons/com.apple.softwareupdateservicesd.plist
Data_GUID="$((echo -e "i\n2\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*Partition unique GUID: //p')"
LogicalSector="$((echo -e "p\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*Logical sector size: //p' | sed 's/ .*//')"
System_LastSector="$((echo -e "i\n1\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*Last sector: //p' | sed 's/ .*//')"
Data_LastSector="$((echo -e "i\n2\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*Last sector: //p' | sed 's/ .*//')"
Data_Attributeflags="$((echo -e "i\n2\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*flags: //p')"
Exploit_LastSector="$((65536/$LogicalSector))"
New_Data_LastSector="$(($Data_LastSector-$Exploit_LastSector))"
New_Data_SectorSize="$(($New_Data_LastSector-$System_LastSector))"
New_Data_Size="$(($New_Data_SectorSize*$LogicalSector))"
hfs_resize /mnt1/private/var $New_Data_Size
sleep 1s
if [ "$Data_Attributeflags" = "0001000000000000" ]; then
echo -e "d\n2\nn\n\n$New_Data_LastSector\n\nc\n2\nData\nx\na\n2\n48\n\nc\n2\n$Data_GUID\ns\n4\nm\nn\n3\n\n$Data_LastSector\n\nw\nY\n" | gptfdisk /dev/rdisk0s1
else
echo -e "d\n2\nn\n\n$New_Data_LastSector\n\nc\n2\nData\nx\na\n2\n48\n49\n\nc\n2\n$Data_GUID\ns\n4\nm\nn\n3\n\n$Data_LastSector\n\nw\nY\n" | gptfdisk /dev/rdisk0s1
fi
sleep 1s
if [ $isIOS5 == 0 ]; then
newfs_hfs -s -v exploit /dev/rdisk0s1s3
sleep 1s
fsck_hfs -f /dev/rdisk0s1s3
sleep 2s
dd of=/dev/rdisk0s1s3 if=/exploit bs=512k count=1
sleep 1s
fi
if [ $isIOS5 == 1 ]; then
newfs_hfs -s -v exploit /dev/rdisk0s1s4
sleep 1s
fsck_hfs -f /dev/rdisk0s1s4
sleep 2s
dd of=/dev/rdisk0s1s4 if=/exploit bs=512k count=1
sleep 1s
fi
nvram -c
nvram boot-partition=2
sleep 1s
reboot_

Binary file not shown.

Binary file not shown.

View File

@ -0,0 +1,73 @@
#!/bin/bash
isIOS5=0
if [ -e "/dev/rdisk0s2" ]; then
nvram -d boot-partition
nvram -d boot-ramdisk
sleep 1s
reboot_
fi
mount_hfs /dev/disk0s1s1 /mnt1
if [ ! -e "/dev/rdisk0s1s3" ]; then
mount_hfs /dev/disk0s1s2 /mnt1/private/var
else
isIOS5=1
mount_hfs /dev/disk0s1s3 /mnt1/private/var
fi
sleep 1s
sleep 1s
rm -rf /mnt1/System/Library/LaunchDaemons/com.apple.mobile.softwareupdated.plist
rm -rf /mnt1/System/Library/LaunchDaemons/com.apple.softwareupdateservicesd.plist
Data_GUID="$((echo -e "i\n2\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*Partition unique GUID: //p')"
LogicalSector="$((echo -e "p\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*Logical sector size: //p' | sed 's/ .*//')"
System_LastSector="$((echo -e "i\n1\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*Last sector: //p' | sed 's/ .*//')"
Data_LastSector="$((echo -e "i\n2\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*Last sector: //p' | sed 's/ .*//')"
Data_Attributeflags="$((echo -e "i\n2\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*flags: //p')"
Exploit_LastSector="$((65536/$LogicalSector))"
New_Data_LastSector="$(($Data_LastSector-$Exploit_LastSector))"
New_Data_SectorSize="$(($New_Data_LastSector-$System_LastSector))"
New_Data_Size="$(($New_Data_SectorSize*$LogicalSector))"
hfs_resize /mnt1/private/var $New_Data_Size
sleep 1s
if [ "$Data_Attributeflags" = "0001000000000000" ]; then
echo -e "d\n2\nn\n\n$New_Data_LastSector\n\nc\n2\nData\nx\na\n2\n48\n\nc\n2\n$Data_GUID\ns\n4\nm\nn\n3\n\n$Data_LastSector\n\nw\nY\n" | gptfdisk /dev/rdisk0s1
else
echo -e "d\n2\nn\n\n$New_Data_LastSector\n\nc\n2\nData\nx\na\n2\n48\n49\n\nc\n2\n$Data_GUID\ns\n4\nm\nn\n3\n\n$Data_LastSector\n\nw\nY\n" | gptfdisk /dev/rdisk0s1
fi
sleep 1s
if [ $isIOS5 == 0 ]; then
newfs_hfs -s -v exploit /dev/rdisk0s1s3
sleep 1s
fsck_hfs -f /dev/rdisk0s1s3
sleep 2s
dd of=/dev/rdisk0s1s3 if=/exploit bs=512k count=1
sleep 1s
fi
if [ $isIOS5 == 1 ]; then
newfs_hfs -s -v exploit /dev/rdisk0s1s4
sleep 1s
fsck_hfs -f /dev/rdisk0s1s4
sleep 2s
dd of=/dev/rdisk0s1s4 if=/exploit bs=512k count=1
sleep 1s
fi
nvram -c
nvram boot-partition=2
sleep 1s
reboot_

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

View File

@ -573,7 +573,7 @@ device_get_info() {
device_ecid=$(printf "%d" $($irecovery -q | grep "ECID" | cut -c 7-)) # converts hex ecid to dec device_ecid=$(printf "%d" $($irecovery -q | grep "ECID" | cut -c 7-)) # converts hex ecid to dec
fi fi
device_model=$($irecovery -q | grep "MODEL" | cut -c 8-) device_model=$($irecovery -q | grep "MODEL" | cut -c 8-)
device_vers=$(echo "/exit" | $irecovery -s | grep "iBoot-") device_vers=$(echo "/exit" | $irecovery -s | grep -a "iBoot-")
[[ -z $device_vers ]] && device_vers="Unknown" [[ -z $device_vers ]] && device_vers="Unknown"
device_serial="$($irecovery -q | grep "SRNM" | cut -c 7- | cut -c 3- | cut -c -3)" device_serial="$($irecovery -q | grep "SRNM" | cut -c 7- | cut -c 3- | cut -c -3)"
device_manufacturing device_manufacturing
@ -990,9 +990,6 @@ device_enter_mode() {
log "Entering recovery mode..." log "Entering recovery mode..."
