From 84c3a7e6c11cedade41ca4134138e92c19b69a82 Mon Sep 17 00:00:00 2001 From: LukeZGD <26163116+LukeZGD@users.noreply.github.com> Date: Thu, 12 Oct 2023 19:17:10 +0800 Subject: [PATCH] powdersn0w 7.0.x 5c and ipad 4 (untested) and fix other stuff like dfu ipsw for iphone 5/ipad, and pwndfu stuff --- README.md | 10 +- .../firmware/iPhone5,2/11B651/index.html | 1 + resources/firmware/iPhone5,2/11B651/sha1sum | 1 + resources/firmware/iPhone5,2/11D201/sha1sum | 1 + .../firmware/iPhone5,2/13B143/index.html | 1 + resources/firmware/iPhone5,2/13B143/sha1sum | 1 + resources/firmware/iPhone5,2/13G35/index.html | 1 + resources/firmware/iPhone5,2/13G35/sha1sum | 1 + resources/firmware/iPhone5,2/13G35/url | 1 + resources/firmware/iPhone5,2/14G61/index.html | 1 + .../src/target/ipad3b/11B554a/exploit | Bin 0 -> 524288 bytes .../src/target/ipad3b/11B554a/partition | 85 ++++++++++++++++ .../src/target/iphone5b/11B554a/exploit | Bin 0 -> 524288 bytes .../src/target/iphone5b/11B554a/partition | 91 ++++++++++++++++++ restore.sh | 70 ++++++++++++-- 15 files changed, 253 insertions(+), 12 deletions(-) create mode 100644 resources/firmware/iPhone5,2/11B651/index.html create mode 100644 resources/firmware/iPhone5,2/11B651/sha1sum create mode 100644 resources/firmware/iPhone5,2/11D201/sha1sum create mode 100644 resources/firmware/iPhone5,2/13B143/index.html create mode 100644 resources/firmware/iPhone5,2/13B143/sha1sum create mode 100644 resources/firmware/iPhone5,2/13G35/index.html create mode 100644 resources/firmware/iPhone5,2/13G35/sha1sum create mode 100644 resources/firmware/iPhone5,2/13G35/url create mode 100644 resources/firmware/iPhone5,2/14G61/index.html create mode 100644 resources/firmware/src/target/ipad3b/11B554a/exploit create mode 100644 resources/firmware/src/target/ipad3b/11B554a/partition create mode 100644 resources/firmware/src/target/iphone5b/11B554a/exploit create mode 100644 resources/firmware/src/target/iphone5b/11B554a/partition diff --git a/README.md b/README.md index 07b0d8b..2fa7332 100644 --- a/README.md +++ b/README.md @@ -12,8 +12,7 @@ - Restore iPhone 4 GSM and CDMA (iPhone3,1 and 3,3) to lower iOS versions **(powdersn0w)** - Restore iPhone 3GS and iPod touch 2 to lower iOS versions **(24Kpwn/alloc8)** - Restore 32-bit devices to lower iOS versions **with SHSH blobs** -- Restore 32-bit devices to lower iOS versions **with iOS 7.1.x blobs (powdersn0w)** - - For iPhone 5 (not 5C), 7.0.x blobs can also be used +- Restore 32-bit devices to lower iOS versions **with iOS 7 blobs (powdersn0w)** - Device support is limited, see below - Hacktivation for iPhone 2G, 3G, 3GS (activate without valid SIM card) - Option to **jailbreak** all 32-bit iOS devices @@ -82,8 +81,10 @@ - Restoring with powdersn0w is supported on the following devices: - iPhone 4 GSM - targets iOS 4.3 to 7.1.1 - iPhone 4 CDMA - targets iOS 5.0 to 7.1.1 - - iPhone 4S, 5, 5C, iPad 2 Rev A, iPod touch 5 - targets iOS 5.0 to 9.3.5 - - Using powdersn0w requires iOS 7.1.x blobs for your device (7.0.x blobs can also be used for iPhone 5) + - iPhone 4S, 5, 5C, iPad 2 Rev A, iPad 4, iPod touch 5 - targets iOS 5.0 to 9.3.5 + - Using powdersn0w requires iOS 7.1.x blobs for your device + - For iPhone 5 and 5C, 7.0.x blobs can also be used + - For iPad 4, only 7.0.x blobs can be used - Restoring with 24Kpwn/alloc8 is supported on the following devices: - iPhone 3GS - targets iOS 3.1.3 to 5.1.1 - iPod touch 2 - targets iOS 3.1.3 to 4.1 @@ -111,6 +112,7 @@ - bspatch - [powdersn0w_pub](https://github.com/dora2-iOS/powdersn0w_pub) - dora2ios; [LukeZGD fork](https://github.com/LukeZGD/powdersn0w_pub) - [Exploits used are from kok3shidoll's repo](https://github.com/kok3shidoll/untitled) + - [5C 7.0.x exploit is from Ralph0045's repo](https://github.com/Ralph0045/iloader) - [ipwndfu](https://github.com/LukeZGD/ipwndfu) - axi0mX, Linus Henze, synackuk; LukeZGD fork - [ipwnder_lite](https://github.com/dora2-iOS/ipwnder_lite/tree/7265a06d184e433989db640d5e83ea58d5862609) - dora2ios (used on macOS) - [iPwnder32](https://github.com/dora2-iOS/iPwnder32/tree/243ea5c6d1bd15f8bdd0b3a1ff4a7729bc14bac4) - dora2ios (old version with libusb used on Linux) diff --git a/resources/firmware/iPhone5,2/11B651/index.html b/resources/firmware/iPhone5,2/11B651/index.html new file mode 100644 index 0000000..3a3e724 --- /dev/null +++ b/resources/firmware/iPhone5,2/11B651/index.html @@ -0,0 +1 @@ +{"identifier": "iPhone5,2", "buildid": "11B651", "codename": "InnsbruckTaos", "restoreramdiskexists": true, "updateramdiskexists": true, "keys": [{"image": "RootFS", "filename": "058-2387-001.dmg", "date": "2021-12-09T08:16:28.408179", "key": "7dabfd01a114c1135abd4182a9679809b66b3df732070917af2c06c96c3c86fe86d7f565"}, {"image": "UpdateRamdisk", "filename": "058-3116-001.dmg", "date": "2021-12-09T08:16:28.408223", "iv": "10d3106db6fb7cd3ae80daa5c8b4fd21", "key": "7cb0c28b0af846e86979f257d8bc1492daf1a9baf89fab59992ae6727627df94", "kbag": "10d3106db6fb7cd3ae80daa5c8b4fd217cb0c28b0af846e86979f257d8bc1492daf1a9baf89fab59992ae6727627df94"}, {"image": "RestoreRamdisk", "filename": "058-3121-001.dmg", "date": "2021-12-09T08:16:28.408245", "iv": "9b56e41f100484ebaa6fe6c93346d342", "key": "7e547306b1b6038967b5e7269ccb07bbf0c8612df2279b0f1a364926f26f2750", "kbag": "9b56e41f100484ebaa6fe6c93346d3427e547306b1b6038967b5e7269ccb07bbf0c8612df2279b0f1a364926f26f2750"}, {"image": "AppleLogo", "filename": "applelogo@2x~iphone.s5l8950x.img3", "date": "2021-12-09T08:16:28.408264", "iv": "0a255d591aa2120974a05b1507840dc9", "key": "0c18a7bccaddf5728ed870f85af7de04c9caf3a880605043ab0dff86991f70a5", "kbag": "0a255d591aa2120974a05b1507840dc90c18a7bccaddf5728ed870f85af7de04c9caf3a880605043ab0dff86991f70a5"}, {"image": "BatteryCharging0", "filename": "batterycharging0@2x~iphone.s5l8950x.img3", "date": "2021-12-09T08:16:28.408284", "iv": "0da1950673e8d56ba69f8fc8ef5975e5", "key": "4d6767338c0d49853747a201622e1d93f49dfbb99a4a9ab860e7e0e6bd450437", "kbag": "0da1950673e8d56ba69f8fc8ef5975e54d6767338c0d49853747a201622e1d93f49dfbb99a4a9ab860e7e0e6bd450437"}, {"image": "BatteryCharging1", "filename": "batterycharging1@2x~iphone.s5l8950x.img3", "date": "2021-12-09T08:16:28.408303", "iv": "a545fdebc7f9e694d55f0e9cf6fd1120", "key": "1da6136c371a843353e57b0864802918627e348578e4e8411d5b28b84b0ad1f4", "kbag": "a545fdebc7f9e694d55f0e9cf6fd11201da6136c371a843353e57b0864802918627e348578e4e8411d5b28b84b0ad1f4"}, {"image": "BatteryFull", "filename": "batteryfull@2x~iphone.s5l8950x.img3", "date": "2021-12-09T08:16:28.408321", "iv": "2f29941426c01d475778e924025173a6", "key": "a83a6b3498278ea39f6431c4249caa7dc468c712f213815406f4270d8d88619e", "kbag": "2f29941426c01d475778e924025173a6a83a6b3498278ea39f6431c4249caa7dc468c712f213815406f4270d8d88619e"}, {"image": "BatteryLow0", "filename": "batterylow0@2x~iphone.s5l8950x.img3", "date": "2021-12-09T08:16:28.408337", "iv": "ddd91a5277316118656540547f864f1c", "key": "01a6d936503d8c27a91db87561909f4e7395a330a96b65ab7d4ff5bb2c6b00b5", "kbag": "ddd91a5277316118656540547f864f1c01a6d936503d8c27a91db87561909f4e7395a330a96b65ab7d4ff5bb2c6b00b5"}, {"image": "BatteryLow1", "filename": "batterylow1@2x~iphone.s5l8950x.img3", "date": "2021-12-09T08:16:28.408354", "iv": "7ac180acca329707d883b393f84889b0", "key": "7b89f0add8453353e422038e4dcbe0f0a90116c76085c7fb6241c2f67586e791", "kbag": "7ac180acca329707d883b393f84889b07b89f0add8453353e422038e4dcbe0f0a90116c76085c7fb6241c2f67586e791"}, {"image": "DeviceTree", "filename": "DeviceTree.n42ap.img3", "date": "2021-12-09T08:16:28.408378", "iv": "37777202ed963a78005bbdfb2fc9192a", "key": "bc870d009053f0af18959580f3639f784918950473c85c49a1c079301c10f548", "kbag": "37777202ed963a78005bbdfb2fc9192abc870d009053f0af18959580f3639f784918950473c85c49a1c079301c10f548"}, {"image": "GlyphPlugin", "filename": "glyphplugin@1136~iphone-lightning.s5l8950x.img3", "date": "2021-12-09T08:16:28.408396", "iv": "74d816a41a663afdae8cfa1a54579d00", "key": "d4376e4fcade9abc860af437998e1278fa1e3d28f3b79869da1d9ea184b2bc0b", "kbag": "74d816a41a663afdae8cfa1a54579d00d4376e4fcade9abc860af437998e1278fa1e3d28f3b79869da1d9ea184b2bc0b"}, {"image": "iBEC", "filename": "iBEC.n42ap.RELEASE.dfu", "date": "2021-12-09T08:16:28.408411", "iv": "97167c44ca016f44730f325608328703", "key": "591840b35fef3f82b578bce1697b9a13c720e76afc26525c6e1f6343147a90b3", "kbag": "97167c44ca016f44730f325608328703591840b35fef3f82b578bce1697b9a13c720e76afc26525c6e1f6343147a90b3"}, {"image": "iBoot", "filename": "iBoot.n42ap.RELEASE.img3", "date": "2021-12-09T08:16:28.408428", "iv": "62da3218997c76cb75e83754df8b7639", "key": "be934f7bc2b1837ab061a8b4356b41622a80878c8ed8152a5fb741e488b63dc1", "kbag": "62da3218997c76cb75e83754df8b7639be934f7bc2b1837ab061a8b4356b41622a80878c8ed8152a5fb741e488b63dc1"}, {"image": "iBSS", "filename": "iBSS.n42ap.RELEASE.dfu", "date": "2021-12-09T08:16:28.408446", "iv": "14ae9dd6ad593c53427a35c4d9ab5ce7", "key": "3e11dbab958af42279bee7e15aabb0dd9061a7390f3f0e6f8d9b55926fc0c6a9", "kbag": "14ae9dd6ad593c53427a35c4d9ab5ce73e11dbab958af42279bee7e15aabb0dd9061a7390f3f0e6f8d9b55926fc0c6a9"}, {"image": "Kernelcache", "filename": "kernelcache.release.n42", "date": "2021-12-09T08:16:28.408462", "iv": "ad8128a46ca4833f6c837a74424a2242", "key": "410bf9ef46bf53fe2f747a00428b332f994d3948ce37345d06f4a6d8c36f7271", "kbag": "ad8128a46ca4833f6c837a74424a2242410bf9ef46bf53fe2f747a00428b332f994d3948ce37345d06f4a6d8c36f7271"}, {"image": "LLB", "filename": "LLB.n42ap.RELEASE.img3", "date": "2021-12-09T08:16:28.408478", "iv": "fd3d3765ab3657ee8d1f7bcc364ab194", "key": "161050b35da56bd33720801e854e62fa0ac23e09b0a6018e1d5bb56cf4da4b3c", "kbag": "fd3d3765ab3657ee8d1f7bcc364ab194161050b35da56bd33720801e854e62fa0ac23e09b0a6018e1d5bb56cf4da4b3c"}, {"image": "RecoveryMode", "filename": "recoverymode@1136~iphone-lightning.s5l8950x.img3", "date": "2021-12-09T08:16:28.408495", "iv": "892515b2770245a90ec62afc4cc40d7a", "key": "8f92de9ab8dded5015e12a203132e4980fb47bf1cf49c54c2b623dd9552ab0de", "kbag": "892515b2770245a90ec62afc4cc40d7a8f92de9ab8dded5015e12a203132e4980fb47bf1cf49c54c2b623dd9552ab0de"}]} \ No newline at end of file diff --git a/resources/firmware/iPhone5,2/11B651/sha1sum b/resources/firmware/iPhone5,2/11B651/sha1sum new file mode 100644 index 0000000..48ebca5 --- /dev/null +++ b/resources/firmware/iPhone5,2/11B651/sha1sum @@ -0,0 +1 @@ +5d053695d6423943f17a91efbdc17ca39df12c3b diff --git a/resources/firmware/iPhone5,2/11D201/sha1sum b/resources/firmware/iPhone5,2/11D201/sha1sum new file mode 100644 index 0000000..2372b83 --- /dev/null +++ b/resources/firmware/iPhone5,2/11D201/sha1sum @@ -0,0 +1 @@ +ca1af5ff972215cb62cbe9c259b77d406a6b7ba7 diff --git a/resources/firmware/iPhone5,2/13B143/index.html b/resources/firmware/iPhone5,2/13B143/index.html new file mode 100644 index 0000000..b4e43fb --- /dev/null +++ b/resources/firmware/iPhone5,2/13B143/index.html @@ -0,0 +1 @@ +{"identifier": "iPhone5,2", "buildid": "13B143", "codename": "Boulder", "restoreramdiskexists": true, "updateramdiskexists": true, "keys": [{"image": "RootFS", "filename": "058-25403-078.dmg", "date": "2021-12-09T08:16:48.318247", "key": "92ff41b241b0828876d3d344b2750dcad19b99b830560d363bb4c1b021ba3a5168b5e723"}, {"image": "UpdateRamdisk", "filename": "058-25394-078.dmg", "date": "2021-12-09T08:16:48.318291", "iv": "89ec4f8430e615851eb0e3f4188bdec8", "key": "f8cd1a09cf7018b07254860927012b76e1b2e9236dcead1f8d4aca870010d76a", "kbag": "89ec4f8430e615851eb0e3f4188bdec8f8cd1a09cf7018b07254860927012b76e1b2e9236dcead1f8d4aca870010d76a"}, {"image": "RestoreRamdisk", "filename": "058-25124-078.dmg", "date": "2021-12-09T08:16:48.318312", "iv": "faa205fc70995ca14e03abd9f6fa85bc", "key": "0b5923a9d7edc8a25e32c8144f7391d605117c61b806bbf7dc087d996f4cf5b4", "kbag": "faa205fc70995ca14e03abd9f6fa85bc0b5923a9d7edc8a25e32c8144f7391d605117c61b806bbf7dc087d996f4cf5b4"}, {"image": "AppleLogo", "filename": "applelogo@2x~iphone.s5l8950x.img3", "date": "2021-12-09T08:16:48.318327", "iv": "f31e632e7a9686bc051550d01432afeb", "key": "e22b27248c7fc3bacd4be14faaa8de5a4a74b340aeb4c7a2d2beb4a9f744538b", "kbag": "f31e632e7a9686bc051550d01432afebe22b27248c7fc3bacd4be14faaa8de5a4a74b340aeb4c7a2d2beb4a9f744538b"}, {"image": "BatteryCharging0", "filename": "batterycharging0@2x~iphone.s5l8950x.img3", "date": "2021-12-09T08:16:48.318343", "iv": "d25c0993d81a764ac8920660d522ac62", "key": "db8cc92126ee34d07e4228b87b7ee14435de5f4f6f7e98f8d8d70d4755ee002e", "kbag": "d25c0993d81a764ac8920660d522ac62db8cc92126ee34d07e4228b87b7ee14435de5f4f6f7e98f8d8d70d4755ee002e"}, {"image": "BatteryCharging1", "filename": "batterycharging1@2x~iphone.s5l8950x.img3", "date": "2021-12-09T08:16:48.318360", "iv": "3acc7fd2313d7ecf146dd968a655211f", "key": "2ec6c4ec331f327b44214dbe994b1e22fcc114559db3503eede29c3d65c300e5", "kbag": "3acc7fd2313d7ecf146dd968a655211f2ec6c4ec331f327b44214dbe994b1e22fcc114559db3503eede29c3d65c300e5"}, {"image": "BatteryFull", "filename": "batteryfull@2x~iphone.s5l8950x.img3", "date": "2021-12-09T08:16:48.318372", "iv": "9b4d2c28aaccbe15839f46c19335181d", "key": "65a0dfc7715c8d09405ddd5c8d0b31eb47218d16c7992df2604fb159d3c31f2a", "kbag": "9b4d2c28aaccbe15839f46c19335181d65a0dfc7715c8d09405ddd5c8d0b31eb47218d16c7992df2604fb159d3c31f2a"}, {"image": "BatteryLow0", "filename": "batterylow0@2x~iphone.s5l8950x.img3", "date": "2021-12-09T08:16:48.318381", "iv": "48efd3c99304cace8fc71bf81005ac27", "key": "9865cfa17590859241b33df38bacf8626f8662e5e1a6c17f9d60caa503130564", "kbag": "48efd3c99304cace8fc71bf81005ac279865cfa17590859241b33df38bacf8626f8662e5e1a6c17f9d60caa503130564"}, {"image": "BatteryLow1", "filename": "batterylow1@2x~iphone.s5l8950x.img3", "date": "2021-12-09T08:16:48.318395", "iv": "58bfb7e04ab3034678efabc955ec933e", "key": "c33eeb2e7f60ac9d4dc0112d9b6e1ac75da2227940ec2e5146f3ba74af09dbfd", "kbag": "58bfb7e04ab3034678efabc955ec933ec33eeb2e7f60ac9d4dc0112d9b6e1ac75da2227940ec2e5146f3ba74af09dbfd"}, {"image": "DeviceTree", "filename": "DeviceTree.n42ap.img3", "date": "2021-12-09T08:16:48.318418", "iv": "5fc0d8f0109f678e8de70c73eb10224c", "key": "00a723a888a35dc2480d51073158ae6a7a4d430fcabb9b707bf6971985fe65ef", "kbag": "5fc0d8f0109f678e8de70c73eb10224c00a723a888a35dc2480d51073158ae6a7a4d430fcabb9b707bf6971985fe65ef"}, {"image": "GlyphPlugin", "filename": "glyphplugin@1136~iphone-lightning.s5l8950x.img3", "date": "2021-12-09T08:16:48.318442", "iv": "1981605a9c78a1898640288701e6a6aa", "key": "aa3b09c9a0c73bff420fbf1c9d9c1f6129092bcc0fc6a09ee29221fc1bc5745d", "kbag": "1981605a9c78a1898640288701e6a6aaaa3b09c9a0c73bff420fbf1c9d9c1f6129092bcc0fc6a09ee29221fc1bc5745d"}, {"image": "iBEC", "filename": "iBEC.n42.RELEASE.dfu", "date": "2021-12-09T08:16:48.318463", "iv": "140c9a4abe1e62216ee602be2d368e28", "key": "87468dfb40443ecb32c09fe519cccee36ecc55e973416be1c3ef5cf79c8f0ef3", "kbag": "140c9a4abe1e62216ee602be2d368e2