Comment on stuff and some changes

This commit is contained in:
LukeeGD 2020-03-13 12:12:49 +08:00
parent 205b17c765
commit 5461e888bb
2 changed files with 83 additions and 92 deletions

View File

@ -1,14 +1,22 @@
# 32bit-OTA-Downgrader
### Downgrade 32-bit iOS devices to iOS 8.4.1 or iOS 6.1.3 (see supported devices below first!)
### Downgrade 32-bit iOS devices to iOS 8.4.1 or iOS 6.1.3 (see supported devices below)
- **Please see "Other notes" below to serve as answers for FAQs**
## Supported devices (iOS 8.4.1 downgrade):
- All A5, A5X, A6, and A6X devices **except iPhone5,3 and 5,4 (iPhone 5C)** are supported
## Supported devices (iOS 6.1.3 downgrade):
- Only iPhone 4S and iPad 2 devices except iPad2,4 (iPad 2 Rev A) are supported
## Prerequisites:
- A supported 32-bit device **jailbroken** on any iOS version
- A supported 32-bit iOS device **jailbroken** on any version
- **iOS [8.4.1](https://ipsw.me/8.4.1) or [6.1.3](https://ipsw.me/6.1.3) IPSW** for your device (the script can also download it for you)
- A **Linux install/live USB** (see distros tested on below) (a live USB can be easily created with tools like [balenaEtcher](https://www.balena.io/etcher/) or [Rufus](https://rufus.ie/))
- **macOS** (tested on 10.13 and 10.14 only) should also work, but I won't be able to provide support when the script breaks
- iOS 7/8 Pangu users: Install the [latest Pangu 7.1.x Untether (deb)](http://apt.saurik.com/debs/io.pangu.axe7_0.3_iphoneos-arm.deb) or [latest Pangu 8.0-8.1.x Untether (deb)](http://apt.saurik.com/debs/io.pangu.xuanyuansword8_0.5_iphoneos-arm.deb)
- iOS 9 and below users: Install [OpenSSH](https://cydia.saurik.com/openssh.html); The computer and device must be on the same network for SSH to work
- iOS 9 and below users: Install [OpenSSH](https://cydia.saurik.com/package/openssh/); The computer and iOS device must be on the same network for SSH to work
- iOS 10 users: Install [MTerminal](http://cydia.saurik.com/package/com.officialscheduler.mterminal/)
## How to use:
@ -20,22 +28,14 @@
6. Select option to be used (8.4.1/6.1.3 downgrade)
7. Follow instructions
## Supported devices (iOS 8.4.1 downgrade):
- All A5, A5X, A6, and A6X devices **except iPhone5,3 and 5,4 (iPhone 5C)** are supported
## Supported devices (iOS 6.1.3 downgrade):
- Only iPhone 4S and iPad 2 devices except iPad2,4 (iPad 2 Rev A) are supported
## Other notes:
- **You do NOT need blobs to use this**, the script will get them for you
- This script will also restore your device to the latest baseband (N/A to devices with no baseband)
- This script will restore your device with the latest baseband (N/A to devices with no baseband)
- This script has a workaround for the activation error on iOS 10 devices
- This script uses the futurerestore method for downgrading, NOT the Odysseus method nor modifying SystemVersion.plist
- This script will use an unmodified IPSW to restore
- This script only uses iBSS patches from bundles for entering pwnDFU mode, NOT for creating a custom IPSW
- This script can also be used to enter kDFU mode for all supported devices
- This script uses futurerestore "Odysseus method" for downgrading (different from OdysseusOTA/2, which are deprecated)
- This script uses an unmodified IPSW to restore and does NOT create a custom IPSW
- This script only uses iBSS patches for entering kDFU mode
- This script can also be used to just enter kDFU mode for all supported devices