$ideviceenterrecovery "$device_udid" >/dev/null $ideviceenterrecovery "$device_udid" >/dev/null
device_find_mode Recovery 50 device_find_mode Recovery 50
elif [[ $device_mode == "DFU" ]]; then
log "Device is in DFU mode, cannot enter recovery mode"
return
fi fi
;; ;;
@ -1849,12 +1846,11 @@ ipsw_prepare_jailbreak() {
JBFiles+=("fstab_rw.tar" "freeze.tar") JBFiles+=("fstab_rw.tar" "freeze.tar")
case $device_target_vers in case $device_target_vers in
"6.1.6" | "6.1.3" ) JBFiles+=("p0sixspwn.tar");; "6.1.6" | "6.1.3" ) JBFiles+=("p0sixspwn.tar");;
"5"* ) JBFiles+=("g1lbertJB/${device_type}_${device_target_build}.tar");;
"4.2.1" | "4.1" | "4.0"* ) "4.2.1" | "4.1" | "4.0"* )
JBFiles[0]="fstab_new.tar" JBFiles[0]="fstab_new.tar"
JBFiles+=("greenpois0n/${device_type}_${device_target_build}.tar") JBFiles+=("greenpois0n/${device_type}_${device_target_build}.tar")
;; ;;
"4.3"* | "4.2"* ) JBFiles+=("unthredeh4il.tar");; "5"* | "4.3"* | "4.2"* ) JBFiles+=("g1lbertJB/${device_type}_${device_target_build}.tar");;
esac esac
for i in {0..2}; do for i in {0..2}; do
JBFiles[i]=$jelbrek/${JBFiles[$i]} JBFiles[i]=$jelbrek/${JBFiles[$i]}
@ -1932,7 +1928,7 @@ ipsw_prepare_keys() {
;; ;;
"KernelCache" ) "KernelCache" )
if [[ $vers == "5"* || $vers == "7"* ]]; then if [[ $vers == "3"* || $vers == "4"* || $vers == "5"* || $vers == "7"* ]]; then
return return
fi fi
echo -e "<key>$comp</key><dict><key>File</key><string>$name</string><key>IV</key><string>$iv</string><key>Key</key><string>$key</string><key>DecryptPath</key><string>Downgrade/$comp</string><key>Patch</key><true/>" >> $NewPlist echo -e "<key>$comp</key><dict><key>File</key><string>$name</string><key>IV</key><string>$iv</string><key>Key</key><string>$key</string><key>DecryptPath</key><string>Downgrade/$comp</string><key>Patch</key><true/>" >> $NewPlist
@ -1946,7 +1942,7 @@ ipsw_prepare_paths() {
local getcomp="$1" local getcomp="$1"
case $comp in case $comp in
"BatteryPlugin" ) getcomp="GlyphPlugin";; "BatteryPlugin" ) getcomp="GlyphPlugin";;
"NewAppleLogo" ) getcomp="AppleLogo";; "NewAppleLogo" | "APTicket" ) getcomp="AppleLogo";;
"NewRecoveryMode" ) getcomp="RecoveryMode";; "NewRecoveryMode" ) getcomp="RecoveryMode";;
"NewiBoot" ) getcomp="iBoot";; "NewiBoot" ) getcomp="iBoot";;
esac esac
@ -1960,14 +1956,21 @@ ipsw_prepare_paths() {
if [[ $2 == "target" ]]; then if [[ $2 == "target" ]]; then
case $comp in case $comp in
"AppleLogo" ) str2="${name/applelogo/applelogo7}";; "AppleLogo" ) str2="${name/applelogo/applelogo7}";;
"APTicket" ) str2="${name/applelogo/applelogoT}";;
"RecoveryMode" ) str2="${name/recoverymode/recoverymode7}";; "RecoveryMode" ) str2="${name/recoverymode/recoverymode7}";;
"NewiBoot" ) str2="${name/iBoot/iBoot$(echo $device_target_vers | cut -c 1)}";; "NewiBoot" ) str2="${name/iBoot/iBoot$(echo $device_target_vers | cut -c 1)}";;
esac esac
case $comp in case $comp in
"AppleLogo" | "RecoveryMode" | "NewiBoot" ) "AppleLogo" | "APTicket" | "RecoveryMode" )
str+="$str2" str+="$str2"
echo "$str2" >> $FirmwareBundle/manifest echo "$str2" >> $FirmwareBundle/manifest
;; ;;
"NewiBoot" )
if [[ $device_type != "iPad1,1" ]]; then
str+="$str2"
echo "$str2" >> $FirmwareBundle/manifest
fi
;;
"manifest" ) str+="manifest";; "manifest" ) str+="manifest";;
* ) str+="$name";; * ) str+="$name";;
esac esac
@ -2039,7 +2042,7 @@ ipsw_prepare_bundle() {
build="$device_base_build" build="$device_base_build"
FirmwareBundle+="BASE_" FirmwareBundle+="BASE_"
elif [[ $1 == "target" ]]; then elif [[ $1 == "target" ]]; then
if [[ $ipsw_jailbreak == 1 && $vers != "5"* && $vers != "7"* ]]; then if [[ $ipsw_jailbreak == 1 && $vers != "3"* && $vers != "4"* && $vers != "5"* && $vers != "7"* ]]; then
ipsw_prepare_config true true ipsw_prepare_config true true
else else
ipsw_prepare_config false true ipsw_prepare_config false true
@ -2058,12 +2061,17 @@ ipsw_prepare_bundle() {
log "IPSWSHA256: $IPSWSHA256" log "IPSWSHA256: $IPSWSHA256"
unzip -o -j "$ipsw_p.ipsw" Firmware/all_flash/all_flash.${device_model}ap.production/manifest unzip -o -j "$ipsw_p.ipsw" Firmware/all_flash/all_flash.${device_model}ap.production/manifest
mv manifest $FirmwareBundle/ mv manifest $FirmwareBundle/
local RamdiskName=$(echo "$key" | $jq -j '.keys[] | select(.image | startswith("RestoreRamdisk")) | .filename') local ramdisk_name=$(echo "$key" | $jq -j '.keys[] | select(.image | startswith("RestoreRamdisk")) | .filename')
local RamdiskIV=$(echo "$key" | $jq -j '.keys[] | select(.image | startswith("RestoreRamdisk")) | .iv') local RamdiskIV=$(echo "$key" | $jq -j '.keys[] | select(.image | startswith("RestoreRamdisk")) | .iv')
local RamdiskKey=$(echo "$key" | $jq -j '.keys[] | select(.image | startswith("RestoreRamdisk")) | .key') local RamdiskKey=$(echo "$key" | $jq -j '.keys[] | select(.image | startswith("RestoreRamdisk")) | .key')
unzip -o -j "$ipsw_p.ipsw" $RamdiskName unzip -o -j "$ipsw_p.ipsw" $ramdisk_name
"$dir/xpwntool" $RamdiskName Ramdisk.raw -iv $RamdiskIV -k $RamdiskKey "$dir/xpwntool" $ramdisk_name Ramdisk.raw -iv $RamdiskIV -k $RamdiskKey
"$dir/hfsplus" Ramdisk.raw extract usr/local/share/restore/options.$device_model.plist "$dir/hfsplus" Ramdisk.raw extract usr/local/share/restore/options.$device_model.plist
if [[ ! -s options.$device_model.plist ]]; then
rm options.$device_model.plist
"$dir/hfsplus" Ramdisk.raw extract usr/local/share/restore/options.plist
mv options.plist options.$device_model.plist
fi
if [[ $platform == "macos" ]]; then if [[ $platform == "macos" ]]; then
plutil -extract 'SystemPartitionSize' xml1 options.$device_model.plist -o size plutil -extract 'SystemPartitionSize' xml1 options.$device_model.plist -o size
RootSize=$(cat size | sed -ne '/<integer>/,/<\/integer>/p' | sed -e "s/<integer>//" | sed "s/<\/integer>//" | sed '2d') RootSize=$(cat size | sed -ne '/<integer>/,/<\/integer>/p' | sed -e "s/<integer>//" | sed "s/<\/integer>//" | sed '2d')
