Legacy iOS Kit

This commit is contained in:
LukeZGD 2023-04-02 18:18:44 +08:00
parent 90744b3de8
commit ae33f43c98
49 changed files with 1585 additions and 829 deletions

View File

@ -8,15 +8,33 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Create name version env
run: |
sudo timedatectl set-timezone Asia/Singapore
echo "DATE=$(date +%Y-%m-%d)" >> $GITHUB_ENV
echo "DATE=$(date +%y.%m)" >> $GITHUB_ENV
echo "COUNT=$(git rev-list --count HEAD --since=$(date +%Y-%m-01))" >> $GITHUB_ENV
echo "SHA_SHORT=$(echo ${{ github.sha }} | cut -c -7)" >> $GITHUB_ENV
echo "DATE_OLD=$(date +%Y-%m-%d)" >> $GITHUB_ENV
- name: Create git hash
run: echo "${{ env.DATE }}-${{ env.SHA_SHORT }}" | tee ./resources/git_hash
- name: Create git hash and version
run: |
echo "${{ env.SHA_SHORT }}" | tee ./resources/git_hash
echo "v${{ env.DATE }}.${{ env.COUNT }}" | tee ./resources/version
- name: Download some files
run: |
pushd resources
curl -L https://github.com/LukeZGD/ipwndfu/archive/6e67c9e28a5f7f63f179dea670f7f858712350a0.zip -o ipwndfu.zip
curl -L https://github.com/LukeZGD/Legacy-iOS-Kit-Keys/archive/refs/heads/master.zip -o keys.zip
unzip keys.zip -d .
unzip ipwndfu.zip -d .
cp -r Legacy-iOS-Kit-Keys-master/* firmware
mv ipwndfu*/ ipwndfu
rm -rf Legacy-iOS-Kit-Keys-master/ ipwndfu.zip keys.zip
popd
- name: Move linux binaries
run: |
@ -25,7 +43,7 @@ jobs:
rm -r ./bin/linux ./bin/windows
- name: Zip macos files
run: zip -r ${{ github.event.repository.name }}_macos_${{ env.DATE }}-${{ env.SHA_SHORT }}.zip bin/ LICENSE resources/ restore.sh README.md
run: zip -r ${{ github.event.repository.name }}_macos_v${{ env.DATE }}.${{ env.COUNT }}.zip bin/ LICENSE resources/ restore.sh README.md
- name: Move macos binaries
run: |
@ -34,7 +52,7 @@ jobs:
cp -R ./exclude/bin/linux/x86_64 ./bin/linux
- name: Zip linux files
run: zip -r ${{ github.event.repository.name }}_linux_x86_64_${{ env.DATE }}-${{ env.SHA_SHORT }}.zip bin/ LICENSE resources/ restore.sh README.md
run: zip -r ${{ github.event.repository.name }}_linux_x86_64_v${{ env.DATE }}.${{ env.COUNT }}.zip bin/ LICENSE resources/ restore.sh README.md
- name: Move linux binaries and other files
run: |
@ -42,7 +60,7 @@ jobs:
cp -R ./exclude/bin/linux/arm64 ./bin/linux
- name: Zip linux arm64 files
run: zip -r ${{ github.event.repository.name }}_linux_arm64_${{ env.DATE }}-${{ env.SHA_SHORT }}.zip bin/ LICENSE resources/ restore.sh README.md
run: zip -r ${{ github.event.repository.name }}_linux_arm64_v${{ env.DATE }}.${{ env.COUNT }}.zip bin/ LICENSE resources/ restore.sh README.md
- name: Move linux arm64 binaries and other files
run: |
@ -50,7 +68,7 @@ jobs:
cp -R ./exclude/bin/linux/armhf ./bin/linux
- name: Zip linux armhf files
