Mirrors/Legacy-iOS-Kit
2
0
Fork 0
mirror of https://github.com/LukeZGD/Legacy-iOS-Kit.git synced 2025-02-17 08:56:22 +01:00
Code Issues Packages Projects Releases Wiki Activity

Some changes (baseband)

Browse Source 
- 8.4.1 and 6.1.3 IPSW URL keys are now provided in firmware branch
- Baseband will now be downloaded before running futurerestore
- Actually kill python3 local server
- Save shsh and baseband in "saved" folder
This commit is contained in:
LukeeGD 2020-03-29 11:53:53 +08:00
parent aee3225d30
commit ad37d6511f
3 changed files with 81 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -1,6 +1,9 @@
*.bbfw
*.ipsw *.ipsw
*.json *.json
*.plist
*.shsh *.shsh
*.shsh2 *.shsh2
iP* iP*
saved/
tmp/ tmp/

2
resources/buildmanifestsaver.sh
View File

@ -17,6 +17,7 @@ do
mkdir -p firmware/$ProductType/12H321 mkdir -p firmware/$ProductType/12H321
curl -L https://firmware-keys.ipsw.me/firmware/$ProductType/12H321 -o firmware/$ProductType/12H321/index.html curl -L https://firmware-keys.ipsw.me/firmware/$ProductType/12H321 -o firmware/$ProductType/12H321/index.html
curl -L https://api.ipsw.me/v2.1/${ProductType}/12H321/sha1sum -o firmware/$ProductType/12H321/sha1sum curl -L https://api.ipsw.me/v2.1/${ProductType}/12H321/sha1sum -o firmware/$ProductType/12H321/sha1sum
curl -L https://api.ipsw.me/v2.1/${ProductType}/12H321/url -o firmware/$ProductType/12H321/url
done done
for ProductType in "${devices613[@]}" for ProductType in "${devices613[@]}"
@ -26,4 +27,5 @@ do
mkdir -p firmware/$ProductType/10B329 mkdir -p firmware/$ProductType/10B329
curl -L https://firmware-keys.ipsw.me/firmware/$ProductType/10B329 -o firmware/$ProductType/10B329/index.html curl -L https://firmware-keys.ipsw.me/firmware/$ProductType/10B329 -o firmware/$ProductType/10B329/index.html
curl -L https://api.ipsw.me/v2.1/${ProductType}/10B329/sha1sum -o firmware/$ProductType/10B329/sha1sum curl -L https://api.ipsw.me/v2.1/${ProductType}/10B329/sha1sum -o firmware/$ProductType/10B329/sha1sum
curl -L https://api.ipsw.me/v2.1/${ProductType}/10B329/url -o firmware/$ProductType/10B329/url
done done

109
restore.sh
View File

@ -51,16 +51,41 @@ iv_n94_613=d3fe01e99bd0967e80dccfc0739f93d5 #iPhone4,1
key_n94_613=35343d5139e0313c81ee59dbae292da26e739ed75b3da5db9da7d4d26046498c key_n94_613=35343d5139e0313c81ee59dbae292da26e739ed75b3da5db9da7d4d26046498c
function BasebandDetect { function BasebandDetect {
# For Wi-Fi only devices if [ $ProductType == iPad2,2 ]; then
if [ $ProductType == iPad2,1 ] || [ $ProductType == iPad2,4 ] || [ $ProductType == iPad2,5 ] || BasebandURL=http://appldnld.apple.com/iOS9.3.5/031-74153-20160825-1250B23E-6717-11E6-AB83-973F34D2D062/iPad2,2_9.3.5_13G36_Restore.ipsw
[ $ProductType == iPad3,1 ] || [ $ProductType == iPad3,4 ] || [ $ProductType == iPod5,1 ]; then Baseband=Firmware/ICE3_04.12.09_BOOT_02.13.Release.bbfw
