diff --git a/.gitignore b/.gitignore
index 91c3b33..34e1ec6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,8 @@
*.bbfw
*.dfu
+*.dmg
*.im4p
+*.ipa
*.ipsw
*.json
*.shsh
@@ -10,6 +12,7 @@
Cydia*
iP*
saved/
+resources/daibutsuCFW
resources/FirmwareBundles
resources/firmware/
resources/ipwndfu/
diff --git a/README.md b/README.md
index 65a6871..07b35db 100644
--- a/README.md
+++ b/README.md
@@ -86,14 +86,15 @@
- **IPSW file integrity** will be verified before restoring and/or creating custom IPSW (if custom IPSW is already created, this will be skipped)
- **For users having issues with missing libraries/tools:** Re-install dependencies with `./restore.sh Install`
- Alternatively, delete the `libimobiledevice` folder in `resources` then run the script again
+- macOS users may have to install libimobiledevice and libirecovery from [Homebrew](https://brew.sh/) with this command: `brew install libimobiledevice libirecovery`
+ - The script will detect this automatically and will use the Homebrew versions of the tools
- **For A7 devices:**
- Do not use USB-C to lightning cables as this can prevent a successful restore
- ipwndfu is unfortunately very unreliable on Linux, you may have to try multiple times (Linux users may also try in a live USB)
- If the script cannot find your device in pwnREC mode or gets stuck, you may have to start over by [force restarting](https://support.apple.com/en-ph/guide/iphone/iph8903c3ee6/ios) and re-entering recovery/DFU mode
- - macOS users may have to install libimobiledevice and libirecovery from [Homebrew](https://brew.sh/) with this command: `brew install libimobiledevice libirecovery`
- - The script will detect this automatically and will use the Homebrew versions of the tools
- Use an Intel or Apple Silicon PC/Mac as entering pwnDFU (checkm8) may be a lot more unreliable on AMD devices
- Apple Silicon Mac users running macOS 11.3 and newer may encounter issues entering pwnDFU mode (see issue [#114](https://github.com/LukeZGD/iOS-OTA-Downgrader/issues/114))
+ - For more troubleshooting steps for entering pwnDFU mode, see issue [#126](https://github.com/LukeZGD/iOS-OTA-Downgrader/issues/126)
- Other than the above, unfortunately there is not much else I can do to help regarding entering pwnDFU mode.
- **For 32-bit devices:**
- To make sure that SSH is successful, try these steps: Reinstall OpenSSH/Dropbear, reboot and rejailbreak, then reinstall them again
@@ -109,33 +110,29 @@
- Select the "kDFU mode" option if your device is already in kDFU mode beforehand. Example of this is using kDFUApp by tihmstar; kDFUApp can also be installed from my repo
- For A6/A6X devices, "DFU mode (A6)" option can be used. This will use ipwndfu (or iPwnder32 for Mac) to put your device in pwnDFU mode, send pwned iBSS, and proceed with the downgrade/restore
- For A5/A5X devices, "pwnDFU mode (A5)" option can be used, BUT ONLY IF the device is put in pwnDFU mode beforehand, with an Arduino and USB Host Shield ([checkm8-a5](https://github.com/synackuk/checkm8-a5))
-- **For the jailbreak option (iOS 6.1.3 and 8.4.1):**
+- **For the jailbreak option:**
- If you have problems with Cydia, remove the ultrasn0w repo and close Cydia using the app switcher, then try opening Cydia again
- - If you cannot find Cydia in your home screen, try accessing Cydia through Safari with `cydia://` and install "Jailbreak App Icons Fix" package from my Cydia repo
-- **For the jailbreak option (iOS 8.4.1 only):**
- - Stashing is already enabled and `nosuid` is removed from `fstab`, so there is no need to install "Stashing for #etasonJB" package
-- **For users with A5 Rev A ([8942](https://www.theiphonewiki.com/wiki/S5L8942)) and A5X ([8945](https://www.theiphonewiki.com/wiki/S5L8945)) devices:**
- - **A5 Rev A devices:** iPad2,4, iPad mini 1, iPod touch 5
- - **A5X devices:** iPad 3
- - The jailbreak option **might not work** on A5 Rev A devices. (see issue [#70](https://github.com/LukeZGD/iOS-OTA-Downgrader/issues/70)) The script will warn you if you enable the jailbreak option on one of these devices
- - For users that downgraded **without** jailbreak option, and have manually jailbroken with the EtasonJB app, it is recommended to install "EtasonJB Disable Bootloop Protection" from my Cydia repo