run: zip -r ${{ github.event.repository.name }}_linux_armhf_${{ env.DATE }}-${{ env.SHA_SHORT }}.zip bin/ LICENSE resources/ restore.sh README.md
run: zip -r ${{ github.event.repository.name }}_linux_armhf_v${{ env.DATE }}.${{ env.COUNT }}.zip bin/ LICENSE resources/ restore.sh README.md
- name: Move linux armhf binaries and other files
run: |
@ -58,15 +76,18 @@ jobs:
cp -R ./exclude/bin/windows ./bin
- name: Zip win files
run: zip -r ${{ github.event.repository.name }}_windows_${{ env.DATE }}-${{ env.SHA_SHORT }}.zip bin/ LICENSE resources/ restore.cmd restore.sh README.md
run: zip -r ${{ github.event.repository.name }}_windows_v${{ env.DATE }}.${{ env.COUNT }}.zip bin/ LICENSE resources/ restore.cmd restore.sh README.md
- name: Copy exclude files back and download other files
run: |
cp -R ./exclude/bin/* ./bin
./resources/complete.sh
- name: Copy exclude files back
run: cp -R ./exclude/bin/* ./bin
- name: Zip complete files
run: zip -r ${{ github.event.repository.name }}_complete_${{ env.DATE }}-${{ env.SHA_SHORT }}.zip bin/ LICENSE resources/ restore.cmd restore.sh README.md
run: zip -r ${{ github.event.repository.name }}_complete_v${{ env.DATE }}.${{ env.COUNT }}.zip bin/ LICENSE resources/ restore.cmd restore.sh README.md
- name: Create this file to make upgrading backward-compatible
run: |
echo "This file is for compatibility purposes only. Get Legacy-iOS-Kit_complete instead." > README.txt
zip -r iOS-OTA-Downgrader_complete_${{ env.DATE_OLD }}-${{ env.SHA_SHORT }}.zip README.txt
- name: Update latest release
uses: pyTooling/Actions/releaser@main
@ -75,9 +96,10 @@ jobs:
rm: true
token: ${{ secrets.GITHUB_TOKEN }}
files: |
${{ github.event.repository.name }}_complete_${{ env.DATE }}-${{ env.SHA_SHORT }}.zip
${{ github.event.repository.name }}_macos_${{ env.DATE }}-${{ env.SHA_SHORT }}.zip
${{ github.event.repository.name }}_linux_armhf_${{ env.DATE }}-${{ env.SHA_SHORT }}.zip
${{ github.event.repository.name }}_linux_arm64_${{ env.DATE }}-${{ env.SHA_SHORT }}.zip
${{ github.event.repository.name }}_linux_x86_64_${{ env.DATE }}-${{ env.SHA_SHORT }}.zip
${{ github.event.repository.name }}_windows_${{ env.DATE }}-${{ env.SHA_SHORT }}.zip
iOS-OTA-Downgrader_complete_${{ env.DATE_OLD }}-${{ env.SHA_SHORT }}.zip
${{ github.event.repository.name }}_complete_v${{ env.DATE }}.${{ env.COUNT }}.zip
${{ github.event.repository.name }}_macos_v${{ env.DATE }}.${{ env.COUNT }}.zip
${{ github.event.repository.name }}_linux_armhf_v${{ env.DATE }}.${{ env.COUNT }}.zip
${{ github.event.repository.name }}_linux_arm64_v${{ env.DATE }}.${{ env.COUNT }}.zip
${{ github.event.repository.name }}_linux_x86_64_v${{ env.DATE }}.${{ env.COUNT }}.zip
${{ github.event.repository.name }}_windows_v${{ env.DATE }}.${{ env.COUNT }}.zip