887468dfb40443ecb32c09fe519cccee36ecc55e973416be1c3ef5cf79c8f0ef3"}, {"image": "iBoot", "filename": "iBoot.n42.RELEASE.img3", "date": "2021-12-09T08:16:48.318473", "iv": "4a89aa4c72bf5a6128738f9447f8c6f7", "key": "08a8b399604b3f0a645499da9ced989c0286393e2c8d2fcea197fbe4891e1b6d", "kbag": "4a89aa4c72bf5a6128738f9447f8c6f708a8b399604b3f0a645499da9ced989c0286393e2c8d2fcea197fbe4891e1b6d"}, {"image": "iBSS", "filename": "iBSS.n42.RELEASE.dfu", "date": "2021-12-09T08:16:48.318483", "iv": "9e052d77cc7350d6b871d4205cdf96a9", "key": "181daeacc96ff3a54595f7ebc8822c6f980e51aefa990126b30925a8df0d4cbb", "kbag": "9e052d77cc7350d6b871d4205cdf96a9181daeacc96ff3a54595f7ebc8822c6f980e51aefa990126b30925a8df0d4cbb"}, {"image": "Kernelcache", "filename": "kernelcache.release.n42", "date": "2021-12-09T08:16:48.318492", "iv": "ad761e6a2c169632f42b8ae2ff25e0a2", "key": "1e4c3372f5f47daa98fae1a4e2734cab4fd42a1c5e4ffe23056ab718a4cff08a", "kbag": "ad761e6a2c169632f42b8ae2ff25e0a21e4c3372f5f47daa98fae1a4e2734cab4fd42a1c5e4ffe23056ab718a4cff08a"}, {"image": "LLB", "filename": "LLB.n42.RELEASE.img3", "date": "2021-12-09T08:16:48.318501", "iv": "154d642b9442f645a794b4e3a523c751", "key": "29469368fa86677b1ad69d03991062a004bb4e0c97bb81d0ed2a10e48a6e0325", "kbag": "154d642b9442f645a794b4e3a523c75129469368fa86677b1ad69d03991062a004bb4e0c97bb81d0ed2a10e48a6e0325"}, {"image": "RecoveryMode", "filename": "recoverymode@1136~iphone-lightning.s5l8950x.img3", "date": "2021-12-09T08:16:48.318509", "iv": "3e80e0f5aac3b658e0d3979125f21383", "key": "aa4e365444d43f45bedfeb21f0ac653f8e4eb1cb21e09aeac1f9b3100a43ebd7", "kbag": "3e80e0f5aac3b658e0d3979125f21383aa4e365444d43f45bedfeb21f0ac653f8e4eb1cb21e09aeac1f9b3100a43ebd7"}]} \ No newline at end of file diff --git a/resources/firmware/iPhone5,2/13B143/sha1sum b/resources/firmware/iPhone5,2/13B143/sha1sum new file mode 100644 index 0000000..2da7300 --- /dev/null +++ b/resources/firmware/iPhone5,2/13B143/sha1sum @@ -0,0 +1 @@ +84d4b5ba31e634d5c463ba1284987f4d7608dcfb diff --git a/resources/firmware/iPhone5,2/13G35/index.html b/resources/firmware/iPhone5,2/13G35/index.html new file mode 100644 index 0000000..ff4f256 --- /dev/null +++ b/resources/firmware/iPhone5,2/13G35/index.html @@ -0,0 +1 @@ +{"identifier": "iPhone5,2", "buildid": "13G35", "codename": "Genoa", "restoreramdiskexists": true, "updateramdiskexists": true, "keys": [{"image": "RootFS", "filename": "058-49065-035.dmg", "date": "2021-12-09T08:16:54.838185", "key": "e8cb388c76d94dfdf4634b09a93f13cf96c71e80df5a375aa6a3fdd65774739b281a78dc"}, {"image": "UpdateRamdisk", "filename": "058-48920-035.dmg", "date": "2021-12-09T08:16:54.838222", "iv": "4fdcfa00d5c13342e14cf0908066de5f", "key": "d8cd1cfdffce2d4eea320c0c08b6fdcf995422775c591feb569b2974e76cfef6", "kbag": "4fdcfa00d5c13342e14cf0908066de5fd8cd1cfdffce2d4eea320c0c08b6fdcf995422775c591feb569b2974e76cfef6"}, {"image": "RestoreRamdisk", "filename": "058-49199-035.dmg", "date": "2021-12-09T08:16:54.838243", "iv": "566825adf5f824acecf163979a30b9ce", "key": "9327868ed08989a9c59b6cd086b1c489f3d9f2660b6410a48f42e0bc6215390d", "kbag": "566825adf5f824acecf163979a30b9ce9327868ed08989a9c59b6cd086b1c489f3d9f2660b6410a48f42e0bc6215390d"}, {"image": "AppleLogo", "filename": "applelogo@2x~iphone.s5l8950x.img3", "date": "2021-12-09T08:16:54.838262", "iv": "e2a808a242449ca0fcad9319ed9b8d37", "key": "db717db65a1399630737cb79c80c31777fe5ebbb44b1bb37df0f69d1f0f45190", "kbag": "e2a808a242449ca0fcad9319ed9b8d37db717db65a1399630737cb79c80c31777fe5ebbb44b1bb37df0f69d1f0f45190"}, {"image": "BatteryCharging0", "filename": "batterycharging0@2x~iphone.s5l8950x.img3", "date": "2021-12-09T08:16:54.838281", "iv": "e6e75554501c5b61fbc6a6bd5b6fe8a3", "key": "ce5be8182d90f65a43816dd032077db1c52456287d3065be6a9c85028abc8628", "kbag": "e6e75554501c5b61fbc6a6bd5b6fe8a3ce5be8182d90f65a43816dd032077db1c52456287d3065be6a9c85028abc8628"}, {"image": "BatteryCharging1", "filename": "batterycharging1@2x~iphone.s5l8950x.img3", "date": "2021-12-09T08:16:54.838299", "iv": "7be95ddf2e743867ff1ef35d93a6eeea", "key": "21d79c2a264aab98ec581fa22b052faf3b9cefdedbc51a92786860c2b595de9c", "kbag": "7be95ddf2e743867ff1ef35d93a6eeea21d79c2a264aab98ec581fa22b052faf3b9cefdedbc51a92786860c2b595de9c"}, {"image": "BatteryFull", "filename": "batteryfull@2x~iphone.s5l8950x.img3", "date": "2021-12-09T08:16:54.838316", "iv": "d455480f59c61f154f38c5cf81ead17f", "key": "9a1525e4f5a7b24b4bcd292f8c411206b9c09d1507ed1fd2e9640e7c6ade432e", "kbag": "d455480f59c61f154f38c5cf81ead17f9a1525e4f5a7b24b4bcd292f8c411206b9c09d1507ed1fd2e9640e7c6ade432e"}, {"image": "BatteryLow0", "filename": "batterylow0@2x~iphone.s5l8950x.img3", "date": "2021-12-09T08:16:54.838332", "iv": "c1cdc782516b2b9227e7cb1fadc0de7b", "key": "68ac0f6732ef9f2d9ba20de42769c041b898ed6d5f16d0a48089bada296af84d", "kbag": "c1cdc782516b2b9227e7cb1fadc0de7b68ac0f6732ef9f2d9ba20de42769c041b898ed6d5f16d0a48089bada296af84d"}, {"image": "BatteryLow1", "filename": "batterylow1@2x~iphone.s5l8950x.img3", "date": "2021-12-09T08:16:54.838350", "iv": "026380549bb09836f0372a3e5afbe66b", "key": "0da4429a8f877842d72d66723e6806eb8be8115e8bf62ab51bbd35bfd7dec210", "kbag": "026380549bb09836f0372a3e5afbe66b0da4429a8f877842d72d66723e6806eb8be8115e8bf62ab51bbd35bfd7dec210"}, {"image": "DeviceTree", "filename": "DeviceTree.n42ap.img3", "date": "2021-12-09T08:16:54.838367", "iv": "bd20f78df1233b3b236fec1914853c91", "key": "00f7ed61fa91885db170bc46b9ff4ce0123531dd930f2a49e3308743ff95f35c", "kbag": "bd20f78df1233b3b236fec1914853c9100f7ed61fa91885db170bc46b9ff4ce0123531dd930f2a49e3308743ff95f35c"}, {"image": "GlyphPlugin", "filename": "glyphplugin@1136~iphone-lightning.s5l8950x.img3", "date": "2021-12-09T08:16:54.838384", "iv": "a7e85f8c69ed44f8e6e46a23f7dba9bf", "key": "6295807446c96f1a2e36ad81ad02e22bf71f2bf9e2f9becd52dec2620c7ad74d", "kbag": "a7e85f8c69ed44f8e6e46a23f7dba9bf6295807446c96f1a2e36ad81ad02e22bf71f2bf9e2f9becd52dec2620c7ad74d"}, {"image": "iBEC", "filename": "iBEC.n42.RELEASE.dfu", "date": "2021-12-09T08:16:54.838402", "iv": "363c23c731ad7a8756ec36aab7132051", "key": "2df616d03c5b09b8a5be60db7ad6b85de20574e7b9c271d26c1d55806a89a802", "kbag": "363c23c731ad7a8756ec36aab71320512df616d03c5b09b8a5be60db7ad6b85de20574e7b9c271d26c1d55806a89a802"}, {"image": "iBoot", "filename": "iBoot.n42.RELEASE.img3", "date": "2021-12-09T08:16:54.838419", "iv": "7ff8a2334f4594dd52a130a8e1e8b6b2", "key": "9a6a8533a01050926af980cdeada174678745487abf9dea019c97e6e8f662f5f", "kbag": "7ff8a2334f4594dd52a130a8e1e8b6b29a6a8533a01050926af980cdeada174678745487abf9dea019c97e6e8f662f5f"}, {"image": "iBSS", "filename": "iBSS.n42.RELEASE.dfu", "date": "2021-12-09T08:16:54.838437", "iv": "185436ecfed1a50b441198a8ff6f4799", "key": "174b34db8d72682d6de506ba8e614f6333391394c866a6c4c57a2d1f5aa00914", "kbag": "185436ecfed1a50b441198a8ff6f4799174b34db8d72682d6de506ba8e614f6333391394c866a6c4c57a2d1f5aa00914"}, {"image": "Kernelcache", "filename": "kernelcache.release.n42", "date": "2021-12-09T08:16:54.838454", "iv": "1f62749339efdfb85b237ed34916f055", "key": "a1a65d67064263ffac38b5d7174872c1e72d820265bef1a5355693b156128aec", "kbag": "1f62749339efdfb85b237ed34916f055a1a65d67064263ffac38b5d7174872c1e72d820265bef1a5355693b156128aec"}, {"image": "LLB", "filename": "LLB.n42.RELEASE.img3", "date": "2021-12-09T08:16:54.838471", "iv": "9e992434e2b347777665933f40d486bc", "key": "f49ca3125893cd1bdc5179d251105cb9324e9be965ecbfd9e0ef3f536e5479db", "kbag": "9e992434e2b347777665933f40d486bcf49ca3125893cd1bdc5179d251105cb9324e9be965ecbfd9e0ef3f536e5479db"}, {"image": "RecoveryMode", "filename": "recoverymode@1136~iphone-lightning.s5l8950x.img3", "date": "2021-12-09T08:16:54.838488", "iv": "652cf8f595d1d5374084407b44ac4e63", "key": "2ef51db32efce67babe02be8ff1c79af0a8083d712aba3f561ca6357728aeaee", "kbag": "652cf8f595d1d5374084407b44ac4e632ef51db32efce67babe02be8ff1c79af0a8083d712aba3f561ca6357728aeaee"}]} \ No newline at end of file diff --git a/resources/firmware/iPhone5,2/13G35/sha1sum b/resources/firmware/iPhone5,2/13G35/sha1sum new file mode 100644 index 0000000..9d7f06c --- /dev/null +++ b/resources/firmware/iPhone5,2/13G35/sha1sum @@ -0,0 +1 @@ +e1aedabdeec392c9ec3f98bbb04d7deb7fd5e4fc diff --git a/resources/firmware/iPhone5,2/13G35/url b/resources/firmware/iPhone5,2/13G35/url new file mode 100644 index 0000000..855f4a9 --- /dev/null +++ b/resources/firmware/iPhone5,2/13G35/url @@ -0,0 +1 @@ +http://appldnld.apple.com/ios9.3.4/031-71268-2016008004-B0C7B2BA-578A-11E6-B432-F022D39E04FA/iPhone5,2_9.3.4_13G35_Restore.ipsw diff --git a/resources/firmware/iPhone5,2/14G61/index.html b/resources/firmware/iPhone5,2/14G61/index.html new file mode 100644 index 0000000..b9a3eb4 --- /dev/null +++ b/resources/firmware/iPhone5,2/14G61/index.html @@ -0,0 +1 @@ +{"identifier":"iPhone5,2","buildid":"14G61","codename":"Greensburg","restoreramdiskexists":true,"updateramdiskexists":true,"keys":[{"image":"RootFS","filename":"058-74968-065.dmg","date":"2023-10-12T01:18:03.501680"},{"image":"UpdateRamdisk","filename":"058-75393-065.dmg","date":"2023-10-12T01:18:03.501799"},{"image":"RestoreRamdisk","filename":"058-75249-065.dmg","date":"2023-10-12T01:18:03.501866"}]} \ No newline at end of file diff --git a/resources/firmware/src/target/ipad3b/11B554a/exploit b/resources/firmware/src/target/ipad3b/11B554a/exploit new file mode 100644 index 0000000000000000000000000000000000000000..b01e0daa7b68f0e4930e1c1ee3daa33c4061ea93 GIT binary patch literal 524288 zcmeI*Ux-|18NlK1OlFfbw9PijCTaSIO;)|Bw3|{;L@;TZ%{DDWiUlv%8nxAw7AzRF z(6w2pUiCsRdQs?76iQL3qTq$Hfp{UoiwdRw!IC!Z7QqxwW$T0`_V~T?CF>ZsZcGlX z#^=DyoSB`Ocjos!XLlwyNy(;w0{^cCCT~jJl&Z9I{O0j!aC~;>p5wD4V`aa8S>^q! zQtIT3eAiS><+G<#8qF7RN;k&Y*)8sS0b4v*obuq5R-L_!>ld}HYL4c|O~+$*i{o0As<1fD5`^%X> z_MTn*MQ?HOiplDR19kWI&eVa0=?&|qR_{OA`~G5Qbm-2sBaOY%yK3?1M4E2qW^Y}X zyYHd<9>}j~=Hg#fv$WOco@D*fO_#WH=G-&B_hqcT?E@?@zPCGb+nPNKa}%+}3mM9% ziHRy7nQ_ame4f(!CiYj}?