mirror of
https://github.com/LukeZGD/Legacy-iOS-Kit.git
synced 2024-12-23 23:01:49 +01:00
Support for daibutsu jailbreak with daibutsuCFW (#129)
* Get started * Up * up * Now working * Update README.md * Update README.md * Input for ProductType and UniqueChipID if needed * Update * Update depends.sh * Update README.md * Update restore.sh * Update README.md
This commit is contained in:
parent
cc4c38ca40
commit
5c014be961
3
.gitignore
vendored
3
.gitignore
vendored
@ -1,6 +1,8 @@
|
||||
*.bbfw
|
||||
*.dfu
|
||||
*.dmg
|
||||
*.im4p
|
||||
*.ipa
|
||||
*.ipsw
|
||||
*.json
|
||||
*.shsh
|
||||
@ -10,6 +12,7 @@
|
||||
Cydia*
|
||||
iP*
|
||||
saved/
|
||||
resources/daibutsuCFW
|
||||
resources/FirmwareBundles
|
||||
resources/firmware/
|
||||
resources/ipwndfu/
|
||||
|
43
README.md
43
README.md
@ -86,14 +86,15 @@
|
||||
- **IPSW file integrity** will be verified before restoring and/or creating custom IPSW (if custom IPSW is already created, this will be skipped)
|
||||
- **For users having issues with missing libraries/tools:** Re-install dependencies with `./restore.sh Install`
|
||||
- Alternatively, delete the `libimobiledevice` folder in `resources` then run the script again
|
||||
- macOS users may have to install libimobiledevice and libirecovery from [Homebrew](https://brew.sh/) with this command: `brew install libimobiledevice libirecovery`
|
||||
- The script will detect this automatically and will use the Homebrew versions of the tools
|
||||
- **For A7 devices:**
|
||||
- Do not use USB-C to lightning cables as this can prevent a successful restore
|
||||
- ipwndfu is unfortunately very unreliable on Linux, you may have to try multiple times (Linux users may also try in a live USB)
|
||||
- If the script cannot find your device in pwnREC mode or gets stuck, you may have to start over by [force restarting](https://support.apple.com/en-ph/guide/iphone/iph8903c3ee6/ios) and re-entering recovery/DFU mode
|
||||
- macOS users may have to install libimobiledevice and libirecovery from [Homebrew](https://brew.sh/) with this command: `brew install libimobiledevice libirecovery`
|
||||
- The script will detect this automatically and will use the Homebrew versions of the tools
|
||||
- Use an Intel or Apple Silicon PC/Mac as entering pwnDFU (checkm8) may be a lot more unreliable on AMD devices
|
||||
- Apple Silicon Mac users running macOS 11.3 and newer may encounter issues entering pwnDFU mode (see issue [#114](https://github.com/LukeZGD/iOS-OTA-Downgrader/issues/114))
|
||||
- For more troubleshooting steps for entering pwnDFU mode, see issue [#126](https://github.com/LukeZGD/iOS-OTA-Downgrader/issues/126)
|
||||
- Other than the above, unfortunately there is not much else I can do to help regarding entering pwnDFU mode.