- This script can also be used to futurerestore to other iOS versions when provided with SHSH blobs
- This script should also work on virtual machines, but I won't provide support on them
@ -45,18 +45,17 @@
- [Arch Linux](https://www.archlinux.org/) full install
- [Manjaro](https://manjaro.org/) live USB and full install
## Tools used by this script:
## Tools and other stuff used by this script:
- cURL
- bsdiff (bspatch)
- ideviceinfo
- ifuse
- [tsschecker](https://github.com/tihmstar/tsschecker)
- [futurerestore](https://github.com/tihmstar/futurerestore)
- [tsschecker](https://github.com/tihmstar/tsschecker/releases/tag/v212)
- [futurerestore](http://api.tihmstar.net/builds/futurerestore/futurerestore-latest.zip)
- [xpwntool](https://www.youtube.com/watch?v=fh0tB6fp0Sc)
- [kloader](https://www.youtube.com/watch?v=fh0tB6fp0Sc)
- [kloader5 (iOS 5)](http://www.pmbonneau.com/cydia/)
- [kloader5 (iOS 5)](https://mtmdev.org/pmbonneau-archive)
- [kloader_hgsp (iOS 10)](https://twitter.com/nyan_satan/status/945203180522045440)
- [partialZipBrowser](https://github.com/tihmstar/partialZipBrowser)
- [partialZipBrowser](https://github.com/tihmstar/partialZipBrowser/releases/tag/36)
- python3 (http.server)
- iBSS patches are from [OdysseusOTA](https://www.youtube.com/watch?v=Wo7mGdMcjxw), [OdysseusOTA2](https://www.youtube.com/watch?v=fh0tB6fp0Sc), [alitek12](https://www.mediafire.com/folder/b1z64roy512wd/FirmwareBundles), [gjest](https://files.fm/u/fcbqqdnw)

View File

@ -1,75 +1,57 @@
#!/bin/bash
iv_k93=781b9672a86ba1b41f8b7fa0af714c94
# 8.4.1 IV and Keys
iv_k93=781b9672a86ba1b41f8b7fa0af714c94 #iPad2,1
key_k93=bbd7bf676dbcc6ba93c76d496b7af39ae7772eaaad2ec9fb71dc1fd004827784
iv_k94=883c92ed915e4d2481570a062583495b
iv_k94=883c92ed915e4d2481570a062583495b #iPad2,2
key_k94=ccfadf3732904885d38f963cce035d7e03b387b67212d526503c85773b58e52f
iv_k95=460116385cca6d5596221c58ae122669
iv_k95=460116385cca6d5596221c58ae122669 #iPad2,3
key_k95=7852f1fd93d9d49ebea44021081e8f1dffa336d0d3e9517374f8be451dd92eb7
iv_k93a=976aa656929ac699fff36715de96876d
iv_k93a=976aa656929ac699fff36715de96876d #iPad2,4
key_k93a=5fe5c47b5620c2b40b1ca2bd1764a92d568901a24e1caf8faf0cf0f84ae11b4e
iv_p105=b21abc8689b0dea8f6e613f9f970e241
iv_p105=b21abc8689b0dea8f6e613f9f970e241 #iPad2,5
key_p105=b9ed63e4a31f5d9d4d7dddc527e65fd31d1ea48c70204e6b44551c1e6dfc52b5
iv_p106=56231fd62c6296ed0c8c411bcef602e0
iv_p106=56231fd62c6296ed0c8c411bcef602e0 #iPad2,6
key_p106=cdb2142489e5e936fa8f3540bd036f62ed0f27ddb6fec96b9fbfec5a65bc5f17
iv_p107=fa39c596b6569e572d90f0820e4e4357
iv_p107=fa39c596b6569e572d90f0820e4e4357 #iPad2,7
key_p107=34b359fcc729a0f0d2853e786a78b245ed36a9212c8296aaab95dc0401cf07de
iv_j1=c3ea87ed43788dfc3e268abdf1af27dd
iv_j1=c3ea87ed43788dfc3e268abdf1af27dd #iPad3,1
key_j1=cd3dd7eee07b9ce8b180d1526632cf86dc7fef7d52352d06af354598ab9cf2ef
iv_j2=32fcd912cb9a472ef2a6db72596ae01c
iv_j2=32fcd912cb9a472ef2a6db72596ae01c #iPad3,2
key_j2=076720d5a07e8011bdda6f6eafaf4845b40a441615cd1d7c1a9cca438ce7db17
iv_j2a=e6b041970cd611c8a1561a4c210bc476
iv_j2a=e6b041970cd611c8a1561a4c210bc476 #iPad3,3
key_j2a=aec6a888d45bd26106ac620d7d4ec0c160ab80276deedc1b50ce8f5d99dcc9af
iv_p101=a5892a58c90b6d3fb0e0b20db95070d7
iv_p101=a5892a58c90b6d3fb0e0b20db95070d7 #iPad3,4
key_p101=75612774968009e3f85545ac0088d0d0bb9cb4e2c2970e8f88489be0b9dfe103
iv_p102=fba6d9aaec7237891c80390e6ffa88bf
iv_p102=fba6d9aaec7237891c80390e6ffa88bf #iPad3,5
key_p102=92909dca9bfdb9193131f9ad9b628b1a4971b1cbab52c0ddd114a6253fad96c0