- - For users that downgraded **with** the jailbreak option, and to users that have installed "EtasonJB Disable Bootloop Protection", your device might take a very long time to boot, possibly 20 minutes or more
-- **My Cydia repo**: https://lukezgd.github.io/repo/ - for installing Dropbear, Jailbreak App Icons Fix, EtasonJB Disable Bootloop Protection, kDFUApp
+ - p0sixspwn will be used for iOS 6.1.3, and EtasonJB or daibutsu for iOS 8.4.1
+ - For some devices, EtasonJB untether is unstable and not working properly, so daibutsu jailbreak will be used. See PR [#129](https://github.com/LukeZGD/iOS-OTA-Downgrader/pull/129) for more details
+ - For devices jailbroken with EtasonJB, there is no need to install "Stashing for #etasonJB" package, as stashing is already enabled
+ - For devices jailbroken with daibutsu, add the system repo for future updates to the untether: https://dora2ios.github.io/repo/
+- **My Cydia repo**: https://lukezgd.github.io/repo/ - for installing Dropbear and kDFUApp if needed
## Tools and other stuff used by this script:
- cURL
- bspatch
-- [ipwndfu](https://github.com/LukeZGD/ipwndfu)
-- [iPwnder32](https://github.com/dora2-iOS/iPwnder32)
-- [irecovery](https://github.com/libimobiledevice/libirecovery)
-- [libimobiledevice](https://github.com/libimobiledevice/libimobiledevice)
-- [imobiledevice-net](https://github.com/libimobiledevice-win32/imobiledevice-net) (macOS)
-- [idevicerestore](https://github.com/LukeeGD/idevicerestore)
-- ipsw tool from [xpwn](https://github.com/LukeeGD/xpwn) (OdysseusOTA/2)
+- [ipwndfu](https://github.com/LukeZGD/ipwndfu) - LukeZGD fork
+- [iPwnder32](https://github.com/dora2-iOS/iPwnder32) - dora2ios
+- [daibutsuCFW](https://github.com/dora2-iOS/daibutsuCFW) - dora2ios
+- [libimobiledevice](https://github.com/libimobiledevice/libimobiledevice) - libimobiledevice
+- [libirecovery](https://github.com/libimobiledevice/libirecovery) - libimobiledevice
+- [imobiledevice-net](https://github.com/libimobiledevice-win32/imobiledevice-net) - libimobiledevice (macOS binaries)
+- [idevicerestore](https://github.com/LukeeGD/idevicerestore) - LukeZGD fork
+- ipsw tool from [xpwn](https://github.com/LukeeGD/xpwn) (OdysseusOTA/2) - LukeZGD fork
- Python 2 (for ipwndfu, rmsigchks, SimpleHTTPServer)
-- [tsschecker](https://github.com/tihmstar/tsschecker)
-- [futurerestore](http://api.tihmstar.net/builds/futurerestore/futurerestore-latest.zip) used for 32-bit devices
-- [futurerestore](https://github.com/m1stadev/futurerestore) used for A7 devices
+- [tsschecker](https://github.com/tihmstar/tsschecker) - tihmstar
+- [futurerestore](http://api.tihmstar.net/builds/futurerestore/futurerestore-latest.zip) used for 32-bit devices - tihmstar
+- [futurerestore](https://github.com/m1stadev/futurerestore) used for A7 devices - m1stadev fork
- [kloader](https://www.youtube.com/watch?v=fh0tB6fp0Sc)
- [kloader5 for iOS 5](https://www.pmbonneau.com/cydia/com.pmbonneau.kloader5_1.2_iphoneos-arm.deb)
- [kloader_hgsp for iOS 10](https://twitter.com/nyan_satan/status/945203180522045440)
diff --git a/resources/depends.sh b/resources/depends.sh
index 8b4045d..b0638da 100755
--- a/resources/depends.sh
+++ b/resources/depends.sh
@@ -57,18 +57,18 @@ SetToolPaths() {
}
SaveExternal() {
- local ExternalURL="https://github.com/LukeZGD/$1.git"
- local External=$1
- [[ $1 == "iOS-OTA-Downgrader-Keys" ]] && External="firmware"
+ local ExternalURL="https://github.com/$1/$2.git"
+ local External=$2
+ [[ $2 == "iOS-OTA-Downgrader-Keys" ]] && External="firmware"
cd resources
if [[ ! -d $External || ! -d $External/.git ]]; then
Log "Downloading $External..."
rm -rf $External
$git clone $ExternalURL $External
fi
- if [[ ! -e $External/README.md || ! -d $External/.git ]]; then
+ if [[ ! $(ls $External/*.md) || ! -d $External/.git ]]; then
rm -rf $External
- Error "Downloading/updating $1 failed. Please run the script again"
+ Error "Downloading/updating $2 failed. Please run the script again"
fi
cd ..
}
diff --git a/resources/device.sh b/resources/device.sh
index e45e0a4..1b7ce6c 100755
--- a/resources/device.sh
+++ b/resources/device.sh
@@ -31,11 +31,12 @@ GetDeviceValues() {
local ideviceinfo2
Log "Finding device in Normal mode..."