|
||||
- **For 32-bit devices:**
|
||||
- To make sure that SSH is successful, try these steps: Reinstall OpenSSH/Dropbear, reboot and rejailbreak, then reinstall them again
|
||||
@ -109,33 +110,29 @@
|
||||
- Select the "kDFU mode" option if your device is already in kDFU mode beforehand. Example of this is using kDFUApp by tihmstar; kDFUApp can also be installed from my repo
|
||||
- For A6/A6X devices, "DFU mode (A6)" option can be used. This will use ipwndfu (or iPwnder32 for Mac) to put your device in pwnDFU mode, send pwned iBSS, and proceed with the downgrade/restore
|
||||
- For A5/A5X devices, "pwnDFU mode (A5)" option can be used, BUT ONLY IF the device is put in pwnDFU mode beforehand, with an Arduino and USB Host Shield ([checkm8-a5](https://github.com/synackuk/checkm8-a5))
|
||||
- **For the jailbreak option (iOS 6.1.3 and 8.4.1):**
|
||||
- **For the jailbreak option:**
|
||||
- If you have problems with Cydia, remove the ultrasn0w repo and close Cydia using the app switcher, then try opening Cydia again
|
||||
- If you cannot find Cydia in your home screen, try accessing Cydia through Safari with `cydia://` and install "Jailbreak App Icons Fix" package from my Cydia repo
|
||||
- **For the jailbreak option (iOS 8.4.1 only):**
|
||||
- Stashing is already enabled and `nosuid` is removed from `fstab`, so there is no need to install "Stashing for #etasonJB" package
|
||||
- **For users with A5 Rev A ([8942](https://www.theiphonewiki.com/wiki/S5L8942)) and A5X ([8945](https://www.theiphonewiki.com/wiki/S5L8945)) devices:**
|
||||
- **A5 Rev A devices:** iPad2,4, iPad mini 1, iPod touch 5
|
||||
- **A5X devices:** iPad 3
|
||||
- The jailbreak option **might not work** on A5 Rev A devices. (see issue [#70](https://github.com/LukeZGD/iOS-OTA-Downgrader/issues/70)) The script will warn you if you enable the jailbreak option on one of these devices
|
||||
- For users that downgraded **without** jailbreak option, and have manually jailbroken with the EtasonJB app, it is recommended to install "EtasonJB Disable Bootloop Protection" from my Cydia repo
|
||||
- For users that downgraded **with** the jailbreak option, and to users that have installed "EtasonJB Disable Bootloop Protection", your device might take a very long time to boot, possibly 20 minutes or more
|
||||
- **My Cydia repo**: https://lukezgd.github.io/repo/ - for installing Dropbear, Jailbreak App Icons Fix, EtasonJB Disable Bootloop Protection, kDFUApp
|
||||
- p0sixspwn will be used for iOS 6.1.3, and EtasonJB or daibutsu for iOS 8.4.1
|
||||
- For some devices, EtasonJB untether is unstable and not working properly, so daibutsu jailbreak will be used. See PR [#129](https://github.com/LukeZGD/iOS-OTA-Downgrader/pull/129) for more details
|
||||
- For devices jailbroken with EtasonJB, there is no need to install "Stashing for #etasonJB" package, as stashing is already enabled
|
||||
- For devices jailbroken with daibutsu, add the system repo for future updates to the untether: https://dora2ios.github.io/repo/
|
||||
- **My Cydia repo**: https://lukezgd.github.io/repo/ - for installing Dropbear and kDFUApp if needed
|
||||
|
||||
## Tools and other stuff used by this script:
|
||||
- cURL
|
||||
- bspatch
|
||||
- [ipwndfu](https://github.com/LukeZGD/ipwndfu)
|
||||
- [iPwnder32](https://github.com/dora2-iOS/iPwnder32)
|
||||
- [irecovery](https://github.com/libimobiledevice/libirecovery)
|
||||
- [libimobiledevice](https://github.com/libimobiledevice/libimobiledevice)
|
||||
- [imobiledevice-net](https://github.com/libimobiledevice-win32/imobiledevice-net) (macOS)
|
||||
- [idevicerestore](https://github.com/LukeeGD/idevicerestore)
|
||||
- ipsw tool from [xpwn](https://github.com/LukeeGD/xpwn) (OdysseusOTA/2)
|
||||
- [ipwndfu](https://github.com/LukeZGD/ipwndfu) - LukeZGD fork
|
||||
- [iPwnder32](https://github.com/dora2-iOS/iPwnder32) - dora2ios
|
||||
- [daibutsuCFW](https://github.com/dora2-iOS/daibutsuCFW) - dora2ios
|
||||
