Mirrors/Legacy-iOS-Kit
2
0
Fork 0
mirror of https://github.com/LukeZGD/Legacy-iOS-Kit.git synced 2025-01-12 00:09:10 +01:00
Code Issues Packages Projects Releases Wiki Activity

Various bug/issue fixes

Browse Source 
- fixes #518
- fix ios 4.x powder (fstab fixes)
- local server/wikiproxy first before m1sta api for fw keys
- fix multipatch (tested ipad 1 4.2.1, iphone 4 4.1, iphone 5 7.0b1, iphone 4s 8.4.1 gasgauge)
- use multipatch to get past gas gauge error (aka 4s error 29)
- add gasgauge-patch flag
- slightly organize other utilities menu
- other changes/fixes
This commit is contained in:
LukeZGD 2024-06-29 22:18:12 +08:00
parent 057b459a7c
commit 95dc8ae748
3 changed files with 265 additions and 206 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
resources/firmware/src/activate_exploit
View File

Binary file not shown.

BIN
resources/firmware/src/activate_exploit2
View File

Binary file not shown.

471
restore.sh
View File

@ -81,6 +81,7 @@ List of options:
For 32-bit devices compatible with restores/downgrades (see README): For 32-bit devices compatible with restores/downgrades (see README):
--activation-records Enable dumping/stitching activation records --activation-records Enable dumping/stitching activation records
--disable-bbupdate Disable bbupdate and enable dumping/stitching baseband --disable-bbupdate Disable bbupdate and enable dumping/stitching baseband
--gasgauge-patch Enable multipatch to get past "gas gauge" error (aka error 29 in iTunes)
--ipsw-hacktivate Enable hacktivation for creating IPSW (iPhone 2G/3G/3GS only) --ipsw-hacktivate Enable hacktivation for creating IPSW (iPhone 2G/3G/3GS only)
--ipsw-verbose Enable verbose boot option (powdersn0w only) --ipsw-verbose Enable verbose boot option (powdersn0w only)
--jailbreak Enable jailbreak option --jailbreak Enable jailbreak option
@ -938,7 +939,7 @@ device_get_info() {
esac esac
device_get_name device_get_name
if (( device_proc > 10 )); then if (( device_proc > 10 )); then
print "* Device: $device_name (${device_type}, ${device_model}ap) in $device_mode mode" print "* Device: $device_name (${device_type} - ${device_model}ap) in $device_mode mode"
print "* iOS Version: $device_vers" print "* iOS Version: $device_vers"
print "* ECID: $device_ecid" print "* ECID: $device_ecid"
echo echo
@ -995,17 +996,22 @@ device_get_info() {
device_use_build="14G60" device_use_build="14G60"
;; ;;
esac esac
local latestver
case $device_type in case $device_type in
iPad4,[123456789] | iPhone6,[12] | iPhone7,[12] | iPod7,1 ) iPad4,[123456789] | iPhone6,[12] | iPhone7,[12] | iPod7,1 )
device_latest_vers="12.5.7" device_latest_vers="12.5.7"
device_latest_build="16H81" device_latest_build="16H81"
;; ;;
iPad[56]* | iPhone[89]* | iPhone10* | iPod9,1 ) iPad5* | iPhone[89]* | iPod9,1 )
log "Getting latest iOS version for $device_type" device_latest_vers="15.8.2"
latestver="$(curl "https://api.ipsw.me/v4/device/$device_type?type=ipsw" | $jq -j ".firmwares[0]")" device_latest_build="19H384"
device_latest_vers="$(echo "$latestver" | $jq -j ".version")" ;;
device_latest_build="$(echo "$latestver" | $jq -j ".buildid")" iPad6* | iPhone10* )
device_latest_vers="16.7.8"
device_latest_build="20H343"
#log "Getting latest iOS version for $device_type"
#local latestver="$(curl "https://api.ipsw.me/v4/device/$device_type?type=ipsw" | $jq -j ".firmwares[0]")"
#device_latest_vers="$(echo "$latestver" | $jq -j ".version")"
#device_latest_build="$(echo "$latestver" | $jq -j ".buildid")"
;; ;;
esac esac
# set device_use_bb, device_use_bb_sha1 (what baseband to use for ota/other) # set device_use_bb, device_use_bb_sha1 (what baseband to use for ota/other)
@ -1494,6 +1500,7 @@ device_enter_mode() {
log "Placing device to pwnDFU mode using gaster" log "Placing device to pwnDFU mode using gaster"
$gaster pwn $gaster pwn
tool_pwned=$? tool_pwned=$?