@ -2076,7 +2084,11 @@ ipsw_prepare_bundle() {
echo -e "<key>RootFilesystem</key><string>$(echo "$key" | $jq -j '.keys[] | select(.image == "RootFS") | .filename')</string>" >> $NewPlist echo -e "<key>RootFilesystem</key><string>$(echo "$key" | $jq -j '.keys[] | select(.image == "RootFS") | .filename')</string>" >> $NewPlist
echo -e "<key>RootFilesystemKey</key><string>$(echo "$key" | $jq -j '.keys[] | select(.image == "RootFS") | .key')</string>" >> $NewPlist echo -e "<key>RootFilesystemKey</key><string>$(echo "$key" | $jq -j '.keys[] | select(.image == "RootFS") | .key')</string>" >> $NewPlist
echo -e "<key>RootFilesystemSize</key><integer>$RootSize</integer>" >> $NewPlist echo -e "<key>RootFilesystemSize</key><integer>$RootSize</integer>" >> $NewPlist
echo -e "<key>RamdiskOptionsPath</key><string>/usr/local/share/restore/options.$device_model.plist</string>" >> $NewPlist printf "<key>RamdiskOptionsPath</key><string>/usr/local/share/restore/options" >> $NewPlist
if [[ $device_target_vers != "3"* && $device_target_vers != "4"* ]]; then
printf ".$device_model" >> $NewPlist
fi
echo -e ".plist</string>" >> $NewPlist
echo -e "<key>SHA256</key><string>$IPSWSHA256</string>" >> $NewPlist echo -e "<key>SHA256</key><string>$IPSWSHA256</string>" >> $NewPlist
if [[ $1 == "base" ]]; then if [[ $1 == "base" ]]; then
@ -2087,6 +2099,7 @@ ipsw_prepare_bundle() {
esac esac
case $device_base_build in case $device_base_build in
"11A"* | "11B"* ) base_build="11B554a";; "11A"* | "11B"* ) base_build="11B554a";;
"9"* ) base_build="9B206";;
esac esac
echo -e "<key>RamdiskExploit</key><dict>" >> $NewPlist echo -e "<key>RamdiskExploit</key><dict>" >> $NewPlist
echo -e "<key>exploit</key><string>src/target/$hw/$base_build/exploit</string>" >> $NewPlist echo -e "<key>exploit</key><string>src/target/$hw/$base_build/exploit</string>" >> $NewPlist
@ -2098,6 +2111,8 @@ ipsw_prepare_bundle() {
esac esac
printf "</dict><key>RamdiskPackage</key><dict><key>package</key><string>src/bin.tar</string><key>ios</key><string>ios" >> $NewPlist printf "</dict><key>RamdiskPackage</key><dict><key>package</key><string>src/bin.tar</string><key>ios</key><string>ios" >> $NewPlist
case $vers in case $vers in
3* ) printf "3" >> $NewPlist;;
4* ) printf "4" >> $NewPlist;;
5* ) printf "5" >> $NewPlist;; 5* ) printf "5" >> $NewPlist;;
6* ) printf "6" >> $NewPlist;; 6* ) printf "6" >> $NewPlist;;
7* ) printf "7" >> $NewPlist;; 7* ) printf "7" >> $NewPlist;;
@ -2111,6 +2126,11 @@ ipsw_prepare_bundle() {
if [[ $1 == "base" ]]; then if [[ $1 == "base" ]]; then
echo -e "<key>Firmware</key><dict/>" >> $NewPlist echo -e "<key>Firmware</key><dict/>" >> $NewPlist
elif [[ $1 == "target" ]] && [[ $vers == "3" || $vers == "4"* ]]; then
echo -e "<key>Firmware</key><dict>" >> $NewPlist
ipsw_prepare_keys iBSS $1
ipsw_prepare_keys RestoreRamdisk $1
echo -e "</dict>" >> $NewPlist
else else
echo -e "<key>Firmware</key><dict>" >> $NewPlist echo -e "<key>Firmware</key><dict>" >> $NewPlist
ipsw_prepare_keys iBSS $1 ipsw_prepare_keys iBSS $1
@ -2141,6 +2161,9 @@ ipsw_prepare_bundle() {
echo -e "</dict>" >> $NewPlist echo -e "</dict>" >> $NewPlist
elif [[ $1 == "target" ]]; then elif [[ $1 == "target" ]]; then
echo -e "<key>FirmwareReplace</key><dict>" >> $NewPlist echo -e "<key>FirmwareReplace</key><dict>" >> $NewPlist
if [[ $vers == "4"* ]]; then
ipsw_prepare_paths APTicket $1
fi
ipsw_prepare_paths AppleLogo $1 ipsw_prepare_paths AppleLogo $1
ipsw_prepare_paths NewAppleLogo $1 ipsw_prepare_paths NewAppleLogo $1
ipsw_prepare_paths BatteryCharging0 $1 ipsw_prepare_paths BatteryCharging0 $1
@ -2274,7 +2297,7 @@ ipsw_prepare_ios4powder() {
fi fi
if [[ $ipsw_jailbreak == 1 ]]; then if [[ $ipsw_jailbreak == 1 ]]; then
JBFiles=("unthredeh4il.tar" "fstab_rw.tar" "freeze.tar" "cydiasubstrate.tar") JBFiles=("g1lbertJB/${device_type}_${device_target_build}.tar" "fstab_rw.tar" "freeze.tar" "cydiasubstrate.tar")
for i in {0..3}; do for i in {0..3}; do
JBFiles[i]=$jelbrek/${JBFiles[$i]} JBFiles[i]=$jelbrek/${JBFiles[$i]}
done done
@ -2284,8 +2307,13 @@ ipsw_prepare_ios4powder() {
cp $jelbrek/freeze.tar . cp $jelbrek/freeze.tar .
fi fi
cp -R ../resources/firmware/powdersn0wBundles ./FirmwareBundles ipsw_prepare_bundle target
ipsw_prepare_bundle base
cp -R ../resources/firmware/src . cp -R ../resources/firmware/src .
rm src/target/$device_model/$device_base_build/partition
mv src/target/$device_model/reboot4 src/target/$device_model/$device_base_build/partition
rm src/bin.tar
mv src/bin4.tar src/bin.tar
ipsw_prepare_config false true ipsw_prepare_config false true
if [[ $ipsw_memory == 1 ]]; then if [[ $ipsw_memory == 1 ]]; then
ExtraArgs+=" -memory" ExtraArgs+=" -memory"
@ -2294,6 +2322,22 @@ ipsw_prepare_ios4powder() {
device_dump activation device_dump activation
ExtraArgs+=" ../saved/$device_type/activation.tar" ExtraArgs+=" ../saved/$device_type/activation.tar"
fi fi
if [[ $device_target_vers != "4.3.5" ]]; then
ExtraArgs2+="--433 "
fi
if [[ $ipsw_verbose == 1 ]]; then
ExtraArgs2+="-b -v"
fi
patch_iboot "$ExtraArgs2"
tar -rvf src/bin.tar iBoot
if [[ $device_type == "iPad1,1" ]]; then
cp iBoot iBEC
tar -cvf iBoot.tar iBEC
ExtraArgs+=" iBoot.tar"
else
echo "0000010: 626F" | xxd -r - iBoot
echo "0000020: 626F" | xxd -r - iBoot
fi
log "Preparing custom IPSW: $dir/powdersn0w $ipsw_path.ipsw temp.ipsw -base $ipsw_base_path.ipsw $ExtraArgs ${JBFiles[*]}" log "Preparing custom IPSW: $dir/powdersn0w $ipsw_path.ipsw temp.ipsw -base $ipsw_base_path.ipsw $ExtraArgs ${JBFiles[*]}"
"$dir/powdersn0w" "$ipsw_path.ipsw" temp.ipsw -base "$ipsw_base_path.ipsw" $ExtraArgs ${JBFiles[@]} "$dir/powdersn0w" "$ipsw_path.ipsw" temp.ipsw -base "$ipsw_base_path.ipsw" $ExtraArgs ${JBFiles[@]}
@ -2303,38 +2347,35 @@ ipsw_prepare_ios4powder() {
fi fi
log "Applying iOS 4 patches" log "Applying iOS 4 patches"
