Add support for 3GS hacktivation IPSWs

This commit is contained in:
LukeZGD 2023-08-15 19:09:04 +08:00
parent 61142fd14e
commit a363e68a57
11 changed files with 53 additions and 7 deletions

View File

@ -29,6 +29,7 @@
- Device activation using ideviceactivation
- Dumping and stitching baseband to IPSW (requires `--disable-bbupdate`)
- Dumping and stitching activation records to IPSW (requires `--activation-records`)
- Hacktivation for iPhone 3GS (activate without valid SIM card)
## Supported devices
- [Identify your device here](https://ipsw.me/device-finder)
@ -112,7 +113,7 @@
- [Exploits used are from kok3shidoll's repo](https://github.com/kok3shidoll/untitled)
- [ipwndfu](https://github.com/LukeZGD/ipwndfu) - axi0mX, Linus Henze, synackuk; LukeZGD fork
- [ipwnder_lite](https://github.com/dora2-iOS/ipwnder_lite/tree/7265a06d184e433989db640d5e83ea58d5862609) - dora2ios (used on macOS)
- [iPwnder32](https://github.com/dora2-iOS/iPwnder32/tree/243ea5c6d1bd15f8bdd0b3a1ff4a7729bc14bac4) - dora2ios (old version with libusb, used on Linux)
- [iPwnder32](https://github.com/dora2-iOS/iPwnder32/tree/243ea5c6d1bd15f8bdd0b3a1ff4a7729bc14bac4) - dora2ios (old version with libusb used on Linux)
- [gaster](https://github.com/0x7ff/gaster/) - 0x7ff
- [daibutsuCFW](https://github.com/dora2-iOS/daibutsuCFW) - dora2ios; [LukeZGD fork](https://github.com/LukeZGD/daibutsuCFW)
- [daibutsu](https://github.com/kok3shidoll/daibutsu) - dora/kok3shidoll, Clarity