log "gaster reset"
$gaster reset $gaster reset
elif [[ $device_type == "iPod2,1" ]]; then elif [[ $device_type == "iPod2,1" ]]; then
# touch 2 uses ipwndfu # touch 2 uses ipwndfu
@ -1797,8 +1804,8 @@ device_fw_key_check() {
log "Getting firmware keys for $device_type-$build" log "Getting firmware keys for $device_type-$build"
mkdir -p "$keys_path" 2>/dev/null mkdir -p "$keys_path" 2>/dev/null
local try=("https://github.com/LukeZGD/Legacy-iOS-Kit-Keys/raw/master/$device_type/$build/index.html" local try=("https://github.com/LukeZGD/Legacy-iOS-Kit-Keys/raw/master/$device_type/$build/index.html"
"https://api.m1sta.xyz/wikiproxy/$device_type/$build" "http://127.0.0.1:8888/firmware/$device_type/$build"
"http://127.0.0.1:8888/firmware/$device_type/$build") "https://api.m1sta.xyz/wikiproxy/$device_type/$build")
for i in "${try[@]}"; do for i in "${try[@]}"; do
curl -L $i -o index.html curl -L $i -o index.html
if [[ $(cat index.html | grep -c "$build") == 1 ]]; then if [[ $(cat index.html | grep -c "$build") == 1 ]]; then
@ -1828,7 +1835,7 @@ ipsw_get_url() {
ipsw_url= ipsw_url=
log "Checking URL in $device_fw_dir/$build_id/url" log "Checking URL in $device_fw_dir/$build_id/url"
if [[ $(echo "$url" | grep -c '<') != 0 || $url != *"$build_id"* ]]; then if [[ $(echo "$url" | grep -c '<') != 0 || $url != *"$build_id"* ]]; then
rm "$device_fw_dir/$build_id/url" rm -f "$device_fw_dir/$build_id/url"
url= url=
fi fi
if [[ -z $url ]]; then if [[ -z $url ]]; then
@ -2385,13 +2392,12 @@ ipsw_prepare_jailbreak() {
case $device_target_vers in case $device_target_vers in
6.1.[3456] ) JBFiles+=("p0sixspwn.tar");; 6.1.[3456] ) JBFiles+=("p0sixspwn.tar");;
6* ) JBFiles+=("evasi0n6-untether.tar");; 6* ) JBFiles+=("evasi0n6-untether.tar");;
4.2.1 ) JBFiles[0]="fstab_old.tar";; 4.1 | 4.0* | 3.1.3 ) JBFiles+=("greenpois0n/${device_type}_${device_target_build}.tar");;
4.1 | 4.0* | 3.1.3 )
JBFiles[0]="fstab_old.tar"
JBFiles+=("greenpois0n/${device_type}_${device_target_build}.tar")
;;
5* | 4.[32]* ) JBFiles+=("g1lbertJB/${device_type}_${device_target_build}.tar");; 5* | 4.[32]* ) JBFiles+=("g1lbertJB/${device_type}_${device_target_build}.tar");;
esac esac
case $device_target_vers in
[34]* ) JBFiles[0]="fstab_old.tar"
esac
for i in {0..1}; do for i in {0..1}; do
JBFiles[i]=$jelbrek/${JBFiles[$i]} JBFiles[i]=$jelbrek/${JBFiles[$i]}
done done
@ -3535,17 +3541,17 @@ ipsw_prepare_multipatch() {
local iv local iv
local key local key
local comps=("iBSS" "iBEC" "DeviceTree" "Kernelcache" "RestoreRamdisk") local comps=("iBSS" "iBEC" "DeviceTree" "Kernelcache" "RestoreRamdisk")
local ticket="--ticket" local use_ticket=1
log "Starting multipatch" log "Starting multipatch"
mv "$ipsw_custom.ipsw" temp.ipsw mv "$ipsw_custom.ipsw" temp.ipsw
rm asr* iBSS* iBEC* ramdisk* *.dmg 2>/dev/null rm asr* iBSS* iBEC* ramdisk* *.dmg 2>/dev/null
options_plist="options.$device_model.plist" options_plist="options.$device_model.plist"
if [[ $device_type == "iPad1,1" && $device_target_vers == "4"* ]]; then if [[ $device_type == "iPad1,1" && $device_target_vers == "4"* ]]; then
ticket= use_ticket=
elif [[ $device_target_vers == "3"* || $device_target_vers == "4"* ]]; then elif [[ $device_target_vers == "3"* || $device_target_vers == "4"* ]]; then
options_plist="options.plist" options_plist="options.plist"
ticket= use_ticket=
fi fi
vers="4.2.1" vers="4.2.1"
@ -3561,10 +3567,12 @@ ipsw_prepare_multipatch() {
4.3* ) vers="4.3.5"; build="8L1";; 4.3* ) vers="4.3.5"; build="8L1";;
5* ) vers="5.1.1"; build="9B206";; 5* ) vers="5.1.1"; build="9B206";;
6* ) vers="6.1.3"; build="10B329";; 6* ) vers="6.1.3"; build="10B329";;
7* ) vers="7.1.2"; build="11D257";;
8* ) vers="8.4.1"; build="12H321";;
9* ) vers="9.3.5"; build="13G36";;
esac esac
case $device_target_vers in
7* ) vers="7.1.2"; build="11D257";;
8* ) vers="8.4.1"; build="12H321";;
9* ) vers="9.3.5"; build="13G36";;
esac
saved_path="../saved/$device_type/$build" saved_path="../saved/$device_type/$build"
ipsw_get_url $build ipsw_get_url $build
url="$ipsw_url" url="$ipsw_url"
@ -3594,11 +3602,11 @@ ipsw_prepare_multipatch() {
fi fi
case $getcomp in case $getcomp in
"DeviceTree" ) "DeviceTree" )
mv $name Downgrade/RestoreDeviceTree "$dir/xpwntool" $name Downgrade/RestoreDeviceTree -iv $iv -k $key -decrypt
zip -r0 temp.ipsw Downgrade/RestoreDeviceTree zip -r0 temp.ipsw Downgrade/RestoreDeviceTree
;; ;;
"Kernelcache" ) "Kernelcache" )
mv $name Downgrade/RestoreKernelCache "$dir/xpwntool" $name Downgrade/RestoreKernelCache -iv $iv -k $key -decrypt
zip -r0 temp.ipsw Downgrade/RestoreKernelCache zip -r0 temp.ipsw Downgrade/RestoreKernelCache
;; ;;
* ) * )
@ -3607,10 +3615,15 @@ ipsw_prepare_multipatch() {
;; ;;
esac esac
if [[ $getcomp == "iB"* ]]; then if [[ $getcomp == "iB"* ]]; then
local ticket=
if [[ $getcomp == "iBEC" && $use_ticket == 1 ]]; then
ticket="--ticket"
fi
log "Patch $getcomp" log "Patch $getcomp"
"$dir/iBoot32Patcher" $getcomp.dec $getcomp.patched --rsa --debug -b "rd=md0 -v nand-enable-reformat=1 amfi=0xff amfi_get_out_of_my_way=1 cs_enforcement_disable=1 pio-error=0" "$dir/iBoot32Patcher" $getcomp.dec $getcomp.patched --rsa --debug $ticket -b "rd=md0 -v nand-enable-reformat=1 amfi=0xff amfi_get_out_of_my_way=1 cs_enforcement_disable=1 pio-error=0"
"$dir/xpwntool" $getcomp.patched ${path}$name -t $getcomp.orig "$dir/xpwntool" $getcomp.patched ${path}$name -t $getcomp.orig
zip -r0 temp.ipsw ${path}$name cp ${path}$name ${path}$getcomp.$device_model.RELEASE.dfu 2>/dev/null
zip -r0 temp.ipsw ${path}$name ${path}$getcomp.$device_model.RELEASE.dfu
fi fi
done done
@ -3622,14 +3635,12 @@ ipsw_prepare_multipatch() {
unzip -o -j temp.ipsw $ramdisk_name unzip -o -j temp.ipsw $ramdisk_name
mv $ramdisk_name ramdisk2.orig mv $ramdisk_name ramdisk2.orig
"$dir/xpwntool" ramdisk2.orig ramdisk2.dec "$dir/xpwntool" ramdisk2.orig ramdisk2.dec
#rm RestoreRamdisk.dec
#cp ramdisk2.dec RestoreRamdisk.dec
#"$dir/hfsplus" RestoreRamdisk.dec grow 30000000
rm -f asr rm -f asr
"$dir/hfsplus" ramdisk2.dec extract usr/sbin/asr "$dir/hfsplus" ramdisk2.dec extract usr/sbin/asr
"$dir/hfsplus" RestoreRamdisk.dec rm usr/sbin/asr "$dir/hfsplus" RestoreRamdisk.dec rm usr/sbin/asr
"$dir/hfsplus" RestoreRamdisk.dec add asr usr/sbin/asr "$dir/hfsplus" RestoreRamdisk.dec add asr usr/sbin/asr
"$dir/hfsplus" RestoreRamdisk.dec chmod 755 usr/sbin/asr "$dir/hfsplus" RestoreRamdisk.dec chmod 755 usr/sbin/asr
"$dir/hfsplus" RestoreRamdisk.dec chown 0:0 usr/sbin/asr
else else
cp ../resources/firmware/FirmwareBundles/Down_${device_type}_${vers}_${build}.bundle/asr.patch . cp ../resources/firmware/FirmwareBundles/Down_${device_type}_${vers}_${build}.bundle/asr.patch .
