diff --git a/README.md b/README.md index 5d6ca05..7b10755 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ ## Features - Restore to iOS 8.4.1 or 6.1.3 on supported 32-bit devices **(OTA signed)** -- Restore iPhone 4 GSM (iPhone3,1) to lower iOS versions **(powdersn0w)** +- Restore iPhone 4 GSM and CDMA (iPhone3,1 and 3,3) to lower iOS versions **(powdersn0w)** - Restore iPhone 3GS and iPod touch 2 to lower iOS versions **(24Kpwn/alloc8)** - Restore 32-bit devices to lower iOS versions **with SHSH blobs** - Restore 32-bit devices to lower iOS versions **with iOS 7.1.x blobs (powdersn0w)** @@ -18,7 +18,7 @@ - Including latest iOS versions for some devices (4.2.1, 5.1.1, 6.1.6, 7.1.2) - There are two methods of jailbreaking: Custom IPSW and SSH Ramdisk - Available on target versions iOS 4.1, 4.2.x, 4.3.x, 5.x, 6.x, 7.x, and 8.4.1 - - Jailbreaking A5 4.3.x devices is not supported (only 5.x and newer will work) + - Jailbreaking iPad 2 on 4.3.x is not supported (only 5.x and newer will work) - Restore to iOS 10.3.3 on supported A7 devices **(OTA signed)** - Restore A7/A8 devices to lower iOS versions **with SHSH blobs** - Limited compatibility due to SEP/BB, see below @@ -80,6 +80,7 @@ - iPod touch 6 - Restoring with powdersn0w is supported on the following devices: - iPhone 4 GSM - targets iOS 4.3 to 6.1.3 + - iPhone 4 CDMA - targets iOS 5.0 to 6.1.3 - iPhone 4S, iPhone 5 (not 5C), iPad 2 Rev A, iPod 5th generation - targets iOS 5.0 to 6.1.3, 8.0 to 9.3.5 - Using powdersn0w requires iOS 7.1.x blobs for your device - Restoring with 24Kpwn/alloc8 is supported on the following devices: diff --git a/resources/firmware/src/target/n92/11D257/exploit b/resources/firmware/src/target/n92/11D257/exploit new file mode 100644 index 0000000..e96b7d1 Binary files /dev/null and b/resources/firmware/src/target/n92/11D257/exploit differ diff --git a/resources/firmware/src/target/n92/11D257/partition b/resources/firmware/src/target/n92/11D257/partition new file mode 100644 index 0000000..0426ea5 --- /dev/null +++ b/resources/firmware/src/target/n92/11D257/partition @@ -0,0 +1,71 @@ +#!/bin/bash + +isIOS5=0 + +if [ -e "/dev/rdisk0s2" ]; then +nvram -d boot-partition +nvram -d boot-ramdisk +sleep 1s +reboot_ +fi + +mount_hfs /dev/disk0s1s1 /mnt1 +if [ ! -e "/dev/rdisk0s1s3" ]; then +mount_hfs /dev/disk0s1s2 /mnt1/private/var +else +isIOS5=1 +mount_hfs /dev/disk0s1s3 /mnt1/private/var +fi + +sleep 1s + +rm -rf /mnt1/System/Library/LaunchDaemons/com.apple.mobile.softwareupdated.plist +rm -rf /mnt1/System/Library/LaunchDaemons/com.apple.softwareupdateservicesd.plist + +Data_GUID="$((echo -e "i\n2\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*Partition unique GUID: //p')" +LogicalSector="$((echo -e "p\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*Logical sector size: //p' | sed 's/ .*//')" +System_LastSector="$((echo -e "i\n1\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*Last sector: //p' | sed 's/ .*//')" +Data_LastSector="$((echo -e "i\n2\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*Last sector: //p' | sed 's/ .*//')" +Data_Attributeflags="$((echo -e "i\n2\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*flags: //p')" +Exploit_LastSector="$((524288/$LogicalSector))" +New_Data_LastSector="$(($Data_LastSector-$Exploit_LastSector))" +New_Data_SectorSize="$(($New_Data_LastSector-$System_LastSector))" +New_Data_Size="$(($New_Data_SectorSize*$LogicalSector))" + +hfs_resize /mnt1/private/var $New_Data_Size +sleep 1s + +if [ "$Data_Attributeflags" = "0001000000000000" ]; then +echo -e "d\n2\nn\n\n$New_Data_LastSector\n\nc\n2\nData\nx\na\n2\n48\n\nc\n2\n$Data_GUID\ns\n4\nm\nn\n3\n\n$Data_LastSector\n\nw\nY\n" | gptfdisk /dev/rdisk0s1 +else +echo -e "d\n2\nn\n\n$New_Data_LastSector\n\nc\n2\nData\nx\na\n2\n48\n49\n\nc\n2\n$Data_GUID\ns\n4\nm\nn\n3\n\n$Data_LastSector\n\nw\nY\n" | gptfdisk /dev/rdisk0s1 +fi + +sleep 1s + +if [ $isIOS5 == 0 ]; then +newfs_hfs -s -v exploit /dev/rdisk0s1s3 +sleep 1s +fsck_hfs -f /dev/rdisk0s1s3 +sleep 2s + +dd of=/dev/rdisk0s1s3 if=/exploit bs=512k count=1 +sleep 1s +fi + +if [ $isIOS5 == 1 ]; then +newfs_hfs -s -v exploit /dev/rdisk0s1s4 +sleep 1s +fsck_hfs -f /dev/rdisk0s1s4 +sleep 2s + +dd of=/dev/rdisk0s1s4 if=/exploit bs=512k count=1 +sleep 1s +fi + +nvram boot-partition=2 +nvram boot-ramdisk="/a/b/c/d/e/f/g/h/i/disk.dmg" + +sleep 1s + +reboot_ diff --git a/restore.sh b/restore.sh index df7ca8d..f72dd2c 100755 --- a/restore.sh +++ b/restore.sh @@ -965,6 +965,7 @@ device_enter_mode() { device_ipwndfu pwn elif [[ $device_proc == 4 && $platform != "macos" ]]; then # A4 linux uses ipwnder + log "Placing device to pwnDFU mode using ipwnder" $ipwnder -p tool_pwned=$? elif [[ $device_proc == 7 && $platform == "macos" && $(uname -m) != "x86_64" ]]; then @@ -1657,9 +1658,9 @@ ipsw_prepare_32bit_paths() { local str2 if [[ $2 == "target" ]]; then case $comp in - "AppleLogo" ) str2="${name/applelogo/"applelogo7"}";; - "RecoveryMode" ) str2="${name/recoverymode/"recoverymode7"}";; - "NewiBoot" ) str2="${name/iBoot/"iBoot$(echo $device_target_vers | cut -c 1)"}";; + "AppleLogo" ) str2="${name/applelogo/applelogo7}";; + "RecoveryMode" ) str2="${name/recoverymode/recoverymode7}";; + "NewiBoot" ) str2="${name/iBoot/iBoot$(echo $device_target_vers | cut -c 1)}";; esac case $comp in "AppleLogo" | "RecoveryMode" | "NewiBoot" ) @@ -2464,7 +2465,7 @@ restore_prepare() { else restore_latest fi - elif [[ $device_type == "iPhone3,1" ]]; then + elif [[ $device_type == "iPhone3,1" || $device_type == "iPhone3,3" ]]; then # powdersn0w 4.3.x-6.1.3 shsh_save version 7.1.2 device_enter_mode pwnDFU @@ -2537,6 +2538,8 @@ ipsw_prepare() { shsh_save version 7.1.2 fi ipsw_prepare_powder + elif [[ $device_type == "iPhone3,3" ]]; then + ipsw_prepare_powder2 else ipsw_prepare_custom fi @@ -3093,7 +3096,7 @@ menu_restore() { case $device_type in iPhone4,1 | iPhone5,[12] | iPad2,4 | iPod5,1 ) menu_items+=("Other (powdersn0w 7.1.x blobs)");; - iPhone3,1 ) + iPhone3,[13] ) menu_items+=("powdersn0w (any iOS)");; iPhone2,1 ) menu_items+=("iOS 5.1.1" "iOS 4.3.3" "iOS 4.1" "iOS 4.0" "iPhoneOS 3.1.3");; @@ -3232,6 +3235,7 @@ menu_ipsw() { print "* Select Target IPSW to continue" case $device_type in iPhone3,1 ) print "* Any iOS version from 4.3 to 6.1.3 is supported";; + iPhone3,3 ) print "* Any iOS version from 5.0 to 6.1.3 is supported";; iPhone5,[12] | iPod5,1 ) print "* Any iOS version from 6.0 to 9.3.5 is supported (not iOS 7)";; iPad2,4 ) print "* Any iOS version from 5.1 to 9.3.5 is supported (not iOS 7)";; * ) print "* Any iOS version from 5.0 to 9.3.5 is supported (not iOS 7)";; @@ -3239,19 +3243,19 @@ menu_ipsw() { fi echo local text2="(iOS 7.1.x)" - if [[ $device_type == "iPhone3,1" ]]; then + if [[ $device_type == "iPhone3,1" || $device_type == "iPhone3,3" ]]; then text2="(iOS 7.1.2)" fi if [[ -n $ipsw_base_path ]]; then print "* Selected Base $text2 IPSW: $ipsw_base_path.ipsw" print "* Base Version: $device_base_vers-$device_base_build" - if [[ $device_type != "iPhone3,1" ]]; then + if [[ $device_type != "iPhone3,1" && $device_type != "iPhone3,3" ]]; then menu_items+=("Select Base SHSH") fi else print "* Select Base $text2 IPSW to continue" fi - if [[ $device_type == "iPhone3,1" ]]; then + if [[ $device_type == "iPhone3,1" || $device_type == "iPhone3,3" ]]; then shsh_path=1 else echo