iv_p103=1d99e780d96c32a25ca7e4b1c7fe14c0
iv_p103=1d99e780d96c32a25ca7e4b1c7fe14c0 #iPad3,6
key_p103=4e2c14927693d61e1da375e340061521c9376007163f6ab55afbe1a03b901fd3
iv_n78=e0175b03bc29817adc312638884e0898
iv_n94=147cdef921ed14a5c10631c5e6e02d1e #iPhone4,1
key_n94=6ea1eb62a9f403ee212c1f6b3039df093963b46739c6093407190fe3d750c69c
iv_n41=bd0c8b039a819604a30f0d39adf88572 #iPhone5,1
key_n41=baf05fe0282f78c18c2e3842be4f9021919d586b55594281f5b5abd0f6e61495
iv_n42=fdad2b7a35384fa2ffc7221213ca1082 #iPhone5,2
key_n42=74cd68729b800a20b1f8e8a3cb5517024a09f074eaa05b099db530fb5783275e
iv_n48=dbecd5f265e031835584e6bfbdb4c47f #iPhone5,3
key_n48=248f86d983626b75d26718fa52732eca64466ab73df048f278e034a272041f7e
iv_n49=039241f2b0212bb7c7b62ab4deec263f #iPhone5,4
key_n49=d0b49d366469ae2b1580d7d31b1bcf783d835e4fac13cfe9f9a160fa95010ac4
iv_n78=e0175b03bc29817adc312638884e0898 #iPod5,1
key_n78=0a0e0aedc8171669c9af6a229930a395959df55dcd8a3ee1fe0f4c009007df3c
iv_n94=147cdef921ed14a5c10631c5e6e02d1e
key_n94=6ea1eb62a9f403ee212c1f6b3039df093963b46739c6093407190fe3d750c69c
iv_n41=bd0c8b039a819604a30f0d39adf88572
key_n41=baf05fe0282f78c18c2e3842be4f9021919d586b55594281f5b5abd0f6e61495
iv_n42=fdad2b7a35384fa2ffc7221213ca1082
key_n42=74cd68729b800a20b1f8e8a3cb5517024a09f074eaa05b099db530fb5783275e
iv_n48=dbecd5f265e031835584e6bfbdb4c47f
key_n48=248f86d983626b75d26718fa52732eca64466ab73df048f278e034a272041f7e
iv_n49=039241f2b0212bb7c7b62ab4deec263f
key_n49=d0b49d366469ae2b1580d7d31b1bcf783d835e4fac13cfe9f9a160fa95010ac4
iv_k93_613=b69f753dccd09c9b98d345ec73bbf044
# 6.1.3 IV and Keys
iv_k93_613=b69f753dccd09c9b98d345ec73bbf044 #iPad2,1
key_k93_613=6e4cce9ea6f2ec346cba0b279beab1b43e44a0680f1fde789a00f66a1e68ffab
iv_k94_613=bc3c9f168d7fb86aa219b7ad8039584b
iv_k94_613=bc3c9f168d7fb86aa219b7ad8039584b #iPad2,2
key_k94_613=b1bd1dc5e6076054392be054d50711ae70e8fcf31a47899fb90ab0ff3111b687
iv_k95_613=56f964ee19bfd31f06e43e9d8fe93902
iv_k95_613=56f964ee19bfd31f06e43e9d8fe93902 #iPad2,3
key_k95_613=0bb841b8f1922ae73d85ed9ed0d7a3583a10af909787857c15af2691b39bba30
iv_n94_613=d3fe01e99bd0967e80dccfc0739f93d5
iv_n94_613=d3fe01e99bd0967e80dccfc0739f93d5 #iPhone4,1
key_n94_613=35343d5139e0313c81ee59dbae292da26e739ed75b3da5db9da7d4d26046498c
function BasebandDetect {
# For Wi-Fi only devices
if [ $ProductType == iPad2,1 ] || [ $ProductType == iPad2,4 ] || [ $ProductType == iPad2,5 ] ||
[ $ProductType == iPad3,1 ] || [ $ProductType == iPad3,4 ] || [ $ProductType == iPod5,1 ]; then
NoBaseband=1
@ -77,6 +59,7 @@ function BasebandDetect {
}
function Clean {
# Clean up files (called on MainMenu and trap dependency)
rm -r iP*/ tmp/ $(ls ${UniqueChipID}_${ProductType}_${DowngradeVersion}-*.shsh2 2>/dev/null) 2>/dev/null
}
@ -84,11 +67,16 @@ function MainMenu {
Clean
mkdir tmp
if [ $(lsusb | grep -c "1227") == 1 ]; then
read -p "[Input] Device in DFU mode detected. Is your device in kDFU mode? (y/N) " kDFUManual
if [ $(lsusb | grep -c '1227') == 1 ]; then
read -p "[Input] Device in DFU mode detected. Is the device in kDFU mode? (y/N) " kDFUManual
if [[ $kDFUManual == y ]] || [[ $kDFUManual == Y ]]; then
read -p "[Input] Enter ProductType (eg. iPad2,1): " ProductType
if [ $(which irecovery) ]; then
# Get ECID with irecovery (optional)
UniqueChipID=$(sudo irecovery -q | grep 'ECID:' | cut -c 7-)
else
read -p "[Input] Enter UniqueChipID (ECID): " UniqueChipID
fi
BasebandDetect
echo "[Log] Will now downgrade device $ProductType in kDFU mode..."