View File

@ -1,31 +1,38 @@
# iOS-OTA-Downgrader
# Legacy iOS Kit
- **A multi-purpose script to downgrade/restore and jailbreak supported legacy iOS devices**
- **iPhone4Down: Downgrade iPhone 4 GSM on Linux/Windows (using powdersn0w)**
- (formerly iOS-OTA-Downgrader)
- **A multi-purpose script to save SHSH blobs, downgrade/restore, and jailbreak supported legacy iOS devices**
- **Linux, macOS, and Windows** are supported
- Windows usage is not recommended
- **Read the ["How to Use" wiki page](https://github.com/LukeZGD/iOS-OTA-Downgrader/wiki/How-to-Use) for a step-by-step tutorial**
- **Read the ["Troubleshooting" wiki page](https://github.com/LukeZGD/iOS-OTA-Downgrader/wiki/Troubleshooting) for tips, frequent questions, and troubleshooting**
- **Read the ["How to Use" wiki page](https://github.com/LukeZGD/Legacy-iOS-Kit/wiki/How-to-Use) for usage instructions**
- **Read the ["Troubleshooting" wiki page](https://github.com/LukeZGD/Legacy-iOS-Kit/wiki/Troubleshooting) for tips, frequent questions, and troubleshooting**
## Other features
- Option to **jailbreak** iOS 6.1.3 and 8.4.1 downgrades
- For iOS 10.3.3 downgrades, use [TotallyNotSpyware](https://totally-not.spyware.lol)
- Restore to other iOS versions **with SHSH blobs**
## Features
- Restore to iOS 8.4.1 or 6.1.3 on supported 32-bit devices **(OTA signed)**
- Restore iPhone 4 GSM (iPhone3,1) to unsigned iOS versions **(powdersn0w)**
- Restore to iOS 10.3.3 on supported A7 devices **(OTA signed)**
- Option to **jailbreak** iOS 6.1.3 and 8.4.1 restores
- Restore to unsigned iOS versions **with SHSH blobs**
- Supports 32-bit/A7/A8 devices, iOS 5 to 12
- Also supports iPad 2 iOS 4.3.x, iPhone 4 iOS 4.x
- Restore to unsigned iOS versions **with iOS 7.1.x blobs (powdersn0w)**
- Device support is limited, see below
- The latest baseband will be used for 32-bit devices if applicable
- Place device to pwned iBSS/kDFU mode for 32-bit devices
- Clear NVRAM for iPhone 4 GSM (Disable/Enable Exploit)
- Clear NVRAM for devices that support powdersn0w
- Restore iPhone 4 to iOS 7.1.2 with the option to jailbreak
- Restore supported devices to their latest iOS version
- Save on-board and Cydia SHSH blobs for 32-bit devices
- Save onboard and Cydia SHSH blobs for 32-bit devices
- Boot SSH Ramdisk on supported 32-bit devices
## Supported devices
- [Identify your device here](https://ipsw.me/device-finder)
- Restoring with powdersn0w supports the following devices:
- iPhone 4 GSM - iOS 4.3 to 6.1.3
- iPhone 4S, iPhone 5 (not 5C), iPad 2 Rev A, iPod 5th generation - iOS 5.0 to 6.1.3, 8.0 to 9.3.5
- **iPhone 5C and iPad mini 3 devices are NOT supported by OTA downgrades**
- These devices still support restoring to other iOS versions with SHSH blobs
- **iPhone4Down (downgrading without blobs) supports iPhone 4 GSM only (iPhone3,1)**
- All iPhone 4 models still support restoring with SHSH blobs and to iOS 7.1.2
- See the table below for OTA downgrading support:
<table>
<thead>
@ -56,22 +63,9 @@
<td>iPhone 4S</td>
</tr>
<tr><td>iPad 2 (except iPad2,4)</td></tr>
<tr>
<td>iOS 7.1.2</td>
<td>iPhone 4 (all models)</td></tr>
</tr>
<tr>
<td>iOS 4.3 to 6.1.3</td>
<td>iPhone 4 GSM</td>
</tr>
</tbody>
</table>
<details>
<summary>For 32-bit devices jailbroken with Pangu:</summary>
<ul><li>For 32-bit devices using Pangu and jailbroken method, install the latest untether for your iOS version <a href="https://github.com/LukeZGD/iOS-OTA-Downgrader-Keys/releases/tag/untether">here</a></li></ul>
</details>
## Supported OS versions/distros
#### Supported architectures: x86_64, arm64, armhf (Linux)
@ -114,3 +108,5 @@
- [Pangu](https://www.theiphonewiki.com/wiki/Pangu)
- [p0sixspwn](https://www.theiphonewiki.com/wiki/p0sixspwn)
- [unthredeh4il](https://www.theiphonewiki.com/wiki/Unthredera1n#unthredeh4il)
- SSH Ramdisk tar from [SSH-Ramdisk-Maker-and-Loader](https://github.com/Ralph0045/SSH-Ramdisk-Maker-and-Loader)
- Bootstrap tar from [SpiritNET](https://invoxiplaygames.uk/projects/spiritnet/)

Binary file not shown.

View File

@ -1,18 +0,0 @@
#!/bin/bash
# Download all external files/tools used by iOS-OTA-Downgrader
cd "$(dirname $0)"/..
curl -L https://github.com/LukeZGD/ipwndfu/archive/6e67c9e28a5f7f63f179dea670f7f858712350a0.zip -o ipwndfu.zip
curl -L https://github.com/LukeZGD/iOS-OTA-Downgrader-Keys/archive/refs/heads/master.zip -o keys.zip
cd resources/jailbreak
curl -LO https://github.com/LukeZGD/iOS-OTA-Downgrader-Keys/releases/download/jailbreak/Cydia5.tar
curl -LO https://github.com/LukeZGD/iOS-OTA-Downgrader-Keys/releases/download/jailbreak/Cydia6.tar
curl -LO https://github.com/LukeZGD/iOS-OTA-Downgrader-Keys/releases/download/jailbreak/Cydia7.tar
curl -LO https://github.com/LukeZGD/iOS-OTA-Downgrader-Keys/releases/download/jailbreak/Cydia8.tar
cd ..
unzip ../keys.zip -d .
unzip ../ipwndfu.zip -d .
cp -r iOS-OTA-Downgrader-Keys-master/* firmware
mv ipwndfu* ipwndfu
cd ..
rm -rf resources/iOS-OTA-Downgrader-Keys-master/ ipwndfu.zip keys.zip

