diff --git a/README.md b/README.md
index 105125f..65c21b1 100644
--- a/README.md
+++ b/README.md
@@ -88,7 +88,6 @@
- curl
- bspatch
- [powdersn0w_pub](https://github.com/dora2-iOS/powdersn0w_pub) - dora2ios; [LukeZGD fork](https://github.com/LukeZGD/powdersn0w_pub)
-- [ch3rryflower](https://web.archive.org/web/20200708040313/https://github.com/dora2-iOS/ch3rryflower) - dora2ios (old version used for iOS 4.3.x only)
- [ipwndfu](https://github.com/LukeZGD/ipwndfu) - Linus Henze, synackuk; LukeZGD fork
- [ipwnder_lite](https://github.com/dora2-iOS/ipwnder_lite/tree/7265a06d184e433989db640d5e83ea58d5862609) - dora2ios (used on macOS)
- [iPwnder32](https://github.com/dora2-iOS/iPwnder32/tree/243ea5c6d1bd15f8bdd0b3a1ff4a7729bc14bac4) - dora2ios (old version with libusb, used on Linux)
diff --git a/bin/linux/arm64/iBoot32Patcher b/bin/linux/arm64/iBoot32Patcher
new file mode 100755
index 0000000..34fbb35
Binary files /dev/null and b/bin/linux/arm64/iBoot32Patcher differ
diff --git a/bin/linux/x86_64/iBoot32Patcher b/bin/linux/x86_64/iBoot32Patcher
new file mode 100755
index 0000000..2ed9dfa
Binary files /dev/null and b/bin/linux/x86_64/iBoot32Patcher differ
diff --git a/bin/macos/iBoot32Patcher b/bin/macos/iBoot32Patcher
new file mode 100755
index 0000000..eaa0c33
Binary files /dev/null and b/bin/macos/iBoot32Patcher differ
diff --git a/resources/firmware/powdersn0wBundles/iPhone3,1_4.3.3_8J2.bundle/038-1449-003.patch b/resources/firmware/powdersn0wBundles/iPhone3,1_4.3.3_8J2.bundle/038-1449-003.patch
new file mode 100644
index 0000000..4b51658
Binary files /dev/null and b/resources/firmware/powdersn0wBundles/iPhone3,1_4.3.3_8J2.bundle/038-1449-003.patch differ
diff --git a/resources/firmware/powdersn0wBundles/iPhone3,1_4.3.3_8J2.bundle/Info.plist b/resources/firmware/powdersn0wBundles/iPhone3,1_4.3.3_8J2.bundle/Info.plist
new file mode 100644
index 0000000..56c74bc
--- /dev/null
+++ b/resources/firmware/powdersn0wBundles/iPhone3,1_4.3.3_8J2.bundle/Info.plist
@@ -0,0 +1,132 @@
+
+
+
+
+ Filename
+ iPhone3,1_4.3.3_8J2_Restore.ipsw
+ RootFilesystem
+ 038-1423-003.dmg
+ RootFilesystemKey
+ 246f17ec6660672b3207ece257938704944a83601205736409b61fc3565512559abd0f82
+ RootFilesystemSize
+ 930
+ RamdiskOptionsPath
+ /usr/local/share/restore/options.n90.plist
+ SHA256
+ 29dccda5dd28fbb62afc1e09668e96b7e23f9ba84bc8f4f19f5264c3e904c04a
+ FilesystemPackage
+
+ RamdiskPackage
+
+ package
+ src/bin.tar
+ ios
+ ios4
+
+ Firmware
+
+ iBSS
+
+ File
+ Firmware/dfu/iBSS.n90ap.RELEASE.dfu
+ IV
+ cdd50b45ca1bac4f718d9eb23ce9f0a8
+ Key
+ 8ef00005aa2c01ae409d55e330171589af79d76ac86639e76003835d5d82ffc4
+ Decrypt
+
+ Patch
+
+
+ Restore Ramdisk
+
+ File
+ 038-1449-003.dmg
+
+
+ FirmwareReplace
+
+ APTicket
+
+ File
+ Firmware/all_flash/all_flash.n90ap.production/applelogoT-640x960.s5l8930x.img3
+
+ AppleLogo
+
+ File
+ Firmware/all_flash/all_flash.n90ap.production/applelogo7-640x960.s5l8930x.img3
+
+ NewAppleLogo
+
+ File
+ Firmware/all_flash/all_flash.n90ap.production/applelogo-640x960.s5l8930x.img3
+
+ BatteryCharging0
+
+ File
+ Firmware/all_flash/all_flash.n90ap.production/batterycharging0-640x960.s5l8930x.img3
+
+ BatteryCharging1
+
+ File
+ Firmware/all_flash/all_flash.n90ap.production/batterycharging1-640x960.s5l8930x.img3
+
+ BatteryFull
+