Mode='Downgrade'
@ -207,11 +195,13 @@ function Action {
function SaveOTABlobs {
BuildManifest="resources/manifests/BuildManifest_${ProductType}_${DowngradeVersion}.plist"
# ota.json is being downloaded now so tsschecker doesn't have to
# this is because tsschecker has an unforgiving timeout when DL'ing ota.json
if [ ! -e resources/ota.json ]; then
echo "[Log] Downloading ota.json..."
curl -L "https://api.ipsw.me/v2.1/ota.json/condensed" -o "resources/ota.json"
curl -L https://api.ipsw.me/v2.1/ota.json/condensed -o tmp/ota.json
mv tmp/ota.json resources/
fi
echo "[Log] Copying ota.json to tmp..."
if [ $platform == macos ]; then
cp resources/ota.json $TMPDIR
@ -219,16 +209,15 @@ function SaveOTABlobs {
cp resources/ota.json /tmp
fi
echo
if [ ! -e /tmp/ota.json ] && [ ! -e $TMPDIR/ota.json ]; then
echo "[Error] Download ota.json failed. Please run the script again"
echo "[Error] Downloading/copying ota.json failed. Please run the script again"
exit
fi
echo "[Log] Saving $DowngradeVersion blobs with tsschecker..."
env "LD_PRELOAD=libcurl.so.3" resources/tools/tsschecker_$platform -d $ProductType -i $DowngradeVersion -o -s -e $UniqueChipID -m $BuildManifest
echo
SHSH=$(ls *.shsh2)
SHSH=$(ls ${UniqueChipID}_${ProductType}_${DowngradeVersion}-*.shsh2)
if [ ! -e "$SHSH" ]; then
echo "[Error] Saving $DowngradeVersion blobs failed. Please run the script again"
exit
@ -239,6 +228,8 @@ function SaveOTABlobs {
function kDFU {
if [ ! -e tmp/$iBSS.dfu ]; then
# Downloading 8.4.1 iBSS for "other" downgrades
# This is because this script only provides 8.4.1 iBSS IV and Keys
echo "[Log] Downloading iBSS..."
dllink=$(curl -I -Ls -o /dev/null -w %{url_effective} https://api.ipsw.me/v4/ipsw/download/${ProductType}/12H321)
resources/tools/pzb_$platform -g Firmware/dfu/${iBSS}.dfu -o $iBSS.dfu $dllink
@ -249,12 +240,11 @@ function kDFU {
echo "Key = ${!key}"
resources/tools/xpwntool_$platform "tmp/${iBSS}.dfu" tmp/iBSS.dec -k ${!key} -iv ${!iv} -decrypt
dd bs=64 skip=1 if=tmp/iBSS.dec of=tmp/iBSS.dec2
echo
echo "[Log] Patching iBSS..."