- [libimobiledevice](https://github.com/libimobiledevice/libimobiledevice) - libimobiledevice
|
||||
- [libirecovery](https://github.com/libimobiledevice/libirecovery) - libimobiledevice
|
||||
- [imobiledevice-net](https://github.com/libimobiledevice-win32/imobiledevice-net) - libimobiledevice (macOS binaries)
|
||||
- [idevicerestore](https://github.com/LukeeGD/idevicerestore) - LukeZGD fork
|
||||
- ipsw tool from [xpwn](https://github.com/LukeeGD/xpwn) (OdysseusOTA/2) - LukeZGD fork
|
||||
- Python 2 (for ipwndfu, rmsigchks, SimpleHTTPServer)
|
||||
- [tsschecker](https://github.com/tihmstar/tsschecker)
|
||||
- [futurerestore](http://api.tihmstar.net/builds/futurerestore/futurerestore-latest.zip) used for 32-bit devices
|
||||
- [futurerestore](https://github.com/m1stadev/futurerestore) used for A7 devices
|
||||
- [tsschecker](https://github.com/tihmstar/tsschecker) - tihmstar
|
||||
- [futurerestore](http://api.tihmstar.net/builds/futurerestore/futurerestore-latest.zip) used for 32-bit devices - tihmstar
|
||||
- [futurerestore](https://github.com/m1stadev/futurerestore) used for A7 devices - m1stadev fork
|
||||
- [kloader](https://www.youtube.com/watch?v=fh0tB6fp0Sc)
|
||||
- [kloader5 for iOS 5](https://www.pmbonneau.com/cydia/com.pmbonneau.kloader5_1.2_iphoneos-arm.deb)
|
||||
- [kloader_hgsp for iOS 10](https://twitter.com/nyan_satan/status/945203180522045440)
|
||||
|
@ -57,18 +57,18 @@ SetToolPaths() {
|
||||
}
|
||||
|
||||
SaveExternal() {
|
||||
local ExternalURL="https://github.com/LukeZGD/$1.git"
|
||||
local External=$1
|
||||
[[ $1 == "iOS-OTA-Downgrader-Keys" ]] && External="firmware"
|
||||
local ExternalURL="https://github.com/$1/$2.git"
|
||||
local External=$2
|
||||
[[ $2 == "iOS-OTA-Downgrader-Keys" ]] && External="firmware"
|
||||
cd resources
|
||||
if [[ ! -d $External || ! -d $External/.git ]]; then
|
||||
Log "Downloading $External..."
|
||||
rm -rf $External
|
||||
$git clone $ExternalURL $External
|
||||
fi
|
||||
if [[ ! -e $External/README.md || ! -d $External/.git ]]; then
|
||||
if [[ ! $(ls $External/*.md) || ! -d $External/.git ]]; then
|
||||
rm -rf $External
|
||||
Error "Downloading/updating $1 failed. Please run the script again"
|
||||
Error "Downloading/updating $2 failed. Please run the script again"
|
||||
fi
|
||||
cd ..
|
||||
}
|
||||
|
@ -31,11 +31,12 @@ GetDeviceValues() {
|
||||
local ideviceinfo2
|
||||
|
||||
Log "Finding device in Normal mode..."
|
||||
DeviceState=
|
||||
ideviceinfo2=$($ideviceinfo -s)
|
||||
if [[ $? != 0 ]]; then
|
||||
Log "Finding device in DFU/recovery mode..."
|
||||
DeviceState="$($irecovery -q 2>/dev/null | grep -w "MODE" | cut -c 7-)"
|
||||
else
|
||||
elif [[ ! -z $ideviceinfo2 ]]; then
|
||||
DeviceState="Normal"
|
||||
fi
|
||||
|
||||
@ -44,7 +45,14 @@ GetDeviceValues() {
|
||||
ProductType=$($irecovery -qv 2>&1 | grep "iP" | cut -c 14-)
|
||||
[[ $(echo $ProductType | cut -c 3) == 'h' ]] && ProdCut=9
|
||||
ProductType=$(echo $ProductType | cut -c -$ProdCut)
|
||||
if [[ ! $ProductType ]]; then
|
||||
read -p "$(Input 'Enter ProductType (eg. iPad2,1):')" ProductType
|
||||
fi
|
||||
|
||||
UniqueChipID=$((16#$(echo $($irecovery -q | grep "ECID" | cut -c 7-) | cut -c 3-)))
|
||||
if [[ ! $UniqueChipID || $UniqueChipID == 0 ]]; then
|
||||
read -p "$(Input 'Enter UniqueChipID (ECID, must be decimal):')" UniqueChipID
|
||||
fi
|
||||
ProductVer="Unknown"
|
||||
else
|
||||
ProductType=$(echo "$ideviceinfo2" | grep "ProductType" | cut -c 14-)
|
||||
@ -54,7 +62,7 @@ GetDeviceValues() {
|
||||
UniqueDeviceID=$(echo "$ideviceinfo2" | grep "UniqueDeviceID" | cut -c 17-)
|
||||
fi
|
||||
|
||||
if [[ ! $ProductType ]]; then
|
||||
if [[ ! $DeviceState ]]; then
|
||||
Error "No device detected. Please put the device in normal mode before proceeding. Recovery or DFU mode is also applicable" \
|
||||
"For more details regarding alternative methods, read the \"Other Notes\" section of the README"
|
||||
fi
|
||||
@ -267,7 +275,7 @@ kDFU() {
|
||||
|
||||
$iproxy 2222 22 &
|
||||
iproxyPID=$!