+ File
+ Firmware/all_flash/all_flash.n90ap.production/batteryfull-640x960.s5l8930x.img3
+
+ BatteryLow0
+
+ File
+ Firmware/all_flash/all_flash.n90ap.production/batterylow0-640x960.s5l8930x.img3
+
+ BatteryLow1
+
+ File
+ Firmware/all_flash/all_flash.n90ap.production/batterylow1-640x960.s5l8930x.img3
+
+ BatteryPlugin
+
+ File
+ Firmware/all_flash/all_flash.n90ap.production/glyphplugin-640x960.s5l8930x.img3
+
+ RecoveryMode
+
+ File
+ Firmware/all_flash/all_flash.n90ap.production/recoverymode7-640x960.s5l8930x.img3
+
+ NewRecoveryMode
+
+ File
+ Firmware/all_flash/all_flash.n90ap.production/recoverymode-640x960.s5l8930x.img3
+
+ LLB
+
+ File
+ Firmware/all_flash/all_flash.n90ap.production/LLB.n90ap.RELEASE.img3
+
+ iBoot
+
+ File
+ Firmware/all_flash/all_flash.n90ap.production/iBoot.n90ap.RELEASE.img3
+
+ NewiBoot
+
+ File
+ Firmware/all_flash/all_flash.n90ap.production/iBoot4.n90ap.RELEASE.img3
+ IV
+ bb3fc29dd226fac56086790060d5c744
+ Key
+ c2ead1d3b228a05b665c91b4b1ab54b570a81dffaf06eaf1736767bcb86e50de
+
+ manifest
+
+ File
+ Firmware/all_flash/all_flash.n90ap.production/manifest
+ manifest
+ manifest
+
+
+
+
diff --git a/resources/firmware/powdersn0wBundles/iPhone3,1_4.3.3_8J2.bundle/iBSS.n90ap.RELEASE.patch b/resources/firmware/powdersn0wBundles/iPhone3,1_4.3.3_8J2.bundle/iBSS.n90ap.RELEASE.patch
new file mode 100644
index 0000000..6a27a56
Binary files /dev/null and b/resources/firmware/powdersn0wBundles/iPhone3,1_4.3.3_8J2.bundle/iBSS.n90ap.RELEASE.patch differ
diff --git a/resources/firmware/powdersn0wBundles/iPhone3,1_4.3.3_8J2.bundle/manifest b/resources/firmware/powdersn0wBundles/iPhone3,1_4.3.3_8J2.bundle/manifest
new file mode 100644
index 0000000..e5c7609
--- /dev/null
+++ b/resources/firmware/powdersn0wBundles/iPhone3,1_4.3.3_8J2.bundle/manifest
@@ -0,0 +1,16 @@
+applelogoT-640x960.s5l8930x.img3
+LLB.n90ap.RELEASE.img3
+iBoot.n90ap.RELEASE.img3
+DeviceTree.n90ap.img3
+applelogo7-640x960.s5l8930x.img3
+recoverymode7-640x960.s5l8930x.img3
+batterylow0-640x960.s5l8930x.img3
+batterylow1-640x960.s5l8930x.img3
+glyphcharging-640x960.s5l8930x.img3
+glyphplugin-640x960.s5l8930x.img3
+batterycharging0-640x960.s5l8930x.img3
+batterycharging1-640x960.s5l8930x.img3
+batteryfull-640x960.s5l8930x.img3
+iBoot4.n90ap.RELEASE.img3
+applelogo-640x960.s5l8930x.img3
+recoverymode-640x960.s5l8930x.img3
diff --git a/resources/firmware/powdersn0wBundles/iPhone3,1_4.3.5_8L1.bundle/038-2265-002.patch b/resources/firmware/powdersn0wBundles/iPhone3,1_4.3.5_8L1.bundle/038-2265-002.patch
new file mode 100644
index 0000000..a9c0d11
Binary files /dev/null and b/resources/firmware/powdersn0wBundles/iPhone3,1_4.3.5_8L1.bundle/038-2265-002.patch differ
diff --git a/resources/firmware/powdersn0wBundles/iPhone3,1_4.3.5_8L1.bundle/Info.plist b/resources/firmware/powdersn0wBundles/iPhone3,1_4.3.5_8L1.bundle/Info.plist
new file mode 100644
index 0000000..797f9d0
--- /dev/null
+++ b/resources/firmware/powdersn0wBundles/iPhone3,1_4.3.5_8L1.bundle/Info.plist
@@ -0,0 +1,132 @@
+
+
+
+
+ Filename
+ iPhone3,1_4.3.5_8L1_Restore.ipsw
+ RootFilesystem
+ 038-2288-002.dmg
+ RootFilesystemKey
+ e5e061077217c4937e14d9c4ae1eeb8d69827aa4838168033dd5f1806ab485306a8aa3cf
+ RootFilesystemSize
+ 930
+ RamdiskOptionsPath
+ /usr/local/share/restore/options.n90.plist
