mirror of
https://github.com/LukeZGD/Legacy-iOS-Kit.git
synced 2024-12-28 17:21:48 +01:00
64-bit onboard blob dump
just some deverser thing here (again, might as well with img4tool)
This commit is contained in:
parent
f68bc7bd23
commit
9df34f0e35
93
restore.sh
93
restore.sh
@ -937,6 +937,13 @@ device_sshpass() {
|
||||
ssh="$dir/sshpass -p $pass $ssh2"
|
||||
}
|
||||
|
||||
device_iproxy() {
|
||||
log "Running iproxy for SSH..."
|
||||
$iproxy 2222 22 >/dev/null &
|
||||
iproxy_pid=$!
|
||||
sleep 1
|
||||
}
|
||||
|
||||
device_find_all() {
|
||||
# find device stuff from palera1n legacy
|
||||
local opt
|
||||
@ -1081,10 +1088,7 @@ device_enter_mode() {
|
||||
fi
|
||||
|
||||
patch_ibss
|
||||
log "Running iproxy for SSH..."
|
||||
$iproxy 2222 22 >/dev/null &
|
||||
iproxy_pid=$!
|
||||
sleep 1
|
||||
device_iproxy
|
||||
|
||||
log "Please read the message below:"
|
||||
print "* Follow these instructions to enter kDFU mode."
|
||||
@ -3788,10 +3792,7 @@ device_ramdisk64() {
|
||||
$irecovery -f $ramdisk_path/Kernelcache.img4
|
||||
$irecovery -c bootx
|
||||
|
||||
log "Running iproxy for SSH..."
|
||||
$iproxy 2222 22 >/dev/null &
|
||||
iproxy_pid=$!
|
||||
sleep 1
|
||||
device_iproxy
|
||||
device_sshpass alpine
|
||||
|
||||
print "* Booted SSH ramdisk is based on: https://github.com/verygenericname/SSHRD_Script"
|
||||
@ -4020,10 +4021,7 @@ device_ramdisk() {
|
||||
device_find_mode Restore 25
|
||||
fi
|
||||
|
||||
log "Running iproxy for SSH..."
|
||||
$iproxy 2222 22 >/dev/null &
|
||||
iproxy_pid=$!
|
||||
sleep 1
|
||||
device_iproxy
|
||||
device_sshpass alpine
|
||||
|
||||
case $mode in
|
||||
@ -4259,7 +4257,7 @@ menu_ramdisk() {
|
||||
"reboot" ) $ssh -p 2222 root@127.0.0.1 "$reboot"; loop=1;;
|
||||
"exit" ) loop=1;;
|
||||
"dump-blobs" )
|
||||
shsh="../saved/shsh/$device_type-$(date +%Y-%m-%d-%H%M).shsh2"
|
||||
local shsh="../saved/shsh/$device_ecid-$device_type-$(date +%Y-%m-%d-%H%M).shsh2"
|
||||
$ssh -p 2222 root@127.0.0.1 "cat /dev/rdisk1" | dd of=dump.raw bs=256 count=$((0x4000))
|
||||
"$dir/img4tool" --convert -s $shsh dump.raw
|
||||
log "Onboard blobs should be dumped to $shsh"
|
||||
@ -4270,8 +4268,35 @@ menu_ramdisk() {
|
||||
done
|
||||
}
|
||||
|
||||
shsh_save_onboard64() {
|
||||
log "Proceeding to dump onboard blobs on normal mode"
|
||||
print "* There are other ways for dumping onboard blobs for 64-bit devices as listed below:"
|
||||
print "* For A7 devices, you can use SSH Ramdisk to dump onboard blobs: Other Utilities -> SSH Ramdisk"
|
||||
print "* For A8 devices and newer, use SSHRD_Script: https://github.com/verygenericname/SSHRD_Script"
|
||||
if [[ $device_mode != "Normal" ]]; then
|
||||
warn "Device must be in normal mode and jailbroken, cannot continue."
|
||||
return
|
||||
fi
|
||||
print "* Make sure to have OpenSSH and Core Utilities installed on your iOS device."
|
||||
print "* Only proceed if you have these requirements installed using Cydia/Zebra/Sileo."
|
||||
print "* You will be prompted to enter the root password of your iOS device."
|
||||
print "* The default root password is: alpine"
|
||||
device_iproxy
|
||||
device_sshpass
|
||||
local shsh="../saved/shsh/$device_ecid-$device_type-$device_vers-$device_build.shsh2"
|
||||
$ssh -p 2222 root@127.0.0.1 "cat /dev/disk1" | dd of=dump.raw bs=256 count=$((0x4000))
|
||||
"$dir/img4tool" --convert -s $shsh dump.raw
|
||||
if [[ ! -s $shsh ]]; then
|
||||
error "Saving onboard SHSH blobs failed."
|
||||
fi
|
||||
log "Successfully saved $device_vers blobs: $shsh"
|
||||
}
|
||||
|
||||
shsh_save_onboard() {
|
||||
if [[ $device_proc == 4 ]] || [[ $device_proc == 6 && $platform == "macos" ]]; then
|
||||
if (( device_proc >= 7 )); then
|
||||
shsh_save_onboard64
|
||||
return
|
||||
elif [[ $device_proc == 4 ]] || [[ $device_proc == 6 && $platform == "macos" ]]; then
|
||||
device_buttons
|
||||
else
|
||||
device_enter_mode kDFU
|
||||
@ -4298,8 +4323,9 @@ shsh_save_onboard() {
|
||||
if [[ ! -s myblob.shsh ]]; then
|
||||
error "Saving onboard SHSH blobs failed."