ipsw_patch_file RestoreRamdisk.dec usr/sbin asr asr.patch ipsw_patch_file RestoreRamdisk.dec usr/sbin asr asr.patch
@ -3660,17 +3671,7 @@ ipsw_prepare_multipatch() {
"$dir/hfsplus" RestoreRamdisk.dec mv sbin/reboot sbin/reboot_ "$dir/hfsplus" RestoreRamdisk.dec mv sbin/reboot sbin/reboot_
"$dir/hfsplus" RestoreRamdisk.dec add src/target/$device_model/reboot4 sbin/reboot "$dir/hfsplus" RestoreRamdisk.dec add src/target/$device_model/reboot4 sbin/reboot
"$dir/hfsplus" RestoreRamdisk.dec chmod 755 sbin/reboot "$dir/hfsplus" RestoreRamdisk.dec chmod 755 sbin/reboot
if [[ $device_type != "iPhone3,1" ]]; then "$dir/hfsplus" RestoreRamdisk.dec chown 0:0 sbin/reboot
"$dir/hfsplus" RestoreRamdisk.dec add iBoot iBoot
# reboot chain: reboot4 as reboot, activate_exploit as reboot_, original reboot as reboot__
# thanks to testingthings (@throwaway167074) this ios 4 powder nvram fix implementation, https://gist.github.com/LukeZGD/da484f6deb02edefd6689c6bf921d5d4
"$dir/hfsplus" RestoreRamdisk.dec mv sbin/reboot_ sbin/reboot__
case $device_target_vers in
4.3* ) "$dir/hfsplus" RestoreRamdisk.dec add src/activate_exploit sbin/reboot_;; # auto-boot=1
* ) "$dir/hfsplus" RestoreRamdisk.dec add src/activate_exploit2 sbin/reboot_;; # auto-boot=0
esac
"$dir/hfsplus" RestoreRamdisk.dec chmod 755 sbin/reboot_
fi
elif [[ $device_target_powder == 1 ]]; then elif [[ $device_target_powder == 1 ]]; then
local hw="$device_model" local hw="$device_model"
local base_build="11D257" local base_build="11D257"
@ -3690,7 +3691,14 @@ ipsw_prepare_multipatch() {
"$dir/hfsplus" RestoreRamdisk.dec mv sbin/reboot sbin/reboot_ "$dir/hfsplus" RestoreRamdisk.dec mv sbin/reboot sbin/reboot_
"$dir/hfsplus" RestoreRamdisk.dec add $partition sbin/reboot "$dir/hfsplus" RestoreRamdisk.dec add $partition sbin/reboot
"$dir/hfsplus" RestoreRamdisk.dec chmod 755 sbin/reboot "$dir/hfsplus" RestoreRamdisk.dec chmod 755 sbin/reboot
"$dir/hfsplus" RestoreRamdisk.dec chown 0:0 sbin/reboot
"$dir/hfsplus" RestoreRamdisk.dec add $exploit exploit "$dir/hfsplus" RestoreRamdisk.dec add $exploit exploit
elif [[ $ipsw_jailbreak == 1 && $device_target_vers == "8"* ]]; then
"$dir/hfsplus" RestoreRamdisk.dec untar bin.tar
"$dir/hfsplus" RestoreRamdisk.dec mv sbin/reboot sbin/reboot_
"$dir/hfsplus" RestoreRamdisk.dec add reboot.sh sbin/reboot
"$dir/hfsplus" RestoreRamdisk.dec chmod 755 sbin/reboot
"$dir/hfsplus" RestoreRamdisk.dec chown 0:0 sbin/reboot
fi fi
log "Repack Restore Ramdisk" log "Repack Restore Ramdisk"
@ -3744,24 +3752,25 @@ ipsw_prepare_tethered() {
} }
ipsw_prepare_ios4patches() { ipsw_prepare_ios4patches() {
local comps=("iBSS" "iBEC")
local iv
local key
local name
local path="Firmware/dfu/"
log "Applying iOS 4 patches" log "Applying iOS 4 patches"
mkdir -p $all_flash Firmware/dfu mkdir -p $all_flash $path
log "Patch iBSS" for getcomp in "${comps[@]}"; do
unzip -o -j "$ipsw_path.ipsw" Firmware/dfu/iBSS.${device_model}ap.RELEASE.dfu iv=$(echo $device_fw_key | $jq -j '.keys[] | select(.image == "'$getcomp'") | .iv')
local ibss_iv=$(echo $device_fw_key | $jq -j '.keys[] | select(.image == "iBSS") | .iv') key=$(echo $device_fw_key | $jq -j '.keys[] | select(.image == "'$getcomp'") | .key')
local ibss_key=$(echo $device_fw_key | $jq -j '.keys[] | select(.image == "iBSS") | .key') name="$getcomp.${device_model}ap.RELEASE.dfu"
mv iBSS.${device_model}ap.RELEASE.dfu iBSS.orig log "Patch $getcomp"
"$dir/xpwntool" iBSS.orig iBSS.dec -iv $ibss_iv -k $ibss_key unzip -o -j "$ipsw_path.ipsw" ${path}$name
"$dir/iBoot32Patcher" iBSS.dec iBSS.patched --rsa --debug $ticket -b "rd=md0 -v amfi=0xff cs_enforcement_disable=1" mv $name $getcomp.orig
"$dir/xpwntool" iBSS.patched Firmware/dfu/iBSS.${device_model}ap.RELEASE.dfu -t iBSS.orig "$dir/xpwntool" $getcomp.orig $getcomp.dec -iv $iv -k $key
log "Patch iBEC" "$dir/iBoot32Patcher" $getcomp.dec $getcomp.patched --rsa --debug -b "rd=md0 -v amfi=0xff cs_enforcement_disable=1 pio-error=0"
unzip -o -j "$ipsw_path.ipsw" Firmware/dfu/iBEC.${device_model}ap.RELEASE.dfu "$dir/xpwntool" $getcomp.patched ${path}$name -t $getcomp.orig
local ibec_iv=$(echo $device_fw_key | $jq -j '.keys[] | select(.image == "iBEC") | .iv') zip -r0 temp.ipsw ${path}$name
