Mirrors/Legacy-iOS-Kit
2
0
Fork 0
mirror of https://github.com/LukeZGD/Legacy-iOS-Kit.git synced 2025-02-18 17:36:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

64-bit onboard blob dump

Browse Source 
just some deverser thing here (again, might as well with img4tool)
This commit is contained in:
LukeZGD 2024-01-20 01:11:26 +08:00
parent f68bc7bd23
commit 9df34f0e35
1 changed files with 60 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

83
restore.sh
View File

@ -937,6 +937,13 @@ device_sshpass() {
ssh="$dir/sshpass -p $pass $ssh2" ssh="$dir/sshpass -p $pass $ssh2"
} }
device_iproxy() {
log "Running iproxy for SSH..."
$iproxy 2222 22 >/dev/null &
iproxy_pid=$!
sleep 1
}
device_find_all() { device_find_all() {
# find device stuff from palera1n legacy # find device stuff from palera1n legacy
local opt local opt
@ -1081,10 +1088,7 @@ device_enter_mode() {
fi fi
patch_ibss patch_ibss
log "Running iproxy for SSH..." device_iproxy
$iproxy 2222 22 >/dev/null &
iproxy_pid=$!
sleep 1
log "Please read the message below:" log "Please read the message below:"
print "* Follow these instructions to enter kDFU mode." print "* Follow these instructions to enter kDFU mode."
@ -3788,10 +3792,7 @@ device_ramdisk64() {
$irecovery -f $ramdisk_path/Kernelcache.img4 $irecovery -f $ramdisk_path/Kernelcache.img4
$irecovery -c bootx $irecovery -c bootx
log "Running iproxy for SSH..." device_iproxy
$iproxy 2222 22 >/dev/null &
iproxy_pid=$!
sleep 1
device_sshpass alpine device_sshpass alpine
print "* Booted SSH ramdisk is based on: https://github.com/verygenericname/SSHRD_Script" print "* Booted SSH ramdisk is based on: https://github.com/verygenericname/SSHRD_Script"
@ -4020,10 +4021,7 @@ device_ramdisk() {
device_find_mode Restore 25 device_find_mode Restore 25
fi fi
log "Running iproxy for SSH..." device_iproxy
$iproxy 2222 22 >/dev/null &
iproxy_pid=$!
sleep 1
device_sshpass alpine device_sshpass alpine
case $mode in case $mode in
@ -4259,7 +4257,7 @@ menu_ramdisk() {
"reboot" ) $ssh -p 2222 root@127.0.0.1 "$reboot"; loop=1;; "reboot" ) $ssh -p 2222 root@127.0.0.1 "$reboot"; loop=1;;
"exit" ) loop=1;; "exit" ) loop=1;;
"dump-blobs" ) "dump-blobs" )
shsh="../saved/shsh/$device_type-$(date +%Y-%m-%d-%H%M).shsh2" local shsh="../saved/shsh/$device_ecid-$device_type-$(date +%Y-%m-%d-%H%M).shsh2"
$ssh -p 2222 root@127.0.0.1 "cat /dev/rdisk1" | dd of=dump.raw bs=256 count=$((0x4000)) $ssh -p 2222 root@127.0.0.1 "cat /dev/rdisk1" | dd of=dump.raw bs=256 count=$((0x4000))
"$dir/img4tool" --convert -s $shsh dump.raw "$dir/img4tool" --convert -s $shsh dump.raw
log "Onboard blobs should be dumped to $shsh" log "Onboard blobs should be dumped to $shsh"
@ -4270,8 +4268,35 @@ menu_ramdisk() {
done done
} }
shsh_save_onboard64() {
log "Proceeding to dump onboard blobs on normal mode"
print "* There are other ways for dumping onboard blobs for 64-bit devices as listed below:"
print "* For A7 devices, you can use SSH Ramdisk to dump onboard blobs: Other Utilities -> SSH Ramdisk"
print "* For A8 devices and newer, use SSHRD_Script: https://github.com/verygenericname/SSHRD_Script"
if [[ $device_mode != "Normal" ]]; then
warn "Device must be in normal mode and jailbroken, cannot continue."
return
fi
print "* Make sure to have OpenSSH and Core Utilities installed on your iOS device."
print "* Only proceed if you have these requirements installed using Cydia/Zebra/Sileo."
print "* You will be prompted to enter the root password of your iOS device."
print "* The default root password is: alpine"
device_iproxy
device_sshpass
local shsh="../saved/shsh/$device_ecid-$device_type-$device_vers-$device_build.shsh2"
$ssh -p 2222 root@127.0.0.1 "cat /dev/disk1" | dd of=dump.raw bs=256 count=$((0x4000))
"$dir/img4tool" --convert -s $shsh dump.raw
if [[ ! -s $shsh ]]; then
error "Saving onboard SHSH blobs failed."
fi
log "Successfully saved $device_vers blobs: $shsh"
}
shsh_save_onboard() { shsh_save_onboard() {
if [[ $device_proc == 4 ]] || [[ $device_proc == 6 && $platform == "macos" ]]; then if (( device_proc >= 7 )); then
shsh_save_onboard64
return
elif [[ $device_proc == 4 ]] || [[ $device_proc == 6 && $platform == "macos" ]]; then
device_buttons device_buttons
else else
device_enter_mode kDFU device_enter_mode kDFU
@ -4298,8 +4323,9 @@ shsh_save_onboard() {
if [[ ! -s myblob.shsh ]]; then if [[ ! -s myblob.shsh ]]; then
error "Saving onboard SHSH blobs failed." error "Saving onboard SHSH blobs failed."
fi fi