bspatch tmp/iBSS.dec2 tmp/pwnediBSS resources/patches/$iBSS.patch
echo
# Regular kloader only works on iOS 6 to 9, so other versions are provided for iOS 5 and 10
if [[ $VersionDetect == 1 ]]; then
kloader='kloader_hgsp'
elif [[ $VersionDetect == 5 ]]; then
@ -264,6 +254,8 @@ function kDFU {
fi
if [[ $VersionDetect == 1 ]]; then
# SSH is unreliable/not working on iOS 10 devices, so ifuse+MTerminal is used instead
# It's less convenient, but it should work every time
if [ ! $(which ifuse) ]; then
echo "[Error] ifuse not found. Please re-install dependencies and try again"
echo "For macOS systems, install osxfuse and ifuse using brew"
@ -275,14 +267,13 @@ function kDFU {
echo "nvram wifiaddr=$WifiAddrDecr
chmod 755 kloader_hgsp
./kloader_hgsp pwnediBSS" >> tmp/pwn.sh
mkdir mount
echo "[Log] Mounting device using ifuse..."
mkdir mount
ifuse mount
echo "[Log] Copying stuff to device..."
cp "tmp/pwn.sh" "resources/tools/$kloader" "tmp/pwnediBSS" "mount/"
echo "[Log] Unmounting device..."
sudo umount mount
#rm -r mount
echo
echo "[Log] Open MTerminal and run these commands:"
echo
@ -292,6 +283,7 @@ function kDFU {
echo "# chmod +x pwn.sh"
echo "# ./pwn.sh"
else
# SSH: Send kloader and pwnediBSS to device root and run kloader as root
echo "Make sure SSH is installed and working on the device!"
echo "Please enter Wi-Fi IP address of device for SSH connection"
read -p "[Input] IP Address: " IPAddress
@ -323,13 +315,14 @@ function FindDFU {
}
function Downgrade {
# These firmware keys are essential for iPad2,4, 2,5, 2,6, 2,7, and iPod5,1
# 8.4.1 KBAG keys for those devices are missing in firmware-keys.ipsw.me
if [ ! -e resources/firmware ]; then
echo "[Log] Firmware keys missing, downloading firmware keys..."
curl -L https://github.com/LukeZGD/32bit-OTA-Downgrader/archive/firmware.zip -o tmp/firmware.zip
unzip -q tmp/firmware.zip -d tmp
mkdir resources/firmware
unzip -q tmp/firmware.zip -d resources
mv resources/32bit-OTA-Downgrader-firmware/firmware/* resources/firmware
rm -r resources/32bit-OTA-Downgrader-firmware/
mv tmp/32bit-OTA-Downgrader-firmware/firmware/* resources/firmware
fi
if [ ! $NotOTA ]; then
@ -337,7 +330,8 @@ function Downgrade {
IPSW="${ProductType}_${DowngradeVersion}_${DowngradeBuildVer}_Restore"
if [ ! -e "$IPSW.ipsw" ]; then
echo "[Log] iOS $DowngradeVersion IPSW is missing, downloading IPSW..."
curl -L https://api.ipsw.me/v4/ipsw/download/$ProductType/$DowngradeBuildVer -o "$IPSW.ipsw"
curl -L https://api.ipsw.me/v4/ipsw/download/$ProductType/$DowngradeBuildVer -o tmp/$IPSW.ipsw
mv tmp/$IPSW.ipsw .
fi
unzip -j "$IPSW.ipsw" Firmware/dfu/$iBSS.dfu -d tmp/
fi
@ -356,8 +350,6 @@ function Downgrade {
cd ..
echo "[Log] Will now proceed to futurerestore..."
echo
while [[ $ScriptDone != 1 ]]; do
if [ ! $NoBaseband ]; then
sudo env "LD_PRELOAD=libcurl.so.3" resources/tools/futurerestore_$platform -t "$SHSH" --latest-baseband --use-pwndfu "$IPSW.ipsw"
@ -368,6 +360,7 @@ function Downgrade {
echo
echo "futurerestore done!"
# Downloading stuff sometimes fails causing futurerestore to halt, so I added the option to retry here
echo "If futurerestore failed to download baseband or for some reason, you can choose to retry"
read -p "[Input] Retry? (y/N) " Retry
if [[ $Retry != y ]] && [[ $Retry != Y ]]; then
@ -458,7 +451,7 @@ function Ubuntu1804 {
cd ..
}
# ----------------
# --- MAIN SCRIPT STARTS HERE ---
trap Clean INT TERM EXIT
clear
@ -475,7 +468,6 @@ else
echo "Supports Linux and macOS only"
exit
fi
if [[ ! $(ping -c1 google.com 2>/dev/null) ]]; then
echo "[Error] Please check your Internet connection before proceeding"
exit