+ SHA256
+ 54040d08602e6a9894a4671393b0c335d51bdb55a3e28a336676c5facc592349
+ FilesystemPackage
+
+ RamdiskPackage
+
+ package
+ src/bin.tar
+ ios
+ ios4
+
+ Firmware
+
+ iBSS
+
+ File
+ Firmware/dfu/iBSS.n90ap.RELEASE.dfu
+ IV
+ 00ba61665022e97cacb71493f3e92533
+ Key
+ 85d0388a2b1ce6b4fc68aebb3cb87014b6dd57fde5d9599381db4083a30c3803
+ Decrypt
+
+ Patch
+
+
+ Restore Ramdisk
+
+ File
+ 038-2265-002.dmg
+
+
+ FirmwareReplace
+
+ APTicket
+
+ File
+ Firmware/all_flash/all_flash.n90ap.production/applelogoT-640x960.s5l8930x.img3
+
+ AppleLogo
+
+ File
+ Firmware/all_flash/all_flash.n90ap.production/applelogo7-640x960.s5l8930x.img3
+
+ NewAppleLogo
+
+ File
+ Firmware/all_flash/all_flash.n90ap.production/applelogo-640x960.s5l8930x.img3
+
+ BatteryCharging0
+
+ File
+ Firmware/all_flash/all_flash.n90ap.production/batterycharging0-640x960.s5l8930x.img3
+
+ BatteryCharging1
+
+ File
+ Firmware/all_flash/all_flash.n90ap.production/batterycharging1-640x960.s5l8930x.img3
+
+ BatteryFull
+
+ File
+ Firmware/all_flash/all_flash.n90ap.production/batteryfull-640x960.s5l8930x.img3
+
+ BatteryLow0
+
+ File
+ Firmware/all_flash/all_flash.n90ap.production/batterylow0-640x960.s5l8930x.img3
+
+ BatteryLow1
+
+ File
+ Firmware/all_flash/all_flash.n90ap.production/batterylow1-640x960.s5l8930x.img3
+
+ BatteryPlugin
+
+ File
+ Firmware/all_flash/all_flash.n90ap.production/glyphplugin-640x960.s5l8930x.img3
+
+ RecoveryMode
+
+ File
+ Firmware/all_flash/all_flash.n90ap.production/recoverymode7-640x960.s5l8930x.img3
+
+ NewRecoveryMode
+
+ File
+ Firmware/all_flash/all_flash.n90ap.production/recoverymode-640x960.s5l8930x.img3
+
+ LLB
+
+ File
+ Firmware/all_flash/all_flash.n90ap.production/LLB.n90ap.RELEASE.img3
+
+ iBoot
+
+ File
+ Firmware/all_flash/all_flash.n90ap.production/iBoot.n90ap.RELEASE.img3
+
+ NewiBoot
+
+ File
+ Firmware/all_flash/all_flash.n90ap.production/iBoot4.n90ap.RELEASE.img3
+ IV
+ 986032eecd861c37ca2a86b6496a3c0d
+ Key
+ b4e300c54a9dd2e648ead50794e9bf2205a489c310a1c70a9fae687368229468
+
+ manifest
+
+ File
+ Firmware/all_flash/all_flash.n90ap.production/manifest
+ manifest
+ manifest
+
+
+
+
diff --git a/resources/firmware/powdersn0wBundles/iPhone3,1_4.3.5_8L1.bundle/iBSS.n90ap.RELEASE.patch b/resources/firmware/powdersn0wBundles/iPhone3,1_4.3.5_8L1.bundle/iBSS.n90ap.RELEASE.patch
new file mode 100644
index 0000000..00663ab
Binary files /dev/null and b/resources/firmware/powdersn0wBundles/iPhone3,1_4.3.5_8L1.bundle/iBSS.n90ap.RELEASE.patch differ
diff --git a/resources/firmware/powdersn0wBundles/iPhone3,1_4.3.5_8L1.bundle/manifest b/resources/firmware/powdersn0wBundles/iPhone3,1_4.3.5_8L1.bundle/manifest
new file mode 100644
index 0000000..e5c7609
--- /dev/null
+++ b/resources/firmware/powdersn0wBundles/iPhone3,1_4.3.5_8L1.bundle/manifest
@@ -0,0 +1,16 @@
+applelogoT-640x960.s5l8930x.img3
+LLB.n90ap.RELEASE.img3
+iBoot.n90ap.RELEASE.img3
+DeviceTree.n90ap.img3
+applelogo7-640x960.s5l8930x.img3
+recoverymode7-640x960.s5l8930x.img3
+batterylow0-640x960.s5l8930x.img3
+batterylow1-640x960.s5l8930x.img3
+glyphcharging-640x960.s5l8930x.img3
+glyphplugin-640x960.s5l8930x.img3
+batterycharging0-640x960.s5l8930x.img3
+batterycharging1-640x960.s5l8930x.img3
+batteryfull-640x960.s5l8930x.img3
+iBoot4.n90ap.RELEASE.img3