if [[ $device_target_vers != "4.3.5" ]]; then mkdir -p Firmware/all_flash/all_flash.${device_model}ap.production Firmware/dfu
ExtraArgs2+="--433 "
fi
if [[ $ipsw_verbose == 1 ]]; then
ExtraArgs2+="-b -v"
fi
patch_iboot "$ExtraArgs2"
mkdir -p Firmware/all_flash/all_flash.n90ap.production Firmware/dfu
cp iBoot Firmware/all_flash/all_flash.n90ap.production/iBoot4.n90ap.RELEASE.img3
log "Patch iBSS" log "Patch iBSS"
unzip -o -j "$ipsw_path.ipsw" Firmware/dfu/iBSS.n90ap.RELEASE.dfu unzip -o -j "$ipsw_path.ipsw" Firmware/dfu/iBSS.${device_model}ap.RELEASE.dfu
$bspatch iBSS.n90ap.RELEASE.dfu Firmware/dfu/iBSS.n90ap.RELEASE.dfu FirmwareBundles/${device_type}_${device_target_vers}_${device_target_build}.bundle/iBSS.n90ap.RELEASE.patch local ibss_iv=$(echo $device_fw_key | $jq -j '.keys[] | select(.image | startswith("iBSS")) | .iv')
log "Patch Ramdisk" local ibss_key=$(echo $device_fw_key | $jq -j '.keys[] | select(.image | startswith("iBSS")) | .key')
local RamdiskName=$(echo "$device_fw_key" | $jq -j '.keys[] | select(.image | startswith("RestoreRamdisk")) | .filename') mv iBSS.${device_model}ap.RELEASE.dfu iBSS.orig
unzip -o -j "$ipsw_path.ipsw" $RamdiskName "$dir/xpwntool" iBSS.orig iBSS.dec -iv $ibss_iv -k $ibss_key
if [[ $device_target_vers == "4.3" ]]; then "$dir/iBoot32Patcher" iBSS.dec iBSS.patched --rsa --debug -b "rd=md0 -v amfi=0xff cs_enforcement_disable=1"
"$dir/xpwntool" $RamdiskName ramdisk.orig -iv d11772b6a3bdd4f0b4cd8795b9f10ad9 -k 9873392c91743857cf5b35c9017c6683d5659c9358f35c742be27bfb03dee77c -decrypt "$dir/xpwntool" iBSS.patched Firmware/dfu/iBSS.${device_model}ap.RELEASE.dfu -t iBSS.orig
else log "Patch iBEC"
mv $RamdiskName ramdisk.orig unzip -o -j "$ipsw_path.ipsw" Firmware/dfu/iBEC.${device_model}ap.RELEASE.dfu
fi local ibec_iv=$(echo $device_fw_key | $jq -j '.keys[] | select(.image | startswith("iBEC")) | .iv')
$bspatch ramdisk.orig ramdisk.patched FirmwareBundles/${device_type}_${device_target_vers}_${device_target_build}.bundle/${RamdiskName%????}.patch local ibec_key=$(echo $device_fw_key | $jq -j '.keys[] | select(.image | startswith("iBEC")) | .key')
"$dir/xpwntool" ramdisk.patched ramdisk.raw mv iBEC.${device_model}ap.RELEASE.dfu iBEC.orig
"$dir/hfsplus" ramdisk.raw rm iBoot "$dir/xpwntool" iBEC.orig iBEC.dec -iv $ibec_iv -k $ibec_key
"$dir/hfsplus" ramdisk.raw add iBoot iBoot "$dir/iBoot32Patcher" iBEC.dec iBEC.patched --rsa --debug -b "rd=md0 -v amfi=0xff cs_enforcement_disable=1"
"$dir/xpwntool" ramdisk.raw $RamdiskName -t ramdisk.patched "$dir/xpwntool" iBEC.patched Firmware/dfu/iBEC.${device_model}ap.RELEASE.dfu -t iBEC.orig
log "Patch AppleLogo" log "Patch AppleLogo"
unzip -o -j temp.ipsw Firmware/all_flash/all_flash.n90ap.production/applelogo-640x960.s5l8930x.img3 local applelogo_name=$(echo "$device_fw_key" | $jq -j '.keys[] | select(.image | startswith("AppleLogo")) | .filename')
echo "0000010: 3467" | xxd -r - applelogo-640x960.s5l8930x.img3 unzip -o -j temp.ipsw Firmware/all_flash/all_flash.${device_model}ap.production/$applelogo_name
echo "0000020: 3467" | xxd -r - applelogo-640x960.s5l8930x.img3 echo "0000010: 3467" | xxd -r - $applelogo_name
mv applelogo-640x960.s5l8930x.img3 Firmware/all_flash/all_flash.n90ap.production/applelogo-640x960.s5l8930x.img3 echo "0000020: 3467" | xxd -r - $applelogo_name
mv $applelogo_name Firmware/all_flash/all_flash.${device_model}ap.production/$applelogo_name
log "Add all to custom IPSW" log "Add all to custom IPSW"
zip -r0 temp.ipsw Firmware/all_flash/all_flash.n90ap.production/* Firmware/dfu/iBSS.n90ap.RELEASE.dfu $RamdiskName if [[ $device_type != "iPad1,1" ]]; then
cp iBoot Firmware/all_flash/all_flash.${device_model}ap.production/iBoot4.${device_model}ap.RELEASE.img3
fi
zip -r0 temp.ipsw Firmware/all_flash/all_flash.${device_model}ap.production/* Firmware/dfu/*
mv temp.ipsw "$ipsw_custom.ipsw" mv temp.ipsw "$ipsw_custom.ipsw"
} }
@ -2386,6 +2427,15 @@ ipsw_prepare_powder() {
patch_iboot "$ExtraArgs2" patch_iboot "$ExtraArgs2"
tar -cvf iBoot.tar iBoot tar -cvf iBoot.tar iBoot
ExtraArgs+=" iBoot.tar" ExtraArgs+=" iBoot.tar"
elif [[ $device_type == "iPad1,1" ]]; then
ExtraArgs2+=" --boot-ramdisk "
if [[ $ipsw_verbose == 1 ]]; then
ExtraArgs2+="-b -v"
fi
patch_iboot "$ExtraArgs2"
mv iBoot iBEC
tar -cvf iBoot.tar iBEC
ExtraArgs+=" iBoot.tar"
fi fi
log "Preparing custom IPSW: $dir/powdersn0w $ipsw_path.ipsw temp.ipsw -base $ipsw_base_path.ipsw $ExtraArgs" log "Preparing custom IPSW: $dir/powdersn0w $ipsw_path.ipsw temp.ipsw -base $ipsw_base_path.ipsw $ExtraArgs"
"$dir/powdersn0w" "$ipsw_path.ipsw" temp.ipsw -base "$ipsw_base_path.ipsw" $ExtraArgs "$dir/powdersn0w" "$ipsw_path.ipsw" temp.ipsw -base "$ipsw_base_path.ipsw" $ExtraArgs
@ -2531,7 +2581,7 @@ ipsw_prepare_custom() {
fi fi
;; ;;
"4.1" ) "$dir/hfsplus" out.dmg untar $jelbrek/greenpois0n/${device_type}_${device_target_build}.tar;; "4.1" ) "$dir/hfsplus" out.dmg untar $jelbrek/greenpois0n/${device_type}_${device_target_build}.tar;;
"4.3"* | "4.2"* ) "$dir/hfsplus" out.dmg untar $jelbrek/unthredeh4il.tar;; "4.3"* | "4.2"* ) "$dir/hfsplus" out.dmg untar $jelbrek/g1lbertJB/${device_type}_${device_target_build}.tar;;
esac esac
case $device_target_vers in case $device_target_vers in
"4"* | "3.1.3" ) "4"* | "3.1.3" )
@ -2582,6 +2632,10 @@ ipsw_prepare_custom() {
mv temp.ipsw "$ipsw_custom.ipsw" mv temp.ipsw "$ipsw_custom.ipsw"
} }
ipsw_prepare_tethered() {
error "not yet"
}
ipsw_extract() { ipsw_extract() {
local ExtraArgs local ExtraArgs
local ipsw="$ipsw_path" local ipsw="$ipsw_path"
@ -2694,7 +2748,15 @@ restore_idevicerestore() {
re="re" re="re"
fi fi
ipsw_extract custom ipsw_extract custom
if [[ $device_type == "iPad2"* && $device_target_vers == "4.3"* ]]; then if [[ $device_target_powder == 1 ]] && [[ $device_target_vers == "3"* || $device_target_vers == "4"* ]]; then
patch_ibss
log "Sending iBSS..."
