Support for daibutsu jailbreak with daibutsuCFW (#129)

* Get started

* Up

* up

* Now working

* Update README.md

* Update README.md

* Input for ProductType and UniqueChipID if needed

* Update

* Update depends.sh

* Update README.md

* Update restore.sh

* Update README.md

.gitignore

@@ -1,6 +1,8 @@
 *.bbfw
 *.dfu
+*.dmg
 *.im4p
+*.ipa
 *.ipsw
 *.json
 *.shsh
@@ -10,6 +12,7 @@
 Cydia*
 iP*
 saved/
+resources/daibutsuCFW
 resources/FirmwareBundles
 resources/firmware/
 resources/ipwndfu/

README.md

@@ -86,14 +86,15 @@
 - **IPSW file integrity** will be verified before restoring and/or creating custom IPSW (if custom IPSW is already created, this will be skipped)
 - **For users having issues with missing libraries/tools:** Re-install dependencies with `./restore.sh Install`
   - Alternatively, delete the `libimobiledevice` folder in `resources` then run the script again
+- macOS users may have to install libimobiledevice and libirecovery from [Homebrew](https://brew.sh/) with this command: `brew install libimobiledevice libirecovery`
+  - The script will detect this automatically and will use the Homebrew versions of the tools
 - **For A7 devices:**
   - Do not use USB-C to lightning cables as this can prevent a successful restore
   - ipwndfu is unfortunately very unreliable on Linux, you may have to try multiple times (Linux users may also try in a live USB)
   - If the script cannot find your device in pwnREC mode or gets stuck, you may have to start over by [force restarting](https://support.apple.com/en-ph/guide/iphone/iph8903c3ee6/ios) and re-entering recovery/DFU mode
-  - macOS users may have to install libimobiledevice and libirecovery from [Homebrew](https://brew.sh/) with this command: `brew install libimobiledevice libirecovery`
-    - The script will detect this automatically and will use the Homebrew versions of the tools
   - Use an Intel or Apple Silicon PC/Mac as entering pwnDFU (checkm8) may be a lot more unreliable on AMD devices
   - Apple Silicon Mac users running macOS 11.3 and newer may encounter issues entering pwnDFU mode (see issue [#114](https://github.com/LukeZGD/iOS-OTA-Downgrader/issues/114))
+  - For more troubleshooting steps for entering pwnDFU mode, see issue [#126](https://github.com/LukeZGD/iOS-OTA-Downgrader/issues/126)
   - Other than the above, unfortunately there is not much else I can do to help regarding entering pwnDFU mode.
 - **For 32-bit devices:**
   - To make sure that SSH is successful, try these steps: Reinstall OpenSSH/Dropbear, reboot and rejailbreak, then reinstall them again
@@ -109,33 +110,29 @@
   - Select the "kDFU mode" option if your device is already in kDFU mode beforehand. Example of this is using kDFUApp by tihmstar; kDFUApp can also be installed from my repo
   - For A6/A6X devices, "DFU mode (A6)" option can be used. This will use ipwndfu (or iPwnder32 for Mac) to put your device in pwnDFU mode, send pwned iBSS, and proceed with the downgrade/restore
   - For A5/A5X devices, "pwnDFU mode (A5)" option can be used, BUT ONLY IF the device is put in pwnDFU mode beforehand, with an Arduino and USB Host Shield ([checkm8-a5](https://github.com/synackuk/checkm8-a5))
-- **For the jailbreak option (iOS 6.1.3 and 8.4.1):**
+- **For the jailbreak option:**
   - If you have problems with Cydia, remove the ultrasn0w repo and close Cydia using the app switcher, then try opening Cydia again
-  - If you cannot find Cydia in your home screen, try accessing Cydia through Safari with `cydia://` and install "Jailbreak App Icons Fix" package from my Cydia repo
-- **For the jailbreak option (iOS 8.4.1 only):**
-  - Stashing is already enabled and `nosuid` is removed from `fstab`, so there is no need to install "Stashing for #etasonJB" package
-- **For users with A5 Rev A ([8942](https://www.theiphonewiki.com/wiki/S5L8942)) and A5X ([8945](https://www.theiphonewiki.com/wiki/S5L8945)) devices:**
-  - **A5 Rev A devices:** iPad2,4, iPad mini 1, iPod touch 5
-  - **A5X devices:** iPad 3
-  - The jailbreak option **might not work** on A5 Rev A devices. (see issue [#70](https://github.com/LukeZGD/iOS-OTA-Downgrader/issues/70)) The script will warn you if you enable the jailbreak option on one of these devices
-  - For users that downgraded **without** jailbreak option, and have manually jailbroken with the EtasonJB app, it is recommended to install "EtasonJB Disable Bootloop Protection" from my Cydia repo
-  - For users that downgraded **with** the jailbreak option, and to users that have installed "EtasonJB Disable Bootloop Protection", your device might take a very long time to boot, possibly 20 minutes or more
-- **My Cydia repo**: https://lukezgd.github.io/repo/ - for installing Dropbear, Jailbreak App Icons Fix, EtasonJB Disable Bootloop Protection, kDFUApp
+  - p0sixspwn will be used for iOS 6.1.3, and EtasonJB or daibutsu for iOS 8.4.1
+  - For some devices, EtasonJB untether is unstable and not working properly, so daibutsu jailbreak will be used. See PR [#129](https://github.com/LukeZGD/iOS-OTA-Downgrader/pull/129) for more details
+  - For devices jailbroken with EtasonJB, there is no need to install "Stashing for #etasonJB" package, as stashing is already enabled
+  - For devices jailbroken with daibutsu, add the system repo for future updates to the untether: https://dora2ios.github.io/repo/
+- **My Cydia repo**: https://lukezgd.github.io/repo/ - for installing Dropbear and kDFUApp if needed
 