local ibec_key=$(echo $device_fw_key | $jq -j '.keys[] | select(.image == "iBEC") | .key') done
mv iBEC.${device_model}ap.RELEASE.dfu iBEC.orig
"$dir/xpwntool" iBEC.orig iBEC.dec -iv $ibec_iv -k $ibec_key
"$dir/iBoot32Patcher" iBEC.dec iBEC.patched --rsa --debug $ticket -b "rd=md0 -v amfi=0xff cs_enforcement_disable=1"
"$dir/xpwntool" iBEC.patched Firmware/dfu/iBEC.${device_model}ap.RELEASE.dfu -t iBEC.orig
} }
ipsw_prepare_ios4powder() { ipsw_prepare_ios4powder() {
@ -3776,7 +3785,7 @@ ipsw_prepare_ios4powder() {
fi fi
if [[ $ipsw_jailbreak == 1 ]]; then if [[ $ipsw_jailbreak == 1 ]]; then
JBFiles=("g1lbertJB/${device_type}_${device_target_build}.tar" "fstab_rw.tar" "freeze.tar" "cydiasubstrate.tar") JBFiles=("g1lbertJB/${device_type}_${device_target_build}.tar" "fstab_old.tar" "freeze.tar" "cydiasubstrate.tar")
for i in {0..3}; do for i in {0..3}; do
JBFiles[i]=$jelbrek/${JBFiles[$i]} JBFiles[i]=$jelbrek/${JBFiles[$i]}
done done
@ -3840,20 +3849,6 @@ ipsw_prepare_ios4powder() {
echo "0000020: 3467" | xxd -r - $applelogo_name echo "0000020: 3467" | xxd -r - $applelogo_name
mv $applelogo_name $all_flash/$applelogo_name mv $applelogo_name $all_flash/$applelogo_name
fi fi
if [[ $device_type != "iPhone3,1" ]]; then
local ramdisk_name=$(echo "$device_fw_key" | $jq -j '.keys[] | select(.image == "RestoreRamdisk") | .filename')
log "Patch RestoreRamdisk"
unzip -o -j temp.ipsw $ramdisk_name
mv $ramdisk_name ramdisk.orig
"$dir/xpwntool" ramdisk.orig ramdisk.dec
# powdersn0w adds reboot4 as sbin/reboot, and orig reboot is moved to sbin/reboot_
# these commands will add activate_exploit to sbin/reboot_, and move orig reboot to sbin/reboot__
# thanks to testingthings (@throwaway167074) this ios 4 powder nvram fix implementation, https://gist.github.com/LukeZGD/da484f6deb02edefd6689c6bf921d5d4
"$dir/hfsplus" ramdisk.dec mv sbin/reboot_ sbin/reboot__
"$dir/hfsplus" ramdisk.dec add src/activate_exploit sbin/reboot_
"$dir/hfsplus" ramdisk.dec chmod 755 sbin/reboot_
"$dir/xpwntool" ramdisk.dec $ramdisk_name -t ramdisk.orig
fi
log "Add all to custom IPSW" log "Add all to custom IPSW"
if [[ $device_type != "iPad1,1" ]]; then if [[ $device_type != "iPad1,1" ]]; then
@ -4345,13 +4340,14 @@ restore_futurerestore() {
futurerestore2+="_new" futurerestore2+="_new"
else else
futurerestore2="../saved/futurerestore_$platform" futurerestore2="../saved/futurerestore_$platform"
ExtraArr=("--latest-sep")
case $device_type in
iPhone* | iPad5,[24] | iPad6,[48] | iPad6,12 ) ExtraArr+=("--latest-baseband");;
* ) ExtraArr+=("--no-baseband");;
esac
if [[ $device_target_vers == "10"* ]]; then if [[ $device_target_vers == "10"* ]]; then
ExtraArr+=("-k" "-g" "14G60") export FUTURERESTORE_I_SOLEMNLY_SWEAR_THAT_I_AM_UP_TO_NO_GOOD=1 # required since custom-latest-ota is broken
else
ExtraArr=("--latest-sep")
case $device_type in
iPhone* | iPad5,[24] | iPad6,[48] | iPad6,12 ) ExtraArr+=("--latest-baseband");;
* ) ExtraArr+=("--no-baseband");;
esac
fi fi
log "futurerestore nightly will be used for this restore: https://github.com/futurerestore/futurerestore" log "futurerestore nightly will be used for this restore: https://github.com/futurerestore/futurerestore"
if [[ $platform == "linux" && $platform_arch != "x86_64" ]]; then if [[ $platform == "linux" && $platform_arch != "x86_64" ]]; then
@ -4561,17 +4557,10 @@ restore_prepare() {
* ) restore_idevicerestore;; * ) restore_idevicerestore;;
esac esac
if [[ $device_target_vers == "3"* || $device_target_vers == "4"* ]] && [[ $device_target_powder == 1 ]]; then if [[ $device_target_vers == "3"* || $device_target_vers == "4"* ]] && [[ $device_target_powder == 1 ]]; then
echo
log "The device may enter recovery mode after the restore" log "The device may enter recovery mode after the restore"
print "* To fix this, go to: Other Utilities -> Disable/Enable Exploit -> Enable Exploit" print "* To fix this, go to: Other Utilities -> Disable/Enable Exploit -> Enable Exploit"
fi fi
if [[ $device_target_vers == "4.3"* && $device_target_powder == 1 ]] &&
[[ $device_type == "iPad1,1" || $device_type == "iPod3,1" ]]; then
log "Do not disconnect your device yet"
device_find_mode Recovery 50
log "Attempting to exit recovery mode"