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

View File

@ -65,6 +65,7 @@ List of options:
--disable-usbmuxd Disable running usbmuxd as root for Linux
--entry-device Enable manual device and ECID entry
--help Display this help message
--ipsw-hacktivate Enable hacktivation for creating IPSW (iPhone 3GS only)
--no-color Disable colors for script output
--no-device Enable no device mode
--no-version-check Disable script version checking
@ -1327,10 +1328,25 @@ ipsw_preference_set() {
echo
fi
if [[ $ipsw_jailbreak == 1 && -z $ipsw_hacktivate ]]; then
input "Hacktivate Option"
print "* When this option is enabled, your device will be activated on restore."
print "* Enable this option if you have no valid SIM card to activate the phone."
print "* This option is disabled by default (N). Select this option if unsure."
read -p "$(input 'Enable this option? (y/N): ')" ipsw_hacktivate
if [[ $ipsw_hacktivate == 'Y' || $ipsw_hacktivate == 'y' ]]; then
log "Hacktivate option enabled by user."
ipsw_hacktivate=1
else
log "Hacktivate option disabled."
ipsw_hacktivate=
fi
echo
fi
if [[ -n $ipsw_memory ]]; then
:
elif [[ $device_type == "iPhone2,1" || $device_type == "iPod2,1" ]] &&
[[ $device_target_vers != "$device_latest_vers" && $device_target_other != 1 ]]; then
elif [[ $device_type == "iPhone2,1" || $device_type == "iPod2,1" ]] && [[ $device_target_other != 1 ]]; then
:
elif [[ $ipsw_jailbreak == 1 || $device_type == "$device_disable_bbupdate" ]] ||
[[ $device_type == "iPhone3,1" && $device_target_vers != "7.1.2" ]] ||
@ -2115,7 +2131,7 @@ ipsw_prepare_custom() {
:
else
case $device_target_vers in
4.2.1 | 4.1 ) :;;
6.1.6 | 4.2.1 | 4.1 ) :;;
* ) comps+=("iBoot" "Kernelcache" "LLB");;
esac
fi
@ -2205,18 +2221,29 @@ ipsw_prepare_custom() {
fi
"$dir/hfsplus" out.dmg untar $jelbrek/greenpois0n/${device_type}_${device_target_build}.tar
;;
"6.1.6" ) "$dir/hfsplus" out.dmg untar $jelbrek/p0sixspwn.tar;;
* ) "$dir/hfsplus" out.dmg untar $jelbrek/unthredeh4il.tar;;
esac
if [[ $device_type == "iPod2,1" && $device_target_vers == "3.1"* ]]; then
"$dir/hfsplus" out.dmg untar $jelbrek/greenpois0n/${device_type}_${device_target_build}.tar
fi
if [[ $device_target_vers != "6"* ]]; then
"$dir/hfsplus" out.dmg untar $jelbrek/cydiasubstrate.tar
fi
if [[ $device_target_vers == "3.1"* ]]; then
"$dir/hfsplus" out.dmg untar $jelbrek/cydiahttpatch.tar
fi
if [[ $ipsw_openssh == 1 ]]; then
"$dir/hfsplus" out.dmg untar $jelbrek/sshdeb.tar
fi
if [[ $ipsw_hacktivate == 1 ]]; then
log "Hacktivate"
"$dir/hfsplus" out.dmg extract usr/libexec/lockdownd
"$dir/hfsplus" out.dmg mv usr/libexec/lockdownd usr/libexec/lockdownd.orig
$bspatch lockdownd lockdownd.patched $patch/lockdownd.patch
"$dir/hfsplus" out.dmg add lockdownd.patched usr/libexec/lockdownd
"$dir/hfsplus" out.dmg chmod 100755 usr/libexec/lockdownd
fi
fi
rm $RootName
log "Building RootFS"
@ -2227,7 +2254,7 @@ ipsw_prepare_custom() {
mv "$ipsw_path" "$ipsw_custom"
pushd "$ipsw_custom" >/dev/null
case $device_target_vers in
4.2.1 | 4.1 ) :;;
6.1.6 | 4.2.1 | 4.1 ) :;;
* ) rm BuildManifest.plist;;
esac
zip -r0 ../tmp/temp.ipsw *
@ -2641,7 +2668,9 @@ ipsw_prepare() {
if [[ $device_target_other == 1 ]]; then
ipsw_prepare_32bit
elif [[ $device_target_vers == "$device_latest_vers" ]]; then
if [[ $ipsw_jailbreak == 1 ]]; then
if [[ $ipsw_jailbreak == 1 && $device_type == "iPhone2,1" ]]; then
ipsw_prepare_custom
elif [[ $ipsw_jailbreak == 1 ]]; then
ipsw_prepare_32bit
fi
elif [[ $device_type == "iPhone3,1" ]]; then
@ -2929,6 +2958,7 @@ device_ramdisk() {
4.3* | 4.2* ) untether="unthredeh4il.tar";;
'' )
warn "Something wrong happened. Failed to get iOS version."
print "* Please reboot the device into normal operating mode, then perform a clean \"slide to power off\", then try again."
$ssh -p 2222 root@127.0.0.1 "reboot_bak"
pause
return
@ -3391,26 +3421,34 @@ menu_ipsw() {
"5.1.1" )
device_target_vers="5.1.1"
device_target_build="9B206"
device_canhacktivate=1
;;
"5.0.1" )
device_target_vers="5.0.1"
device_target_build="9A405"
device_canhacktivate=1
;;
"4.3.3" )
device_target_vers="4.3.3"
device_target_build="8J2"
device_canhacktivate=1
;;
"4.1" )
device_target_vers="4.1"
device_target_build="8B117"
device_canhacktivate=1
;;
"3.1.3" )
device_target_vers="3.1.3"
device_target_build="7E18"
device_canhacktivate=1
;;
"Latest iOS"* )
device_target_vers="$device_latest_vers"
device_target_build="$device_latest_build"
if [[ $device_latest_vers == "6.1.6" ]]; then
device_canhacktivate=1
fi
;;
esac
if [[ $device_target_vers == "$device_latest_vers" ]]; then
@ -3532,6 +3570,9 @@ menu_ipsw() {
else
print "* Select $1 IPSW to continue"
fi
if [[ $device_canhacktivate == 1 && $device_type == "iPhone2,1" ]]; then
print "* Hacktivation is supported for this restore"
fi
fi
echo
menu_items+=("Go Back")
@ -3595,6 +3636,9 @@ ipsw_custom_set() {
device_use_bb=0
ipsw_custom+="B"
fi
if [[ $ipsw_hacktivate == 1 ]]; then
ipsw_custom+="H"
fi
if [[ $ipsw_jailbreak == 1 ]]; then
ipsw_custom+="J"
fi
@ -4004,6 +4048,7 @@ for i in "$@"; do
"--disable-sudoloop" ) device_disable_sudoloop=1;;
"--disable-usbmuxd" ) device_disable_usbmuxd=1;;
"--activation-records" ) device_actrec=1;;
"--ipsw-hacktivate" ) ipsw_hacktivate=1;;
esac
done