 ## Tools and other stuff used by this script:
 - cURL
 - bspatch
-- [ipwndfu](https://github.com/LukeZGD/ipwndfu)
-- [iPwnder32](https://github.com/dora2-iOS/iPwnder32)
-- [irecovery](https://github.com/libimobiledevice/libirecovery)
-- [libimobiledevice](https://github.com/libimobiledevice/libimobiledevice)
-- [imobiledevice-net](https://github.com/libimobiledevice-win32/imobiledevice-net) (macOS)
-- [idevicerestore](https://github.com/LukeeGD/idevicerestore)
-- ipsw tool from [xpwn](https://github.com/LukeeGD/xpwn) (OdysseusOTA/2)
+- [ipwndfu](https://github.com/LukeZGD/ipwndfu) - LukeZGD fork
+- [iPwnder32](https://github.com/dora2-iOS/iPwnder32) - dora2ios
+- [daibutsuCFW](https://github.com/dora2-iOS/daibutsuCFW) - dora2ios
+- [libimobiledevice](https://github.com/libimobiledevice/libimobiledevice) - libimobiledevice
+- [libirecovery](https://github.com/libimobiledevice/libirecovery) - libimobiledevice
+- [imobiledevice-net](https://github.com/libimobiledevice-win32/imobiledevice-net) - libimobiledevice (macOS binaries)
+- [idevicerestore](https://github.com/LukeeGD/idevicerestore) - LukeZGD fork
+- ipsw tool from [xpwn](https://github.com/LukeeGD/xpwn) (OdysseusOTA/2) - LukeZGD fork
 - Python 2 (for ipwndfu, rmsigchks, SimpleHTTPServer)
-- [tsschecker](https://github.com/tihmstar/tsschecker)
-- [futurerestore](http://api.tihmstar.net/builds/futurerestore/futurerestore-latest.zip) used for 32-bit devices
-- [futurerestore](https://github.com/m1stadev/futurerestore) used for A7 devices
+- [tsschecker](https://github.com/tihmstar/tsschecker) - tihmstar
+- [futurerestore](http://api.tihmstar.net/builds/futurerestore/futurerestore-latest.zip) used for 32-bit devices - tihmstar
+- [futurerestore](https://github.com/m1stadev/futurerestore) used for A7 devices - m1stadev fork
 - [kloader](https://www.youtube.com/watch?v=fh0tB6fp0Sc)
 - [kloader5 for iOS 5](https://www.pmbonneau.com/cydia/com.pmbonneau.kloader5_1.2_iphoneos-arm.deb)
 - [kloader_hgsp for iOS 10](https://twitter.com/nyan_satan/status/945203180522045440)