$irecovery -n
log "Done, your device should boot now"
fi
elif [[ $device_target_other == 1 ]]; then elif [[ $device_target_other == 1 ]]; then
case $device_target_vers in case $device_target_vers in
[34]* ) device_enter_mode pwnDFU;; [34]* ) device_enter_mode pwnDFU;;
@ -4673,6 +4662,10 @@ restore_pwned64() {
cp firmwares.json ../saved cp firmwares.json ../saved
fi fi
cp ../saved/firmwares.json /tmp cp ../saved/firmwares.json /tmp
if [[ $device_proc == 7 ]]; then
log "gaster reset"
$gaster reset
fi
restore_futurerestore --use-pwndfu restore_futurerestore --use-pwndfu
} }
@ -4716,7 +4709,7 @@ ipsw_prepare() {
elif [[ $device_target_vers != "$device_latest_vers" ]]; then elif [[ $device_target_vers != "$device_latest_vers" ]]; then
ipsw_prepare_custom ipsw_prepare_custom
fi fi
if [[ $ipsw_isbeta == 1 && $ipsw_isbeta_needspatch == 1 && $ipsw_prepare_ios4multipart_patch != 1 ]]; then if [[ $ipsw_isbeta == 1 && $ipsw_prepare_ios4multipart_patch != 1 ]] || [[ $ipsw_gasgauge_patch == 1 ]]; then
ipsw_prepare_multipatch ipsw_prepare_multipatch
fi fi
;; ;;
@ -4734,8 +4727,8 @@ ipsw_prepare() {
fi fi
if [[ $ipsw_fourthree == 1 ]]; then if [[ $ipsw_fourthree == 1 ]]; then
ipsw_prepare_fourthree_part2 ipsw_prepare_fourthree_part2
elif [[ $ipsw_isbeta == 1 ]]; then elif [[ $ipsw_isbeta == 1 || $ipsw_gasgauge_patch == 1 ]]; then
: ipsw_prepare_multipatch ipsw_prepare_multipatch
fi fi
;; ;;
@ -5162,6 +5155,7 @@ device_ramdisk() {
"$dir/hfsplus" Ramdisk.raw mv usr/local/bin/restored_external usr/local/bin/restored_external_o "$dir/hfsplus" Ramdisk.raw mv usr/local/bin/restored_external usr/local/bin/restored_external_o
"$dir/hfsplus" Ramdisk.raw add restored_external usr/local/bin/restored_external "$dir/hfsplus" Ramdisk.raw add restored_external usr/local/bin/restored_external
"$dir/hfsplus" Ramdisk.raw chmod 755 usr/local/bin/restored_external "$dir/hfsplus" Ramdisk.raw chmod 755 usr/local/bin/restored_external
"$dir/hfsplus" Ramdisk.raw chown 0:0 usr/local/bin/restored_external
;; ;;
esac esac
"$dir/xpwntool" Ramdisk.raw Ramdisk.dmg -t RestoreRamdisk.dec "$dir/xpwntool" Ramdisk.raw Ramdisk.dmg -t RestoreRamdisk.dec
@ -5562,7 +5556,7 @@ menu_ramdisk() {
local latest="$(curl https://api.github.com/repos/opa334/TrollStore/releases/latest | $jq -r ".tag_name")" local latest="$(curl https://api.github.com/repos/opa334/TrollStore/releases/latest | $jq -r ".tag_name")"
local current="$(cat ../saved/TrollStore_version)" local current="$(cat ../saved/TrollStore_version)"
if [[ $current != "$latest" ]]; then if [[ $current != "$latest" ]]; then
rm ../saved/TrollStore.tar ../saved/PersistenceHelper_Embedded rm -f ../saved/TrollStore.tar ../saved/PersistenceHelper_Embedded
fi fi
if [[ -s ../saved/TrollStore.tar && -s ../saved/PersistenceHelper_Embedded ]]; then if [[ -s ../saved/TrollStore.tar && -s ../saved/PersistenceHelper_Embedded ]]; then
cp ../saved/TrollStore.tar ../saved/PersistenceHelper_Embedded . cp ../saved/TrollStore.tar ../saved/PersistenceHelper_Embedded .
@ -5762,7 +5756,7 @@ menu_print_info() {
fi fi
print "* Platform: $platform ($platform_ver) $live_cdusb_str" print "* Platform: $platform ($platform_ver) $live_cdusb_str"
echo echo
print "* Device: $device_name (${device_type}, ${device_model}ap) in $device_mode mode" print "* Device: $device_name (${device_type} - ${device_model}ap) in $device_mode mode"
device_manufacturing device_manufacturing
if [[ -n $device_disable_bbupdate && $device_type == "iPhone"* ]]; then if [[ -n $device_disable_bbupdate && $device_type == "iPhone"* ]]; then
warn "Disable bbupdate flag detected, baseband update is disabled. Proceed with caution" warn "Disable bbupdate flag detected, baseband update is disabled. Proceed with caution"
@ -5778,6 +5772,12 @@ menu_print_info() {
elif [[ $device_skipibss == 1 ]]; then elif [[ $device_skipibss == 1 ]]; then
warn "Skip iBSS flag detected. Assuming device is in pwned iBSS mode." warn "Skip iBSS flag detected. Assuming device is in pwned iBSS mode."
fi fi
if [[ $ipsw_jailbreak == 1 ]]; then
warn "Jailbreak flag detected. Jailbreak option enabled."
fi
if [[ $ipsw_gasgauge_patch ]]; then
warn "gasgauge-patch flag detected. multipatch enabled."