mv myblob.shsh ../saved/shsh/$device_ecid-$device_type-$device_target_vers.shsh local shsh="../saved/shsh/$device_ecid-$device_type-$device_target_vers-$device_target_build.shsh"
log "Successfully saved $device_target_vers blobs: saved/shsh/$device_ecid-$device_type-$device_target_vers.shsh" mv myblob.shsh $shsh
log "Successfully saved $device_target_vers blobs: $shsh"
} }
shsh_save_cydia() { shsh_save_cydia() {
@ -4390,7 +4416,7 @@ menu_main() {
menu_items+=("Jailbreak Device") menu_items+=("Jailbreak Device")
fi fi
fi fi
if (( device_proc < 8 )) && [[ $device_proc != 1 ]]; then if [[ $device_proc != 1 ]]; then
menu_items+=("Save SHSH Blobs") menu_items+=("Save SHSH Blobs")
fi fi
if [[ $device_mode == "Normal" ]]; then if [[ $device_mode == "Normal" ]]; then
@ -4489,10 +4515,10 @@ menu_shsh() {
iPad2,[123] | iPhone4,1 ) iPad2,[123] | iPhone4,1 )
menu_items+=("iOS 6.1.3");; menu_items+=("iOS 6.1.3");;
esac esac
if (( device_proc < 7 )); then
if [[ $device_mode != "none" ]]; then if [[ $device_mode != "none" ]]; then
menu_items+=("Onboard Blobs") menu_items+=("Onboard Blobs")
fi fi
if (( device_proc < 7 )); then
menu_items+=("Cydia Blobs") menu_items+=("Cydia Blobs")
fi fi
menu_items+=("Go Back") menu_items+=("Go Back")
@ -4537,6 +4563,9 @@ menu_shsh_onboard() {
local back local back
ipsw_path= ipsw_path=
if (( device_proc >= 7 )); then
mode="save-onboard-blobs"
fi
while [[ -z "$mode" && -z "$back" ]]; do while [[ -z "$mode" && -z "$back" ]]; do
menu_items=("Select IPSW") menu_items=("Select IPSW")
menu_print_info menu_print_info
@ -5219,17 +5248,19 @@ menu_other() {
esac esac
menu_items+=("Get iOS Version") menu_items+=("Get iOS Version")
fi fi
if [[ $device_type == "iPhone"* ]]; then if [[ $device_type == "iPhone"* && $device_mode == "Normal" ]]; then
menu_items+=("Dump Baseband") menu_items+=("Dump Baseband")
fi fi
menu_items+=("Clear NVRAM") menu_items+=("Clear NVRAM" "Activation Records")
if [[ $device_type != "iPod2,1" ]]; then if [[ $device_type != "iPod2,1" ]]; then
menu_items+=("Just Boot") menu_items+=("Just Boot")
fi fi
else else
menu_items+=("Enter pwnDFU Mode") menu_items+=("Enter pwnDFU Mode")
fi fi
if [[ $device_mode == "Normal" ]]; then
menu_items+=("Activation Records") menu_items+=("Activation Records")
fi
case $device_type in case $device_type in
iPhone3,[13] | iPad1,1 | iPod3,1 ) menu_items+=("Disable/Enable Exploit");; iPhone3,[13] | iPad1,1 | iPod3,1 ) menu_items+=("Disable/Enable Exploit");;
iPhone2,1 ) menu_items+=("Install alloc8 Exploit");; iPhone2,1 ) menu_items+=("Install alloc8 Exploit");;
@ -5412,10 +5443,7 @@ device_dump() {
print "* Only proceed if you have these requirements installed using Cydia/Zebra." print "* Only proceed if you have these requirements installed using Cydia/Zebra."
print "* You will be prompted to enter the root password of your iOS device." print "* You will be prompted to enter the root password of your iOS device."
print "* The default root password is: alpine" print "* The default root password is: alpine"
log "Running iproxy for SSH..." device_iproxy
$iproxy 2222 22 >/dev/null &
iproxy_pid=$!
sleep 1
device_sshpass device_sshpass
log "Creating $arg.tar" log "Creating $arg.tar"
if [[ $arg == "activation" ]]; then if [[ $arg == "activation" ]]; then
@ -5476,10 +5504,7 @@ device_hacktivate() {
print "* This will use SSH to patch lockdownd on your device for hacktivation." print "* This will use SSH to patch lockdownd on your device for hacktivation."
print "* Hacktivation is for iOS versions 3.1 to 6.1.6." print "* Hacktivation is for iOS versions 3.1 to 6.1.6."
pause pause
log "Running iproxy for SSH..." device_iproxy
$iproxy 2222 22 >/dev/null &
iproxy_pid=$!
sleep 1
device_sshpass device_sshpass
log "Getting lockdownd" log "Getting lockdownd"
$scp -P 2222 root@127.0.0.1:/usr/libexec/lockdownd . $scp -P 2222 root@127.0.0.1:/usr/libexec/lockdownd .
@ -5732,8 +5757,10 @@ main() {
"actrec" ) "actrec" )
device_dump activation device_dump activation
log "Activation records dumping is done" log "Activation records dumping is done"
if (( device_proc < 7 )); then
print "* To stitch records to IPSW, run Legacy iOS Kit with --activation-records argument:" print "* To stitch records to IPSW, run Legacy iOS Kit with --activation-records argument:"
print " > ./restore.sh --activation-records" print " > ./restore.sh --activation-records"
fi
;; ;;
"save-ota-blobs" ) shsh_save;; "save-ota-blobs" ) shsh_save;;
"kdfu" ) device_enter_mode kDFU;; "kdfu" ) device_enter_mode kDFU;;