*B$S(U0=^FCSf)J8}B6FTU0L#OaZ{H&1S#*u4K#Z{42{ zy*V;DlHLElw|_Bh-+gf73x6bRqsBxZ*7>3Mim} z0tzUgfC36Apnw7jD4>7>3Mim}0tzUgfC36Apnw7jD4>7>3Mim}0tzUgfC36Apnw7j zD4>7>3Mim}0tzUgfC36Apnw7jD4>7>3Mim}0tzUgfC36Apnw7jD4>7>3Mim}0tzUg zfC36Apnw7jD4>7>3ba{Z?>}v6RetVugEw{3-o5FurfJ?7e`Y?7zWVx!AM7|X|La~o zJ=QxiKhxBYeE7)x*QP#leSTtcAI)_ zQ(xKC!%h9uO-;SEslPQ^=O4|!-c8TWPY*ZG%vb52*A|;zv#na6uH12K{@(GX?yOHQ zHTA&*>7Cn}`s0sPqmQ3FbWc-1{ITkZ^hi@5Zt8dLej?3&sv5oh*CGh3eS+(dUn)myV@{HR<%4bYs)p@><%}o%vm}r#sVT%m1b4s{Zl+KX&4E zH&uV_hx2ZghSJ07p>#0an!c2;#TMtC%{q|{O~{J`yNbb_gnEa7r2$_@yuma>`iN;7H4!2kc+NyY#9$6{PRry`EZ*pF%{dx`x`{r#c-{^tJv>i+)L z{{EW&{ z6kjVH6EU^TW1>tAz2*2X$6p)+o3i*X4jhRitsaSS%#18eEwf_kNS+vfZR59ZY@1u1 zTAp+H<3CaF!Z8j-W<2P1W|I$BJVsl=F`v+EHORFmpwYMxy zEwf_kmOSx+fvHd0-{3ZFMDL{jXh`T4u%6YxBgf3{2hD>eM_Swq@5prmr4Y|CO4=O0?Oeti(!9 zVrrXB%GCH|Qr5rpj~3hVDjXVEiR)TjiCF*m3{<9;SuypxJn_MSsn@qUH4lhw+4Yal zVr%mH$G5R~bt^TAm1wg`S&8?*NxawV^Qo*v>7TD&{@XI2|JUaAkI#V@qBGXNU7gFV zMEn)HK7S`UnExt%HUDP3IqyA~KOuGcPGga7`1eQ1H@_Em`j58mcU~>`@9fW)Pv?)t zarxh|MWY+?DZZsIU#9OSojSnm5@yAwQ{0tzUgfC36Apnw7jD4>7>3Mim}0tzUg zfC36Apnw7jD4>7>3Mim}0tzUgfC36Apnw7jD4>7>3Mim}0tzUgfC36Apnw7jD4>7> z3Mim}0tzUgfC36Apnw7jD4>7>3Mim}0tzUgfC36Apnw7jD4>7>3Mim}0tzUgfC36A zpnw7jD4>7>3Mim}0tzUgfC36Apnw7jD4>7>3Mim}0tzUgfC36Apnw7jD4>7>3Mim} z0tzUgfC36A@BtT?*nQVtCk+^2fB^;=V1NMz7+`<_1{h#~0R|XgfB^;=V1NMz7+`<_ z1{h#~0R|XgfB^;=V1NMz7+`<_1{h#~0R|XgfB^;=V1NMz7+`<_1{h#~0R|XgfB^;= zV1NMz7+`<_1{h#~0R|XgfB^;=V1NMz7+`<_1{h#~0R|XgfB^;=V1NMz7+`<_1{h#~ z0R|XgfB^;=V1NMz7+`<_1{h#~0R|XgfB^;=V1NMz7+`<_1{h#~0R|XgfB^;=V1NMz z7+`<_1{h#~0R|XgfB^;=V1NMz7+`<_1{h#~0R|XgfB^;=V1NMz7+`<_1{h#~0R|Xg zfB^;=V1NMz7+`<_1{h#~0R|XgfB^;=V1NMz7+`<_1{h#~0R|XgfB^;=V1NMz7+`<_ z1{h#~0R|XgfB^;=V1NMz7+`<_1{h#~0R|XgfB^;=V1NMz7+`<_1{h#~0R|XgfB^;= zV1NMz7+`<_1{h#~0R|XgfB^;=V1NMz7+`<_1{h#~0R|XgfB^;=V1NMz7+`<_1{h#~ z0R|XgfB^;=V1NMz7+`<_1{h#~0R|XgfB^;=V1NMz7+`<_1{h#~0R|XgfB^;=V1NMz z7+`<_1{h#~0R|XgfB^;=V1NMz7+`<_1{h#~0R|XgfB^;=V1NMz7+`<_1{h#~0R|Xg zfB^;=V1NMz7+`<_1{h#~0R|XgfB^;=V1NMz7+`<_1{h#~0R|XgfB^;=V1NMz7+`<_ z1{h#~0R|XgfB^;=V1NMz7+`<_1{h#~0R|XgfB^;=V1NMz7+`<_1{h#~0R|XgfB^;= zV1NMz7+`<_1{h#~0R|XgfB^;=V1NMz7+`<_1{h#~0R|XgfB^;=V1NMz7+`<_1{h#~ z0R|XgfB^;=V1NMz7+`<_1{h#~0R|XgfB^;=V1NMz7+`<_1{h#~0R|XgfB^;=V1NMz z7+`<_1{h#~0R|XgfB^;=V1NMz7+`<_1{h#~0R|XgfB^;=V1NMz7+`<_1{h#~0R|Xg zfB^;=V1NMz7+`<_1{h#~0R|XgfB^;=V1NMz7+`<_1{h#~0R|XgfB^;=V1NMz7+`<_ z1{h#~0R|XgfB^;=V1NMz7+`<_1{h#~0R|XgfB^;=V1NMz7+`<_1{h#~0R|XgfB^;= zV1NMz7+`<_1{h#~0R|XgfB^;=V1NMz7+`<_1{h#~0R|XgfB^;=V1NMz7+`<_1{h#~ z0R|XgfB^;=V1NMz7+`<_1{h#~0R|XgfB^;=V1NMz7+`<_1{h#~0R|XgfB^;=V1NMz z7+`<_1{h#~0R|XgfB^;=V1NMz7+`<_1{h#~0R|XgfB^;=V1NMz7+`<_1{h#~0R|Xg zfB^;=V1NMz7+`<_1{h#~0R|XgfB^;=V1NMz7+`<_1{h#~0R|XgfB^;=V1NMz7+`<_ z1{h#~0R|XgfB^;=V1NMz7+`<_1{h#~0R|XgfB^;=V1NMz7+`<_1{h#~0R|XgfB^;= zV1NMz7+`<_1{h#~0R|XgfB^;=V1NMz7+`<_1{h#~0R|XgfB^;=V1NMz7+`<_1{h#~ z0R|XgfB^;=V1NMz7+`<_1{h#~0R|XgfB^;=V1NMz7+`<_1{h#~0R|XgfB^;=V1NMz z7+`<_1{h#~0R|XgfB^;=V1NMz7+`<_1{h#~0R|XgfB^;=V1NMz7+`<_1{h#~0R|Xg zfB^;=V1NMz7+`<_1{h#~0R|XgfB^;=V1NMz7+`<_1{h#~0R|XgfB^;=V1NMz7+`<_ z1{h#~0R|XgfB^;=V1NMz7+`<_1{h#~0R|XgfB^;=V1NMz7+`<_1{h#~0R|XgfB^;= zV1NMz7+`<_1{h#~0R|XgfB^;=V1NMz7+`<_1{h#~0R|XgfB^;=V1NMz7+`<_1{h#~ z0R|XgfB^;=V1NMzE*AsIrhozpD4>7>3Mim}0tzUgfC36Apnw7jD4>7>3Mim}0tzUg zfC36Apnw7jD4>7>3Mim}0tzUgfC36Apnw7jD4>7>3Mim}0tzUgfC36Apnw7jD4>7> z3Mim}0tzUgfC36Apnw7jD4>7>3Mim}0tzUgfC36Apnw7jD4>7>3Mim}0tzUgfC36A zpnw7jD4>7>3Mim}0tzUgfC36Apnw7jD4>7>3Mim}0tzUgfC36Apnw7jD4>7>3Mim} z0tzUgfC36Apnw7jD4>7>3Mim}0tzUgfC36Apnw7jD4>7>3Mim}0tzUgfC36Apnw7j zD4>7>3Mim}0tzUgfC36Apnw7jD4>7>3Mim}0tzUgfC36Apnw7jD4>7>3Mim}0tzUg zfC36Apnw7jD4>7>3Mim}0tzUgfC36Apnw7jD4>7>3Mim}0tzUgfC36Apnw7jD4>7> z3Mim}0tzUgfC36Apnw7jD4>7>3Mim}0tzUgfC36Apnw7jD4>7>3Mim}0tzUgfC36A zpnw7jD4>7>3Mim}0tzUgfC36Apnw7jD4>7>3Mim}0tzUgfC36Apnw7jD4>7>3Mim} z0tzUgfC36Apnw7jD4>7>3Mim}0tzUgfC36Apnw7jD4>7>3Mim}0tzUgfC36Apnw7j zD4>7>3Mim}0tzUgfC36Apnw7jD4>7>3Mim}0tzUgfC36Apnw7jD4>7>3Mim}0tzUg zfC36Apnw7jD4>7>3Mim}0tzUgfC36Apnw7jD4>7>3Mim}0tzUgfC36Apnw7jD4>7> z3Mim}0tzUgfC36Apnw7jD4>7>3Mim}0tzUgfC36Apnw7jD4>7>3Mim}0tzUgfC36A zpnw7jD4>7>3Mim}0tzUgfC36Apnw7jD4>7>3Mim}0+&sJ$(vF)r7G/dev/null | sed -n -e 's/^.*Partition unique GUID: //p')" +LogicalSector="$((echo -e "p\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*Logical sector size: //p' | sed 's/ .*//')" +System_LastSector="$((echo -e "i\n1\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*Last sector: //p' | sed 's/ .*//')" +Data_LastSector="$((echo -e "i\n2\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*Last sector: //p' | sed 's/ .