fi
if [[ -n $device_build ]]; then if [[ -n $device_build ]]; then
print "* iOS Version: $device_vers ($device_build)" print "* iOS Version: $device_vers ($device_build)"
else else
@ -6018,7 +6018,7 @@ menu_ipa() {
if [[ $1 == "Install"* ]]; then if [[ $1 == "Install"* ]]; then
mode="device_ideviceinstaller" mode="device_ideviceinstaller"
else else
mode="device_altserver_linux" mode="device_altserver"
fi fi
;; ;;
"Use Dadoum Sideloader" ) "Use Dadoum Sideloader" )
@ -6041,7 +6041,7 @@ menu_ipa() {
local latest="$(curl https://api.github.com/repos/Dadoum/Sideloader/releases/latest | $jq -r ".tag_name")" local latest="$(curl https://api.github.com/repos/Dadoum/Sideloader/releases/latest | $jq -r ".tag_name")"
local current="$(cat ../saved/Sideloader_version)" local current="$(cat ../saved/Sideloader_version)"
if [[ $current != "$latest" ]]; then if [[ $current != "$latest" ]]; then
rm ../saved/$sideloader rm -f ../saved/$sideloader
fi fi
if [[ ! -e ../saved/$sideloader ]]; then if [[ ! -e ../saved/$sideloader ]]; then
download_file https://github.com/Dadoum/Sideloader/releases/download/$latest/$sideloader.zip $sideloader.zip download_file https://github.com/Dadoum/Sideloader/releases/download/$latest/$sideloader.zip $sideloader.zip
@ -7106,121 +7106,31 @@ menu_shshdump_browse() {
shsh_path="$newpath" shsh_path="$newpath"
} }
menu_other() { menu_flags() {
local menu_items local menu_items
local selected local selected
local back local back
ipsw_path=
while [[ -z "$mode" && -z "$back" ]]; do while [[ -z "$mode" && -z "$back" ]]; do
menu_items=() menu_items=()
if [[ $device_mode != "none" && $device_proc != 1 ]]; then case $device_type in
if (( device_proc < 7 )); then iPhone[45]* | iPad2,[67] | iPad3,[56] ) menu_items+=("Enable disable-bbupdate flag");;
if [[ $device_mode == "Normal" ]]; then esac
menu_items+=("Enter kDFU Mode") if [[ $device_proc != 1 ]]; then
case $device_proc in menu_items+=("Enable activation-records flag")
6 ) menu_items+=("Send Pwned iBSS");;
4 ) menu_items+=("Enter pwnDFU Mode");;
esac
else
case $device_proc in
[56] ) menu_items+=("Send Pwned iBSS");;
* ) menu_items+=("Enter pwnDFU Mode");;
esac
menu_items+=("Get iOS Version")
fi
menu_items+=("Clear NVRAM")
case $device_type in
iPhone* | iPad2,[67] | iPad3,[56] ) menu_items+=("Dump Baseband");;
esac
if [[ $device_mode != "Normal" ]]; then
menu_items+=("Activation Records")
fi
if [[ $device_type != "iPod2,1" ]]; then
menu_items+=("Just Boot")
fi
elif (( device_proc <= 10 )); then
menu_items+=("Enter pwnDFU Mode")
fi
if [[ $device_mode == "Normal" ]]; then
menu_items+=("Activation Records")
fi
case $device_type in
iPhone3,[13] | iPhone[45]* | iPad1,1 | iPad2,4 | iPod[35],1 ) menu_items+=("Disable/Enable Exploit");;
iPhone2,1 ) menu_items+=("Install alloc8 Exploit");;
esac
if (( device_proc < 11 )) && [[ $device_latest_vers != "16"* ]]; then
menu_items+=("SSH Ramdisk")
fi
fi fi
if [[ $device_mode != "none" ]]; then if (( device_proc >= 5 )); then
case $device_mode in menu_items+=("Enable skip-ibss flag")
"Normal" )
menu_items+=("Attempt Activation")
case $device_vers in
3.1* | [456]* )
case $device_type in
iPhone1* )
case $device_vers in
3.1.3 | 4.[12]* ) menu_items+=("Hacktivate Device" "Revert Hacktivation");;
esac
;;
iPhone[23],1 ) menu_items+=("Hacktivate Device" "Revert Hacktivation");;
esac
;;
esac
menu_items+=("Pair Device" "Shutdown Device" "Restart Device" "Enter Recovery Mode" "Connect to SSH")
;;
"Recovery" ) menu_items+=("Exit Recovery Mode");;
esac
if [[ $device_mode != "DFU" ]]; then
menu_items+=("DFU Mode Helper")
fi
fi fi
if (( device_proc < 7 )); then menu_items+=("Enable jailbreak flag" "Enable gasgauge-patch flag" "Go Back")
menu_items+=("Create Custom IPSW")
case $device_type in
iPhone[45]* | iPad2,[67] | iPad3,[56] ) menu_items+=("Enable disable-bbupdate flag");;
esac
if [[ $device_proc != 1 ]]; then
menu_items+=("Enable activation-records flag")
fi
if (( device_proc >= 5 )); then
menu_items+=("Enable skip-ibss flag")
fi
menu_items+=("Enable jailbreak flag")
fi
menu_items+=("(Re-)Install Dependencies" "Go Back")
menu_print_info menu_print_info
print " > Main Menu > Other Utilities" print " > Main Menu > Other Utilities > Enable Flags"
input "Select an option:" input "Select an option:"
select opt in "${menu_items[@]}"; do select opt in "${menu_items[@]}"; do
selected="$opt" selected="$opt"
break break
done done
case $selected in case $selected in
"Hacktivate Device" ) mode="device_hacktivate";;
"Revert Hacktivation" ) mode="device_reverthacktivate";;
"Create Custom IPSW" ) menu_restore ipsw;;
"Enter kDFU Mode" ) mode="kdfu";;
"Disable/Enable Exploit" ) menu_remove4;;
"SSH Ramdisk" ) mode="device_enter_ramdisk";;
"Clear NVRAM" ) mode="ramdisknvram";;
"Send Pwned iBSS" | "Enter pwnDFU Mode" ) mode="pwned-ibss";;
"(Re-)Install Dependencies" ) install_depends;;
"Attempt Activation" ) mode="device_activate";;
"Install alloc8 Exploit" ) mode="device_alloc8";;
"Dump Baseband" ) mode="baseband";;
"Activation Records" ) mode="actrec";;
"Enter Recovery Mode" ) mode="enterrecovery";;
"Exit Recovery Mode" ) mode="exitrecovery";;
"DFU Mode Helper" ) mode="enterdfu";;
"Just Boot" ) mode="device_justboot";;
"Get iOS Version" ) mode="getversion";;
"Shutdown Device" ) mode="shutdown";;
"Restart Device" ) mode="restart";;
"Connect to SSH" ) mode="device_ssh";;
"Pair Device" ) device_pair;;
"Enable disable-bbupdate flag" ) "Enable disable-bbupdate flag" )
warn "This will enable the --disable-bbupdate flag." warn "This will enable the --disable-bbupdate flag."
print "* This will disable baseband update for custom IPSWs." print "* This will disable baseband update for custom IPSWs."