$irecovery -f pwnediBSS.dfu
sleep 2
log "Sending iBEC..."
$irecovery -f $ipsw_custom/Firmware/dfu/iBEC.${device_model}ap.RELEASE.dfu
device_find_mode Recovery
elif [[ $device_type == "iPad2"* && $device_target_vers == "4.3"* ]]; then
ExtraArgs="-e" ExtraArgs="-e"
log "Sending iBEC..." log "Sending iBEC..."
$irecovery -f $ipsw_custom/Firmware/dfu/iBEC.${device_model}ap.RELEASE.dfu $irecovery -f $ipsw_custom/Firmware/dfu/iBEC.${device_model}ap.RELEASE.dfu
@ -2710,11 +2772,11 @@ restore_idevicerestore() {
echo echo
log "Restoring done! Read the message below if any error has occurred:" log "Restoring done! Read the message below if any error has occurred:"
case $device_target_vers in case $device_target_vers in
1* | 2* | 3* | 4* ) print "* For device activation, go to: Other Utilities -> Attempt Activation";; 3* | 4* ) print "* For device activation, go to: Other Utilities -> Attempt Activation";;
esac esac
if [[ $opt != 0 ]]; then if [[ $opt != 0 ]]; then
print "* If you are getting the error \"could not retrieve device serial number\":" print "* If you are getting the error \"could not retrieve device serial number\":"
print " -> This means that your device is not compatible with $device_target_vers" print " -> This means that your device is likely not compatible with $device_target_vers"
print "* If the restore failed on updating baseband:" print "* If the restore failed on updating baseband:"
print " -> Try disabling baseband update: ./restore.sh --disable-bbupdate" print " -> Try disabling baseband update: ./restore.sh --disable-bbupdate"
echo echo
@ -2818,6 +2880,7 @@ restore_latest() {
ipsw_path="$ipsw_custom" ipsw_path="$ipsw_custom"
ipsw_extract custom ipsw_extract custom
else else
device_enter_mode Recovery
ipsw_extract ipsw_extract
fi fi
log "Running idevicerestore with command: $idevicerestore2 $ExtraArgs \"$ipsw_path.ipsw\"" log "Running idevicerestore with command: $idevicerestore2 $ExtraArgs \"$ipsw_path.ipsw\""
@ -2834,7 +2897,7 @@ restore_latest() {
print "* If opening an issue in GitHub, please provide a FULL log/output. Otherwise, your issue may be dismissed." print "* If opening an issue in GitHub, please provide a FULL log/output. Otherwise, your issue may be dismissed."
fi fi
case $device_target_vers in case $device_target_vers in
1* | 2* | 3* | 4* ) print "* For device activation, go to: Other Utilities -> Attempt Activation";; 3* | 4* ) print "* For device activation, go to: Other Utilities -> Attempt Activation";;
esac esac
if [[ $ipsw_jailbreak == 1 ]]; then if [[ $ipsw_jailbreak == 1 ]]; then
case $device_target_vers in case $device_target_vers in
@ -2908,11 +2971,11 @@ restore_prepare() {
if [[ $device_target_other == 1 && $device_target_vers == "4"* ]]; then if [[ $device_target_other == 1 && $device_target_vers == "4"* ]]; then
device_enter_mode pwnDFU device_enter_mode pwnDFU
restore_idevicerestore restore_idevicerestore
elif [[ $device_target_other == 1 ]]; then elif [[ $device_target_other == 1 || $device_target_tethered == 1 ]]; then
device_buttons device_buttons
restore_idevicerestore restore_idevicerestore
elif [[ $device_target_vers == "$device_latest_vers" ]]; then elif [[ $device_target_vers == "$device_latest_vers" ]]; then
shsh_save version 7.1.2 shsh_save version $device_latest_vers
if [[ $ipsw_jailbreak == 1 ]]; then if [[ $ipsw_jailbreak == 1 ]]; then
device_buttons device_buttons
restore_idevicerestore restore_idevicerestore
@ -2920,7 +2983,7 @@ restore_prepare() {
restore_latest restore_latest
fi fi
else else
shsh_save version 7.1.2 shsh_save version $device_latest_vers
if [[ $device_target_vers == "4"* ]]; then if [[ $device_target_vers == "4"* ]]; then
device_enter_mode pwnDFU device_enter_mode pwnDFU
else else
@ -2935,20 +2998,34 @@ restore_prepare() {
restore_idevicerestore restore_idevicerestore
if [[ $device_type == "iPhone2,1" ]]; then if [[ $device_type == "iPhone2,1" ]]; then
log "Ignore the baseband error and do not disconnect your device yet" log "Ignore the baseband error and do not disconnect your device yet"
device_find_mode Recovery device_find_mode Recovery 50
log "Attempting to exit recovery mode" log "Attempting to exit recovery mode"
$irecovery -n $irecovery -n
log "Done, your device should boot now" log "Done, your device should boot now"
fi fi
elif [[ $device_target_other == 1 ]]; then elif [[ $device_target_other == 1 || $device_target_tethered == 1 ]]; then
device_buttons device_buttons
restore_idevicerestore restore_idevicerestore
elif [[ $device_target_powder == 1 ]]; then
shsh_save version $device_latest_vers
if [[ $device_target_vers != "5"* ]]; then
device_enter_mode pwnDFU
else
device_buttons
fi
restore_idevicerestore
if [[ $device_target_vers != "5"* && $device_type == "iPad1,1" ]]; then
log "Do not disconnect your device yet"
device_find_mode Recovery 50
device_ramdisk setnvram
log "Done, your device should boot now"
fi
elif [[ $device_target_vers == "4.1" && $ipsw_jailbreak != 1 ]]; then elif [[ $device_target_vers == "4.1" && $ipsw_jailbreak != 1 ]]; then
device_enter_mode DFU device_enter_mode DFU
restore_latest restore_latest
if [[ $device_type == "iPhone2,1" ]]; then if [[ $device_type == "iPhone2,1" ]]; then
log "Ignore the baseband error and do not disconnect your device yet" log "Ignore the baseband error and do not disconnect your device yet"
device_find_mode Recovery device_find_mode Recovery 50
log "Attempting to exit recovery mode" log "Attempting to exit recovery mode"
$irecovery -n $irecovery -n
log "Done, your device should boot now" log "Done, your device should boot now"
@ -2974,7 +3051,7 @@ restore_prepare() {
[56] ) [56] )
# 32-bit devices A5/A6 # 32-bit devices A5/A6
if [[ $device_target_other != 1 && $device_target_powder != 1 ]]; then if [[ $device_target_other != 1 && $device_target_powder != 1 && $device_target_tethered != 1 ]]; then
shsh_save shsh_save
fi fi
if [[ $device_target_vers == "$device_latest_vers" ]]; then if [[ $device_target_vers == "$device_latest_vers" ]]; then
@ -3039,19 +3116,21 @@ ipsw_prepare() {
;; ;;
4 ) 4 )
if [[ $device_target_other == 1 ]]; then if [[ $device_target_tethered == 1 ]]; then
ipsw_prepare_tethered
elif [[ $device_target_other == 1 ]]; then
ipsw_prepare_32bit ipsw_prepare_32bit
elif [[ $device_target_powder == 1 ]] && [[ $device_target_vers == "3"* || $device_target_vers == "4"* ]]; then
shsh_save version $device_latest_vers
ipsw_prepare_ios4powder
elif [[ $device_target_powder == 1 ]]; then
ipsw_prepare_powder
elif [[ $device_target_vers == "$device_latest_vers" ]]; then elif [[ $device_target_vers == "$device_latest_vers" ]]; then
if [[ $ipsw_jailbreak == 1 && $device_type == "iPhone2,1" ]]; then if [[ $ipsw_jailbreak == 1 && $device_type == "iPhone2,1" ]]; then
ipsw_prepare_custom ipsw_prepare_custom
elif [[ $ipsw_jailbreak == 1 ]]; then elif [[ $ipsw_jailbreak == 1 ]]; then
ipsw_prepare_32bit ipsw_prepare_32bit
fi fi
elif [[ $device_type == "iPhone3,1" && $device_target_vers == "4.3"* ]]; then
shsh_save version 7.1.2
ipsw_prepare_ios4powder
elif [[ $device_type == "iPhone3,1" || $device_type == "iPhone3,3" ]]; then
ipsw_prepare_powder
else else
ipsw_prepare_custom ipsw_prepare_custom
fi fi
@ -3059,7 +3138,9 @@ ipsw_prepare() {
[56] ) [56] )
# 32-bit devices A5/A6 # 32-bit devices A5/A6
if [[ $device_target_powder == 1 ]]; then if [[ $device_target_tethered == 1 ]]; then
ipsw_prepare_tethered
elif [[ $device_target_powder == 1 ]]; then
ipsw_prepare_powder ipsw_prepare_powder
elif [[ $ipsw_jailbreak == 1 && $device_target_other != 1 ]]; then elif [[ $ipsw_jailbreak == 1 && $device_target_other != 1 ]]; then
ipsw_prepare_jailbreak ipsw_prepare_jailbreak
@ -3090,31 +3171,7 @@ device_remove4() {
"Enable exploit" ) rec=2;; "Enable exploit" ) rec=2;;
* ) return;; * ) return;;
esac esac
device_ramdisk setnvram $rec
if [[ ! -e ../saved/$device_type/iBSS_8L1.dfu ]]; then
log "Downloading 8L1 iBSS..."