+applelogo-640x960.s5l8930x.img3
+recoverymode-640x960.s5l8930x.img3
diff --git a/resources/firmware/powdersn0wBundles/iPhone3,1_4.3_8F190.bundle/038-0715-006.patch b/resources/firmware/powdersn0wBundles/iPhone3,1_4.3_8F190.bundle/038-0715-006.patch
new file mode 100644
index 0000000..bb8d306
Binary files /dev/null and b/resources/firmware/powdersn0wBundles/iPhone3,1_4.3_8F190.bundle/038-0715-006.patch differ
diff --git a/resources/firmware/powdersn0wBundles/iPhone3,1_4.3_8F190.bundle/Info.plist b/resources/firmware/powdersn0wBundles/iPhone3,1_4.3_8F190.bundle/Info.plist
new file mode 100644
index 0000000..8499ed3
--- /dev/null
+++ b/resources/firmware/powdersn0wBundles/iPhone3,1_4.3_8F190.bundle/Info.plist
@@ -0,0 +1,136 @@
+
+
+
+
+ Filename
+ iPhone3,1_4.3_8F190_Restore.ipsw
+ RootFilesystem
+ 038-0688-006.dmg
+ RootFilesystemKey
+ 34904e749a8c5cfabecc6c3340816d85e7fc4de61c968ca93be621a9b9520d6466a1456a
+ RootFilesystemSize
+ 930
+ RamdiskOptionsPath
+ /usr/local/share/restore/options.n90.plist
+ SHA256
+ dd891fbe6e035bdca7acba4567f6297d11b5e4fc089511b700908101c82950c0
+ FilesystemPackage
+
+ RamdiskPackage
+
+ package
+ src/bin.tar
+ ios
+ ios4
+
+ Firmware
+
+ iBSS
+
+ File
+ Firmware/dfu/iBSS.n90ap.RELEASE.dfu
+ IV
+ 37f4d36494ac9d83ab8a9e4936c885f8
+ Key
+ f5e50c94dfee05ed52b4003750007f4c2d1801f7e90e768774ac656dc62c69db
+ Decrypt
+
+ Patch
+
+
+ Restore Ramdisk
+
+ File
+ 038-0715-006.dmg
+ IV
+ d11772b6a3bdd4f0b4cd8795b9f10ad9
+ Key
+ 9873392c91743857cf5b35c9017c6683d5659c9358f35c742be27bfb03dee77c
+
+
+ FirmwareReplace
+
+ APTicket
+
+ File
+ Firmware/all_flash/all_flash.n90ap.production/applelogoT-640x960.s5l8930x.img3
+
+ AppleLogo
+
+ File
+ Firmware/all_flash/all_flash.n90ap.production/applelogo7-640x960.s5l8930x.img3
+
+ NewAppleLogo
+
+ File
+ Firmware/all_flash/all_flash.n90ap.production/applelogo-640x960.s5l8930x.img3
+
+ BatteryCharging0
+
+ File
+ Firmware/all_flash/all_flash.n90ap.production/batterycharging0-640x960.s5l8930x.img3
+
+ BatteryCharging1
+
+ File
+ Firmware/all_flash/all_flash.n90ap.production/batterycharging1-640x960.s5l8930x.img3
+
+ BatteryFull
+
+ File
+ Firmware/all_flash/all_flash.n90ap.production/batteryfull-640x960.s5l8930x.img3
+
+ BatteryLow0
+
+ File
+ Firmware/all_flash/all_flash.n90ap.production/batterylow0-640x960.s5l8930x.img3
+
+ BatteryLow1
+
+ File
+ Firmware/all_flash/all_flash.n90ap.production/batterylow1-640x960.s5l8930x.img3
+
+ BatteryPlugin
+
+ File
+ Firmware/all_flash/all_flash.n90ap.production/glyphplugin-640x960.s5l8930x.img3
+
+ RecoveryMode
+
+ File
+ Firmware/all_flash/all_flash.n90ap.production/recoverymode7-640x960.s5l8930x.img3
+
+ NewRecoveryMode
+
+ File
+ Firmware/all_flash/all_flash.n90ap.production/recoverymode-640x960.s5l8930x.img3
+
+ LLB
+
+ File
+ Firmware/all_flash/all_flash.n90ap.production/LLB.n90ap.RELEASE.img3
+
+ iBoot
+
+ File
+ Firmware/all_flash/all_flash.n90ap.production/iBoot.n90ap.RELEASE.img3
+
+ NewiBoot
+
+ File
+ Firmware/all_flash/all_flash.n90ap.production/iBoot4.n90ap.RELEASE.img3
+ IV
+ 9f11c07bde79bdac4abb3f9707c4b13c
+ Key
+ 0958d70e1a292483d4e32ed1e911d2b16b6260856be67d00a33b6a1801711d32
+
+ manifest
+
+ File
+ Firmware/all_flash/all_flash.n90ap.production/manifest
+ manifest
+ manifest
+
+
+
+