View File

@ -151,7 +151,7 @@
<key>hwmodel</key>
<string>K93a</string>
<key>PackagePath</key>
<string>./Cydia8.tar</string>
<string>./freeze.tar</string>
<key>UntetherPath</key>
<string>./untether.tar</string>
<key>RamdiskPackage</key>

View File

@ -151,7 +151,7 @@
<key>hwmodel</key>
<string>P105</string>
<key>PackagePath</key>
<string>./Cydia8.tar</string>
<string>./freeze.tar</string>
<key>UntetherPath</key>
<string>./untether.tar</string>
<key>RamdiskPackage</key>

View File

@ -151,7 +151,7 @@
<key>hwmodel</key>
<string>P106</string>
<key>PackagePath</key>
<string>./Cydia8.tar</string>
<string>./freeze.tar</string>
<key>UntetherPath</key>
<string>./untether.tar</string>
<key>RamdiskPackage</key>

View File

@ -151,7 +151,7 @@
<key>hwmodel</key>
<string>P107</string>
<key>PackagePath</key>
<string>./Cydia8.tar</string>
<string>./freeze.tar</string>
<key>UntetherPath</key>
<string>./untether.tar</string>
<key>RamdiskPackage</key>

View File

@ -151,7 +151,7 @@
<key>hwmodel</key>
<string>J1</string>
<key>PackagePath</key>
<string>./Cydia8.tar</string>
<string>./freeze.tar</string>
<key>UntetherPath</key>
<string>./untether.tar</string>
<key>RamdiskPackage</key>

View File

@ -151,7 +151,7 @@
<key>hwmodel</key>
<string>J2</string>
<key>PackagePath</key>
<string>./Cydia8.tar</string>
<string>./freeze.tar</string>
<key>UntetherPath</key>
<string>./untether.tar</string>
<key>RamdiskPackage</key>

View File

@ -151,7 +151,7 @@
<key>hwmodel</key>
<string>J2a</string>
<key>PackagePath</key>
<string>./Cydia8.tar</string>
<string>./freeze.tar</string>
<key>UntetherPath</key>
<string>./untether.tar</string>
<key>RamdiskPackage</key>

View File

@ -151,7 +151,7 @@
<key>hwmodel</key>
<string>N94</string>
<key>PackagePath</key>
<string>./Cydia8.tar</string>
<string>./freeze.tar</string>
<key>UntetherPath</key>
<string>./untether.tar</string>
<key>RamdiskPackage</key>

View File

@ -151,7 +151,7 @@
<key>hwmodel</key>
<string>N42</string>
<key>PackagePath</key>
<string>./Cydia8.tar</string>
<string>./freeze.tar</string>
<key>UntetherPath</key>
<string>./untether.tar</string>
<key>RamdiskPackage</key>

View File

@ -151,7 +151,7 @@
<key>hwmodel</key>
<string>N78</string>
<key>PackagePath</key>
<string>./Cydia8.tar</string>
<string>./freeze.tar</string>
<key>UntetherPath</key>
<string>./untether.tar</string>
<key>RamdiskPackage</key>

View File

@ -0,0 +1 @@
http://appldnld.apple.com/iOS6.1/091-2461.20130319.Hgt54/iPad2,6_6.1.3_10B329_Restore.ipsw

View File

@ -0,0 +1 @@
http://appldnld.apple.com/iOS6.1/091-2356.20130319.54rGB/iPad2,7_6.1.3_10B329_Restore.ipsw

View File

@ -0,0 +1 @@
http://appldnld.apple.com/iOS6.1/091-2576.20130319.JeX43/iPad3,1_6.1.3_10B329_Restore.ipsw

View File

@ -0,0 +1 @@
http://appldnld.apple.com/iOS6.1/091-2432.20130319.Be867/iPad3,2_6.1.3_10B329_Restore.ipsw

View File

@ -0,0 +1 @@
http://appldnld.apple.com/iOS6.1/091-2560.20130319.ySu43/iPad3,5_6.1.3_10B329_Restore.ipsw

View File

@ -0,0 +1 @@
http://appldnld.apple.com/iOS6.1/091-2444.20130319.exFqm/iPhone3,2_6.1.3_10B329_Restore.ipsw