|
||||
fi
|
||||
mv myblob.shsh ../saved/shsh/$device_ecid-$device_type-$device_target_vers.shsh
|
||||
log "Successfully saved $device_target_vers blobs: saved/shsh/$device_ecid-$device_type-$device_target_vers.shsh"
|
||||
local shsh="../saved/shsh/$device_ecid-$device_type-$device_target_vers-$device_target_build.shsh"
|
||||
mv myblob.shsh $shsh
|
||||
log "Successfully saved $device_target_vers blobs: $shsh"
|
||||
}
|
||||
|
||||
shsh_save_cydia() {
|
||||
@ -4390,7 +4416,7 @@ menu_main() {
|
||||
menu_items+=("Jailbreak Device")
|
||||
fi
|
||||
fi
|
||||
if (( device_proc < 8 )) && [[ $device_proc != 1 ]]; then
|
||||
if [[ $device_proc != 1 ]]; then
|
||||
menu_items+=("Save SHSH Blobs")
|
||||
fi
|
||||
if [[ $device_mode == "Normal" ]]; then
|
||||
@ -4489,10 +4515,10 @@ menu_shsh() {
|
||||
iPad2,[123] | iPhone4,1 )
|
||||
menu_items+=("iOS 6.1.3");;
|
||||
esac
|
||||
if [[ $device_mode != "none" ]]; then
|
||||
menu_items+=("Onboard Blobs")
|
||||
fi
|
||||
if (( device_proc < 7 )); then
|
||||
if [[ $device_mode != "none" ]]; then
|
||||
menu_items+=("Onboard Blobs")
|
||||
fi
|
||||
menu_items+=("Cydia Blobs")
|
||||
fi
|
||||
menu_items+=("Go Back")
|
||||
@ -4537,6 +4563,9 @@ menu_shsh_onboard() {
|
||||
local back
|
||||
|
||||
ipsw_path=
|
||||
if (( device_proc >= 7 )); then
|
||||
mode="save-onboard-blobs"
|
||||
fi
|
||||
while [[ -z "$mode" && -z "$back" ]]; do
|
||||
menu_items=("Select IPSW")
|
||||
menu_print_info
|
||||
@ -5219,17 +5248,19 @@ menu_other() {
|
||||
esac
|
||||
menu_items+=("Get iOS Version")
|
||||
fi
|
||||
if [[ $device_type == "iPhone"* ]]; then
|
||||
if [[ $device_type == "iPhone"* && $device_mode == "Normal" ]]; then
|
||||
menu_items+=("Dump Baseband")
|
||||
fi
|
||||
menu_items+=("Clear NVRAM")
|
||||
menu_items+=("Clear NVRAM" "Activation Records")
|
||||
if [[ $device_type != "iPod2,1" ]]; then
|
||||
menu_items+=("Just Boot")
|
||||
fi
|
||||
else
|
||||
menu_items+=("Enter pwnDFU Mode")
|
||||
fi
|
||||
menu_items+=("Activation Records")
|
||||
if [[ $device_mode == "Normal" ]]; then
|
||||
menu_items+=("Activation Records")
|
||||
fi
|
||||
case $device_type in
|
||||
iPhone3,[13] | iPad1,1 | iPod3,1 ) menu_items+=("Disable/Enable Exploit");;
|
||||
iPhone2,1 ) menu_items+=("Install alloc8 Exploit");;
|
||||
@ -5412,10 +5443,7 @@ device_dump() {
|
||||
print "* Only proceed if you have these requirements installed using Cydia/Zebra."
|
||||
print "* You will be prompted to enter the root password of your iOS device."
|
||||
print "* The default root password is: alpine"
|
||||
log "Running iproxy for SSH..."
|
||||
$iproxy 2222 22 >/dev/null &
|
||||
iproxy_pid=$!
|
||||
sleep 1
|
||||
device_iproxy
|
||||
device_sshpass
|
||||
log "Creating $arg.tar"
|
||||
if [[ $arg == "activation" ]]; then
|
||||
@ -5476,10 +5504,7 @@ device_hacktivate() {
|
||||
print "* This will use SSH to patch lockdownd on your device for hacktivation."
|
||||
print "* Hacktivation is for iOS versions 3.1 to 6.1.6."
|
||||
pause
|
||||
log "Running iproxy for SSH..."
|
||||
$iproxy 2222 22 >/dev/null &
|
||||
iproxy_pid=$!
|
||||
sleep 1
|
||||
device_iproxy
|
||||
device_sshpass
|
||||
log "Getting lockdownd"
|
||||
$scp -P 2222 root@127.0.0.1:/usr/libexec/lockdownd .
|
||||
@ -5732,8 +5757,10 @@ main() {
|
||||
"actrec" )
|
||||
device_dump activation
|
||||
log "Activation records dumping is done"
|
||||
print "* To stitch records to IPSW, run Legacy iOS Kit with --activation-records argument:"
|
||||
print " > ./restore.sh --activation-records"
|
||||
if (( device_proc < 7 )); then
|
||||
print "* To stitch records to IPSW, run Legacy iOS Kit with --activation-records argument:"
|
||||
print " > ./restore.sh --activation-records"
|
||||
fi
|
||||
;;
|
||||
"save-ota-blobs" ) shsh_save;;
|
||||
"kdfu" ) device_enter_mode kDFU;;
|
||||
|
Loading…
Reference in New Issue
Block a user