+ DeviceState=
ideviceinfo2=$($ideviceinfo -s)
if [[ $? != 0 ]]; then
Log "Finding device in DFU/recovery mode..."
DeviceState="$($irecovery -q 2>/dev/null | grep -w "MODE" | cut -c 7-)"
- else
+ elif [[ ! -z $ideviceinfo2 ]]; then
DeviceState="Normal"
fi
@@ -44,7 +45,14 @@ GetDeviceValues() {
ProductType=$($irecovery -qv 2>&1 | grep "iP" | cut -c 14-)
[[ $(echo $ProductType | cut -c 3) == 'h' ]] && ProdCut=9
ProductType=$(echo $ProductType | cut -c -$ProdCut)
+ if [[ ! $ProductType ]]; then
+ read -p "$(Input 'Enter ProductType (eg. iPad2,1):')" ProductType
+ fi
+
UniqueChipID=$((16#$(echo $($irecovery -q | grep "ECID" | cut -c 7-) | cut -c 3-)))
+ if [[ ! $UniqueChipID || $UniqueChipID == 0 ]]; then
+ read -p "$(Input 'Enter UniqueChipID (ECID, must be decimal):')" UniqueChipID
+ fi
ProductVer="Unknown"
else
ProductType=$(echo "$ideviceinfo2" | grep "ProductType" | cut -c 14-)
@@ -54,7 +62,7 @@ GetDeviceValues() {
UniqueDeviceID=$(echo "$ideviceinfo2" | grep "UniqueDeviceID" | cut -c 17-)
fi
- if [[ ! $ProductType ]]; then
+ if [[ ! $DeviceState ]]; then
Error "No device detected. Please put the device in normal mode before proceeding. Recovery or DFU mode is also applicable" \
"For more details regarding alternative methods, read the \"Other Notes\" section of the README"
fi
@@ -267,7 +275,7 @@ kDFU() {
$iproxy 2222 22 &
iproxyPID=$!
-
+
Log "Copying stuff to device via SSH..."
Echo "* Make sure OpenSSH/Dropbear is installed on the device and running!"
Echo "* Dropbear is only needed for devices on iOS 10"
diff --git a/resources/downgrade.sh b/resources/downgrade.sh
index f91290b..e544d31 100755
--- a/resources/downgrade.sh
+++ b/resources/downgrade.sh
@@ -90,11 +90,12 @@ Downgrade() {
if [[ $Jailbreak != 'N' && $Jailbreak != 'n' ]]; then
Jailbreak=1
- if [[ $ProductType == "iPad2,5" || $ProductType == "iPad2,6" ||
- $ProductType == "iPad2,7" || $ProductType == "iPod5,1" ]]; then
- Log "Warning - A5 Rev A device detected. Enabling the jailbreak option might not work for you"
- read -p "$(Input 'Select Y to continue anyway, N to cancel and exit (y/N):')" Jailbreak
- [[ $Jailbreak == 'Y' || $Jailbreak == 'y' ]] && Jailbreak=1 || exit 0
+ if [[ $ProductType == "iPhone4,1" || $ProductType == "iPad2,4" ||
+ $ProductType == "iPad2,5" || $ProductType == "iPad2,6" ||
+ $ProductType == "iPad2,7" || $ProductType == "iPod5,1" ]] ||
+ [[ $ProductType == "iPad3"* && $DeviceProc == 5 ]]; then
+ Log "Using daibutsu jailbreak"
+ JBDaibutsu=1
fi
fi
fi
@@ -159,7 +160,7 @@ Downgrade() {
"Delete/replace the IPSW and run the script again"
fi
elif [[ -e "$IPSWCustom.ipsw" ]]; then
- Log "Found existing Custom IPSW. Skipping verification."
+ Log "Found existing Custom IPSW. Skipping IPSW verification."
Log "Setting restore IPSW to: $IPSWCustom.ipsw"
IPSWRestore=$IPSWCustom
fi
diff --git a/resources/ipsw.sh b/resources/ipsw.sh
index 9fa748a..44f3fe2 100755
--- a/resources/ipsw.sh
+++ b/resources/ipsw.sh
@@ -1,25 +1,43 @@
#!/bin/bash
IPSW32() {
+ local Bundle="resources/firmware/FirmwareBundles/Down_${ProductType}_${OSVer}_${BuildVer}.bundle"
local JBFiles
local JBMemory
local JBSHA1
local JBPartSize
-
+
if [[ $IPSWRestore == $IPSWCustom ]]; then
Log "Found existing Custom IPSW. Skipping IPSW creation."