|
||||
|
||||
|
||||
Log "Copying stuff to device via SSH..."
|
||||
Echo "* Make sure OpenSSH/Dropbear is installed on the device and running!"
|
||||
Echo "* Dropbear is only needed for devices on iOS 10"
|
||||
|
@ -90,11 +90,12 @@ Downgrade() {
|
||||
|
||||
if [[ $Jailbreak != 'N' && $Jailbreak != 'n' ]]; then
|
||||
Jailbreak=1
|
||||
if [[ $ProductType == "iPad2,5" || $ProductType == "iPad2,6" ||
|
||||
$ProductType == "iPad2,7" || $ProductType == "iPod5,1" ]]; then
|
||||
Log "Warning - A5 Rev A device detected. Enabling the jailbreak option might not work for you"
|
||||
read -p "$(Input 'Select Y to continue anyway, N to cancel and exit (y/N):')" Jailbreak
|
||||
[[ $Jailbreak == 'Y' || $Jailbreak == 'y' ]] && Jailbreak=1 || exit 0
|
||||
if [[ $ProductType == "iPhone4,1" || $ProductType == "iPad2,4" ||
|
||||
$ProductType == "iPad2,5" || $ProductType == "iPad2,6" ||
|
||||
$ProductType == "iPad2,7" || $ProductType == "iPod5,1" ]] ||
|
||||
[[ $ProductType == "iPad3"* && $DeviceProc == 5 ]]; then
|
||||
Log "Using daibutsu jailbreak"
|
||||
JBDaibutsu=1
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
@ -159,7 +160,7 @@ Downgrade() {
|
||||
"Delete/replace the IPSW and run the script again"
|
||||
fi
|
||||
elif [[ -e "$IPSWCustom.ipsw" ]]; then
|
||||
Log "Found existing Custom IPSW. Skipping verification."
|
||||
Log "Found existing Custom IPSW. Skipping IPSW verification."
|
||||
Log "Setting restore IPSW to: $IPSWCustom.ipsw"
|
||||
IPSWRestore=$IPSWCustom
|
||||
fi
|
||||
|
@ -1,25 +1,43 @@
|
||||
#!/bin/bash
|
||||
|
||||
IPSW32() {
|
||||
local Bundle="resources/firmware/FirmwareBundles/Down_${ProductType}_${OSVer}_${BuildVer}.bundle"
|
||||
local JBFiles
|
||||
local JBMemory
|
||||
local JBSHA1
|
||||
local JBPartSize
|
||||
|
||||
|
||||
if [[ $IPSWRestore == $IPSWCustom ]]; then
|
||||
Log "Found existing Custom IPSW. Skipping IPSW creation."
|
||||
return
|
||||
fi
|
||||
|
||||
if [[ $Jailbreak == 1 ]]; then
|
||||
|
||||
if [[ -e $Bundle/Info.plist.bak ]]; then
|
||||
rm $Bundle/Info.plist
|
||||
mv $Bundle/Info.plist.bak $Bundle/Info.plist
|
||||
fi
|
||||
|
||||
if [[ $JBDaibutsu == 1 ]]; then
|
||||
JBPartSize="-daibutsu"
|
||||
SaveExternal dora2-iOS daibutsuCFW
|
||||
echo '#!/bin/bash' > tmp/reboot.sh
|
||||
echo "mount_hfs /dev/disk0s1s1 /mnt1; mount_hfs /dev/disk0s1s2 /mnt2" >> tmp/reboot.sh
|
||||
echo "nvram -d boot-partition; nvram -d boot-ramdisk" >> tmp/reboot.sh
|
||||
echo "/usr/bin/haxx_overwrite -$HWModel" >> tmp/reboot.sh
|
||||
|
||||
elif [[ $Jailbreak == 1 ]]; then
|
||||
cp $Bundle/Info.plist $Bundle/Info.plist.bak
|
||||
sed -z -i "s|</dict>\n</plist>|\t<key>needPref</key>\n\t<true/>\n</dict>\n</plist>|g" $Bundle/Info.plist
|
||||
if [[ $OSVer == 8.4.1 ]]; then
|
||||
JBFiles=("fstab.tar" "etasonJB-untether.tar" "Cydia8.tar")
|
||||
JBSHA1="6459dbcbfe871056e6244d23b33c9b99aaeca970"
|
||||
JBPartSize="-s 2305"
|
||||
else
|
||||
elif [[ $OSVer == 6.1.3 ]]; then
|
||||
JBFiles=("fstab_rw.tar" "p0sixspwn.tar" "Cydia6.tar")
|
||||
JBSHA1="1d5a351016d2546aa9558bc86ce39186054dc281"
|
||||
JBPartSize="-s 1260"
|
||||
else
|
||||
Error "No OSVer selected?"