View File

@ -1,19 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>FilesystemJailbreak</key>
<false/>
<key>needPref</key>
<true/>
<key>iBootPatches</key>
<dict>
<key>debugEnabled</key>
<false/>
<key>bootArgsInjection</key>
<false/>
<key>bootArgsString</key>
<string>-v</string>
</dict>
</dict>
</plist>

View File

@ -1,19 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>FilesystemJailbreak</key>
<false/>
<key>needPref</key>
<false/>
<key>iBootPatches</key>
<dict>
<key>debugEnabled</key>
<false/>
<key>bootArgsInjection</key>
<false/>
<key>bootArgsString</key>
<string>-v</string>
</dict>
</dict>
</plist>

View File

@ -1,19 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>FilesystemJailbreak</key>
<true/>
<key>needPref</key>
<true/>
<key>iBootPatches</key>
<dict>
<key>debugEnabled</key>
<false/>
<key>bootArgsInjection</key>
<false/>
<key>bootArgsString</key>
<string>-v</string>
</dict>
</dict>
</plist>

View File

@ -1,19 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>FilesystemJailbreak</key>
<false/>
<key>needPref</key>
<true/>
<key>iBootPatches</key>
<dict>
<key>debugEnabled</key>
<false/>
<key>bootArgsInjection</key>
<true/>
<key>bootArgsString</key>
<string>-v</string>
</dict>
</dict>
</plist>

View File

@ -1,19 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>FilesystemJailbreak</key>
<true/>
<key>needPref</key>
<true/>
<key>iBootPatches</key>
<dict>
<key>debugEnabled</key>
<false/>
<key>bootArgsInjection</key>
<true/>
<key>bootArgsString</key>
<string>-v</string>
</dict>
</dict>
</plist>

View File

@ -17,7 +17,7 @@
<key>FilesystemPackage</key>
<dict>
<key>bootstrap</key>
<string>src/cydia6.tar</string>
<string>freeze.tar</string>
</dict>
<key>RamdiskPackage</key>
<dict>

View File

@ -17,7 +17,7 @@
<key>FilesystemPackage</key>
<dict>
<key>bootstrap</key>
<string>src/cydia6.tar</string>
<string>freeze.tar</string>
</dict>
<key>RamdiskPackage</key>
<dict>

View File

@ -17,7 +17,7 @@
<key>FilesystemPackage</key>
<dict>
<key>bootstrap</key>
<string>src/cydia6.tar</string>
<string>freeze.tar</string>
</dict>
<key>RamdiskPackage</key>
<dict>

View File

@ -17,7 +17,7 @@
<key>FilesystemPackage</key>
<dict>
<key>bootstrap</key>
<string>src/cydia6.tar</string>
<string>freeze.tar</string>
</dict>
<key>RamdiskPackage</key>
<dict>

View File

@ -17,7 +17,7 @@
<key>FilesystemPackage</key>
<dict>
<key>bootstrap</key>
<string>src/cydia6.tar</string>
<string>freeze.tar</string>
</dict>
<key>RamdiskPackage</key>
<dict>

Binary file not shown.

Binary file not shown.