"$dir/pzb" -g Firmware/dfu/iBSS.n90ap.RELEASE.dfu -o iBSS_8L1.dfu $(cat $device_fw_dir/8L1/url)
cp iBSS_8L1.dfu ../saved/$device_type
else
cp ../saved/$device_type/iBSS_8L1.dfu .
fi
device_enter_mode pwnDFU
log "Patching iBSS..."
$bspatch iBSS_8L1.dfu pwnediBSS ../resources/patch/iBSS.n90ap.8L1.patch
log "Sending iBSS..."
$irecovery -f pwnediBSS
sleep 5
log "Running commands..."
$irecovery -c "setenv boot-partition $rec"
$irecovery -c "saveenv"
$irecovery -c "setenv auto-boot true"
$irecovery -c "saveenv"
$irecovery -c "reset"
log "Done!"
print "* If disabling the exploit did not work and the device is still in recovery mode screen after restore:"
print "* You may try another method for clearing NVRAM. See the \"Troubleshooting\" wiki page for more details"
print "* Troubleshooting link: https://github.com/LukeZGD/Legacy-iOS-Kit/wiki/Troubleshooting#clearing-nvram"
} }
device_send_rdtar() { device_send_rdtar() {
@ -3138,7 +3195,12 @@ device_ramdisk() {
local decrypt local decrypt
local ramdisk_path local ramdisk_path
local build_id local build_id
local mode="$1"
local rec=2
if [[ $1 == "setnvram" ]]; then
rec=$2
fi
if [[ $1 != "justboot" ]]; then if [[ $1 != "justboot" ]]; then
comps+=("RestoreRamdisk") comps+=("RestoreRamdisk")
fi fi
@ -3331,8 +3393,8 @@ device_ramdisk() {
device_find_mode Restore 25 device_find_mode Restore 25
fi fi
case $1 in case $mode in
"nvram" | "jailbreak" | "activation" | "baseband" | "getversion" ) "clearnvram" | "jailbreak" | "activation" | "baseband" | "getversion" | "setnvram" )
log "Running iproxy for SSH..." log "Running iproxy for SSH..."
$iproxy 2222 22 >/dev/null & $iproxy 2222 22 >/dev/null &
iproxy_pid=$! iproxy_pid=$!
@ -3341,7 +3403,7 @@ device_ramdisk() {
;; ;;
esac esac
case $1 in case $mode in
"activation" | "baseband" ) "activation" | "baseband" )
local arg="$1" local arg="$1"
local dump="../saved/$device_type" local dump="../saved/$device_type"
@ -3420,9 +3482,8 @@ device_ramdisk() {
7* ) untether="evasi0n7-untether.tar";; 7* ) untether="evasi0n7-untether.tar";;
6.1.[3456] ) untether="p0sixspwn.tar";; 6.1.[3456] ) untether="p0sixspwn.tar";;
6* ) untether="evasi0n6-untether.tar";; 6* ) untether="evasi0n6-untether.tar";;
5* ) untether="g1lbertJB/${device_type}_${build}.tar";;
4.2.1 | 4.1 | 4.0* | 3.2.2 | 3.1.3 ) untether="greenpois0n/${device_type}_${build}.tar";; 4.2.1 | 4.1 | 4.0* | 3.2.2 | 3.1.3 ) untether="greenpois0n/${device_type}_${build}.tar";;
4.3* | 4.2* ) untether="unthredeh4il.tar";; 5* | 4.3* | 4.2* ) untether="g1lbertJB/${device_type}_${build}.tar";;
'' ) '' )
warn "Something wrong happened. Failed to get iOS version." warn "Something wrong happened. Failed to get iOS version."
print "* Please reboot the device into normal operating mode, then perform a clean \"slide to power off\", then try again." print "* Please reboot the device into normal operating mode, then perform a clean \"slide to power off\", then try again."
@ -3452,8 +3513,8 @@ device_ramdisk() {
9* | 8* ) device_send_rdtar fstab8.tar;; 9* | 8* ) device_send_rdtar fstab8.tar;;
7* ) device_send_rdtar fstab7.tar;; 7* ) device_send_rdtar fstab7.tar;;
6* ) device_send_rdtar fstab_rw.tar;; 6* ) device_send_rdtar fstab_rw.tar;;
5* ) untether="${device_type}_${build}.tar";;
4.2.1 ) $ssh -p 2222 root@127.0.0.1 "[[ ! -e /mnt1/sbin/punchd ]] && mv /mnt1/sbin/launchd /mnt1/sbin/punchd";; 4.2.1 ) $ssh -p 2222 root@127.0.0.1 "[[ ! -e /mnt1/sbin/punchd ]] && mv /mnt1/sbin/launchd /mnt1/sbin/punchd";;
5* | 4.3* | 4.2* ) untether="${device_type}_${build}.tar";;
esac esac
case $vers in case $vers in
5* ) device_send_rdtar g1lbertJB.tar;; 5* ) device_send_rdtar g1lbertJB.tar;;
@ -3506,13 +3567,20 @@ device_ramdisk() {
return return
;; ;;
"nvram" ) "clearnvram" )
log "Sending commands for clearing NVRAM..." log "Sending commands for clearing NVRAM..."
$ssh -p 2222 root@127.0.0.1 "nvram -c; reboot_bak" $ssh -p 2222 root@127.0.0.1 "nvram -c; reboot_bak"
log "Done! Your device should reboot now." log "Done! Your device should reboot now."
print "* If the device did not connect, SSH to the device manually." print "* If the device did not connect, SSH to the device manually."
;; ;;
"setnvram" )
log "Sending commands for NVRAM..."