@ -7270,6 +7180,144 @@ menu_other() {
back=1 back=1
fi fi
;; ;;
"Enable gasgauge-patch flag" )
warn "This will enable the --gasgauge-patch flag."
print "* This will enable \"multipatch\" for the custom IPSW."
print "* This is especially useful for iPhone 4S devices that have issues restoring due to battery replacement."
print "* This issue is called \"gas gauge\" error, also known as error 29 in iTunes."
print "* By enabling this, firmware components for 6.1.3 or lower will be used for restoring to get past the error."
local opt
read -p "$(input 'Do you want to enable the gasgauge-patch flag? (y/N): ')" opt
if [[ $opt == 'y' || $opt == 'Y' ]]; then
ipsw_gasgauge_patch=1
back=1
fi
;;
"Go Back" ) back=1;;
esac
done
}
menu_power() {
local menu_items
local selected
local back
while [[ -z "$mode" && -z "$back" ]]; do
menu_items=("Shutdown Device" "Restart Device" "Enter Recovery Mode" "Go Back")
menu_print_info
print " > Main Menu > Other Utilities > Power Options"
input "Select an option:"
select opt in "${menu_items[@]}"; do
selected="$opt"
break
done
case $selected in
"Shutdown Device" ) mode="shutdown";;
"Restart Device" ) mode="restart";;
"Enter Recovery Mode" ) mode="enterrecovery";;
"Go Back" ) back=1;;
esac
done
}
menu_other() {
local menu_items
local selected
local back
while [[ -z "$mode" && -z "$back" ]]; do
menu_items=()
if [[ $device_mode != "none" && $device_proc != 1 ]] && (( device_proc < 7 )); then
case $device_mode in
"Normal" ) menu_items+=("Enter kDFU Mode");;
* ) menu_items+=("Get iOS Version");;
esac
case $device_proc in
[56] ) menu_items+=("Send Pwned iBSS");;
* ) menu_items+=("Enter pwnDFU Mode");;
esac
menu_items+=("Clear NVRAM" "Activation Records")
case $device_type in
iPhone* | iPad2,[67] | iPad3,[56] ) menu_items+=("Dump Baseband");;
esac
if [[ $device_type != "iPod2,1" ]]; then
menu_items+=("Just Boot")
fi
case $device_type in
iPhone3,[13] | iPhone[45]* | iPad1,1 | iPad2,4 | iPod[35],1 ) menu_items+=("Disable/Enable Exploit");;
iPhone2,1 ) menu_items+=("Install alloc8 Exploit");;
esac
fi
if [[ $device_mode != "none" ]]; then
if (( device_proc >= 7 )) && (( device_proc <= 10 )); then
menu_items+=("Enter pwnDFU Mode")
if [[ $device_mode == "Normal" ]]; then
menu_items+=("Activation Records")
fi
fi
if (( device_proc <= 10 )) && [[ $device_latest_vers != "16"* ]]; then
menu_items+=("SSH Ramdisk")
fi
case $device_mode in
"Normal" )
menu_items+=("Attempt Activation")
case $device_vers in
3.1* | [456]* )
case $device_type in
iPhone1* )
case $device_vers in
3.1.3 | 4.[12]* ) menu_items+=("Hacktivate Device" "Revert Hacktivation");;
esac
;;
iPhone[23],1 ) menu_items+=("Hacktivate Device" "Revert Hacktivation");;
esac
;;
esac
menu_items+=("Pair Device" "Connect to SSH" "Power Options")
;;
"Recovery" ) menu_items+=("Exit Recovery Mode");;
esac
if [[ $device_mode != "DFU" ]]; then
menu_items+=("DFU Mode Helper")
fi
fi
if (( device_proc < 7 )); then
menu_items+=("Create Custom IPSW")
if [[ $device_proc != 1 ]]; then
menu_items+=("Enable Flags")
fi
fi
menu_items+=("(Re-)Install Dependencies" "Go Back")
menu_print_info
print " > Main Menu > Other Utilities"
input "Select an option:"
select opt in "${menu_items[@]}"; do
selected="$opt"
break
done
case $selected in
"Hacktivate Device" ) mode="device_hacktivate";;
"Revert Hacktivation" ) mode="device_reverthacktivate";;
"Create Custom IPSW" ) menu_restore ipsw;;
"Enter kDFU Mode" ) mode="kdfu";;
"Disable/Enable Exploit" ) menu_remove4;;
"SSH Ramdisk" ) mode="device_enter_ramdisk";;
"Clear NVRAM" ) mode="ramdisknvram";;
"Send Pwned iBSS" | "Enter pwnDFU Mode" ) mode="pwned-ibss";;
"(Re-)Install Dependencies" ) install_depends;;
"Attempt Activation" ) mode="device_activate";;
"Install alloc8 Exploit" ) mode="device_alloc8";;
"Dump Baseband" ) mode="baseband";;
"Activation Records" ) mode="actrec";;
"Exit Recovery Mode" ) mode="exitrecovery";;
"DFU Mode Helper" ) mode="enterdfu";;
"Just Boot" ) mode="device_justboot";;
"Get iOS Version" ) mode="getversion";;
"Connect to SSH" ) mode="device_ssh";;
"Pair Device" ) device_pair;;
"Power Options" ) menu_power;;
"Enable Flags" ) menu_flags;;
"Go Back" ) back=1;; "Go Back" ) back=1;;
esac esac
done done
@ -7288,6 +7336,7 @@ device_pair() {
device_ssh() { device_ssh() {
print "* Note: This is for connecting via SSH to devices that are already jailbroken and have OpenSSH installed." print "* Note: This is for connecting via SSH to devices that are already jailbroken and have OpenSSH installed."