diff --git a/resources/firmware/powdersn0wBundles/iPhone3,1_4.3_8F190.bundle/iBSS.n90ap.RELEASE.patch b/resources/firmware/powdersn0wBundles/iPhone3,1_4.3_8F190.bundle/iBSS.n90ap.RELEASE.patch
new file mode 100644
index 0000000..59e9ad3
Binary files /dev/null and b/resources/firmware/powdersn0wBundles/iPhone3,1_4.3_8F190.bundle/iBSS.n90ap.RELEASE.patch differ
diff --git a/resources/firmware/powdersn0wBundles/iPhone3,1_4.3_8F190.bundle/manifest b/resources/firmware/powdersn0wBundles/iPhone3,1_4.3_8F190.bundle/manifest
new file mode 100644
index 0000000..e5c7609
--- /dev/null
+++ b/resources/firmware/powdersn0wBundles/iPhone3,1_4.3_8F190.bundle/manifest
@@ -0,0 +1,16 @@
+applelogoT-640x960.s5l8930x.img3
+LLB.n90ap.RELEASE.img3
+iBoot.n90ap.RELEASE.img3
+DeviceTree.n90ap.img3
+applelogo7-640x960.s5l8930x.img3
+recoverymode7-640x960.s5l8930x.img3
+batterylow0-640x960.s5l8930x.img3
+batterylow1-640x960.s5l8930x.img3
+glyphcharging-640x960.s5l8930x.img3
+glyphplugin-640x960.s5l8930x.img3
+batterycharging0-640x960.s5l8930x.img3
+batterycharging1-640x960.s5l8930x.img3
+batteryfull-640x960.s5l8930x.img3
+iBoot4.n90ap.RELEASE.img3
+applelogo-640x960.s5l8930x.img3
+recoverymode-640x960.s5l8930x.img3
diff --git a/restore.sh b/restore.sh
index 75613fa..bbefc0e 100755
--- a/restore.sh
+++ b/restore.sh
@@ -100,7 +100,7 @@ set_tool_paths() {
also set distro, debian_ver, ubuntu_ver, fedora_ver variables for linux
list of tools set here:
- bspatch, ch3rry, jq, ping, scp, ssh, sha1sum (for macos: shasum -a 1), sha256sum (for macos: shasum -a 256), xmlstarlet, zenity
+ bspatch, jq, ping, scp, ssh, sha1sum (for macos: shasum -a 1), sha256sum (for macos: shasum -a 256), xmlstarlet, zenity
these ones "need" sudo for linux arm, not for others:
futurerestore, gaster, idevicerestore, idevicererestore, ipwnder, irecovery
@@ -112,7 +112,6 @@ set_tool_paths() {
"$dir/$name_of_tool"
'
- ch3rry_dirmac="../resources/ch3rryflower/Tools/macos/UNTETHERED"
if [[ $OSTYPE == "linux"* ]]; then
. /etc/os-release
platform="linux"
@@ -162,8 +161,6 @@ set_tool_paths() {
if [[ ! -e $bspatch ]]; then
bspatch="env LD_LIBRARY_PATH=$lib $dir/bspatch"
fi
- ch3rry_dir="../resources/ch3rryflower/Tools/ubuntu/UNTETHERED"
- ch3rry="env LD_LIBRARY_PATH=$lib $ch3rry_dir/cherry"
jq="$(which jq)"
ping="ping -c1"
sha1sum="$(which sha1sum)"
@@ -210,8 +207,6 @@ set_tool_paths() {
fi
bspatch="$(which bspatch)"
- ch3rry_dir="$ch3rry_dirmac"
- ch3rry="$ch3rry_dir/cherry"
futurerestore="$dir/futurerestore_$(uname -m)"
if [[ ! -e $futurerestore ]]; then
futurerestore="$dir/futurerestore_arm64"
@@ -1263,6 +1258,9 @@ ipsw_path_set() {
elif [[ $ipsw_jailbreak_tool == "etasonjb" ]]; then
ipsw_custom+="E"
fi
+ if [[ $ipsw_verbose == 1 ]]; then
+ ipsw_custom+="V"
+ fi
if [[ $device_target_other != 1 ]]; then
return
@@ -1453,6 +1451,9 @@ shsh_save() {
}
ipsw_download() {
+ if [[ $device_target_vers == "4.3"* ]]; then
+ ipsw_custom+="_$device_ecid"
+ fi
if [[ $device_target_other == 1 ]]; then
return
elif [[ -e "$ipsw_custom.ipsw" ]]; then
@@ -1718,8 +1719,12 @@ ipsw_prepare_32bit() {
ipsw_prepare_powder() {
local config="config"
+ local ExtraArgs
+ local ExtraArgs2="--logo4 "
+ local IV
local JBFiles=()
local JBSHA1
+ local Key
if [[ -e "$ipsw_custom.ipsw" ]]; then
log "Found existing Custom IPSW. Skipping IPSW creation."