View File

@ -0,0 +1,86 @@
#!/bin/bash
mount_hfs /dev/disk0s1s1 /mnt1
mount_hfs /dev/disk0s1s2 /mnt1/private/var
sleep 1s
rm -rf /mnt1/System/Library/LaunchDaemons/com.apple.mobile.softwareupdated.plist
rm -rf /mnt1/System/Library/LaunchDaemons/com.apple.softwareupdateservicesd.plist
if [ -e "/ios8" ]; then
# step1
mv -v /mnt1/System/Library/LaunchDaemons/* /mnt1/Library/LaunchDaemons/
sleep 3s
# step2
mv -v /mnt1/Library/LaunchDaemons/bootps.plist /mnt1/System/Library/LaunchDaemons/
mv -v /mnt1/Library/LaunchDaemons/com.apple.CrashHousekeeping.plist /mnt1/System/Library/LaunchDaemons/
mv -v /mnt1/Library/LaunchDaemons/com.apple.MobileFileIntegrity.plist /mnt1/System/Library/LaunchDaemons/
mv -v /mnt1/Library/LaunchDaemons/com.apple.jetsamproperties.*.plist /mnt1/System/Library/LaunchDaemons/
mv -v /mnt1/Library/LaunchDaemons/com.apple.mDNSResponder.plist /mnt1/System/Library/LaunchDaemons/com.apple.mDNSResponder.plist__
sleep 3s
# step3
mv -v /mnt1/usr/libexec/CrashHousekeeping /mnt1/usr/libexec/CrashHousekeeping_
mv -v /mnt1/reloader /mnt1/usr/libexec/CrashHousekeeping
sleep 1s
fi
if [ -e "/ios9" ]; then
# step1
mv -v /mnt1/System/Library/LaunchDaemons/* /mnt1/Library/LaunchDaemons/
sleep 3s
# step2
mv -v /mnt1/Library/LaunchDaemons/bootps.plist /mnt1/System/Library/LaunchDaemons/
mv -v /mnt1/Library/LaunchDaemons/com.apple.CrashHousekeeping.plist /mnt1/System/Library/LaunchDaemons/
mv -v /mnt1/Library/LaunchDaemons/com.apple.MobileFileIntegrity.plist /mnt1/System/Library/LaunchDaemons/
mv -v /mnt1/Library/LaunchDaemons/com.apple.jetsamproperties.*.plist /mnt1/System/Library/LaunchDaemons/
sleep 3s
# step3
mv -v /mnt1/usr/libexec/CrashHousekeeping /mnt1/usr/libexec/CrashHousekeeping_
mv -v /mnt1/reloader /mnt1/usr/libexec/CrashHousekeeping
sleep 1s
fi
sleep 1s
Data_GUID="$((echo -e "i\n2\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*Partition unique GUID: //p')"
LogicalSector="$((echo -e "p\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*Logical sector size: //p' | sed 's/ .*//')"
System_LastSector="$((echo -e "i\n1\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*Last sector: //p' | sed 's/ .*//')"
Data_LastSector="$((echo -e "i\n2\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*Last sector: //p' | sed 's/ .*//')"
Data_Attributeflags="$((echo -e "i\n2\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*flags: //p')"
Exploit_LastSector="$((524288/$LogicalSector))"
New_Data_LastSector="$(($Data_LastSector-$Exploit_LastSector))"
New_Data_SectorSize="$(($New_Data_LastSector-$System_LastSector))"
New_Data_Size="$(($New_Data_SectorSize*$LogicalSector))"
hfs_resize /mnt1/private/var $New_Data_Size
sleep 1s
if [ "$Data_Attributeflags" = "0001000000000000" ]; then
echo -e "d\n2\nn\n\n$New_Data_LastSector\n\nc\n2\nData\nx\na\n2\n48\n\nc\n2\n$Data_GUID\ns\n4\nm\nn\n3\n\n$Data_LastSector\n\nw\nY\n" | gptfdisk /dev/rdisk0s1
else
echo -e "d\n2\nn\n\n$New_Data_LastSector\n\nc\n2\nData\nx\na\n2\n48\n49\n\nc\n2\n$Data_GUID\ns\n4\nm\nn\n3\n\n$Data_LastSector\n\nw\nY\n" | gptfdisk /dev/rdisk0s1
fi
sleep 1s
newfs_hfs -s -v exploit /dev/rdisk0s1s3
sleep 1s
fsck_hfs -f /dev/rdisk0s1s3
sleep 2s
dd of=/dev/rdisk0s1s3 if=/exploit bs=512k count=1
sleep 1s
nvram -c
nvram boot-partition=2
nvram boot-ramdisk="/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t/u/v/w/disk.dmg"
sleep 1s
reboot_

Binary file not shown.