print "* If this is not what you want, you might be looking for the \"SSH Ramdisk\" option instead." print "* If this is not what you want, you might be looking for the \"SSH Ramdisk\" option instead."
echo
device_ssh_message device_ssh_message
device_iproxy device_iproxy
device_sshpass device_sshpass
@ -7616,9 +7665,11 @@ device_hacktivate() {
fi fi
fi fi
local patch="../resources/firmware/FirmwareBundles/Down_${type}_${device_vers}_${build}.bundle/lockdownd.patch" local patch="../resources/firmware/FirmwareBundles/Down_${type}_${device_vers}_${build}.bundle/lockdownd.patch"
print "* Make sure that your device is restored with the jailbreak option enabled." print "* Note: This is for hacktivating devices that are already restored, jailbroken, and have OpenSSH installed."
print "* Or jailbroken using Legacy iOS Kit's \"Jailbreak Device\" option." print "* If this is not what you want, you might be looking for the \"Restore/Downgrade\" option instead."
print "* This will use SSH to patch lockdownd on your device for hacktivation." print "* From there, enable both \"Jailbreak Option\" and \"Hacktivate Option.\""
echo
print "* Hacktivate Device: This will use SSH to patch lockdownd on your device."
print "* Hacktivation is for iOS versions 3.1 to 6.1.6." print "* Hacktivation is for iOS versions 3.1 to 6.1.6."
pause pause
device_iproxy device_iproxy
@ -7664,7 +7715,7 @@ restore_customipsw() {
fi fi
fi fi
if [[ $platform == "macos" ]] && [[ $device_type == "iPod2,1" || $device_proc == 1 ]]; then if [[ $platform == "macos" ]] && [[ $device_type == "iPod2,1" || $device_proc == 1 ]]; then
warn "Restoring to 2.x might not work on newer macOS versions." warn "Restoring to 2.x might not work on newer macOS versions. Try installing usbmuxd from Homebrew or MacPorts"
fi fi
if [[ $device_proc == 1 ]]; then if [[ $device_proc == 1 ]]; then
echo echo
@ -7780,25 +7831,32 @@ device_ideviceinstaller() {
done done
} }
device_altserver_linux() { device_altserver() {
local altserver="../saved/anisette-server-$platform" local altserver="../saved/anisette-server-$platform"
local anisette="../saved/AltServer-$platform" local anisette="../saved/AltServer-$platform"
local arch="$platform_arch" local arch="$platform_arch"
case $arch in
"armhf" ) arch="armv7";;
"arm64" ) arch="aarch64";;
esac
if [[ $platform == "linux" ]]; then if [[ $platform == "linux" ]]; then
altserver+="_$arch" case $arch in
anisette+="_$arch" "armhf" ) arch="armv7";;
"arm64" ) arch="aarch64";;
esac
fi fi
altserver+="_$arch"
anisette+="_$arch"
if [[ ! -e $altserver ]]; then if [[ ! -e $altserver ]]; then
download_file https://github.com/NyaMisty/AltServer-Linux/releases/download/v0.0.5/AltServer-$arch AltServer-$arch download_file https://github.com/NyaMisty/AltServer-Linux/releases/download/v0.0.5/AltServer-$arch AltServer-$arch
mv AltServer-$arch $altserver mv AltServer-$arch $altserver
fi fi
log "Checking for latest anisette-server"
local latest="$(curl https://api.github.com/repos/LukeZGD/Provision/releases/latest | $jq -r ".tag_name")"
local current="$(cat ../saved/anisette-server_version)"
if [[ $current != "$latest" ]]; then
rm -f ../saved/anisette-server-$arch
fi
if [[ ! -e $anisette ]]; then if [[ ! -e $anisette ]]; then
download_file https://github.com/Dadoum/Provision/releases/download/2.2.0/anisette-server-$arch anisette-server-$arch download_file https://github.com/LukeZGD/Provision/releases/download/$latest/anisette-server-$arch anisette-server-$arch
mv anisette-server-$arch $anisette mv anisette-server-$arch $anisette
echo "$latest" > ../saved/anisette-server_version
fi fi
chmod +x $altserver $anisette chmod +x $altserver $anisette
log "Running Anisette" log "Running Anisette"
@ -7811,7 +7869,7 @@ device_altserver_linux() {
sleep 1 sleep 1
done done
export ALTSERVER_ANISETTE_SERVER=http://127.0.0.1:6969 export ALTSERVER_ANISETTE_SERVER=http://127.0.0.1:6969
altserver_linux="env ALTSERVER_ANISETTE_SERVER=$ALTSERVER_ANISETTE_SERVER $altserver" altserver="env ALTSERVER_ANISETTE_SERVER=$ALTSERVER_ANISETTE_SERVER $altserver"
device_pair device_pair
log "Enter Apple ID details to continue." log "Enter Apple ID details to continue."
print "* Your Apple ID and password will only be sent to Apple servers." print "* Your Apple ID and password will only be sent to Apple servers."
@ -7826,7 +7884,7 @@ device_altserver_linux() {
echo echo
log "Running AltServer-Linux with given Apple ID details..." log "Running AltServer-Linux with given Apple ID details..."
pushd ../saved >/dev/null pushd ../saved >/dev/null
$altserver_linux -u $device_udid -a "$apple_id" -p "$apple_pass" "$ipa_path" $altserver -u $device_udid -a "$apple_id" -p "$apple_pass" "$ipa_path"
popd >/dev/null popd >/dev/null
} }
@ -8094,6 +8152,7 @@ for i in "$@"; do
"--ipsw-hacktivate" ) ipsw_hacktivate=1;; "--ipsw-hacktivate" ) ipsw_hacktivate=1;;
"--skip-ibss" ) device_skipibss=1;; "--skip-ibss" ) device_skipibss=1;;
"--pwned-recovery" ) device_pwnrec=1;; "--pwned-recovery" ) device_pwnrec=1;;
"--gasgauge-patch" ) ipsw_gasgauge_patch=1;;
esac esac
done done