diff --git a/README.md b/README.md index 384c165..f2abe83 100644 --- a/README.md +++ b/README.md @@ -158,3 +158,6 @@ - Some patches from [PwnageTool](https://www.theiphonewiki.com/wiki/PwnageTool), [sn0wbreeze](https://www.theiphonewiki.com/wiki/sn0wbreeze), [redsn0w](https://www.theiphonewiki.com/wiki/redsn0w) - Some patches made using patchers from [Bundle-Creation](https://github.com/Merculous/Bundle-Creation) - SSH Ramdisk tars from [SSH-Ramdisk-Maker-and-Loader](https://github.com/Ralph0045/SSH-Ramdisk-Maker-and-Loader) and [msftguy's ssh-rd](https://github.com/msftguy/ssh-rd) +- A7 SSH Ramdisk stuff is based on [SSHRD_Script](https://github.com/verygenericname/SSHRD_Script) + - [img4lib](https://github.com/xerub/img4lib) - xerub + - [img4tool](https://github.com/tihmstar/img4tool) - tihmstar diff --git a/bin/linux/arm64/img4 b/bin/linux/arm64/img4 new file mode 100755 index 0000000..849591c Binary files /dev/null and b/bin/linux/arm64/img4 differ diff --git a/bin/linux/arm64/img4tool b/bin/linux/arm64/img4tool new file mode 100755 index 0000000..f13e496 Binary files /dev/null and b/bin/linux/arm64/img4tool differ diff --git a/bin/linux/armhf/img4 b/bin/linux/armhf/img4 new file mode 100755 index 0000000..ec12bbe Binary files /dev/null and b/bin/linux/armhf/img4 differ diff --git a/bin/linux/armhf/img4tool b/bin/linux/armhf/img4tool new file mode 100755 index 0000000..5a80e64 Binary files /dev/null and b/bin/linux/armhf/img4tool differ diff --git a/bin/linux/x86_64/img4 b/bin/linux/x86_64/img4 new file mode 100755 index 0000000..fecd864 Binary files /dev/null and b/bin/linux/x86_64/img4 differ diff --git a/bin/linux/x86_64/img4tool b/bin/linux/x86_64/img4tool new file mode 100755 index 0000000..5daf621 Binary files /dev/null and b/bin/linux/x86_64/img4tool differ diff --git a/bin/macos/img4 b/bin/macos/img4 new file mode 100755 index 0000000..b1f9023 Binary files /dev/null and b/bin/macos/img4 differ diff --git a/bin/macos/img4tool b/bin/macos/img4tool new file mode 100755 index 0000000..417bb63 Binary files /dev/null and b/bin/macos/img4tool differ diff --git a/resources/firmware/iPad4,1/16A366/index.html b/resources/firmware/iPad4,1/16A366/index.html new file mode 100644 index 0000000..32361e3 --- /dev/null +++ b/resources/firmware/iPad4,1/16A366/index.html @@ -0,0 +1 @@ +{"identifier":"iPad4,1","buildid":"16A366","codename":"Peace","restoreramdiskexists":true,"updateramdiskexists":true,"keys":[{"image":"RootFS","filename":"048-08880-233.dmg","date":"2024-01-17T22:25:00.028336"},{"image":"UpdateRamdisk","filename":"048-08422-242.dmg","date":"2024-01-17T22:25:00.028572"},{"image":"RestoreRamdisk","filename":"048-08497-242.dmg","date":"2024-01-17T22:25:00.028726"},{"image":"iBEC","filename":"iBEC.ipad4.RELEASE.im4p","date":"2024-01-17T22:25:00.030013","iv":"b1b3fa1367db5c3c53b4b1741c28536e","key":"f5a7e518283c3c7e360f86f5d19a04d0302e18aa849605dee76faa602a149f39","kbag":"b1b3fa1367db5c3c53b4b1741c28536ef5a7e518283c3c7e360f86f5d19a04d0302e18aa849605dee76faa602a149f39"},{"image":"iBoot","filename":"iBoot.ipad4.RELEASE.im4p","date":"2024-01-17T22:25:00.030192","iv":"f782f839795d216ba50527d2c80ff7ec","key":"fa8d9e3b3c93ced0d179bd16bca832f9ebcdb88a8852b3293e628f48afdd793f","kbag":"f782f839795d216ba50527d2c80ff7ecfa8d9e3b3c93ced0d179bd16bca832f9ebcdb88a8852b3293e628f48afdd793f"},{"image":"iBSS","filename":"iBSS.ipad4.RELEASE.im4p","date":"2024-01-17T22:25:00.030379","iv":"4f196b40caef08c9daca357b935de503","key":"141a6e2b7ffd5bae2f9298ad81d4aefb06c8cb4398bb31c517a70b58a3bd0ff5","kbag":"4f196b40caef08c9daca357b935de503141a6e2b7ffd5bae2f9298ad81d4aefb06c8cb4398bb31c517a70b58a3bd0ff5"},{"image":"LLB","filename":"LLB.ipad4.RELEASE.im4p","date":"2024-01-17T22:25:00.030774","iv":"910b21543d9f99114b4a2da8453f7254","key":"bdd56d06e20d3c49abd651f5b8e3b55f0a2d79f031e3f8a5bb6aed10bcdb8aa3","kbag":"910b21543d9f99114b4a2da8453f7254bdd56d06e20d3c49abd651f5b8e3b55f0a2d79f031e3f8a5bb6aed10bcdb8aa3"}]} \ No newline at end of file diff --git a/resources/firmware/iPad4,1/16A366/url b/resources/firmware/iPad4,1/16A366/url new file mode 100644 index 0000000..8e1bfa6 --- /dev/null +++ b/resources/firmware/iPad4,1/16A366/url @@ -0,0 +1 @@ +https://updates.cdn-apple.com/2018FallFCS/fullrestores/091-63023/11A39400-AC8E-11E8-A499-81BC17F6848C/iPad_64bit_12.0_16A366_Restore.ipsw diff --git a/resources/firmware/iPad4,2/16A366/index.html b/resources/firmware/iPad4,2/16A366/index.html new file mode 100644 index 0000000..a249ff4 --- /dev/null +++ b/resources/firmware/iPad4,2/16A366/index.html @@ -0,0 +1 @@ +{"identifier":"iPad4,2","buildid":"16A366","codename":"Peace","restoreramdiskexists":true,"updateramdiskexists":true,"keys":[{"image":"RootFS","filename":"048-08880-233.dmg","date":"2024-01-17T22:25:05.243897"},{"image":"UpdateRamdisk","filename":"048-08422-242.dmg","date":"2024-01-17T22:25:05.244127"},{"image":"RestoreRamdisk","filename":"048-08497-242.dmg","date":"2024-01-17T22:25:05.244277"},{"image":"iBEC","filename":"iBEC.ipad4.RELEASE.im4p","date":"2024-01-17T22:25:05.245553","iv":"b1b3fa1367db5c3c53b4b1741c28536e","key":"f5a7e518283c3c7e360f86f5d19a04d0302e18aa849605dee76faa602a149f39","kbag":"b1b3fa1367db5c3c53b4b1741c28536ef5a7e518283c3c7e360f86f5d19a04d0302e18aa849605dee76faa602a149f39"},{"image":"iBoot","filename":"iBoot.ipad4.RELEASE.im4p","date":"2024-01-17T22:25:05.245730","iv":"f782f839795d216ba50527d2c80ff7ec","key":"fa8d9e3b3c93ced0d179bd16bca832f9ebcdb88a8852b3293e628f48afdd793f","kbag":"f782f839795d216ba50527d2c80ff7ecfa8d9e3b3c93ced0d179bd16bca832f9ebcdb88a8852b3293e628f48afdd793f"},{"image":"iBSS","filename":"iBSS.ipad4.RELEASE.im4p","date":"2024-01-17T22:25:05.245917","iv":"4f196b40caef08c9daca357b935de503","key":"141a6e2b7ffd5bae2f9298ad81d4aefb06c8cb4398bb31c517a70b58a3bd0ff5","kbag":"4f196b40caef08c9daca357b935de503141a6e2b7ffd5bae2f9298ad81d4aefb06c8cb4398bb31c517a70b58a3bd0ff5"},{"image":"LLB","filename":"LLB.ipad4.RELEASE.im4p","date":"2024-01-17T22:25:05.246227","iv":"910b21543d9f99114b4a2da8453f7254","key":"bdd56d06e20d3c49abd651f5b8e3b55f0a2d79f031e3f8a5bb6aed10bcdb8aa3","kbag":"910b21543d9f99114b4a2da8453f7254bdd56d06e20d3c49abd651f5b8e3b55f0a2d79f031e3f8a5bb6aed10bcdb8aa3"}]} \ No newline at end of file diff --git a/resources/firmware/iPad4,2/16A366/url b/resources/firmware/iPad4,2/16A366/url new file mode 100644 index 0000000..8e1bfa6 --- /dev/null +++ b/resources/firmware/iPad4,2/16A366/url @@ -0,0 +1 @@ +https://updates.cdn-apple.com/2018FallFCS/fullrestores/091-63023/11A39400-AC8E-11E8-A499-81BC17F6848C/iPad_64bit_12.0_16A366_Restore.ipsw diff --git a/resources/firmware/iPad4,3/16A366/index.html b/resources/firmware/iPad4,3/16A366/index.html new file mode 100644 index 0000000..3180b92 --- /dev/null +++ b/resources/firmware/iPad4,3/16A366/index.html @@ -0,0 +1 @@ +{"identifier":"iPad4,3","buildid":"16A366","codename":"Peace","restoreramdiskexists":true,"updateramdiskexists":true,"keys":[{"image":"RootFS","filename":"048-08880-233.dmg","date":"2024-01-17T22:25:10.515272"},{"image":"UpdateRamdisk","filename":"048-08422-242.dmg","date":"2024-01-17T22:25:10.515445"},{"image":"RestoreRamdisk","filename":"048-08497-242.dmg","date":"2024-01-17T22:25:10.515560"},{"image":"iBEC","filename":"iBEC.ipad4.RELEASE.im4p","date":"2024-01-17T22:25:10.516507","iv":"b1b3fa1367db5c3c53b4b1741c28536e","key":"f5a7e518283c3c7e360f86f5d19a04d0302e18aa849605dee76faa602a149f39","kbag":"b1b3fa1367db5c3c53b4b1741c28536ef5a7e518283c3c7e360f86f5d19a04d0302e18aa849605dee76faa602a149f39"},{"image":"iBoot","filename":"iBoot.ipad4.RELEASE.im4p","date":"2024-01-17T22:25:10.516653","iv":"f782f839795d216ba50527d2c80ff7ec","key":"fa8d9e3b3c93ced0d179bd16bca832f9ebcdb88a8852b3293e628f48afdd793f","kbag":"f782f839795d216ba50527d2c80ff7ecfa8d9e3b3c93ced0d179bd16bca832f9ebcdb88a8852b3293e628f48afdd793f"},{"image":"iBSS","filename":"iBSS.ipad4.RELEASE.im4p","date":"2024-01-17T22:25:10.516786","iv":"4f196b40caef08c9daca357b935de503","key":"141a6e2b7ffd5bae2f9298ad81d4aefb06c8cb4398bb31c517a70b58a3bd0ff5","kbag":"4f196b40caef08c9daca357b935de503141a6e2b7ffd5bae2f9298ad81d4aefb06c8cb4398bb31c517a70b58a3bd0ff5"},{"image":"LLB","filename":"LLB.ipad4.RELEASE.im4p","date":"2024-01-17T22:25:10.517015","iv":"910b21543d9f99114b4a2da8453f7254","key":"bdd56d06e20d3c49abd651f5b8e3b55f0a2d79f031e3f8a5bb6aed10bcdb8aa3","kbag":"910b21543d9f99114b4a2da8453f7254bdd56d06e20d3c49abd651f5b8e3b55f0a2d79f031e3f8a5bb6aed10bcdb8aa3"}]} \ No newline at end of file diff --git a/resources/firmware/iPad4,3/16A366/url b/resources/firmware/iPad4,3/16A366/url new file mode 100644 index 0000000..8e1bfa6 --- /dev/null +++ b/resources/firmware/iPad4,3/16A366/url @@ -0,0 +1 @@ +https://updates.cdn-apple.com/2018FallFCS/fullrestores/091-63023/11A39400-AC8E-11E8-A499-81BC17F6848C/iPad_64bit_12.0_16A366_Restore.ipsw diff --git a/resources/firmware/iPad4,4/16A366/index.html b/resources/firmware/iPad4,4/16A366/index.html new file mode 100644 index 0000000..af05990 --- /dev/null +++ b/resources/firmware/iPad4,4/16A366/index.html @@ -0,0 +1 @@ +{"identifier":"iPad4,4","buildid":"16A366","codename":"Peace","restoreramdiskexists":true,"updateramdiskexists":true,"keys":[{"image":"RootFS","filename":"048-08880-233.dmg","date":"2024-01-17T22:25:15.320900"},{"image":"UpdateRamdisk","filename":"048-08422-242.dmg","date":"2024-01-17T22:25:15.321098"},{"image":"RestoreRamdisk","filename":"048-08497-242.dmg","date":"2024-01-17T22:25:15.321212"},{"image":"iBEC","filename":"iBEC.ipad4b.RELEASE.im4p","date":"2024-01-17T22:25:15.322159","iv":"196774934e43f19de1fb4a418392b71a","key":"bad43359f0ee47f04767dcc748c30041fe205a697b5a4147b834ecb375f20a0a","kbag":"196774934e43f19de1fb4a418392b71abad43359f0ee47f04767dcc748c30041fe205a697b5a4147b834ecb375f20a0a"},{"image":"iBoot","filename":"iBoot.ipad4b.RELEASE.im4p","date":"2024-01-17T22:25:15.322292","iv":"f4eb87c80db748db7622d37352e6ea78","key":"2cc26f7c971ea71fec96d0658f076c90be78cb5eb78aa851ae0096299fc40d00","kbag":"f4eb87c80db748db7622d37352e6ea782cc26f7c971ea71fec96d0658f076c90be78cb5eb78aa851ae0096299fc40d00"},{"image":"iBSS","filename":"iBSS.ipad4b.RELEASE.im4p","date":"2024-01-17T22:25:15.322474","iv":"1a5126ac38fd6f819763d45ef95f7de4","key":"680e0b4e1b002353e9c2854f88047b23cf07be710d407a044e081eee8af94b0b","kbag":"1a5126ac38fd6f819763d45ef95f7de4680e0b4e1b002353e9c2854f88047b23cf07be710d407a044e081eee8af94b0b"},{"image":"LLB","filename":"LLB.ipad4b.RELEASE.im4p","date":"2024-01-17T22:25:15.322707","iv":"c23c522cf818cd1529125f164af4f3a2","key":"2413e1985eac9f8ae6b743609f34ea918f8fef915db27b4e2dce633a7fd124c0","kbag":"c23c522cf818cd1529125f164af4f3a22413e1985eac9f8ae6b743609f34ea918f8fef915db27b4e2dce633a7fd124c0"}]} \ No newline at end of file diff --git a/resources/firmware/iPad4,4/16A366/url b/resources/firmware/iPad4,4/16A366/url new file mode 100644 index 0000000..8e1bfa6 --- /dev/null +++ b/resources/firmware/iPad4,4/16A366/url @@ -0,0 +1 @@ +https://updates.cdn-apple.com/2018FallFCS/fullrestores/091-63023/11A39400-AC8E-11E8-A499-81BC17F6848C/iPad_64bit_12.0_16A366_Restore.ipsw diff --git a/resources/firmware/iPad4,5/16A366/index.html b/resources/firmware/iPad4,5/16A366/index.html new file mode 100644 index 0000000..5bec111 --- /dev/null +++ b/resources/firmware/iPad4,5/16A366/index.html @@ -0,0 +1 @@ +{"identifier":"iPad4,5","buildid":"16A366","codename":"Peace","restoreramdiskexists":true,"updateramdiskexists":true,"keys":[{"image":"RootFS","filename":"048-08880-233.dmg","date":"2024-01-17T22:25:21.099108"},{"image":"UpdateRamdisk","filename":"048-08422-242.dmg","date":"2024-01-17T22:25:21.099318"},{"image":"RestoreRamdisk","filename":"048-08497-242.dmg","date":"2024-01-17T22:25:21.099448"},{"image":"iBEC","filename":"iBEC.ipad4b.RELEASE.im4p","date":"2024-01-17T22:25:21.100521","iv":"196774934e43f19de1fb4a418392b71a","key":"bad43359f0ee47f04767dcc748c30041fe205a697b5a4147b834ecb375f20a0a","kbag":"196774934e43f19de1fb4a418392b71abad43359f0ee47f04767dcc748c30041fe205a697b5a4147b834ecb375f20a0a"},{"image":"iBoot","filename":"iBoot.ipad4b.RELEASE.im4p","date":"2024-01-17T22:25:21.100683","iv":"f4eb87c80db748db7622d37352e6ea78","key":"2cc26f7c971ea71fec96d0658f076c90be78cb5eb78aa851ae0096299fc40d00","kbag":"f4eb87c80db748db7622d37352e6ea782cc26f7c971ea71fec96d0658f076c90be78cb5eb78aa851ae0096299fc40d00"},{"image":"iBSS","filename":"iBSS.ipad4b.RELEASE.im4p","date":"2024-01-17T22:25:21.100835","iv":"1a5126ac38fd6f819763d45ef95f7de4","key":"680e0b4e1b002353e9c2854f88047b23cf07be710d407a044e081eee8af94b0b","kbag":"1a5126ac38fd6f819763d45ef95f7de4680e0b4e1b002353e9c2854f88047b23cf07be710d407a044e081eee8af94b0b"},{"image":"LLB","filename":"LLB.ipad4b.RELEASE.im4p","date":"2024-01-17T22:25:21.101095","iv":"c23c522cf818cd1529125f164af4f3a2","key":"2413e1985eac9f8ae6b743609f34ea918f8fef915db27b4e2dce633a7fd124c0","kbag":"c23c522cf818cd1529125f164af4f3a22413e1985eac9f8ae6b743609f34ea918f8fef915db27b4e2dce633a7fd124c0"}]} \ No newline at end of file diff --git a/resources/firmware/iPad4,5/16A366/url b/resources/firmware/iPad4,5/16A366/url new file mode 100644 index 0000000..8e1bfa6 --- /dev/null +++ b/resources/firmware/iPad4,5/16A366/url @@ -0,0 +1 @@ +https://updates.cdn-apple.com/2018FallFCS/fullrestores/091-63023/11A39400-AC8E-11E8-A499-81BC17F6848C/iPad_64bit_12.0_16A366_Restore.ipsw diff --git a/resources/firmware/iPad4,6/16A366/index.html b/resources/firmware/iPad4,6/16A366/index.html new file mode 100644 index 0000000..d8c86e0 --- /dev/null +++ b/resources/firmware/iPad4,6/16A366/index.html @@ -0,0 +1 @@ +{"identifier":"iPad4,6","buildid":"16A366","codename":"Peace","restoreramdiskexists":true,"updateramdiskexists":true,"keys":[{"image":"RootFS","filename":"048-08880-233.dmg","date":"2024-01-17T22:25:25.969629"},{"image":"UpdateRamdisk","filename":"048-08422-242.dmg","date":"2024-01-17T22:25:25.969849"},{"image":"RestoreRamdisk","filename":"048-08497-242.dmg","date":"2024-01-17T22:25:25.970019"},{"image":"iBEC","filename":"iBEC.ipad4b.RELEASE.im4p","date":"2024-01-17T22:25:25.971330","iv":"196774934e43f19de1fb4a418392b71a","key":"bad43359f0ee47f04767dcc748c30041fe205a697b5a4147b834ecb375f20a0a","kbag":"196774934e43f19de1fb4a418392b71abad43359f0ee47f04767dcc748c30041fe205a697b5a4147b834ecb375f20a0a"},{"image":"iBoot","filename":"iBoot.ipad4b.RELEASE.im4p","date":"2024-01-17T22:25:25.971525","iv":"f4eb87c80db748db7622d37352e6ea78","key":"2cc26f7c971ea71fec96d0658f076c90be78cb5eb78aa851ae0096299fc40d00","kbag":"f4eb87c80db748db7622d37352e6ea782cc26f7c971ea71fec96d0658f076c90be78cb5eb78aa851ae0096299fc40d00"},{"image":"iBSS","filename":"iBSS.ipad4b.RELEASE.im4p","date":"2024-01-17T22:25:25.971703","iv":"1a5126ac38fd6f819763d45ef95f7de4","key":"680e0b4e1b002353e9c2854f88047b23cf07be710d407a044e081eee8af94b0b","kbag":"1a5126ac38fd6f819763d45ef95f7de4680e0b4e1b002353e9c2854f88047b23cf07be710d407a044e081eee8af94b0b"},{"image":"LLB","filename":"LLB.ipad4b.RELEASE.im4p","date":"2024-01-17T22:25:25.972030","iv":"c23c522cf818cd1529125f164af4f3a2","key":"2413e1985eac9f8ae6b743609f34ea918f8fef915db27b4e2dce633a7fd124c0","kbag":"c23c522cf818cd1529125f164af4f3a22413e1985eac9f8ae6b743609f34ea918f8fef915db27b4e2dce633a7fd124c0"}]} \ No newline at end of file diff --git a/resources/firmware/iPad4,6/16A366/url b/resources/firmware/iPad4,6/16A366/url new file mode 100644 index 0000000..8e1bfa6 --- /dev/null +++ b/resources/firmware/iPad4,6/16A366/url @@ -0,0 +1 @@ +https://updates.cdn-apple.com/2018FallFCS/fullrestores/091-63023/11A39400-AC8E-11E8-A499-81BC17F6848C/iPad_64bit_12.0_16A366_Restore.ipsw diff --git a/resources/firmware/iPad4,7/16A366/index.html b/resources/firmware/iPad4,7/16A366/index.html new file mode 100644 index 0000000..9e8cd9d --- /dev/null +++ b/resources/firmware/iPad4,7/16A366/index.html @@ -0,0 +1 @@ +{"identifier":"iPad4,7","buildid":"16A366","codename":"Peace","restoreramdiskexists":true,"updateramdiskexists":true,"keys":[{"image":"RootFS","filename":"048-08508-231.dmg","date":"2024-01-17T22:25:30.959782"},{"image":"UpdateRamdisk","filename":"048-08422-242.dmg","date":"2024-01-17T22:25:30.959893"},{"image":"RestoreRamdisk","filename":"048-08497-242.dmg","date":"2024-01-17T22:25:30.959958"},{"image":"iBEC","filename":"iBEC.ipad4bm.RELEASE.im4p","date":"2024-01-17T22:25:30.960486","iv":"11e7987235f6ba21930a522dc97c51b0","key":"64c64b0a97c8c805a316a901b8de478dc824979301003eac07aeb564263559a7","kbag":"11e7987235f6ba21930a522dc97c51b064c64b0a97c8c805a316a901b8de478dc824979301003eac07aeb564263559a7"},{"image":"iBoot","filename":"iBoot.ipad4bm.RELEASE.im4p","date":"2024-01-17T22:25:30.960562","iv":"cc4de999a4d0000d0c8e85419cdedfbc","key":"86edb66170e7257f9fabf7c62988a69b6d5ae106b7a1a068461ceebfc894a9fd","kbag":"cc4de999a4d0000d0c8e85419cdedfbc86edb66170e7257f9fabf7c62988a69b6d5ae106b7a1a068461ceebfc894a9fd"},{"image":"iBSS","filename":"iBSS.ipad4bm.RELEASE.im4p","date":"2024-01-17T22:25:30.960637","iv":"086eb1237432577f4bd9c322dda42e34","key":"21468b113c43941750f41861ff57d3a719fd4daf9ad117eb5c6e5f62232f98fa","kbag":"086eb1237432577f4bd9c322dda42e3421468b113c43941750f41861ff57d3a719fd4daf9ad117eb5c6e5f62232f98fa"},{"image":"LLB","filename":"LLB.ipad4bm.RELEASE.im4p","date":"2024-01-17T22:25:30.960775","iv":"d300dfd9dfa692d404109326a2e5c29b","key":"4e3481faebd5b5e690e358b3694cbd6e92c7fec587ad57760d50d5fa825b630a","kbag":"d300dfd9dfa692d404109326a2e5c29b4e3481faebd5b5e690e358b3694cbd6e92c7fec587ad57760d50d5fa825b630a"}]} \ No newline at end of file diff --git a/resources/firmware/iPad4,7/16A366/url b/resources/firmware/iPad4,7/16A366/url new file mode 100644 index 0000000..a314673 --- /dev/null +++ b/resources/firmware/iPad4,7/16A366/url @@ -0,0 +1 @@ +https://updates.cdn-apple.com/2018FallFCS/fullrestores/091-63139/11A3DDE8-AC8E-11E8-BBBB-EAD81D048BD9/iPad_64bit_TouchID_12.0_16A366_Restore.ipsw diff --git a/resources/firmware/iPad4,8/16A366/index.html b/resources/firmware/iPad4,8/16A366/index.html new file mode 100644 index 0000000..cbf94ad --- /dev/null +++ b/resources/firmware/iPad4,8/16A366/index.html @@ -0,0 +1 @@ +{"identifier":"iPad4,8","buildid":"16A366","codename":"Peace","restoreramdiskexists":true,"updateramdiskexists":true,"keys":[{"image":"RootFS","filename":"048-08508-231.dmg","date":"2024-01-17T22:25:35.546019"},{"image":"UpdateRamdisk","filename":"048-08422-242.dmg","date":"2024-01-17T22:25:35.546221"},{"image":"RestoreRamdisk","filename":"048-08497-242.dmg","date":"2024-01-17T22:25:35.546354"},{"image":"iBEC","filename":"iBEC.ipad4bm.RELEASE.im4p","date":"2024-01-17T22:25:35.547499","iv":"11e7987235f6ba21930a522dc97c51b0","key":"64c64b0a97c8c805a316a901b8de478dc824979301003eac07aeb564263559a7","kbag":"11e7987235f6ba21930a522dc97c51b064c64b0a97c8c805a316a901b8de478dc824979301003eac07aeb564263559a7"},{"image":"iBoot","filename":"iBoot.ipad4bm.RELEASE.im4p","date":"2024-01-17T22:25:35.547665","iv":"cc4de999a4d0000d0c8e85419cdedfbc","key":"86edb66170e7257f9fabf7c62988a69b6d5ae106b7a1a068461ceebfc894a9fd","kbag":"cc4de999a4d0000d0c8e85419cdedfbc86edb66170e7257f9fabf7c62988a69b6d5ae106b7a1a068461ceebfc894a9fd"},{"image":"iBSS","filename":"iBSS.ipad4bm.RELEASE.im4p","date":"2024-01-17T22:25:35.547818","iv":"086eb1237432577f4bd9c322dda42e34","key":"21468b113c43941750f41861ff57d3a719fd4daf9ad117eb5c6e5f62232f98fa","kbag":"086eb1237432577f4bd9c322dda42e3421468b113c43941750f41861ff57d3a719fd4daf9ad117eb5c6e5f62232f98fa"},{"image":"LLB","filename":"LLB.ipad4bm.RELEASE.im4p","date":"2024-01-17T22:25:35.548084","iv":"d300dfd9dfa692d404109326a2e5c29b","key":"4e3481faebd5b5e690e358b3694cbd6e92c7fec587ad57760d50d5fa825b630a","kbag":"d300dfd9dfa692d404109326a2e5c29b4e3481faebd5b5e690e358b3694cbd6e92c7fec587ad57760d50d5fa825b630a"}]} \ No newline at end of file diff --git a/resources/firmware/iPad4,8/16A366/url b/resources/firmware/iPad4,8/16A366/url new file mode 100644 index 0000000..a314673 --- /dev/null +++ b/resources/firmware/iPad4,8/16A366/url @@ -0,0 +1 @@ +https://updates.cdn-apple.com/2018FallFCS/fullrestores/091-63139/11A3DDE8-AC8E-11E8-BBBB-EAD81D048BD9/iPad_64bit_TouchID_12.0_16A366_Restore.ipsw diff --git a/resources/firmware/iPad4,9/16A366/index.html b/resources/firmware/iPad4,9/16A366/index.html new file mode 100644 index 0000000..d3d18ea --- /dev/null +++ b/resources/firmware/iPad4,9/16A366/index.html @@ -0,0 +1 @@ +{"identifier":"iPad4,9","buildid":"16A366","codename":"Peace","restoreramdiskexists":true,"updateramdiskexists":true,"keys":[{"image":"RootFS","filename":"048-08508-231.dmg","date":"2024-01-17T22:25:39.889476"},{"image":"UpdateRamdisk","filename":"048-08422-242.dmg","date":"2024-01-17T22:25:39.889587"},{"image":"RestoreRamdisk","filename":"048-08497-242.dmg","date":"2024-01-17T22:25:39.889651"},{"image":"iBEC","filename":"iBEC.ipad4bm.RELEASE.im4p","date":"2024-01-17T22:25:39.890184","iv":"11e7987235f6ba21930a522dc97c51b0","key":"64c64b0a97c8c805a316a901b8de478dc824979301003eac07aeb564263559a7","kbag":"11e7987235f6ba21930a522dc97c51b064c64b0a97c8c805a316a901b8de478dc824979301003eac07aeb564263559a7"},{"image":"iBoot","filename":"iBoot.ipad4bm.RELEASE.im4p","date":"2024-01-17T22:25:39.890260","iv":"cc4de999a4d0000d0c8e85419cdedfbc","key":"86edb66170e7257f9fabf7c62988a69b6d5ae106b7a1a068461ceebfc894a9fd","kbag":"cc4de999a4d0000d0c8e85419cdedfbc86edb66170e7257f9fabf7c62988a69b6d5ae106b7a1a068461ceebfc894a9fd"},{"image":"iBSS","filename":"iBSS.ipad4bm.RELEASE.im4p","date":"2024-01-17T22:25:39.890343","iv":"086eb1237432577f4bd9c322dda42e34","key":"21468b113c43941750f41861ff57d3a719fd4daf9ad117eb5c6e5f62232f98fa","kbag":"086eb1237432577f4bd9c322dda42e3421468b113c43941750f41861ff57d3a719fd4daf9ad117eb5c6e5f62232f98fa"},{"image":"LLB","filename":"LLB.ipad4bm.RELEASE.im4p","date":"2024-01-17T22:25:39.890512","iv":"d300dfd9dfa692d404109326a2e5c29b","key":"4e3481faebd5b5e690e358b3694cbd6e92c7fec587ad57760d50d5fa825b630a","kbag":"d300dfd9dfa692d404109326a2e5c29b4e3481faebd5b5e690e358b3694cbd6e92c7fec587ad57760d50d5fa825b630a"}]} \ No newline at end of file diff --git a/resources/firmware/iPad4,9/16A366/url b/resources/firmware/iPad4,9/16A366/url new file mode 100644 index 0000000..a314673 --- /dev/null +++ b/resources/firmware/iPad4,9/16A366/url @@ -0,0 +1 @@ +https://updates.cdn-apple.com/2018FallFCS/fullrestores/091-63139/11A3DDE8-AC8E-11E8-BBBB-EAD81D048BD9/iPad_64bit_TouchID_12.0_16A366_Restore.ipsw diff --git a/resources/firmware/iPhone6,1/16A366/index.html b/resources/firmware/iPhone6,1/16A366/index.html new file mode 100644 index 0000000..990b640 --- /dev/null +++ b/resources/firmware/iPhone6,1/16A366/index.html @@ -0,0 +1 @@ +{"identifier":"iPhone6,1","buildid":"16A366","codename":"Peace","restoreramdiskexists":true,"updateramdiskexists":true,"keys":[{"image":"RootFS","filename":"048-08625-234.dmg","date":"2024-01-17T22:24:50.263641"},{"image":"UpdateRamdisk","filename":"048-08422-242.dmg","date":"2024-01-17T22:24:50.263765"},{"image":"RestoreRamdisk","filename":"048-08497-242.dmg","date":"2024-01-17T22:24:50.263841"},{"image":"iBEC","filename":"iBEC.iphone6.RELEASE.im4p","date":"2024-01-17T22:24:50.264477","iv":"be140ae1c0971e41660d6bca43f97ed6","key":"d6e615ba7bb82f5a6caa4b868aaf26b01c512cde138045bc48a75e6d95c27df0","kbag":"be140ae1c0971e41660d6bca43f97ed6d6e615ba7bb82f5a6caa4b868aaf26b01c512cde138045bc48a75e6d95c27df0"},{"image":"iBoot","filename":"iBoot.iphone6.RELEASE.im4p","date":"2024-01-17T22:24:50.264567","iv":"8995423078e923d38d4ab711a38d4308","key":"30c573be2e1c32c6e46e4078f290085fde1d08f97d9ade52f0defa7cd4d92e70","kbag":"8995423078e923d38d4ab711a38d430830c573be2e1c32c6e46e4078f290085fde1d08f97d9ade52f0defa7cd4d92e70"},{"image":"iBSS","filename":"iBSS.iphone6.RELEASE.im4p","date":"2024-01-17T22:24:50.264656","iv":"428bfd3dfa26dc8afea4faac2135a19b","key":"abd136df248907826f508b0d61f578a3195d8471f511ad4baaafba81ff25e230","kbag":"428bfd3dfa26dc8afea4faac2135a19babd136df248907826f508b0d61f578a3195d8471f511ad4baaafba81ff25e230"},{"image":"LLB","filename":"LLB.iphone6.RELEASE.im4p","date":"2024-01-17T22:24:50.264812","iv":"764efb28739de706bc2e03b8414e3727","key":"8c4ee825690539b963342285aaeb5f91cc4e54bb3bd40cd6770b0f4ca2769686","kbag":"764efb28739de706bc2e03b8414e37278c4ee825690539b963342285aaeb5f91cc4e54bb3bd40cd6770b0f4ca2769686"}]} \ No newline at end of file diff --git a/resources/firmware/iPhone6,1/16A366/url b/resources/firmware/iPhone6,1/16A366/url new file mode 100644 index 0000000..e86a2ae --- /dev/null +++ b/resources/firmware/iPhone6,1/16A366/url @@ -0,0 +1 @@ +http://updates-http.cdn-apple.com/2018FallFCS/fullrestores/091-63009/116F8BD8-AC8E-11E8-A3AF-9B7076D145D8/iPhone_4.0_64bit_12.0_16A366_Restore.ipsw diff --git a/resources/firmware/iPhone6,2/16A366/index.html b/resources/firmware/iPhone6,2/16A366/index.html new file mode 100644 index 0000000..ad72cae --- /dev/null +++ b/resources/firmware/iPhone6,2/16A366/index.html @@ -0,0 +1 @@ +{"identifier":"iPhone6,2","buildid":"16A366","codename":"Peace","restoreramdiskexists":true,"updateramdiskexists":true,"keys":[{"image":"RootFS","filename":"048-08625-234.dmg","date":"2024-01-17T22:24:55.329067"},{"image":"UpdateRamdisk","filename":"048-08422-242.dmg","date":"2024-01-17T22:24:55.329293"},{"image":"RestoreRamdisk","filename":"048-08497-242.dmg","date":"2024-01-17T22:24:55.329447"},{"image":"iBEC","filename":"iBEC.iphone6.RELEASE.im4p","date":"2024-01-17T22:24:55.330661","iv":"be140ae1c0971e41660d6bca43f97ed6","key":"d6e615ba7bb82f5a6caa4b868aaf26b01c512cde138045bc48a75e6d95c27df0","kbag":"be140ae1c0971e41660d6bca43f97ed6d6e615ba7bb82f5a6caa4b868aaf26b01c512cde138045bc48a75e6d95c27df0"},{"image":"iBoot","filename":"iBoot.iphone6.RELEASE.im4p","date":"2024-01-17T22:24:55.330840","iv":"8995423078e923d38d4ab711a38d4308","key":"30c573be2e1c32c6e46e4078f290085fde1d08f97d9ade52f0defa7cd4d92e70","kbag":"8995423078e923d38d4ab711a38d430830c573be2e1c32c6e46e4078f290085fde1d08f97d9ade52f0defa7cd4d92e70"},{"image":"iBSS","filename":"iBSS.iphone6.RELEASE.im4p","date":"2024-01-17T22:24:55.331000","iv":"428bfd3dfa26dc8afea4faac2135a19b","key":"abd136df248907826f508b0d61f578a3195d8471f511ad4baaafba81ff25e230","kbag":"428bfd3dfa26dc8afea4faac2135a19babd136df248907826f508b0d61f578a3195d8471f511ad4baaafba81ff25e230"},{"image":"LLB","filename":"LLB.iphone6.RELEASE.im4p","date":"2024-01-17T22:24:55.331272","iv":"764efb28739de706bc2e03b8414e3727","key":"8c4ee825690539b963342285aaeb5f91cc4e54bb3bd40cd6770b0f4ca2769686","kbag":"764efb28739de706bc2e03b8414e37278c4ee825690539b963342285aaeb5f91cc4e54bb3bd40cd6770b0f4ca2769686"}]} \ No newline at end of file diff --git a/resources/firmware/iPhone6,2/16A366/url b/resources/firmware/iPhone6,2/16A366/url new file mode 100644 index 0000000..e86a2ae --- /dev/null +++ b/resources/firmware/iPhone6,2/16A366/url @@ -0,0 +1 @@ +http://updates-http.cdn-apple.com/2018FallFCS/fullrestores/091-63009/116F8BD8-AC8E-11E8-A3AF-9B7076D145D8/iPhone_4.0_64bit_12.0_16A366_Restore.ipsw diff --git a/resources/sshrd/IM4M b/resources/sshrd/IM4M new file mode 100644 index 0000000..9021ed7 Binary files /dev/null and b/resources/sshrd/IM4M differ diff --git a/resources/sshrd/iBEC.ipad4.RELEASE.im4p.patch b/resources/sshrd/iBEC.ipad4.RELEASE.im4p.patch new file mode 100644 index 0000000..7089f49 Binary files /dev/null and b/resources/sshrd/iBEC.ipad4.RELEASE.im4p.patch differ diff --git a/resources/sshrd/iBEC.ipad4b.RELEASE.im4p.patch b/resources/sshrd/iBEC.ipad4b.RELEASE.im4p.patch new file mode 100644 index 0000000..e081683 Binary files /dev/null and b/resources/sshrd/iBEC.ipad4b.RELEASE.im4p.patch differ diff --git a/resources/sshrd/iBEC.ipad4bm.RELEASE.im4p.patch b/resources/sshrd/iBEC.ipad4bm.RELEASE.im4p.patch new file mode 100644 index 0000000..c357fba Binary files /dev/null and b/resources/sshrd/iBEC.ipad4bm.RELEASE.im4p.patch differ diff --git a/resources/sshrd/iBEC.iphone6.RELEASE.im4p.patch b/resources/sshrd/iBEC.iphone6.RELEASE.im4p.patch new file mode 100644 index 0000000..5e62eaf Binary files /dev/null and b/resources/sshrd/iBEC.iphone6.RELEASE.im4p.patch differ diff --git a/resources/sshrd/iBSS.ipad4.RELEASE.im4p.patch b/resources/sshrd/iBSS.ipad4.RELEASE.im4p.patch new file mode 100644 index 0000000..e05e37c Binary files /dev/null and b/resources/sshrd/iBSS.ipad4.RELEASE.im4p.patch differ diff --git a/resources/sshrd/iBSS.ipad4b.RELEASE.im4p.patch b/resources/sshrd/iBSS.ipad4b.RELEASE.im4p.patch new file mode 100644 index 0000000..e05e37c Binary files /dev/null and b/resources/sshrd/iBSS.ipad4b.RELEASE.im4p.patch differ diff --git a/resources/sshrd/iBSS.ipad4bm.RELEASE.im4p.patch b/resources/sshrd/iBSS.ipad4bm.RELEASE.im4p.patch new file mode 100644 index 0000000..52f28a7 Binary files /dev/null and b/resources/sshrd/iBSS.ipad4bm.RELEASE.im4p.patch differ diff --git a/resources/sshrd/iBSS.iphone6.RELEASE.im4p.patch b/resources/sshrd/iBSS.iphone6.RELEASE.im4p.patch new file mode 100644 index 0000000..99ceb9e Binary files /dev/null and b/resources/sshrd/iBSS.iphone6.RELEASE.im4p.patch differ diff --git a/resources/sshrd/kernelcache.release.ipad4.bpatch b/resources/sshrd/kernelcache.release.ipad4.bpatch new file mode 100644 index 0000000..246b2d2 --- /dev/null +++ b/resources/sshrd/kernelcache.release.ipad4.bpatch @@ -0,0 +1,13 @@ +#AMFI + +0x193960 0x63 0x78 +0x760268 0xffffffff 0x20 +0x760269 0xffffffc3 0x20 +0x76026a 0x0 0xffffff80 +0x76026b 0xffffffd1 0xffffffd2 +0x76026c 0xfffffff4 0xffffffc0 +0x76026d 0x4f 0x3 +0x76026e 0x1 0x5f +0x76026f 0xffffffa9 0xffffffd6 +0xdac299 0x8 0x0 +0xdac29b 0x71 0x6b diff --git a/resources/sshrd/kernelcache.release.ipad4b.bpatch b/resources/sshrd/kernelcache.release.ipad4b.bpatch new file mode 100644 index 0000000..158cf4b --- /dev/null +++ b/resources/sshrd/kernelcache.release.ipad4b.bpatch @@ -0,0 +1,13 @@ +#AMFI + +0x197280 0x63 0x78 +0x768268 0xffffffff 0x20 +0x768269 0xffffffc3 0x20 +0x76826a 0x0 0xffffff80 +0x76826b 0xffffffd1 0xffffffd2 +0x76826c 0xfffffff4 0xffffffc0 +0x76826d 0x4f 0x3 +0x76826e 0x1 0x5f +0x76826f 0xffffffa9 0xffffffd6 +0xdb4299 0x8 0x0 +0xdb429b 0x71 0x6b diff --git a/resources/sshrd/kernelcache.release.ipad4bm.bpatch b/resources/sshrd/kernelcache.release.ipad4bm.bpatch new file mode 100644 index 0000000..3adffe7 --- /dev/null +++ b/resources/sshrd/kernelcache.release.ipad4bm.bpatch @@ -0,0 +1,13 @@ +#AMFI + +0x196620 0x63 0x78 +0x778268 0xffffffff 0x20 +0x778269 0xffffffc3 0x20 +0x77826a 0x0 0xffffff80 +0x77826b 0xffffffd1 0xffffffd2 +0x77826c 0xfffffff4 0xffffffc0 +0x77826d 0x4f 0x3 +0x77826e 0x1 0x5f +0x77826f 0xffffffa9 0xffffffd6 +0xdc4299 0x8 0x0 +0xdc429b 0x71 0x6b diff --git a/resources/sshrd/kernelcache.release.iphone6.bpatch b/resources/sshrd/kernelcache.release.iphone6.bpatch new file mode 100644 index 0000000..a4d36a4 --- /dev/null +++ b/resources/sshrd/kernelcache.release.iphone6.bpatch @@ -0,0 +1,13 @@ +#AMFI + +0x196ff0 0x63 0x78 +0x760268 0xffffffff 0x20 +0x760269 0xffffffc3 0x20 +0x76026a 0x0 0xffffff80 +0x76026b 0xffffffd1 0xffffffd2 +0x76026c 0xfffffff4 0xffffffc0 +0x76026d 0x4f 0x3 +0x76026e 0x1 0x5f +0x76026f 0xffffffa9 0xffffffd6 +0xdac299 0x8 0x0 +0xdac29b 0x71 0x6b diff --git a/resources/ssh.tar b/resources/sshrd/ssh.tar similarity index 100% rename from resources/ssh.tar rename to resources/sshrd/ssh.tar diff --git a/resources/ssh_old.tar b/resources/sshrd/ssh_old.tar similarity index 100% rename from resources/ssh_old.tar rename to resources/sshrd/ssh_old.tar diff --git a/restore.sh b/restore.sh index 57da10c..b75fe1a 100755 --- a/restore.sh +++ b/restore.sh @@ -610,6 +610,7 @@ device_get_info() { elif [[ $device_type == "iPhone2,1" ]]; then device_newbr="$($irecovery -q | grep -c '359.3.2')" fi + device_pwnd="$($irecovery -q | grep "PWND" | cut -c 7-)" ;; "Normal" ) @@ -3400,11 +3401,6 @@ restore_prepare_1033() { device_enter_mode pwnDFU local attempt=1 - shsh_save - if [[ $device_type == "iPad4,4" || $device_type == "iPad4,5" ]]; then - iBSS=$iBSSb - iBEC=$iBECb - fi $irecovery -f $iBSS.im4p sleep 1 while (( attempt < 5 )); do @@ -3426,7 +3422,6 @@ restore_prepare_1033() { if (( attempt >= 5 )); then error "Failed to enter pwnREC mode. You might have to force restart your device and start over entering pwnDFU mode again" fi - shsh_save apnonce $($irecovery -q | grep "NONC" | cut -c 7-) } device_buttons() { @@ -3565,7 +3560,13 @@ restore_prepare() { : elif [[ $device_target_other != 1 && $device_target_vers == "10.3.3" ]]; then # A7 devices 10.3.3 + shsh_save + if [[ $device_type == "iPad4,4" || $device_type == "iPad4,5" ]]; then + iBSS=$iBSSb + iBEC=$iBECb + fi restore_prepare_1033 + shsh_save apnonce $($irecovery -q | grep "NONC" | cut -c 7-) restore_futurerestore --skip-blob elif [[ $device_target_vers == "$device_latest_vers" ]]; then restore_latest @@ -3676,6 +3677,132 @@ device_send_rdtar() { $ssh -p 2222 root@127.0.0.1 "tar -xvf $target/$1 -C /mnt1; rm $target/$1" } +device_ramdisk64() { + local sshtar="../saved/ssh-64.tar" + local comps=("iBSS" "iBEC" "DeviceTree" "Kernelcache" "Trustcache" "RestoreRamdisk") + local name + local iv + local key + local path + local url + local decrypt + local build_id="16A366" + local ramdisk_path="../saved/$device_type/ramdisk_$build_id" + device_target_build="$build_id" + + if [[ ! -e $sshtar ]]; then + log "Downloading ssh.tar from SSHRD_Script..." + curl -LO https://github.com/verygenericname/sshtars/raw/a6a93db54cc30a72f577744e50fb66ae57b24990/ssh.tar.gz + mv ssh.tar.gz $sshtar.gz + gzip -d $sshtar.gz + fi + + device_fw_key_check + url=$(cat "$device_fw_dir/$build_id/url" 2>/dev/null) + if [[ $(echo "$url" | grep -c '<') != 0 ]]; then + rm "$device_fw_dir/$build_id/url" + url= + fi + if [[ -z $url ]]; then + log "Getting URL for $device_type-$build_id" + url="$(curl "https://api.ipsw.me/v4/ipsw/$device_type/$build_id" | $jq -j ".url")" + if [[ $(echo "$url" | grep -c '<') != 0 ]]; then + url="$(curl "https://api.ipsw.me/v4/device/$device_type?type=ipsw" | $jq -j ".firmwares[] | select(.buildid == \"$build_id\") | .url")" + fi + mkdir $device_fw_dir/$build_id 2>/dev/null + echo "$url" > $device_fw_dir/$build_id/url + fi + + mkdir $ramdisk_path 2>/dev/null + for getcomp in "${comps[@]}"; do + name=$(echo $device_fw_key | $jq -j '.keys[] | select(.image | startswith("'$getcomp'")) | .filename') + iv=$(echo $device_fw_key | $jq -j '.keys[] | select(.image | startswith("'$getcomp'")) | .iv') + key=$(echo $device_fw_key | $jq -j '.keys[] | select(.image | startswith("'$getcomp'")) | .key') + case $getcomp in + "iBSS" | "iBEC" ) path="Firmware/dfu/";; + "DeviceTree" ) path="Firmware/all_flash/";; + "Trustcache" ) path="Firmware/";; + * ) path="";; + esac + if [[ -z $name ]]; then + local hwmodel + case $device_type in + iPhone6* ) hwmodel="iphone6";; + iPad4,[123] ) hwmodel="ipad4";; + iPad4,[456] ) hwmodel="ipad4b";; + iPad4,[789] ) hwmodel="ipad4bm";; + esac + case $getcomp in + "iBSS" | "iBEC" ) name="$getcomp.$hwmodel.RELEASE.im4p";; + "DeviceTree" ) name="$getcomp.${device_model}ap.im4p";; + "Kernelcache" ) name="kernelcache.release.$hwmodel";; + "Trustcache" ) name="048-08497-242.dmg.trustcache";; + "RestoreRamdisk" ) name="048-08497-242.dmg";; + esac + fi + + log "$getcomp" + if [[ -e $ramdisk_path/$name ]]; then + cp $ramdisk_path/$name . + else + "$dir/pzb" -g "${path}$name" -o "$name" "$url" + cp $name $ramdisk_path/ + fi + mv $name $getcomp.orig + local reco="-i $getcomp.orig -o $getcomp.img4 -M ../resources/sshrd/IM4M -T " + case $getcomp in + "iBSS" | "iBEC" ) + "$dir/img4" -i $getcomp.orig -o $getcomp.dec -k ${iv}${key} + mv $getcomp.orig $getcomp.orig0 + $bspatch $getcomp.dec $getcomp.orig ../resources/sshrd/$name.patch + reco+="$(echo $getcomp | tr '[:upper:]' '[:lower:]') -A" + ;; + "Kernelcache" ) reco+="rkrn -P ../resources/sshrd/$name.bpatch";; + "DeviceTree" ) reco+="rdtr";; + "Trustcache" ) reco+="rtsc";; + "RestoreRamdisk" ) + mv $getcomp.orig $getcomp.orig0 + "$dir/img4" -i $getcomp.orig0 -o $getcomp.orig + "$dir/hfsplus" $getcomp.orig grow 210000000 + "$dir/hfsplus" $getcomp.orig untar $sshtar + reco+="rdsk -A" + ;; + esac + "$dir/img4" $reco + cp $getcomp.img4 $ramdisk_path + done + + mv $ramdisk_path/iBSS.img4 $ramdisk_path/iBSS.im4p + mv $ramdisk_path/iBEC.img4 $ramdisk_path/iBEC.im4p + iBSS="$ramdisk_path/iBSS" + iBEC="$ramdisk_path/iBEC" + restore_prepare_1033 + + log "Booting, please wait..." + $irecovery -f $ramdisk_path/RestoreRamdisk.img4 + $irecovery -c ramdisk + $irecovery -f $ramdisk_path/DeviceTree.img4 + $irecovery -c devicetree + $irecovery -f $ramdisk_path/Trustcache.img4 + $irecovery -c firmware + $irecovery -f $ramdisk_path/Kernelcache.img4 + $irecovery -c bootx + + log "Running iproxy for SSH..." + $iproxy 2222 22 >/dev/null & + iproxy_pid=$! + sleep 1 + device_sshpass alpine + + print "* Booted SSH ramdisk is based on: https://github.com/verygenericname/SSHRD_Script" + print "* Mount filesystems with this command (for newer iOS versions only!):" + print " mount_filesystems" + print "* Mount root filesystem with this command (tested for iOS 10.3.x):" + print " mount_apfs /dev/disk0s1s1 /mnt1" + + menu_ramdisk +} + device_ramdisk() { local comps=("iBSS" "iBEC" "DeviceTree" "Kernelcache") local name @@ -3786,7 +3913,7 @@ device_ramdisk() { fi if [[ $device_type == "iPod2,1" || $device_proc == 1 ]]; then - "$dir/hfsplus" Ramdisk.raw untar ../resources/ssh_old.tar + "$dir/hfsplus" Ramdisk.raw untar ../resources/sshrd/ssh_old.tar "$dir/xpwntool" Ramdisk.raw Ramdisk.dmg -t RestoreRamdisk.dec log "Patch iBSS" $bspatch iBSS.dec iBSS.patched ../resources/patch/iBSS.