$ssh -p 2222 root@127.0.0.1 "nvram -c; nvram boot-partition=$rec; reboot_bak"
log "Done, your device should boot now"
return
;;
* ) log "Device should now be in SSH ramdisk mode.";; * ) log "Device should now be in SSH ramdisk mode.";;
esac esac
echo echo
@ -3800,8 +3868,10 @@ menu_restore() {
case $device_type in case $device_type in
iPhone4,1 | iPhone5,[1234] | iPad2,4 | iPad3,[456] | iPod5,1 ) iPhone4,1 | iPhone5,[1234] | iPad2,4 | iPad3,[456] | iPod5,1 )
menu_items+=("Other (powdersn0w 7.x blobs)");; menu_items+=("Other (powdersn0w 7.x blobs)");;
iPhone3,[13] ) iPhone3,[13] | iPad1,1 | iPod3,1 )
menu_items+=("powdersn0w (any iOS)");; menu_items+=("powdersn0w (any iOS)");;
esac
case $device_type in
iPhone1,[12] | iPhone2,1 | iPhone3,2 | iPad1,1 | iPod[1234],1 ) iPhone1,[12] | iPhone2,1 | iPhone3,2 | iPad1,1 | iPod[1234],1 )
if [[ -z $1 ]]; then if [[ -z $1 ]]; then
menu_items+=("Other (Custom IPSW)") menu_items+=("Other (Custom IPSW)")
@ -3812,6 +3882,7 @@ menu_restore() {
menu_items+=("Other (Use SHSH Blobs)") menu_items+=("Other (Use SHSH Blobs)")
if (( device_proc < 7 )); then if (( device_proc < 7 )); then
menu_items+=("DFU IPSW") menu_items+=("DFU IPSW")
#menu_items+=("Other (Tethered)" "DFU IPSW")
fi fi
fi fi
menu_items+=("Go Back") menu_items+=("Go Back")
@ -3861,6 +3932,7 @@ menu_ipsw() {
device_base_build= device_base_build=
device_target_other= device_target_other=
device_target_powder= device_target_powder=
device_target_tethered=
while [[ -z "$mode" && -z "$back" ]]; do while [[ -z "$mode" && -z "$back" ]]; do
case $1 in case $1 in
@ -3937,6 +4009,8 @@ menu_ipsw() {
device_target_other=1 device_target_other=1
elif [[ $1 == *"powdersn0w"* ]]; then elif [[ $1 == *"powdersn0w"* ]]; then
device_target_powder=1 device_target_powder=1
elif [[ $1 == *"Tethered"* ]]; then
device_target_tethered=1
elif [[ -n $device_target_vers && -e "../$newpath.ipsw" ]]; then elif [[ -n $device_target_vers && -e "../$newpath.ipsw" ]]; then
ipsw_verify "../$newpath" "$device_target_build" nopause ipsw_verify "../$newpath" "$device_target_build" nopause
if [[ $? == 0 ]]; then if [[ $? == 0 ]]; then
@ -3947,6 +4021,11 @@ menu_ipsw() {
menu_items=("Select Target IPSW") menu_items=("Select Target IPSW")
menu_print_info menu_print_info
if [[ $1 == *"powdersn0w"* ]]; then if [[ $1 == *"powdersn0w"* ]]; then
if [[ $device_type == "iPod3,1" ]]; then
warn "There might be an issue with powdersn0w downgrade for iPod touch 3."
print "* This is untested, let me know of any issues"
echo
fi
menu_items+=("Select Base IPSW") menu_items+=("Select Base IPSW")
if [[ -n $ipsw_path ]]; then if [[ -n $ipsw_path ]]; then
print "* Selected Target IPSW: $ipsw_path.ipsw" print "* Selected Target IPSW: $ipsw_path.ipsw"
@ -3960,6 +4039,8 @@ menu_ipsw() {
iPad2,4 | iPad3,[123] ) print "* Any iOS version from 5.1 to 9.3.5 is supported";; iPad2,4 | iPad3,[123] ) print "* Any iOS version from 5.1 to 9.3.5 is supported";;
iPhone5,[12] | iPad3,[456] ) print "* Any iOS version from 6.0 to 9.3.5 is supported";; iPhone5,[12] | iPad3,[456] ) print "* Any iOS version from 6.0 to 9.3.5 is supported";;
iPhone5,[34] ) print "* Any iOS version from 7.0 to 9.3.5 is supported";; iPhone5,[34] ) print "* Any iOS version from 7.0 to 9.3.5 is supported";;
iPad1,1 ) print "* Any iOS version from 4.3.1 to 5.1 is supported";;
iPod3,1 ) print "* Any iOS version from 4.3 to 5.1 is supported";;
esac esac
fi fi
echo echo
@ -3968,6 +4049,7 @@ menu_ipsw() {
iPhone3,[13] ) text2="(iOS 7.1.2)";; iPhone3,[13] ) text2="(iOS 7.1.2)";;
iPhone5,[1234] ) text2="(iOS 7.x)";; iPhone5,[1234] ) text2="(iOS 7.x)";;
iPad3,[456] ) text2="(iOS 7.0.x)";; iPad3,[456] ) text2="(iOS 7.0.x)";;
iPad1,1 | iPod3,1 ) text2="(iOS 5.1.1)";;
esac esac
if [[ -n $ipsw_base_path ]]; then if [[ -n $ipsw_base_path ]]; then
print "* Selected Base $text2 IPSW: $ipsw_base_path.ipsw" print "* Selected Base $text2 IPSW: $ipsw_base_path.ipsw"
@ -3976,13 +4058,13 @@ menu_ipsw() {
warn "There might be an issue when selecting iOS 7.0-7.0.2 base." warn "There might be an issue when selecting iOS 7.0-7.0.2 base."
print "* The device might get stuck at recovery mode after the restore." print "* The device might get stuck at recovery mode after the restore."
fi fi
if [[ $device_type != "iPhone3,1" && $device_type != "iPhone3,3" ]]; then if [[ $device_proc != 4 ]]; then
menu_items+=("Select Base SHSH") menu_items+=("Select Base SHSH")
fi fi
else else
print "* Select Base $text2 IPSW to continue" print "* Select Base $text2 IPSW to continue"
fi fi
if [[ $device_type == "iPhone3,1" || $device_type == "iPhone3,3" ]]; then if [[ $device_proc == 4 ]]; then
shsh_path=1 shsh_path=1
else else
if [[ -n $shsh_path ]]; then if [[ -n $shsh_path ]]; then
@ -4002,6 +4084,32 @@ menu_ipsw() {
menu_items+=("$start") menu_items+=("$start")
fi fi
elif [[ $1 == *"Tethered"* ]]; then
menu_items+=("Select Base IPSW (tethered)")
if [[ -n $ipsw_path ]]; then
print "* Selected Target IPSW: $ipsw_path.ipsw"
print "* Target Version: $device_target_vers-$device_target_build"
else
print "* Select Target IPSW to continue"
fi
echo
local text2="(iOS 8.4.1)"
case $device_type in
iPhone4,1 | iPad2,[123] ) text2="(iOS 6.1.3)";;
iPhone2,1 | iPod4,1 ) text2="(iOS 6.1.6)";;
iPad1,1 | iPod3,1 ) text2="(iOS 5.1.1)";;
iPhone3,[123] ) text2="(iOS 7.1.2)";;
esac
if [[ -n $ipsw_base_path ]]; then
print "* Selected Base $text2 IPSW: $ipsw_base_path.ipsw"
print "* Base Version: $device_base_vers-$device_base_build"
else
print "* Select Base $text2 IPSW to continue"
fi
if [[ -n $ipsw_path && -n $ipsw_base_path ]] && [[ -n $shsh_path || $2 == "ipsw" ]]; then
menu_items+=("$start")
fi
elif [[ $1 == "Other"* ]]; then elif [[ $1 == "Other"* ]]; then
# menu for other (shsh) restores # menu for other (shsh) restores
if [[ -n $ipsw_path ]]; then if [[ -n $ipsw_path ]]; then
@ -4065,6 +4173,7 @@ menu_ipsw() {
"Create IPSW" ) mode="custom-ipsw";; "Create IPSW" ) mode="custom-ipsw";;