*//')" +Data_Attributeflags="$((echo -e "i\n2\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*flags: //p')" +Exploit_LastSector="$((524288/$LogicalSector))" +New_Data_LastSector="$(($Data_LastSector-$Exploit_LastSector))" +New_Data_SectorSize="$(($New_Data_LastSector-$System_LastSector))" +New_Data_Size="$(($New_Data_SectorSize*$LogicalSector))" + +hfs_resize /mnt1/private/var $New_Data_Size +sleep 1s + +if [ "$Data_Attributeflags" = "0001000000000000" ]; then +echo -e "d\n2\nn\n\n$New_Data_LastSector\n\nc\n2\nData\nx\na\n2\n48\n\nc\n2\n$Data_GUID\ns\n4\nm\nn\n3\n\n$Data_LastSector\n\nw\nY\n" | gptfdisk /dev/rdisk0s1 +else +echo -e "d\n2\nn\n\n$New_Data_LastSector\n\nc\n2\nData\nx\na\n2\n48\n49\n\nc\n2\n$Data_GUID\ns\n4\nm\nn\n3\n\n$Data_LastSector\n\nw\nY\n" | gptfdisk /dev/rdisk0s1 +fi + +sleep 1s + +newfs_hfs -s -v exploit /dev/rdisk0s1s3 +sleep 1s +fsck_hfs -f /dev/rdisk0s1s3 +sleep 2s + +dd of=/dev/rdisk0s1s3 if=/exploit bs=512k count=1 +sleep 1s + +nvram -c +nvram boot-partition=2 +nvram boot-ramdisk="/a/b/c/d/e/f/g/h/i/j/k/l/m/disk.dmg" + +sleep 1s + +reboot_ diff --git a/resources/firmware/src/target/iphone5b/11B554a/exploit b/resources/firmware/src/target/iphone5b/11B554a/exploit new file mode 100644 index 0000000000000000000000000000000000000000..bd49bef9ce620daa10f26f7fc81c69cc9aa99496 GIT binary patch literal 524288 zcmeI*Ux-|18NlK1>`t<2X}X(c^FJ+{rixNcH&W0G!NfM(wJjJ@<8`XBwwhu=!CVMk zo5hM16!pT3Ko{|%6fYtuC3U6j0#*wZQb9sgqKbc24e?j0Pv?cHVPxZr%2B+`F#w@#>U@ z@>RZTst)Ac(Ud0gRb0|-v0L2YzE`ltbHybOPHA}YI&NRpHryP~kDH0d?#h>Vk#T+1 zThqLiA3GM0kKMhOZp0U^bz3<-@`-JGM;7<1^6?GRH{|{I&ZPM}##3s#7vB27zTq^P z9(lO4x08Okww|BL+Y85Xs)>yUu66$9k8hT?`qH;Xm%en32Ny3r&(B1c^L$9Ry{{P0N*JS-KcRzSBZQFftbo%19(fiMAUorLj?ykSCo*p_~ zX3pIAyL|h(`zG#7GtGQ{fwL*q^T$8kN$-1qCoP>D-@P#ZwQpURe{4fJX9mCC_}Od< zD4>7>3Mim}0tzUgfC36!zXe9$NN=RW>E`SAC-jpkpnw7jD4>7>3Mim}0tzUgfC36A zpnw7jD4>7>3Mim}0tzUgfC36Apnw7jD4>7>3Mim}0tzUgfC36Apnw7jD4>7>3Mim} z0tzUgfC36Apnw7jD4>7>3Mim}0tzUgfC36Apnw7jD4>7>3Mim}0tzUgfC36Apnw7j zD4>7>3Mim}0tzV5UV%OTw58$v%s2LbX(;X4lb&pv=KSQd3u)r?xl=#6{m8-#-Fjww z_sGI*Qy+TIk%h1BeeaP!*K_B7)2;Wv*sWjc)~CDm`F!KGZhfI!U+mVYsrPr9dR0^3 z)YM~5{qymr-q_UNoT&4+=FWA}j}~Uenr9cPwC~KDO}E)xji#G!Ke4cXvZ;qg(@RZ# z@RRBFyPNtWPgWC8ojtU#sh{|8^>q45Qy*^X*B^X3&3&wz`1sjl&o}kYzSH?dQ~#=| zpK0!T>g=)V#KQ6CPo$Slr1K-`)sb{t)7*6??d{CI+&t8oZLj42)-zTA`1c=&;*~d5 zZ|%qOVU<>-C(@VF!Stc@`Ftz3*bkkYTem$fy{}x`u1YK88S^E?T|RSF{>o6E`Eb6J zSCrD&Z?`{i>heo|_^bK82UFVp$9S46+{*NL<}$s^im79H;%648#*?kNd}7?b%BiXM zGp|{iT4u%6HF@G^`=;K~>eTo-mbU6_HB%j`ZcKkkKUnya=)I1=z z>XmA?dZM~Hy_tTPX4CC`|NiSxD*i7&7vuIN6>(O^aa2p$OB|2)j#u=K*Y}QB_Kr99 zjz@aOn|sHrddFLO$2au$cJFk7!|6~ukUo{B(?`=}x}&%LEAopN>O21jofB~;ws}qz zUxUtxnA+w!QKp98a{ia|FV2DSEdG(cGjUz3XJVW)>z1aLSuu58o)~{^sy^# zo^$#0KVDI%Z~X@~iIr%xNm+?OO=4=BP0G~xjaAma^pBNTpI710zLnU}>PkfI4NFtY zteCnXPkgLz>c&>5<^i!S`}=<+e`7`8`VVRnE74|?vJ!)u#MCyMl&SGos;qzMA1kpj zufiAlR$^1DD-r9zX=!Si6;n6miC^rSy1CVdHrw8y#HU7*FW9|UWv|F|8{jQw-WJJ zXlwpVaxni@{Br)yxFa7up5Gx2^_<2c-TLp(kgxwZ?(`pRo$sG6_aC}HUmwkHi{tvg zV~a+&=1Y7^U%pK58&|TcPFBzT%jdu0xBdJ#+*48BmzLx5`L7(8&wu5(eEuuP/dev/null | sed -n -e 's/^.*Partition unique GUID: //p')" +LogicalSector="$((echo -e "p\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*Logical sector size: //p' | sed 's/ .*//')" +System_LastSector="$((echo -e "i\n1\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*Last sector: //p' | sed 's/ .*//')" +Data_LastSector="$((echo -e "i\n2\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*Last sector: //p' | sed 's/ .*//')" +Data_Attributeflags="$((echo -e "i\n2\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*flags: //p')" +Exploit_LastSector="$((524288/$LogicalSector))" +BOOTLOADER="$((8388608/$LogicalSector))" +NOTSD="$(($Exploit_LastSector+$BOOTLOADER))" +Data_LastSectorSD="$(($Data_LastSector-$BOOTLOADER))" +New_Data_LastSector="$(($Data_LastSector-$NOTSD))" +New_Data_SectorSize="$(($New_Data_LastSector-$System_LastSector))" +New_Data_Size="$(($New_Data_SectorSize*$LogicalSector))" + +hfs_resize /mnt1/private/var $New_Data_Size +sleep 1s + +echo -e "d\n2\nn\n\n$New_Data_LastSector\n\nc\n2\nData\nx\na\n2\n48\n49\n\nc\n2\n$Data_GUID\ns\n4\nm\nn\n3\n\n$Data_LastSectorSD\n\nn\n4\n\n$Data_LastSector\n\nw\nY\n" | gptfdisk /dev/rdisk0s1 +sleep 1s + +sleep 1s +newfs_hfs -s -v exploit /dev/rdisk0s1s3 +newfs_hfs -s -v bootloader /dev/rdisk0s1s4 +sleep 1s +fsck_hfs -f /dev/rdisk0s1s3 +fsck_hfs -f /dev/rdisk0s1s4 +sleep 2s + +dd of=/dev/rdisk0s1s3 if=/exploit bs=512k count=1 +sleep 1s +mount_hfs /dev/disk0s1s4 /mnt2 + +nvram -c +nvram boot-partition=2 +nvram boot-ramdisk="/a/b/c/d/e/f/g/h/i/j/k/l/m/disk.dmg" +sleep 1s + +dd of=/mnt2/iBEC if=/mnt1/iBoot bs=512k +rm /mnt1/iBoot +sleep 1s + +reboot_ diff --git a/restore.sh b/restore.sh index c6db461..3268829 100755 --- a/restore.sh +++ b/restore.sh @@ -2056,7 +2056,7 @@ ipsw_prepare_bundle() { local NewPlist=$FirmwareBundle/Info.plist mkdir -p $FirmwareBundle - log "Generating firmware bundle..." + log "Generating firmware bundle for $device_type-$vers ($build) $1..." local IPSWSHA256=$($sha256sum "${ipsw_p//\\//}.ipsw" | awk '{print $1}') log "IPSWSHA256: $IPSWSHA256" unzip -o -j "$ipsw_p.ipsw" Firmware/all_flash/all_flash.