@@ -1732,7 +1737,7 @@ ipsw_prepare_powder() {
JBFiles=("Cydia6.tar")
JBSHA1="1d5a351016d2546aa9558bc86ce39186054dc281"
else
- # use unthredeh4il for ios 5
+ # use unthredeh4il for ios 4/5
JBFiles=("Cydia5.tar" "unthredeh4il.tar" "fstab_rw.tar")
JBSHA1="f5b5565640f7e31289919c303efe44741e28543a"
fi
@@ -1744,12 +1749,15 @@ ipsw_prepare_powder() {
JBFiles[i]=../resources/jailbreak/${JBFiles[$i]}
done
fi
- if [[ $ipsw_verbose == 1 ]]; then
- config+="v"
- fi
log "Preparing custom IPSW with powdersn0w..."
cp -R ../resources/firmware/powdersn0wBundles ./FirmwareBundles
+ if [[ $device_target_vers == "4.3"* ]]; then
+ ExtraArgs+="-apticket $shsh_path"
+ fi
+ if [[ $ipsw_verbose == 1 ]]; then
+ config+="v"
+ fi
cp -R ../resources/firmware/src .
if [[ $ipsw_jailbreak == 1 && $device_target_vers == "6"* ]]; then
JBFiles=()
@@ -1759,119 +1767,62 @@ ipsw_prepare_powder() {
fi
mv FirmwareBundles/${config}.plist FirmwareBundles/config.plist
if [[ $ipsw_memory == 1 ]]; then
- ipsw_memory="-memory"
- else
- ipsw_memory=
+ ExtraArgs+=" -memory"
fi
- "$dir/powdersn0w" "$ipsw_path.ipsw" temp.ipsw $ipsw_memory -base "$ipsw_path_712.ipsw" ${JBFiles[@]}
+ "$dir/powdersn0w" "$ipsw_path.ipsw" temp.ipsw -base "$ipsw_path_712.ipsw" $ExtraArgs ${JBFiles[@]}
if [[ ! -e temp.ipsw ]]; then
error "Failed to find custom IPSW. Please run the script again" \
"* You may try selecting N for memory option"
fi
- mv temp.ipsw "$ipsw_custom.ipsw"
-}
-ipsw_prepare_cherry() {
- local ExtraArgs="--logo4 "
- local IV
- local JBFiles
- local JBSHA1
- local Key
- ipsw_custom+="_$device_ecid"
-
- if [[ -e "$ipsw_custom.ipsw" ]]; then
- log "Found existing Custom IPSW. Skipping IPSW creation."
- return
- fi
-
- if [[ $device_target_vers == "4.3.5" ]]; then
- IV="986032eecd861c37ca2a86b6496a3c0d"
- Key="b4e300c54a9dd2e648ead50794e9bf2205a489c310a1c70a9fae687368229468"
- elif [[ $device_target_vers == "4.3.3" ]]; then
- IV="bb3fc29dd226fac56086790060d5c744"
- Key="c2ead1d3b228a05b665c91b4b1ab54b570a81dffaf06eaf1736767bcb86e50de"
- ExtraArgs+="--433 "
- elif [[ $device_target_vers == "4.3" ]]; then
- IV="9f11c07bde79bdac4abb3f9707c4b13c"
- Key="0958d70e1a292483d4e32ed1e911d2b16b6260856be67d00a33b6a1801711d32"
- ExtraArgs+="--433 "
- fi
-
- if [[ $ipsw_jailbreak == 1 ]]; then
- JBFiles=("fstab_rw.tar" "unthredeh4il.tar" "Cydia5.tar")
- JBSHA1="f5b5565640f7e31289919c303efe44741e28543a"
- if [[ ! -e ../resources/jailbreak/${JBFiles[2]} ]]; then
- download_file https://github.com/LukeZGD/iOS-OTA-Downgrader-Keys/releases/download/jailbreak/${JBFiles[2]} ${JBFiles[2]} $JBSHA1
- cp ${JBFiles[2]} ../resources/jailbreak/${JBFiles[2]}
+ if [[ $device_target_vers == "4.3"* ]]; then
+ device_fw_key_check
+ log "Applying iOS 4 patches"
+ log "Patch iBoot"
+ IV=$(echo "$device_fw_key" | $jq -j '.keys[] | select(.image | startswith("iBoot")) | .iv')
+ Key=$(echo "$device_fw_key" | $jq -j '.keys[] | select(.image | startswith("iBoot")) | .key')
+ if [[ $device_target_vers != "4.3.5" ]]; then
+ ExtraArgs2+="--433 "
fi
- for i in {0..2}; do
- JBFiles[i]=../resources/jailbreak/${JBFiles[$i]}
- done
+ if [[ $ipsw_verbose == 1 ]]; then
+ ExtraArgs2+="-b -v"
+ fi
