From 8000ca50c88bacb68209171fcc37b3217416fc80 Mon Sep 17 00:00:00 2001 From: LukeZGD <26163116+LukeZGD@users.noreply.github.com> Date: Mon, 26 Jun 2023 07:31:39 +0800 Subject: [PATCH] Add iPhone3,3 support for powdersn0w thanks to dora for releasing the exploit: https://github.com/kok3shidoll/untitled --- README.md | 5 +- .../firmware/src/target/n92/11D257/exploit | Bin 0 -> 524288 bytes .../firmware/src/target/n92/11D257/partition | 71 ++++++++++++++++++ restore.sh | 20 +++-- 4 files changed, 86 insertions(+), 10 deletions(-) create mode 100644 resources/firmware/src/target/n92/11D257/exploit create mode 100644 resources/firmware/src/target/n92/11D257/partition diff --git a/README.md b/README.md index 5d6ca05..7b10755 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ ## Features - Restore to iOS 8.4.1 or 6.1.3 on supported 32-bit devices **(OTA signed)** -- Restore iPhone 4 GSM (iPhone3,1) to lower iOS versions **(powdersn0w)** +- Restore iPhone 4 GSM and CDMA (iPhone3,1 and 3,3) to lower iOS versions **(powdersn0w)** - Restore iPhone 3GS and iPod touch 2 to lower iOS versions **(24Kpwn/alloc8)** - Restore 32-bit devices to lower iOS versions **with SHSH blobs** - Restore 32-bit devices to lower iOS versions **with iOS 7.1.x blobs (powdersn0w)** @@ -18,7 +18,7 @@ - Including latest iOS versions for some devices (4.2.1, 5.1.1, 6.1.6, 7.1.2) - There are two methods of jailbreaking: Custom IPSW and SSH Ramdisk - Available on target versions iOS 4.1, 4.2.x, 4.3.x, 5.x, 6.x, 7.x, and 8.4.1 - - Jailbreaking A5 4.3.x devices is not supported (only 5.x and newer will work) + - Jailbreaking iPad 2 on 4.3.x is not supported (only 5.x and newer will work) - Restore to iOS 10.3.3 on supported A7 devices **(OTA signed)** - Restore A7/A8 devices to lower iOS versions **with SHSH blobs** - Limited compatibility due to SEP/BB, see below @@ -80,6 +80,7 @@ - iPod touch 6 - Restoring with powdersn0w is supported on the following devices: - iPhone 4 GSM - targets iOS 4.3 to 6.1.3 + - iPhone 4 CDMA - targets iOS 5.0 to 6.1.3 - iPhone 4S, iPhone 5 (not 5C), iPad 2 Rev A, iPod 5th generation - targets iOS 5.0 to 6.1.3, 8.0 to 9.3.5 - Using powdersn0w requires iOS 7.1.x blobs for your device - Restoring with 24Kpwn/alloc8 is supported on the following devices: diff --git a/resources/firmware/src/target/n92/11D257/exploit b/resources/firmware/src/target/n92/11D257/exploit new file mode 100644 index 0000000000000000000000000000000000000000..e96b7d1d7b97a481a11f7095f0d4c0ee8d3d8589 GIT binary patch literal 524288 zcmeI*QEXLr9l-J5xwH%xT}z?B=F~!oiJ4+MUo>J|9h452jF=_$!34yrBcfF0frlBp zl$bpbv!r|Afn|MIBHPR2yAB>$V)`NvMweg)gO#`iw3%IRmCE)1zo&Eso3(>0&ieT$ z=bm$K?>+z9@BeddFHb}m3MlaZTA=TNXo@JJyK8G#ZZJ05{qWdmduMrE-xuk4bwnlY z(o^rz`e|oq1-M`PM&5eoc&uW=_=r#}Xsw^_{ z+8h7H0=3V*5nWB6+R&ZP(@Mr~b0*Qf%rONLNt(N}Ac!JGJfW z>FW9Mo1M+QXRE)Td96D0)@#*{nG-uZc9x^J_vn%IQPZ(;Z^Xo&^wzeY`f~ow%HKHM zHxy7n0R7>3Mim}0tzUgfC36Apnw7jD4>7>3Mim}0tzUgfC36Apnw7jD4>7>3Mim}0tzUg zfC36Apnw7jD4>7>3Mim}0tzUgfC36Apnw7jD4>7>3Mim}0tzUgfC36Apnw7jD4>7> z3Mim}0tzUgfC36A(BJ|)ZWys5oqpB)hbpmSNBpc-t6lDTe!OTMy;wWdHaz}j>+|F9 zo~};(wmR{J)~7D~bf!8HYlp{I-4$;&wG=J!=w0bNqbDy$$N7t0EtQ^=7q)F49{=X& zqxI#^;qi4}ioTW@e7P7NKeRIr?~Es3*%{xc43F>akAau^W3WFC^~aO_aU|V2+8@vK z$Fu!