${device_model}ap.production/manifest @@ -2086,6 +2086,7 @@ ipsw_prepare_bundle() { case $device_type in iPhone5,[12] ) hw="iphone5";; iPhone5,[34] ) hw="iphone5b";; + iPad3,[456] ) hw="ipad3b";; esac case $device_base_build in "11A"* | "11B"* ) base_build="11B554a";; @@ -2369,6 +2370,32 @@ ipsw_prepare_powder() { ExtraArgs+=" $jelbrek/sshdeb.tar" fi fi + if [[ $device_type == "iPhone5,3" || $device_type == "iPhone5,4" ]] && [[ $device_base_vers == "7.0"* ]]; then + # do this stuff because these use ramdiskH (jump to /boot/iBEC) instead of jump ibot to ibob + device_fw_key_check + local iboot_name=$(echo $device_fw_key | $jq -j '.keys[] | select(.image | startswith("iBoot")) | .filename') + local iboot_iv=$(echo $device_fw_key | $jq -j '.keys[] | select(.image | startswith("iBoot")) | .iv') + local iboot_key=$(echo $device_fw_key | $jq -j '.keys[] | select(.image | startswith("iBoot")) | .key') + local ExtraArgs2="--boot-partition" + if [[ $device_target_vers == "9"* ]]; then + ExtraArgs2+="9" + fi + ExtraArgs2+=" --boot-ramdisk " + if [[ $ipsw_verbose == 1 ]]; then + ExtraArgs2+="-b -v" + fi + log "Patch iBoot" + unzip -o -j "$ipsw_path.ipsw" Firmware/all_flash/all_flash.${device_model}ap.production/$iboot_name + mv $iboot_name ibot + "$dir/xpwntool" ibot ibot.dec -iv $iboot_iv -k $iboot_key + "$dir/iBoot32Patcher" ibot.dec ibot.pwned --rsa $ExtraArgs2 + "$dir/xpwntool" ibot.pwned iBoot -t ibot + rm ibot* + echo "0000010: 6365" | xxd -r - iBoot + echo "0000020: 6365" | xxd -r - iBoot + tar -cvf iBoot.tar iBoot + ExtraArgs+=" iBoot.tar" + fi log "Preparing custom IPSW: $dir/powdersn0w $ipsw_path.ipsw temp.ipsw -base $ipsw_base_path.ipsw $ExtraArgs" "$dir/powdersn0w" "$ipsw_path.ipsw" temp.ipsw -base "$ipsw_base_path.ipsw" $ExtraArgs @@ -2938,7 +2965,7 @@ restore_prepare() { elif [[ $device_target_vers == "4.1" || $device_target_vers == "$device_latest_vers" ]]; then if [[ $ipsw_jailbreak == 1 ]]; then shsh_save version $device_target_vers - device_target_mode pwnDFU + device_enter_mode pwnDFU restore_idevicerestore else restore_latest @@ -3777,7 +3804,7 @@ menu_restore() { menu_items+=("Latest iOS ($device_latest_vers)") fi case $device_type in - iPhone4,1 | iPhone5,[1234] | iPad2,4 | iPod5,1 ) + iPhone4,1 | iPhone5,[1234] | iPad2,4 | iPad3,[456] | iPod5,1 ) menu_items+=("Other (powdersn0w 7.x blobs)");; iPhone3,[13] ) menu_items+=("powdersn0w (any iOS)");; @@ -3945,7 +3972,8 @@ menu_ipsw() { local text2="(iOS 7.1.x)" case $device_type in iPhone3,[13] ) text2="(iOS 7.1.2)";; - iPhone5,[12] ) text2="(iOS 7.x)";; + iPhone5,[1234] ) text2="(iOS 7.x)";; + iPad3,[456] ) text2="(iOS 7.0.x)";; esac if [[ -n $ipsw_base_path ]]; then print "* Selected Base $text2 IPSW: $ipsw_base_path.ipsw" @@ -4153,13 +4181,20 @@ menu_ipsw_browse() { "3.1.3" ) versionc="3.1.3";; "Latest iOS"* ) versionc="$device_latest_vers";; "base" ) - if [[ $device_type == "iPhone5,1" || $device_type == "iPhone5,2" ]]; then + if [[ $device_type == "iPhone5"* ]]; then if [[ $device_base_vers != "7"* ]]; then log "Selected IPSW is not for iOS 7.x." print "* You need iOS 7.x IPSW and SHSH blobs for this device to use powdersn0w." pause return fi + elif [[ $device_type == "iPad3"* ]]; then + if [[ $device_base_vers != "7.0"* ]]; then + log "Selected IPSW is not for iOS 7.0.x." + print "* You need iOS 7.0.x IPSW and SHSH blobs for this device to use powdersn0w." + pause + return + fi elif [[ $device_base_vers != "7.1"* ]]; then log "Selected IPSW is not for iOS 7.1.x." print "* You need iOS 7.1.x IPSW and SHSH blobs for this device to use powdersn0w." @@ -4451,7 +4486,13 @@ restore_dfuipsw() { pause device_target_vers="$device_latest_vers" device_target_build="$device_latest_build" - local ipsw_p="../${device_type}_${device_target_vers}_${device_target_build}" + local ipsw_p="../" + case $device_type in + iPhone5,[1234] ) ipsw_p+="iPhone_4.0_32bit";; + iPad3,[456] ) ipsw_p+="iPad_32bit";; + * ) ipsw_p+="${device_type}";; + esac + ipsw_p+="_${device_target_vers}_${device_target_build}" local ipsw_dfuipsw="${ipsw_p}_DFUIPSW" ipsw_path="${ipsw_p}_Restore" if [[ -s "$ipsw_path.ipsw" && ! -e "$ipsw_dfuipsw.ipsw" ]]; then @@ -4465,8 +4506,21 @@ restore_dfuipsw() { cp $ipsw_path.ipsw temp.ipsw device_fw_key_check local applelogo=$(echo $device_fw_key | $jq -j '.keys[] | select(.image | startswith("AppleLogo")) | .filename') - local llb=$(echo $device_fw_key | $jq -j '.keys[] | select(.image | startswith("LLB")) | .filename') - local all="Firmware/all_flash/all_flash.${device_model}ap.production" + local llb="LLB.${device_model}ap.RELEASE.img3" + local all="Firmware/all_flash" + if [[ $device_latest_vers == "10"* ]]; then + case $device_type in + iPhone5,[1234] ) applelogo="applelogo@2x~iphone.s5l8950x.img3";; + iPad3,[456] ) applelogo="applelogo@2x~ipad.s5l8955x.img3";; + esac + case $device_type in + iPhone5,[12] ) llb="LLB.iphone5.RELEASE.img3";; + iPhone5,[34] ) llb="LLB.iphone5b.RELEASE.img3";; + iPad3,[456] ) llb="LLB.ipad3b.RELEASE.img3";; + esac + else + all+="/all_flash.${device_model}ap.production" + fi mkdir -p $all unzip -o -j temp.ipsw $all/$applelogo -d . mv $applelogo $all/$llb