return
fi
-
- if [[ $Jailbreak == 1 ]]; then
+
+ if [[ -e $Bundle/Info.plist.bak ]]; then
+ rm $Bundle/Info.plist
+ mv $Bundle/Info.plist.bak $Bundle/Info.plist
+ fi
+
+ if [[ $JBDaibutsu == 1 ]]; then
+ JBPartSize="-daibutsu"
+ SaveExternal dora2-iOS daibutsuCFW
+ echo '#!/bin/bash' > tmp/reboot.sh
+ echo "mount_hfs /dev/disk0s1s1 /mnt1; mount_hfs /dev/disk0s1s2 /mnt2" >> tmp/reboot.sh
+ echo "nvram -d boot-partition; nvram -d boot-ramdisk" >> tmp/reboot.sh
+ echo "/usr/bin/haxx_overwrite -$HWModel" >> tmp/reboot.sh
+
+ elif [[ $Jailbreak == 1 ]]; then
+ cp $Bundle/Info.plist $Bundle/Info.plist.bak
+ sed -z -i "s|\n|\tneedPref\n\t\n\n|g" $Bundle/Info.plist
if [[ $OSVer == 8.4.1 ]]; then
JBFiles=("fstab.tar" "etasonJB-untether.tar" "Cydia8.tar")
JBSHA1="6459dbcbfe871056e6244d23b33c9b99aaeca970"
JBPartSize="-s 2305"
- else
+ elif [[ $OSVer == 6.1.3 ]]; then
JBFiles=("fstab_rw.tar" "p0sixspwn.tar" "Cydia6.tar")
JBSHA1="1d5a351016d2546aa9558bc86ce39186054dc281"
JBPartSize="-s 1260"
+ else
+ Error "No OSVer selected?"
fi
if [[ ! -e resources/jailbreak/${JBFiles[2]} ]]; then
cd tmp
@@ -32,6 +50,7 @@ IPSW32() {
JBFiles[$i]=jailbreak/${JBFiles[$i]}
done
fi
+
if [[ ! -e $IPSWCustom.ipsw ]]; then
Echo "* By default, memory option is set to Y, you may select N later if you encounter problems"
Echo "* If it doesn't work with both, you might not have enough RAM and/or tmp storage"
@@ -39,7 +58,12 @@ IPSW32() {
[[ $JBMemory != 'N' && $JBMemory != 'n' ]] && JBMemory="-memory" || JBMemory=
Log "Preparing custom IPSW..."
cd resources
- ln -sf firmware/FirmwareBundles FirmwareBundles
+ rm -rf FirmwareBundles
+ if [[ $JBDaibutsu == 1 ]]; then
+ ln -sf firmware/JailbreakBundles FirmwareBundles
+ else
+ ln -sf firmware/FirmwareBundles FirmwareBundles
+ fi
$ipsw ./../$IPSW.ipsw ./../$IPSWCustom.ipsw $JBMemory -bbupdate $JBPartSize ${JBFiles[@]}
cd ..
fi
@@ -47,6 +71,7 @@ IPSW32() {
Error "Failed to find custom IPSW. Please run the script again" \
"You may try selecting N for memory option"
fi
+
Log "Setting restore IPSW to: $IPSWCustom.ipsw"
IPSWRestore=$IPSWCustom
}
@@ -67,12 +92,13 @@ IPSW64() {
fi
mv -f $iBSS.im4p $iBEC.im4p $IPSW/Firmware/dfu
cd $IPSW
- zip ../$IPSWCustom.ipsw -rq0 *
+ zip -rq0 ../$IPSWCustom.ipsw *
cd ..
mv $IPSW $IPSWCustom
if [[ ! -e $IPSWCustom.ipsw ]]; then
Error "Failed to find custom IPSW. Please run the script again"
fi
+
Log "Setting restore IPSW to: $IPSWCustom.ipsw"
IPSWRestore=$IPSWCustom
}
diff --git a/resources/jailbreak/symlink.tar b/resources/jailbreak/symlink.tar
new file mode 100644
index 0000000..268334d
Binary files /dev/null and b/resources/jailbreak/symlink.tar differ
diff --git a/resources/tools/ipsw_linux b/resources/tools/ipsw_linux
index 2cb84be..3a3e84a 100755
Binary files a/resources/tools/ipsw_linux and b/resources/tools/ipsw_linux differ
diff --git a/resources/tools/ipsw_macos b/resources/tools/ipsw_macos
index 288962f..571b878 100755
Binary files a/resources/tools/ipsw_macos and b/resources/tools/ipsw_macos differ
diff --git a/restore.sh b/restore.sh
index b3cea68..65504c6 100755
--- a/restore.sh
+++ b/restore.sh
@@ -94,8 +94,8 @@ Main() {
InstallDepends
fi
- SaveExternal iOS-OTA-Downgrader-Keys
- SaveExternal ipwndfu
+ SaveExternal LukeZGD iOS-OTA-Downgrader-Keys
+ SaveExternal LukeZGD ipwndfu
GetDeviceValues