|
||||
fi
|
||||
if [[ ! -e resources/jailbreak/${JBFiles[2]} ]]; then
|
||||
cd tmp
|
||||
@ -32,6 +50,7 @@ IPSW32() {
|
||||
JBFiles[$i]=jailbreak/${JBFiles[$i]}
|
||||
done
|
||||
fi
|
||||
|
||||
if [[ ! -e $IPSWCustom.ipsw ]]; then
|
||||
Echo "* By default, memory option is set to Y, you may select N later if you encounter problems"
|
||||
Echo "* If it doesn't work with both, you might not have enough RAM and/or tmp storage"
|
||||
@ -39,7 +58,12 @@ IPSW32() {
|
||||
[[ $JBMemory != 'N' && $JBMemory != 'n' ]] && JBMemory="-memory" || JBMemory=
|
||||
Log "Preparing custom IPSW..."
|
||||
cd resources
|
||||
ln -sf firmware/FirmwareBundles FirmwareBundles
|
||||
rm -rf FirmwareBundles
|
||||
if [[ $JBDaibutsu == 1 ]]; then
|
||||
ln -sf firmware/JailbreakBundles FirmwareBundles
|
||||
else
|
||||
ln -sf firmware/FirmwareBundles FirmwareBundles
|
||||
fi
|
||||
$ipsw ./../$IPSW.ipsw ./../$IPSWCustom.ipsw $JBMemory -bbupdate $JBPartSize ${JBFiles[@]}
|
||||
cd ..
|
||||
fi
|
||||
@ -47,6 +71,7 @@ IPSW32() {
|
||||
Error "Failed to find custom IPSW. Please run the script again" \
|
||||
"You may try selecting N for memory option"
|
||||
fi
|
||||
|
||||
Log "Setting restore IPSW to: $IPSWCustom.ipsw"
|
||||
IPSWRestore=$IPSWCustom
|
||||
}
|
||||
@ -67,12 +92,13 @@ IPSW64() {
|
||||
fi
|
||||
mv -f $iBSS.im4p $iBEC.im4p $IPSW/Firmware/dfu
|
||||
cd $IPSW
|
||||
zip ../$IPSWCustom.ipsw -rq0 *
|
||||
zip -rq0 ../$IPSWCustom.ipsw *
|
||||
cd ..
|
||||
mv $IPSW $IPSWCustom
|
||||
if [[ ! -e $IPSWCustom.ipsw ]]; then
|
||||
Error "Failed to find custom IPSW. Please run the script again"
|
||||
fi
|
||||
|
||||
Log "Setting restore IPSW to: $IPSWCustom.ipsw"
|
||||
IPSWRestore=$IPSWCustom
|
||||
}
|
||||
|
BIN
resources/jailbreak/symlink.tar
Normal file
BIN
resources/jailbreak/symlink.tar
Normal file
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -94,8 +94,8 @@ Main() {
|
||||
InstallDepends
|
||||
fi
|
||||
|
||||
SaveExternal iOS-OTA-Downgrader-Keys
|
||||
SaveExternal ipwndfu
|
||||
SaveExternal LukeZGD iOS-OTA-Downgrader-Keys
|
||||
SaveExternal LukeZGD ipwndfu
|
||||
|
||||
GetDeviceValues
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user