+ unzip -o -j "$ipsw_path.ipsw" Firmware/all_flash/all_flash.n90ap.production/iBoot*
+ mv iBoot.n90ap.RELEASE.img3 tmp
+ "$dir/xpwntool" tmp ibot.dec -iv $IV -k $Key
+ "$dir/iBoot32Patcher" ibot.dec ibot.pwned --rsa --boot-partition --boot-ramdisk $ExtraArgs2
+ "$dir/xpwntool" ibot.pwned iBoot -t tmp
+ rm tmp
+ echo "0000010: 6365" | xxd -r - iBoot
+ echo "0000020: 6365" | xxd -r - iBoot
+ mkdir -p Firmware/all_flash/all_flash.n90ap.production Firmware/dfu
+ cp iBoot Firmware/all_flash/all_flash.n90ap.production/iBoot4.n90ap.RELEASE.img3
+ log "Patch iBSS"
+ unzip -o -j "$ipsw_path.ipsw" Firmware/dfu/iBSS.n90ap.RELEASE.dfu
+ $bspatch iBSS.n90ap.RELEASE.dfu Firmware/dfu/iBSS.n90ap.RELEASE.dfu FirmwareBundles/${device_type}_${device_target_vers}_${device_target_build}.bundle/iBSS.n90ap.RELEASE.patch
+ log "Patch Ramdisk"
+ local RamdiskName=$(echo "$device_fw_key" | $jq -j '.keys[] | select(.image | startswith("RestoreRamdisk")) | .filename')
+ unzip -o -j "$ipsw_path.ipsw" $RamdiskName
+ if [[ $device_target_vers == "4.3" ]]; then
+ "$dir/xpwntool" $RamdiskName ramdisk.orig -iv d11772b6a3bdd4f0b4cd8795b9f10ad9 -k 9873392c91743857cf5b35c9017c6683d5659c9358f35c742be27bfb03dee77c -decrypt
+ else
+ mv $RamdiskName ramdisk.orig
+ fi
+ $bspatch ramdisk.orig ramdisk.patched FirmwareBundles/${device_type}_${device_target_vers}_${device_target_build}.bundle/${RamdiskName%????}.patch
+ "$dir/xpwntool" ramdisk.patched ramdisk.raw
+ "$dir/hfsplus" ramdisk.raw rm iBoot
+ "$dir/hfsplus" ramdisk.raw add iBoot iBoot
+ "$dir/xpwntool" ramdisk.raw $RamdiskName -t ramdisk.patched
+ log "Patch AppleLogo"
+ unzip -o -j temp.ipsw Firmware/all_flash/all_flash.n90ap.production/applelogo-640x960.s5l8930x.img3
+ echo "0000010: 3467" | xxd -r - applelogo-640x960.s5l8930x.img3
+ echo "0000020: 3467" | xxd -r - applelogo-640x960.s5l8930x.img3
+ mv applelogo-640x960.s5l8930x.img3 Firmware/all_flash/all_flash.n90ap.production/applelogo-640x960.s5l8930x.img3
+ log "Add all to custom IPSW"
+ zip -r0 temp.ipsw Firmware/all_flash/all_flash.n90ap.production/* Firmware/dfu/iBSS.n90ap.RELEASE.dfu $RamdiskName
fi
- log "ch3rryflower will be used instead of powdersn0w for iOS 4.3.x"
- if [[ ! -d ../resources/ch3rryflower ]]; then
- download_file https://web.archive.org/web/20210529174714if_/https://codeload.github.com/dora2-iOS/ch3rryflower/zip/316d2cdc5351c918e9db9650247b91632af3f11f ch3rryflower.zip 790d56db354151b9740c929e52c097ba57f2929d
- unzip -q ch3rryflower.zip -d ../resources
- mv ../resources/ch3rryflower*/ ../resources/ch3rryflower/
- fi
-
- if [[ $platform == "linux" ]]; then
- # patch cherry temp path from /tmp to ././ (current dir)
- echo "QlNESUZGNDA4AAAAAAAAAEUAAAAAAAAAQKoEAAAAAABCWmg5MUFZJlNZCmbVYQAABtRYTCAAIEAAQAAAEAIAIAAiNNA9QgyYiW0geDDxdyRThQkApm1WEEJaaDkxQVkmU1kFCpb0AACoSA7AAABAAAikAAACAAigAFCDJiApUmmnpMCTNJOaootbhBXWMbqkjO/i7kinChIAoVLegEJaaDkXckU4UJAAAAAA" | base64 -d | tee cherry.patch >/dev/null
- $bspatch $ch3rry_dir/cherry $ch3rry_dir/cherry2 cherry.patch
- chmod +x $ch3rry_dir/cherry2
- ch3rry+="2"
- fi
-
- if [[ $ipsw_verbose == 1 ]]; then
- ExtraArgs+="-b -v"
- fi
-
- log "Preparing custom IPSW with ch3rryflower..."