resources/depends.sh

@@ -57,18 +57,18 @@ SetToolPaths() {
 }
 
 SaveExternal() {
-    local ExternalURL="https://github.com/LukeZGD/$1.git"
-    local External=$1
-    [[ $1 == "iOS-OTA-Downgrader-Keys" ]] && External="firmware"
+    local ExternalURL="https://github.com/$1/$2.git"
+    local External=$2
+    [[ $2 == "iOS-OTA-Downgrader-Keys" ]] && External="firmware"
     cd resources
     if [[ ! -d $External || ! -d $External/.git ]]; then
         Log "Downloading $External..."
         rm -rf $External
         $git clone $ExternalURL $External
     fi
-    if [[ ! -e $External/README.md || ! -d $External/.git ]]; then
+    if [[ ! $(ls $External/*.md) || ! -d $External/.git ]]; then
         rm -rf $External
-        Error "Downloading/updating $1 failed. Please run the script again"
+        Error "Downloading/updating $2 failed. Please run the script again"
     fi
     cd ..
 }

resources/device.sh

@@ -31,11 +31,12 @@ GetDeviceValues() {
     local ideviceinfo2
     
     Log "Finding device in Normal mode..."
+    DeviceState=
     ideviceinfo2=$($ideviceinfo -s)
     if [[ $? != 0 ]]; then
         Log "Finding device in DFU/recovery mode..."
         DeviceState="$($irecovery -q 2>/dev/null | grep -w "MODE" | cut -c 7-)"
-    else
+    elif [[ ! -z $ideviceinfo2 ]]; then
         DeviceState="Normal"
     fi
     
@@ -44,7 +45,14 @@ GetDeviceValues() {
         ProductType=$($irecovery -qv 2>&1 | grep "iP" | cut -c 14-)
         [[ $(echo $ProductType | cut -c 3) == 'h' ]] && ProdCut=9
         ProductType=$(echo $ProductType | cut -c -$ProdCut)
+        if [[ ! $ProductType ]]; then
+            read -p "$(Input 'Enter ProductType (eg. iPad2,1):')" ProductType
+        fi
+
         UniqueChipID=$((16#$(echo $($irecovery -q | grep "ECID" | cut -c 7-) | cut -c 3-)))
+        if [[ ! $UniqueChipID || $UniqueChipID == 0 ]]; then
+            read -p "$(Input 'Enter UniqueChipID (ECID, must be decimal):')" UniqueChipID
+        fi
         ProductVer="Unknown"
     else
         ProductType=$(echo "$ideviceinfo2" | grep "ProductType" | cut -c 14-)
@@ -54,7 +62,7 @@ GetDeviceValues() {
         UniqueDeviceID=$(echo "$ideviceinfo2" | grep "UniqueDeviceID" | cut -c 17-)
     fi
     
-    if [[ ! $ProductType ]]; then
+    if [[ ! $DeviceState ]]; then
         Error "No device detected. Please put the device in normal mode before proceeding. Recovery or DFU mode is also applicable" \
         "For more details regarding alternative methods, read the \"Other Notes\" section of the README"
     fi

resources/downgrade.sh

@@ -90,11 +90,12 @@ Downgrade() {
         
         if [[ $Jailbreak != 'N' && $Jailbreak != 'n' ]]; then
             Jailbreak=1
-            if [[ $ProductType == "iPad2,5" || $ProductType == "iPad2,6" ||
-                $ProductType == "iPad2,7" || $ProductType == "iPod5,1" ]]; then
-                Log "Warning - A5 Rev A device detected. Enabling the jailbreak option might not work for you"
-                read -p "$(Input 'Select Y to continue anyway, N to cancel and exit (y/N):')" Jailbreak
-                [[ $Jailbreak == 'Y' || $Jailbreak == 'y' ]] && Jailbreak=1 || exit 0
+            if [[ $ProductType == "iPhone4,1" || $ProductType == "iPad2,4" ||
+                  $ProductType == "iPad2,5" || $ProductType == "iPad2,6" ||
+                  $ProductType == "iPad2,7" || $ProductType == "iPod5,1" ]] ||
+               [[ $ProductType == "iPad3"* && $DeviceProc == 5 ]]; then
+                Log "Using daibutsu jailbreak"
+                JBDaibutsu=1
             fi
         fi
     fi
@@ -159,7 +160,7 @@ Downgrade() {
                 "Delete/replace the IPSW and run the script again"
             fi
         elif [[ -e "$IPSWCustom.ipsw" ]]; then
-            Log "Found existing Custom IPSW. Skipping verification."
+            Log "Found existing Custom IPSW. Skipping IPSW verification."
             Log "Setting restore IPSW to: $IPSWCustom.ipsw"
             IPSWRestore=$IPSWCustom
         fi

resources/ipsw.sh

@@ -1,6 +1,7 @@
 #!/bin/bash
 
 IPSW32() {
+    local Bundle="resources/firmware/FirmwareBundles/Down_${ProductType}_${OSVer}_${BuildVer}.bundle"
     local JBFiles
     local JBMemory
     local JBSHA1
@@ -11,15 +12,32 @@ IPSW32() {
         return
     fi
 