"Select Target IPSW" ) menu_ipsw_browse "$1";; "Select Target IPSW" ) menu_ipsw_browse "$1";;
"Select Base IPSW" ) menu_ipsw_browse "base";; "Select Base IPSW" ) menu_ipsw_browse "base";;
"Select Base IPSW (tethered)" ) menu_ipsw_browse "base2";;
"Select Target SHSH" ) menu_shsh_browse "$1";; "Select Target SHSH" ) menu_shsh_browse "$1";;
"Select Base SHSH" ) menu_shsh_browse "base";; "Select Base SHSH" ) menu_shsh_browse "base";;
"Download Target IPSW" ) ipsw_download "../$newpath";; "Download Target IPSW" ) ipsw_download "../$newpath";;
@ -4125,11 +4234,14 @@ ipsw_custom_set() {
ipsw_custom+="0" ipsw_custom+="0"
fi fi
fi fi
if [[ $device_target_tethered == 1 ]]; then
ipsw_custom+="T"
fi
if [[ $ipsw_verbose == 1 ]]; then if [[ $ipsw_verbose == 1 ]]; then
ipsw_custom+="V" ipsw_custom+="V"
fi fi
if [[ $device_target_vers == "4.3"* && $device_type == "iPhone3,1" && $device_target_powder == 1 ]]; then if [[ $device_target_powder == 1 ]] && [[ $device_target_vers == "3"* || $device_target_vers == "4"* ]]; then
ipsw_custom+="_$device_ecid" ipsw_custom+="-$device_ecid"
fi fi
} }
@ -4192,23 +4304,47 @@ menu_ipsw_browse() {
"3.1.3" ) versionc="3.1.3";; "3.1.3" ) versionc="3.1.3";;
"Latest iOS"* ) versionc="$device_latest_vers";; "Latest iOS"* ) versionc="$device_latest_vers";;
"base" ) "base" )
if [[ $device_type == "iPhone5"* ]]; then local check_vers="7.1"
if [[ $device_base_vers != "7"* ]]; then local base_vers="7.1.x"
log "Selected IPSW is not for iOS 7.x." case $device_type in
print "* You need iOS 7.x IPSW and SHSH blobs for this device to use powdersn0w." iPhone5* )
check_vers="7"
base_vers="7.x"
;;
iPad3* )
check_vers="7.0"
base_vers="7.0.x"
;;
iPhone3* )
check_vers="7.1.2"
base_vers="$check_vers"
;;
iPad1,1 | iPod3,1 )
check_vers="5.1.1"
base_vers="$check_vers"
;;
esac
if [[ $device_base_vers != "$check_vers"* ]]; then
log "Selected IPSW is not for iOS $base_vers."
print "* You need iOS $base_vers IPSW and SHSH blobs for this device to use powdersn0w."
pause pause
return return
fi fi
elif [[ $device_type == "iPad3"* ]]; then ipsw_verify "$newpath" "$device_base_build"
if [[ $device_base_vers != "7.0"* ]]; then ipsw_base_path="$newpath"
log "Selected IPSW is not for iOS 7.0.x."
print "* You need iOS 7.0.x IPSW and SHSH blobs for this device to use powdersn0w."
pause
return return
fi ;;
elif [[ $device_base_vers != "7.1"* ]]; then "base2" )
log "Selected IPSW is not for iOS 7.1.x." local basec
print "* You need iOS 7.1.x IPSW and SHSH blobs for this device to use powdersn0w." case $device_type in
iPhone4,1 | iPad2,[123] ) basec="6.1.3";;
iPhone2,1 | iPod4,1 ) basec="6.1.6";;
iPad1,1 | iPod3,1 ) basec="5.1.1";;
iPhone3,[123] ) basec="7.1.2";;
* ) basec="8.4.1";;
esac
if [[ $device_base_vers != "$basec" ]]; then
log "Selected IPSW is the correct version for base."
pause pause
return return
fi fi
@ -4217,12 +4353,14 @@ menu_ipsw_browse() {
return return
;; ;;
*"powdersn0w"* ) *"powdersn0w"* )
case $device_target_build in if [[ $device_type == "iPad1,1" && $device_target_vers == "4.3" ]]; then
"8A"* | "8B"* | "8C"* | "8G4" | "8H7" | "8K2" | "14"* )
log "Selected IPSW ($device_target_vers) is not supported as target version." log "Selected IPSW ($device_target_vers) is not supported as target version."
if [[ $device_target_build == "8"* ]]; then pause
print "* Supported iOS 4.3.x versions: 4.3, 4.3.3, 4.3.5" return
fi fi
case $device_target_build in
"7"* | "8A"* | "8B"* | "8C"* | "14"* )
log "Selected IPSW ($device_target_vers) is not supported as target version."
pause pause
return return
;; ;;
@ -4300,7 +4438,7 @@ menu_other() {
menu_items+=("Enter pwnDFU Mode") menu_items+=("Enter pwnDFU Mode")
fi fi
case $device_type in case $device_type in
iPhone3,1 ) menu_items+=("Disable/Enable Exploit");; iPhone3,1 | iPad1,1 | iPod3,1 ) menu_items+=("Disable/Enable Exploit");;
iPhone2,1 ) menu_items+=("Install alloc8 Exploit");; iPhone2,1 ) menu_items+=("Install alloc8 Exploit");;
esac esac
fi fi
@ -4486,7 +4624,7 @@ restore_customipsw() {
$idevicerestore -ce "$ipsw_path.ipsw" $idevicerestore -ce "$ipsw_path.ipsw"
log "Restoring done!" log "Restoring done!"
case $device_target_vers in case $device_target_vers in
1* | 2* | 3* | 4* ) print "* For device activation, go to: Other Utilities -> Attempt Activation";; 3* | 4* ) print "* For device activation, go to: Other Utilities -> Attempt Activation";;
esac esac
} }
@ -4544,6 +4682,7 @@ restore_dfuipsw() {
return return
fi fi
ipsw_path="$ipsw_dfuipsw" ipsw_path="$ipsw_dfuipsw"
device_enter_mode Recovery
ipsw_extract ipsw_extract
log "Running idevicerestore with command: $idevicerestore -e \"$ipsw_path.ipsw\"" log "Running idevicerestore with command: $idevicerestore -e \"$ipsw_path.ipsw\""
$idevicerestore -e "$ipsw_path.ipsw" $idevicerestore -e "$ipsw_path.ipsw"
@ -4584,12 +4723,19 @@ main() {
set_tool_paths set_tool_paths
log "Checking Internet connection..." log "Checking Internet connection..."
$ping www.apple.com >/dev/null local try=("www.apple.com"
if [[ $? != 0 ]]; then "google.com"
$ping 208.67.222.222 >/dev/null "208.67.222.222")
if [[ $? != 0 ]]; then local check
error "Please check your Internet connection before proceeding." for i in "${try[@]}"; do
ping -c1 $try >/dev/null
check=$?
if [[ $check == 0 ]]; then
break
fi fi
done
if [[ $check != 0 ]]; then
error "Please check your Internet connection before proceeding."
fi fi
version_check version_check
@ -4634,7 +4780,7 @@ main() {
"kdfu" ) device_enter_mode kDFU;; "kdfu" ) device_enter_mode kDFU;;
"remove4" ) device_remove4;; "remove4" ) device_remove4;;
"ramdisk4" ) device_enter_ramdisk;; "ramdisk4" ) device_enter_ramdisk;;
"ramdisknvram" ) device_ramdisk nvram;; "ramdisknvram" ) device_ramdisk clearnvram;;
"pwned-ibss" ) device_enter_mode pwnDFU;; "pwned-ibss" ) device_enter_mode pwnDFU;;
"save-onboard-blobs" ) shsh_save_onboard;; "save-onboard-blobs" ) shsh_save_onboard;;
"save-cydia-blobs" ) shsh_save_cydia;; "save-cydia-blobs" ) shsh_save_cydia;;