- cp -R "$ch3rry_dirmac/FirmwareBundles" "$ch3rry_dirmac/src" .
- unzip -o -j "$ipsw_path.ipsw" Firmware/all_flash/all_flash.n90ap.production/iBoot*
- mv iBoot.n90ap.RELEASE.img3 tmp
- "$dir/xpwntool" tmp ibot.dec -iv $IV -k $Key
- "$ch3rry_dir/bin/iBoot32Patcher" ibot.dec ibot.pwned --rsa --boot-partition --boot-ramdisk $ExtraArgs
- "$dir/xpwntool" ibot.pwned iBoot -t tmp
- echo "0000010: 6365" | xxd -r - iBoot
- echo "0000020: 6365" | xxd -r - iBoot
- if [[ $ipsw_memory == 1 ]]; then
- ipsw_memory="-memory"
- else
- ipsw_memory=
- fi
- $ch3rry "$ipsw_path.ipsw" temp.ipsw $ipsw_memory -derebusantiquis "$ipsw_path_712.ipsw" iBoot ${JBFiles[@]}
-
- if [[ ! -e temp.ipsw ]]; then
- error "Failed to find custom IPSW. Please run the script again" \
- "* You may try selecting N for memory option"
- fi
-
- log "iOS 4 Fix" # From ios4fix
- zip -d temp.ipsw Firmware/all_flash/all_flash.n90ap.production/manifest
- pushd src/n90ap/Firmware/all_flash/all_flash.n90ap.production
- unzip -o -j "../../../../../$ipsw_path.ipsw" Firmware/all_flash/all_flash*/applelogo*
- mv -v applelogo-640x960.s5l8930x.img3 applelogo4-640x960.s5l8930x.img3
- echo "0000010: 34" | xxd -r - applelogo4-640x960.s5l8930x.img3
- echo "0000020: 34" | xxd -r - applelogo4-640x960.s5l8930x.img3
- if [[ $platform == "macos" ]]; then
- plutil -extract 'APTicket' xml1 "../../../../../$shsh_path" -o 'apticket.plist'
- cat apticket.plist | sed -ne '//,/<\/data>/p' | sed -e "s///" | sed "s/<\/data>//" | awk '{printf "%s",$0}' | base64 --decode > apticket.der
- else
- "$xmlstarlet" sel -t -m "plist/dict/key[.='APTicket']" -v "following-sibling::data[1]" "../../../../../$shsh_path" > apticket.plist
- sed -i -e 's/[ \t]*//' apticket.plist
- cat apticket.plist | base64 --decode > apticket.der
- fi
- "../../../../../$dir/xpwntool" apticket.der applelogoT-640x960.s5l8930x.img3 -t scab_template.img3
- pushd ../../..
- zip -r0 "../../temp.ipsw" Firmware/all_flash/all_flash.n90ap.production/manifest
- zip -r0 "../../temp.ipsw" Firmware/all_flash/all_flash.n90ap.production/applelogo4-640x960.s5l8930x.img3
- zip -r0 "../../temp.ipsw" Firmware/all_flash/all_flash.n90ap.production/applelogoT-640x960.s5l8930x.img3
- popd
- popd
mv temp.ipsw "$ipsw_custom.ipsw"
}
@@ -2106,7 +2057,7 @@ restore_prepare() {
restore_latest
fi
else
- # ch3rryflower 4.3.x, powdersn0w 5.0-6.1.3
+ # powdersn0w 4.3.x-6.1.3
shsh_save version 7.1.2
device_enter_mode pwnDFU
restore_idevicerestore
@@ -2167,12 +2118,11 @@ ipsw_prepare() {
else
log "No need to create custom IPSW for non-jailbroken 7.1.2 restores"
fi
- elif [[ $device_target_vers == "4.3"* ]]; then
- # ch3rryflower 4.3.x
- shsh_save version 7.1.2
- ipsw_prepare_cherry
else
- # powdersn0w 5.0-6.1.3
+ # powdersn0w 4.3.x-6.1.3
+ if [[ $device_target_vers == "4.3"* ]]; then
+ shsh_save version 7.1.2
+ fi
ipsw_prepare_powder
fi
;;
@@ -2216,10 +2166,10 @@ device_remove4() {
device_enter_mode pwnDFU
log "Patching iBSS..."
- $bspatch iBSS_8L1.dfu pwnediBSS resources/patches/iBSS.n90ap.8L1.patch
+ $bspatch iBSS_8L1.dfu pwnediBSS ../resources/patch/iBSS.n90ap.8L1.patch
log "Sending iBSS..."
$irecovery -f pwnediBSS
- sleep 2
+ sleep 5
log "Running commands..."
$irecovery -c "setenv boot-partition $rec"
$irecovery -c "saveenv"