-    if [[ $Jailbreak == 1 ]]; then
+    if [[ -e $Bundle/Info.plist.bak ]]; then
+        rm $Bundle/Info.plist
+        mv $Bundle/Info.plist.bak $Bundle/Info.plist
+    fi
+
+    if [[ $JBDaibutsu == 1 ]]; then
+        JBPartSize="-daibutsu"
+        SaveExternal dora2-iOS daibutsuCFW
+        echo '#!/bin/bash' > tmp/reboot.sh
+        echo "mount_hfs /dev/disk0s1s1 /mnt1; mount_hfs /dev/disk0s1s2 /mnt2" >> tmp/reboot.sh
+        echo "nvram -d boot-partition; nvram -d boot-ramdisk" >> tmp/reboot.sh
+        echo "/usr/bin/haxx_overwrite -$HWModel" >> tmp/reboot.sh
+
+    elif [[ $Jailbreak == 1 ]]; then
+        cp $Bundle/Info.plist $Bundle/Info.plist.bak
+        sed -z -i "s|</dict>\n</plist>|\t<key>needPref</key>\n\t<true/>\n</dict>\n</plist>|g" $Bundle/Info.plist
         if [[ $OSVer == 8.4.1 ]]; then
             JBFiles=("fstab.tar" "etasonJB-untether.tar" "Cydia8.tar")
             JBSHA1="6459dbcbfe871056e6244d23b33c9b99aaeca970"
             JBPartSize="-s 2305"
-        else
+        elif [[ $OSVer == 6.1.3 ]]; then
             JBFiles=("fstab_rw.tar" "p0sixspwn.tar" "Cydia6.tar")
             JBSHA1="1d5a351016d2546aa9558bc86ce39186054dc281"
             JBPartSize="-s 1260"
+        else
+            Error "No OSVer selected?"
         fi
         if [[ ! -e resources/jailbreak/${JBFiles[2]} ]]; then
             cd tmp
@@ -32,6 +50,7 @@ IPSW32() {
             JBFiles[$i]=jailbreak/${JBFiles[$i]}
         done
     fi
+
     if [[ ! -e $IPSWCustom.ipsw ]]; then
         Echo "* By default, memory option is set to Y, you may select N later if you encounter problems"
         Echo "* If it doesn't work with both, you might not have enough RAM and/or tmp storage"
@@ -39,7 +58,12 @@ IPSW32() {
         [[ $JBMemory != 'N' && $JBMemory != 'n' ]] && JBMemory="-memory" || JBMemory=
         Log "Preparing custom IPSW..."
         cd resources
+        rm -rf FirmwareBundles
+        if [[ $JBDaibutsu == 1 ]]; then
+            ln -sf firmware/JailbreakBundles FirmwareBundles
+        else
             ln -sf firmware/FirmwareBundles FirmwareBundles
+        fi
         $ipsw ./../$IPSW.ipsw ./../$IPSWCustom.ipsw $JBMemory -bbupdate $JBPartSize ${JBFiles[@]}
         cd ..
     fi
@@ -47,6 +71,7 @@ IPSW32() {
         Error "Failed to find custom IPSW. Please run the script again" \
         "You may try selecting N for memory option"
     fi
+
     Log "Setting restore IPSW to: $IPSWCustom.ipsw"
     IPSWRestore=$IPSWCustom
 }
@@ -67,12 +92,13 @@ IPSW64() {
     fi
     mv -f $iBSS.im4p $iBEC.im4p $IPSW/Firmware/dfu
     cd $IPSW
-    zip ../$IPSWCustom.ipsw -rq0 *
+    zip -rq0 ../$IPSWCustom.ipsw *
     cd ..
     mv $IPSW $IPSWCustom
     if [[ ! -e $IPSWCustom.ipsw ]]; then
         Error "Failed to find custom IPSW. Please run the script again"
     fi
+
     Log "Setting restore IPSW to: $IPSWCustom.ipsw"
     IPSWRestore=$IPSWCustom
 }

restore.sh

@@ -94,8 +94,8 @@ Main() {
         InstallDepends
     fi
     
-    SaveExternal iOS-OTA-Downgrader-Keys
-    SaveExternal ipwndfu
+    SaveExternal LukeZGD iOS-OTA-Downgrader-Keys
+    SaveExternal LukeZGD ipwndfu
     
     GetDeviceValues