View File

@ -0,0 +1,112 @@
#!/bin/bash
isIOS5=0
if [ -e "/dev/rdisk0s2" ]; then
nvram -d boot-partition
nvram -d boot-ramdisk
sleep 1s
reboot_
fi
mount_hfs /dev/disk0s1s1 /mnt1
if [ ! -e "/dev/rdisk0s1s3" ]; then
mount_hfs /dev/disk0s1s2 /mnt1/private/var
else
isIOS5=1
mount_hfs /dev/disk0s1s3 /mnt1/private/var
fi
sleep 1s
sleep 1s
rm -rf /mnt1/System/Library/LaunchDaemons/com.apple.mobile.softwareupdated.plist
rm -rf /mnt1/System/Library/LaunchDaemons/com.apple.softwareupdateservicesd.plist
if [ -e "/ios8" ]; then
# step1
mv -v /mnt1/System/Library/LaunchDaemons/* /mnt1/Library/LaunchDaemons/
sleep 3s
# step2
mv -v /mnt1/Library/LaunchDaemons/bootps.plist /mnt1/System/Library/LaunchDaemons/
mv -v /mnt1/Library/LaunchDaemons/com.apple.CrashHousekeeping.plist /mnt1/System/Library/LaunchDaemons/
mv -v /mnt1/Library/LaunchDaemons/com.apple.MobileFileIntegrity.plist /mnt1/System/Library/LaunchDaemons/
mv -v /mnt1/Library/LaunchDaemons/com.apple.jetsamproperties.*.plist /mnt1/System/Library/LaunchDaemons/
mv -v /mnt1/Library/LaunchDaemons/com.apple.mDNSResponder.plist /mnt1/System/Library/LaunchDaemons/com.apple.mDNSResponder.plist__
sleep 3s
# step3
mv -v /mnt1/usr/libexec/CrashHousekeeping /mnt1/usr/libexec/CrashHousekeeping_
mv -v /mnt1/reloader /mnt1/usr/libexec/CrashHousekeeping
sleep 1s
fi
if [ -e "/ios9" ]; then
# step1
mv -v /mnt1/System/Library/LaunchDaemons/* /mnt1/Library/LaunchDaemons/
sleep 3s
# step2
mv -v /mnt1/Library/LaunchDaemons/bootps.plist /mnt1/System/Library/LaunchDaemons/
mv -v /mnt1/Library/LaunchDaemons/com.apple.CrashHousekeeping.plist /mnt1/System/Library/LaunchDaemons/
mv -v /mnt1/Library/LaunchDaemons/com.apple.MobileFileIntegrity.plist /mnt1/System/Library/LaunchDaemons/
mv -v /mnt1/Library/LaunchDaemons/com.apple.jetsamproperties.*.plist /mnt1/System/Library/LaunchDaemons/
sleep 3s
# step3
mv -v /mnt1/usr/libexec/CrashHousekeeping /mnt1/usr/libexec/CrashHousekeeping_
mv -v /mnt1/reloader /mnt1/usr/libexec/CrashHousekeeping
sleep 1s
fi
sleep 1s
Data_GUID="$((echo -e "i\n2\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*Partition unique GUID: //p')"
LogicalSector="$((echo -e "p\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*Logical sector size: //p' | sed 's/ .*//')"
System_LastSector="$((echo -e "i\n1\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*Last sector: //p' | sed 's/ .*//')"
Data_LastSector="$((echo -e "i\n2\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*Last sector: //p' | sed 's/ .*//')"
Data_Attributeflags="$((echo -e "i\n2\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*flags: //p')"
Exploit_LastSector="$((1048576/$LogicalSector))"
New_Data_LastSector="$(($Data_LastSector-$Exploit_LastSector))"
New_Data_SectorSize="$(($New_Data_LastSector-$System_LastSector))"
New_Data_Size="$(($New_Data_SectorSize*$LogicalSector))"
hfs_resize /mnt1/private/var $New_Data_Size
sleep 1s
if [ "$Data_Attributeflags" = "0001000000000000" ]; then
echo -e "d\n2\nn\n\n$New_Data_LastSector\n\nc\n2\nData\nx\na\n2\n48\n\nc\n2\n$Data_GUID\ns\n4\nm\nn\n3\n\n$Data_LastSector\n\nw\nY\n" | gptfdisk /dev/rdisk0s1
else
echo -e "d\n2\nn\n\n$New_Data_LastSector\n\nc\n2\nData\nx\na\n2\n48\n49\n\nc\n2\n$Data_GUID\ns\n4\nm\nn\n3\n\n$Data_LastSector\n\nw\nY\n" | gptfdisk /dev/rdisk0s1
fi
sleep 1s
if [ $isIOS5 == 0 ]; then
newfs_hfs -s -v exploit /dev/rdisk0s1s3
sleep 1s
fsck_hfs -f /dev/rdisk0s1s3
sleep 2s
dd of=/dev/rdisk0s1s3 if=/exploit bs=512k count=1
sleep 1s
fi
if [ $isIOS5 == 1 ]; then
newfs_hfs -s -v exploit /dev/rdisk0s1s4
sleep 1s
fsck_hfs -f /dev/rdisk0s1s4
sleep 2s
dd of=/dev/rdisk0s1s4 if=/exploit bs=512k count=1
sleep 1s
fi
nvram -c
nvram boot-partition=2
nvram boot-ramdisk="/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t/disk.dmg"
sleep 1s
reboot_

Binary file not shown.