$EZsTYAEW*8LVujN)E^sH+#fA5xn=m|c=74ciMsnI6M+hzdaI1N8*{0_;u6p)$vomi^-1+k56CwWqhK+Isa!)SG@QCKUVUat`+sQ zZ%v0qG{;~ZjDdJCzL)Ohk#8$wqwSq}t3PskH$|+>XG~ibck`U9(j%2L=eN>UzN3iN zKmB3o+|674we_2xEAJgIdQ{Gy&s@%4&Xs3vO*8JBoi(3k&CN6B`}qgu_&~Ep{dZoI zURlms&Xs3flV<$(yjj~CI_vCvEqBF*VyHM!+#OT#?Ck&l*_3`#r1j7Hyef-z$rc*f zrCg20y5w0K*`=JdEuFPojdBh0YP6-57?`&jYa6;6x$xS#SR2(S=i+kc9aV(C+=6V1BYh`ZjZ@m8VwRv4dzAE!^t`^BlK3-QpZmu7%uOF|h zA8)81=f4BSho`{dI1qc|@#u?f(G^?j>))K-US;0(zt}aAuf#@P6Q!@ku8BNrBd>{a z)~vU@{>$qxUy19I`0viU65AVkCFX0UeQwrrt~_gdnlb;i&7Zz`tZ(S78?+Q=s5toakGT>r9vUWxT-6`q*45*r%261jH%Y%FIj=gPBg zNHgxAH|xfR&YC93W5Lh={2ASx)<1t6%kOTnCV3?q*`!>FJKrS#t{c-x1upI_OP_Q%to#k~J;jNItnwB>K<3zw7>3Mim}0tzUgfC36Apnw7jD4>7>3Mim}0tzUgfC36Apnw7jD4>7> z3Mim}0tzUgfC36Apnw7jD4>7>3Mim}0tzUgfC36Apnw7jD4>7>3Mim}0tzUgfC36A zpnw7jD4>7>3Mim}0tzUgfC36Apnw7jD4>7>3Mim}0tzUgfC36Apnw7jD4>7>3Mim} z0tzUgfC36Apnw7jD4>7>3Mim}0tzUgfC36Apnw7jD4>7>3jBu)^!9vhhfM+{X_>v!@4 Kh62l}z`p=Xx=qyp literal 0 HcmV?d00001 diff --git a/resources/firmware/src/target/n92/11D257/partition b/resources/firmware/src/target/n92/11D257/partition new file mode 100644 index 0000000..0426ea5 --- /dev/null +++ b/resources/firmware/src/target/n92/11D257/partition @@ -0,0 +1,71 @@ +#!/bin/bash + +isIOS5=0 + +if [ -e "/dev/rdisk0s2" ]; then +nvram -d boot-partition +nvram -d boot-ramdisk +sleep 1s +reboot_ +fi + +mount_hfs /dev/disk0s1s1 /mnt1 +if [ ! -e "/dev/rdisk0s1s3" ]; then +mount_hfs /dev/disk0s1s2 /mnt1/private/var +else +isIOS5=1 +mount_hfs /dev/disk0s1s3 /mnt1/private/var +fi + +sleep 1s + +rm -rf /mnt1/System/Library/LaunchDaemons/com.apple.mobile.softwareupdated.plist +rm -rf /mnt1/System/Library/LaunchDaemons/com.apple.softwareupdateservicesd.plist + +Data_GUID="$((echo -e "i\n2\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*Partition unique GUID: //p')" +LogicalSector="$((echo -e "p\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*Logical sector size: //p' | sed 's/ .*//')" +System_LastSector="$((echo -e "i\n1\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*Last sector: //p' | sed 's/ .*//')" +Data_LastSector="$((echo -e "i\n2\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*Last sector: //p' | sed 's/ .*//')" +Data_Attributeflags="$((echo -e "i\n2\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*flags: //p')" +Exploit_LastSector="$((524288/$LogicalSector))" +New_Data_LastSector="$(($Data_LastSector-$Exploit_LastSector))" +New_Data_SectorSize="$(($New_Data_LastSector-$System_LastSector))" +New_Data_Size="$(($New_Data_SectorSize*$LogicalSector))" + +hfs_resize /mnt1/private/var $New_Data_Size +sleep 1s + +if [ "$Data_Attributeflags" = "0001000000000000" ]; then +echo -e "d\n2\nn\n\n$New_Data_LastSector\n\nc\n2\nData\nx\na\n2\n48\n\nc\n2\n$Data_GUID\ns\n4\nm\nn\n3\n\n$Data_LastSector\n\nw\nY\n" | gptfdisk /dev/rdisk0s1 +else +echo -e "d\n2\nn\n\n$New_Data_LastSector\n\nc\n2\nData\nx\na\n2\n48\n49\n\nc\n2\n$Data_GUID\ns\n4\nm\nn\n3\n\n$Data_LastSector\n\nw\nY\n" | gptfdisk /dev/rdisk0s1 +fi + +sleep 1s + +if [ $isIOS5 == 0 ]; then +newfs_hfs -s -v exploit /dev/rdisk0s1s3 +sleep 1s +fsck_hfs -f /dev/rdisk0s1s3 +sleep 2s + +dd of=/dev/rdisk0s1s3 if=/exploit bs=512k count=1 +sleep 1s +fi + +if [ $isIOS5 == 1 ]; then +newfs_hfs -s -v exploit /dev/rdisk0s1s4 +sleep 1s +fsck_hfs -f /dev/rdisk0s1s4 +sleep 2s + +dd of=/dev/rdisk0s1s4 if=/exploit bs=512k count=1 +sleep 1s +fi + +nvram boot-partition=2 +nvram boot-ramdisk="/a/b/c/d/e/f/g/h/i/disk.dmg" + +sleep 1s + +reboot_ diff --git a/restore.sh b/restore.sh index df7ca8d..f72dd2c 100755 --- a/restore.sh +++ b/restore.sh @@ -965,6 +965,7 @@ device_enter_mode() { device_ipwndfu pwn elif [[ $device_proc == 4 && $platform != "macos" ]]; then # A4 linux uses ipwnder + log "Placing device to pwnDFU mode using ipwnder" $ipwnder -p tool_pwned=$? elif [[ $device_proc == 7 && $platform == "macos" && $(uname -m) != "x86_64" ]]; then @@ -1657,9 +1658,9 @@ ipsw_prepare_32bit_paths() { local str2 if [[ $2 == "target" ]]; then case $comp in - "AppleLogo" ) str2="${name/applelogo/"applelogo7"}";; - "RecoveryMode" ) str2="${name/recoverymode/"recoverymode7"}";; - "NewiBoot" ) str2="${name/iBoot/"iBoot$(echo $device_target_vers | cut -c 1)"}";; + "AppleLogo" ) str2="${name/applelogo/applelogo7}";; + "RecoveryMode" ) str2="${name/recoverymode/recoverymode7}";; + "NewiBoot" ) str2="${name/iBoot/iBoot$(echo $device_target_vers | cut -c 1)}";; esac case $comp in "AppleLogo" | "RecoveryMode" | "NewiBoot" ) @@ -2464,7 +2465,7 @@ restore_prepare() { else restore_latest fi - elif [[ $device_type == "iPhone3,1" ]]; then + elif [[ $device_type == "iPhone3,1" || $device_type == "iPhone3,3" ]]; then # powdersn0w 4.3.x-6.1.3 shsh_save version 7.1.2 device_enter_mode pwnDFU @@ -2537,6 +2538,8 @@ ipsw_prepare() { shsh_save version 7.1.2 fi ipsw_prepare_powder + elif [[ $device_type == "iPhone3,3" ]]; then + ipsw_prepare_powder2 else ipsw_prepare_custom fi @@ -3093,7 +3096,7 @@ menu_restore() { case $device_type in iPhone4,1 | iPhone5,[12] | iPad2,4 | iPod5,1 ) menu_items+=("Other (powdersn0w 7.1.x blobs)");; - iPhone3,1 ) + iPhone3,[13] ) menu_items+=("powdersn0w (any iOS)");; iPhone2,1 ) menu_items+=("iOS 5.1.1" "iOS 4.3.3" "iOS 4.1" "iOS 4.0" "iPhoneOS 3.1.3");; @@ -3232,6 +3235,7 @@ menu_ipsw() { print "* Select Target IPSW to continue" case $device_type in iPhone3,1 ) print "* Any iOS version from 4.3 to 6.1.3 is supported";; + iPhone3,3 ) print "* Any iOS version from 5.0 to 6.1.3 is supported";; iPhone5,[12] | iPod5,1 ) print "* Any iOS version from 6.0 to 9.3.5 is supported (not iOS 7)";; iPad2,4 ) print "* Any iOS version from 5.1 to 9.3.5 is supported (not iOS 7)";; * ) print "* Any iOS version from 5.0 to 9.3.5 is supported (not iOS 7)";; @@ -3239,19 +3243,19 @@ menu_ipsw() { fi echo local text2="(iOS 7.1.x)" - if [[ $device_type == "iPhone3,1" ]]; then + if [[ $device_type == "iPhone3,1" || $device_type == "iPhone3,3" ]]; then text2="(iOS 7.1.2)" fi if [[ -n $ipsw_base_path ]]; then print "* Selected Base $text2 IPSW: $ipsw_base_path.ipsw" print "* Base Version: $device_base_vers-$device_base_build" - if [[ $device_type != "iPhone3,1" ]]; then + if [[ $device_type != "iPhone3,1" && $device_type != "iPhone3,3" ]]; then menu_items+=("Select Base SHSH") fi else print "* Select Base $text2 IPSW to continue" fi - if [[ $device_type == "iPhone3,1" ]]; then + if [[ $device_type == "iPhone3,1" || $device_type == "iPhone3,3" ]]; then shsh_path=1 else echo