${device_model}ap.RELEASE.patch @@ -3803,7 +3930,7 @@ device_ramdisk() { mv DeviceTree.orig DeviceTree.dec else if [[ $1 != "justboot" ]]; then - "$dir/hfsplus" Ramdisk.raw untar ../resources/ssh.tar + "$dir/hfsplus" Ramdisk.raw untar ../resources/sshrd/ssh.tar if [[ $1 == "jailbreak" && $device_vers == "8"* ]]; then "$dir/hfsplus" Ramdisk.raw untar ../resources/jailbreak/daibutsu/bin.tar fi @@ -3893,15 +4020,11 @@ device_ramdisk() { device_find_mode Restore 25 fi - case $mode in - "clearnvram" | "jailbreak" | "activation" | "baseband" | "getversion" | "setnvram" ) - log "Running iproxy for SSH..." - $iproxy 2222 22 >/dev/null & - iproxy_pid=$! - sleep 1 - device_sshpass alpine - ;; - esac + log "Running iproxy for SSH..." + $iproxy 2222 22 >/dev/null & + iproxy_pid=$! + sleep 1 + device_sshpass alpine case $mode in "activation" | "baseband" ) @@ -3942,7 +4065,7 @@ device_ramdisk() { fi ' $ssh -p 2222 root@127.0.0.1 "rm -f /mnt1/baseband.tar /mnt1/activation.tar; nvram auto-boot=0; reboot_bak" - log "Done, device should boot to recovery mode now" + log "Done, device should reboot to recovery mode now" return ;; @@ -3966,7 +4089,8 @@ device_ramdisk() { build=$(cat SystemVersion.plist | grep -i ProductBuildVersion -A 1 | grep -oPm1 "(?<=)[^<]+") fi if [[ $1 == "getversion" && -n $vers ]]; then - log "The current iOS version of this device is: $vers ($build)" + log "Retrieved the current iOS version, rebooting device" + print "* iOS Version: $vers ($build)" $ssh -p 2222 root@127.0.0.1 "reboot_bak" return fi @@ -4074,8 +4198,8 @@ device_ramdisk() { "clearnvram" ) log "Sending commands for clearing NVRAM..." $ssh -p 2222 root@127.0.0.1 "nvram -c; reboot_bak" - log "Done! Your device should reboot now." - print "* If the device did not connect, SSH to the device manually." + log "Done, your device should reboot now" + return ;; "setnvram" ) @@ -4085,27 +4209,65 @@ device_ramdisk() { $ssh -p 2222 root@127.0.0.1 "nvram boot-ramdisk=/a/b/c/d/e/f/g/h/i/disk.dmg" fi $ssh -p 2222 root@127.0.0.1 "reboot_bak" - log "Done, your device should boot now" + log "Done, your device should reboot now" return ;; - * ) log "Device should now be in SSH ramdisk mode.";; + * ) log "Device should now boot to SSH ramdisk mode.";; esac echo - print "* To access SSH ramdisk, run iproxy first:" - print " iproxy 2222 22" - print "* Then SSH to 127.0.0.1 port 2222:" - print " ssh -p 2222 -oHostKeyAlgorithms=+ssh-rsa root@127.0.0.1" - print "* Enter root password:" - print " alpine" print "* Mount filesystems with this command:" print " mount.sh" + menu_ramdisk +} + +menu_ramdisk() { + local loop + local mode + local menu_items=("Connect to SSH") + local reboot="reboot_bak" + if [[ $device_proc == 7 ]]; then + menu_items+=("Dump Blobs") + reboot="/sbin/reboot" + fi + menu_items+=("Reboot Device" "Exit") + print "* Clear NVRAM with this command:" print " nvram -c" print "* Erase All Content and Settings with this command (iOS 9+ only):" print " nvram oblit-inprogress=5" print "* To reboot, use this command:" - print " reboot_bak" + print " $reboot" + + while [[ $loop != 1 ]]; do + print "* SSH Ramdisk Menu" + while [[ -z $mode ]]; do + input "Select an option:" + select opt in "${menu_items[@]}"; do + selected="$opt" + break + done + case $selected in + "Connect to SSH" ) mode="ssh";; + "Reboot Device" ) mode="reboot";; + "Dump Blobs" ) mode="dump-blobs";; + "Exit" ) mode="exit";; + esac + done + case $mode in + "ssh" ) $ssh -p 2222 root@127.0.0.1;; + "reboot" ) $ssh -p 2222 root@127.0.0.1 "$reboot"; loop=1;; + "exit" ) loop=1;; + "dump-blobs" ) + shsh="../saved/shsh/$device_type-$(date +%Y-%m-%d-%H%M).shsh2" + $ssh -p 2222 root@127.0.0.1 "cat /dev/rdisk1" | dd of=dump.raw bs=256 count=$((0x4000)) + "$dir/img4tool" --convert -s $shsh dump.raw + log "Onboard blobs should be dumped to $shsh" + pause + ;; + esac + mode= + done } shsh_save_onboard() { @@ -4205,6 +4367,9 @@ menu_print_info() { print "* To get iOS version, go to: Other Utilities -> Get iOS Version" fi print "* ECID: $device_ecid" + if [[ -n $device_pwnd ]]; then + print "* Pwned: $device_pwnd" + fi echo } @@ -5067,7 +5232,7 @@ menu_other() { esac fi if [[ $device_mode != "none" ]]; then - if (( device_proc < 7 )); then + if (( device_proc < 8 )); then menu_items+=("SSH Ramdisk") fi case $device_mode in @@ -5088,7 +5253,7 @@ menu_other() { menu_items+=("Enter DFU Mode") fi fi - if (( device_proc < 8 )); then + if (( device_proc < 7 )); then menu_items+=("Create Custom IPSW") fi menu_items+=("(Re-)Install Dependencies" "Go Back") @@ -5419,7 +5584,10 @@ device_justboot() { } device_enter_ramdisk() { - if (( device_proc >= 5 )); then + if [[ $device_proc == 7 ]]; then + device_ramdisk64 + return + elif (( device_proc >= 5 )); then print "* To mount /var (/mnt2) for iOS 9-10, I recommend using 9.0.2 (13A452)." print "* If not sure, just press Enter/Return. This will select the default build version." read -p "$(input 'Enter build version (eg. 10B329): ')" device_rd_build