NoBaseband=1 elif [ $ProductType == iPad2,3 ]; then
BasebandURL=http://updates-http.cdn-apple.com/2019/ios/041-80042-20190722-68F07B91-8EA1-4A3B-A930-35314A006ECB/iPad2,3_9.3.6_13G37_Restore.ipsw
Baseband=Firmware/Phoenix-3.6.03.Release.bbfw
elif [ $ProductType == iPad2,6 ]; then
BasebandURL=http://updates-http.cdn-apple.com/2019/ios/041-80040-20190722-B1E89CC8-5209-40C3-AEE9-63C29D38BDEB/iPad2,6_9.3.6_13G37_Restore.ipsw
Baseband=Firmware/Mav5-11.80.00.Release.bbfw
elif [ $ProductType == iPad2,7 ]; then
BasebandURL=http://updates-http.cdn-apple.com/2019/ios/041-80041-20190722-673B8756-0A63-4BB6-9855-ACE2381695AF/iPad2,7_9.3.6_13G37_Restore.ipsw
Baseband=Firmware/Mav5-11.80.00.Release.bbfw
elif [ $ProductType == iPad3,2 ]; then
BasebandURL=http://updates-http.cdn-apple.com/2019/ios/041-80039-20190722-E632D5D2-2F3C-498F-B83F-7067D9D90B33/iPad3,2_9.3.6_13G37_Restore.ipsw
Baseband=Firmware/Mav4-6.7.00.Release.bbfw
elif [ $ProductType == iPad3,3 ]; then
BasebandURL=http://updates-http.cdn-apple.com/2019/ios/041-80044-20190722-6C65AD27-69D8-499C-BC15-DE7AC74DE2BD/iPad3,3_9.3.6_13G37_Restore.ipsw
Baseband=Firmware/Mav4-6.7.00.Release.bbfw
elif [ $ProductType == iPad3,5 ] || [ $ProductType == iPad3,6 ]; then
BasebandURL=http://updates-http.cdn-apple.com/2019/ios/091-25014-20190722-0C1B95A6-992C-11E9-A2EE-E1C9A77C2E40/iPad_32bit_10.3.4_14G61_Restore.ipsw
Baseband=Firmware/Mav5-11.80.00.Release.bbfw
elif [ $ProductType == iPhone4,1 ]; then
BasebandURL=http://updates-http.cdn-apple.com/2019/ios/041-80043-20190722-6C65AD27-69D8-499C-BC15-DE7AC74DE2BD/iPhone4,1_9.3.6_13G37_Restore.ipsw
Baseband=Firmware/Trek-6.7.00.Release.bbfw
elif [ $ProductType == iPhone5,1 ] || [ $ProductType == iPhone5,2 ]; then
BasebandURL=http://updates-http.cdn-apple.com/2019/ios/091-25277-20190722-0C1B94DE-992C-11E9-A2EE-E2C9A77C2E40/iPhone_4.0_32bit_10.3.4_14G61_Restore.ipsw
Baseband=Firmware/Mav5-11.80.00.Release.bbfw
else # For Wi-Fi only devices
Baseband=0
fi fi
} }
function Clean { function Clean {
# Clean up files (called on MainMenu and trap dependency) # Clean up files (called on MainMenu and trap dependency)
rm -r iP*/ tmp/ $(ls ${UniqueChipID}_${ProductType}_${DowngradeVersion}-*.shsh2 2>/dev/null) 2>/dev/null rm -rf iP*/ tmp/ $(ls ${UniqueChipID}_${ProductType}_${DowngradeVersion}-*.shsh2 2>/dev/null) $(ls *.bbfw 2>/dev/null) BuildManifest.plist
} }
function MainMenu { function MainMenu {
@ -73,6 +98,7 @@ function MainMenu {
read -p "[Input] Enter ProductType (eg. iPad2,1): " ProductType read -p "[Input] Enter ProductType (eg. iPad2,1): " ProductType
if [ $(which irecovery) ]; then if [ $(which irecovery) ]; then
# Get ECID with irecovery (optional) # Get ECID with irecovery (optional)
echo "[Log] Getting UniqueChipID (ECID) with irecovery..."
UniqueChipID=$(sudo irecovery -q | grep 'ECID:' | cut -c 7-) UniqueChipID=$(sudo irecovery -q | grep 'ECID:' | cut -c 7-)
else else
read -p "[Input] Enter UniqueChipID (ECID): " UniqueChipID read -p "[Input] Enter UniqueChipID (ECID): " UniqueChipID
@ -199,26 +225,27 @@ function SaveOTABlobs {
SHSH=$(ls ${UniqueChipID}_${ProductType}_${DowngradeVersion}-*.shsh2) SHSH=$(ls ${UniqueChipID}_${ProductType}_${DowngradeVersion}-*.shsh2)
if [ ! -e "$SHSH" ]; then if [ ! -e "$SHSH" ]; then
echo "[Error] Saving $DowngradeVersion blobs failed. Please run the script again" echo "[Error] Saving $DowngradeVersion blobs failed. Please run the script again"
echo "It is also possible that $DowngradeVersion for $ProductType is no longer being signed" echo "It is also possible that $DowngradeVersion for $ProductType is no longer signed"
exit exit
fi fi
mkdir output 2>/dev/null mkdir -p saved/shsh 2>/dev/null
cp "$SHSH" output cp "$SHSH" saved/shsh
} }
function kDFU { function kDFU {
if [ ! -e tmp/$iBSS.dfu ]; then if [ ! -e saved/$iBSS.dfu ]; then
# Downloading 8.4.1 iBSS for "other" downgrades # Downloading 8.4.1 iBSS for "other" downgrades
# This is because this script only provides 8.4.1 iBSS IV and Keys # This is because this script only provides 8.4.1 iBSS IV and Keys
echo "[Log] Downloading iBSS..." echo "[Log] Downloading iBSS..."
dllink=$(curl -I -Ls -o /dev/null -w %{url_effective} https://api.ipsw.me/v4/ipsw/download/${ProductType}/12H321) dllink=$(cat resources/firmware/${ProductType}/${DowngradeBuildVer}/url)
resources/tools/pzb_$platform -g Firmware/dfu/${iBSS}.dfu -o $iBSS.dfu $dllink resources/tools/pzb_$platform -g Firmware/dfu/${iBSS}.dfu -o $iBSS.dfu $dllink
mv $iBSS.dfu tmp/ mkdir -p saved/$ProductType 2>/dev/null
mv $iBSS.dfu saved/$ProductType
fi fi
echo "[Log] Decrypting iBSS..." echo "[Log] Decrypting iBSS..."
echo "IV = ${!iv}" echo "IV = ${!iv}"
echo "Key = ${!key}" echo "Key = ${!key}"
resources/tools/xpwntool_$platform "tmp/${iBSS}.dfu" tmp/iBSS.dec -k ${!key} -iv ${!iv} -decrypt resources/tools/xpwntool_$platform saved/$ProductType/$iBSS.dfu tmp/iBSS.dec -k ${!key} -iv ${!iv} -decrypt
dd bs=64 skip=1 if=tmp/iBSS.dec of=tmp/iBSS.dec2 dd bs=64 skip=1 if=tmp/iBSS.dec of=tmp/iBSS.dec2
echo "[Log] Patching iBSS..." echo "[Log] Patching iBSS..."
bspatch tmp/iBSS.dec2 tmp/pwnediBSS resources/patches/$iBSS.patch bspatch tmp/iBSS.dec2 tmp/pwnediBSS resources/patches/$iBSS.patch
@ -291,8 +318,7 @@ function FindDFU {
} }
function Downgrade { function Downgrade {
# These firmware keys are essential for some iPads and iPod5,1 # Firmware keys for 8.4.1 and 6.1.3
# 8.4.1 KBAG keys for those devices are missing in firmware-keys.ipsw.me
rm -rf resources/firmware rm -rf resources/firmware
echo "[Log] Downloading firmware keys..." echo "[Log] Downloading firmware keys..."
curl -L https://github.com/LukeZGD/32bit-OTA-Downgrader/archive/firmware.zip -o tmp/firmware.zip curl -L https://github.com/LukeZGD/32bit-OTA-Downgrader/archive/firmware.zip -o tmp/firmware.zip
@ -305,7 +331,7 @@ function Downgrade {
IPSW="${ProductType}_${DowngradeVersion}_${DowngradeBuildVer}_Restore" IPSW="${ProductType}_${DowngradeVersion}_${DowngradeBuildVer}_Restore"
if [ ! -e "$IPSW.ipsw" ]; then if [ ! -e "$IPSW.ipsw" ]; then
echo "[Log] iOS $DowngradeVersion IPSW is missing, downloading IPSW..." echo "[Log] iOS $DowngradeVersion IPSW is missing, downloading IPSW..."
curl -L https://api.ipsw.me/v4/ipsw/download/$ProductType/$DowngradeBuildVer -o tmp/$IPSW.ipsw curl -L $(cat resources/firmware/${ProductType}/${DowngradeBuildVer}/url) -o tmp/$IPSW.ipsw
mv tmp/$IPSW.ipsw . mv tmp/$IPSW.ipsw .
fi fi
echo "[Log] Verifying IPSW..." echo "[Log] Verifying IPSW..."
@ -319,7 +345,8 @@ function Downgrade {
fi fi
fi fi
echo "[Log] Extracting iBSS from IPSW..." echo "[Log] Extracting iBSS from IPSW..."
unzip -j "$IPSW.ipsw" Firmware/dfu/$iBSS.dfu -d tmp/ mkdir -p saved/$ProductType 2>/dev/null
unzip -j "$IPSW.ipsw" Firmware/dfu/$iBSS.dfu -d saved/$ProductType
fi fi
if [ ! $kDFUManual ]; then if [ ! $kDFUManual ]; then
@ -332,30 +359,44 @@ function Downgrade {
echo "[Log] Preparing for futurerestore (starting local server)..." echo "[Log] Preparing for futurerestore (starting local server)..."
cd resources cd resources
sudo python3 -m http.server 80 & sudo python3 -m http.server 80 &
pythonPID=$!
cd .. cd ..
echo "[Log] Proceeding to futurerestore..." if [ $Baseband == 0 ]; then
while [[ $ScriptDone != 1 ]]; do echo "[Log] Device $ProductType has no baseband"
if [ ! $NoBaseband ]; then echo "[Log] Proceeding to futurerestore..."
sudo env "LD_PRELOAD=libcurl.so.3" resources/tools/futurerestore_$platform -t "$SHSH" --latest-baseband --use-pwndfu "$IPSW.ipsw" sudo env "LD_PRELOAD=libcurl.so.3" resources/tools/futurerestore_$platform -t "$SHSH" --no-baseband --use-pwndfu "$IPSW.ipsw"
else
if [ ! -e saved/$ProductType/*.bbfw ]; then
echo "[Log] Downloading baseband..."
resources/tools/pzb_$platform -g $Baseband -o $Baseband $BasebandURL
resources/tools/pzb_$platform -g BuildManifest.plist -o BuildManifest.plist $BasebandURL
mkdir -p saved/$ProductType 2>/dev/null
cp $(ls *.bbfw) BuildManifest.plist saved/$ProductType
else else
echo "[Log] Device $ProductType has no baseband" cp saved/$ProductType/*.bbfw saved/$ProductType/BuildManifest.plist .
sudo env "LD_PRELOAD=libcurl.so.3" resources/tools/futurerestore_$platform -t "$SHSH" --no-baseband --use-pwndfu "$IPSW.ipsw"
fi fi
if [ ! -e *.bbfw ]; then
echo echo "[Error] Downloading baseband failed!"
echo "[Log] futurerestore done!" echo "Your device is still in kDFU mode, you may run the script again"
# Downloading stuff sometimes fails causes futurerestore to halt, so I added the option to retry here echo "If you continue, futurerestore can attempt to download the baseband again"
echo "You can choose to retry if futurerestore failed on downloading baseband or for some other reason" read -p "[Input] Continue anyway? (y/N)" Continue
read -p "[Input] Retry? (y/N) " Retry if [[ $Continue == y ]] || [[ $Continue == Y ]]; then
if [[ $Retry != y ]] && [[ $Retry != Y ]]; then echo "[Log] Proceeding to futurerestore..."
ScriptDone=1 sudo env "LD_PRELOAD=libcurl.so.3" resources/tools/futurerestore_$platform -t "$SHSH" --latest-baseband --use-pwndfu "$IPSW.ipsw"
else
exit
fi
fi fi
done if [[ $Continue != y ]] && [[ $Continue != Y ]]; then
echo "[Log] Proceeding to futurerestore..."
sudo env "LD_PRELOAD=libcurl.so.3" resources/tools/futurerestore_$platform -t "$SHSH" -b $(ls *.bbfw) -p BuildManifest.plist --use-pwndfu "$IPSW.ipsw"
fi
fi
echo "[Log] Stopping local server (PID $pythonPID)..." echo
sudo kill $pythonPID echo "[Log] futurerestore done!"
echo "[Log] Stopping local server..."
(ps aux | awk '/python3/ {print "sudo kill -9 "$2}' | bash) 2>/dev/null
echo "[Log] Downgrade script done!" echo "[Log] Downgrade script done!"
exit exit
} }