View File

@ -0,0 +1,85 @@
#!/bin/bash
mount_hfs /dev/disk0s1s1 /mnt1
mount_hfs /dev/disk0s1s2 /mnt1/private/var
sleep 1s
rm -rf /mnt1/System/Library/LaunchDaemons/com.apple.mobile.softwareupdated.plist
rm -rf /mnt1/System/Library/LaunchDaemons/com.apple.softwareupdateservicesd.plist
if [ -e "/ios8" ]; then
# step1
mv -v /mnt1/System/Library/LaunchDaemons/* /mnt1/Library/LaunchDaemons/
sleep 3s
# step2
mv -v /mnt1/Library/LaunchDaemons/bootps.plist /mnt1/System/Library/LaunchDaemons/
mv -v /mnt1/Library/LaunchDaemons/com.apple.CrashHousekeeping.plist /mnt1/System/Library/LaunchDaemons/
mv -v /mnt1/Library/LaunchDaemons/com.apple.MobileFileIntegrity.plist /mnt1/System/Library/LaunchDaemons/
mv -v /mnt1/Library/LaunchDaemons/com.apple.jetsamproperties.*.plist /mnt1/System/Library/LaunchDaemons/
mv -v /mnt1/Library/LaunchDaemons/com.apple.mDNSResponder.plist /mnt1/System/Library/LaunchDaemons/com.apple.mDNSResponder.plist__
sleep 3s
# step3
mv -v /mnt1/usr/libexec/CrashHousekeeping /mnt1/usr/libexec/CrashHousekeeping_
mv -v /mnt1/reloader /mnt1/usr/libexec/CrashHousekeeping
sleep 1s
fi
if [ -e "/ios9" ]; then
# step1
mv -v /mnt1/System/Library/LaunchDaemons/* /mnt1/Library/LaunchDaemons/
sleep 3s
# step2
mv -v /mnt1/Library/LaunchDaemons/bootps.plist /mnt1/System/Library/LaunchDaemons/
mv -v /mnt1/Library/LaunchDaemons/com.apple.CrashHousekeeping.plist /mnt1/System/Library/LaunchDaemons/
mv -v /mnt1/Library/LaunchDaemons/com.apple.MobileFileIntegrity.plist /mnt1/System/Library/LaunchDaemons/
mv -v /mnt1/Library/LaunchDaemons/com.apple.jetsamproperties.*.plist /mnt1/System/Library/LaunchDaemons/
sleep 3s
# step3
mv -v /mnt1/usr/libexec/CrashHousekeeping /mnt1/usr/libexec/CrashHousekeeping_
mv -v /mnt1/reloader /mnt1/usr/libexec/CrashHousekeeping
sleep 1s
fi
sleep 1s
Data_GUID="$((echo -e "i\n2\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*Partition unique GUID: //p')"
LogicalSector="$((echo -e "p\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*Logical sector size: //p' | sed 's/ .*//')"
System_LastSector="$((echo -e "i\n1\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*Last sector: //p' | sed 's/ .*//')"
Data_LastSector="$((echo -e "i\n2\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*Last sector: //p' | sed 's/ .*//')"
Data_Attributeflags="$((echo -e "i\n2\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*flags: //p')"
Exploit_LastSector="$((524288/$LogicalSector))"
New_Data_LastSector="$(($Data_LastSector-$Exploit_LastSector))"
New_Data_SectorSize="$(($New_Data_LastSector-$System_LastSector))"
New_Data_Size="$(($New_Data_SectorSize*$LogicalSector))"
hfs_resize /mnt1/private/var $New_Data_Size
sleep 1s
if [ "$Data_Attributeflags" = "0001000000000000" ]; then
echo -e "d\n2\nn\n\n$New_Data_LastSector\n\nc\n2\nData\nx\na\n2\n48\n\nc\n2\n$Data_GUID\ns\n4\nm\nn\n3\n\n$Data_LastSector\n\nw\nY\n" | gptfdisk /dev/rdisk0s1
else
echo -e "d\n2\nn\n\n$New_Data_LastSector\n\nc\n2\nData\nx\na\n2\n48\n49\n\nc\n2\n$Data_GUID\ns\n4\nm\nn\n3\n\n$Data_LastSector\n\nw\nY\n" | gptfdisk /dev/rdisk0s1
fi
sleep 1s
newfs_hfs -s -v exploit /dev/rdisk0s1s3
sleep 1s
fsck_hfs -f /dev/rdisk0s1s3
sleep 2s
dd of=/dev/rdisk0s1s3 if=/exploit bs=512k count=1
sleep 1s
nvram -c
nvram boot-partition=2
nvram boot-ramdisk="/a/b/c/d/e/f/g/h/i/j/k/l/m/disk.dmg"
sleep 1s
reboot_

View File

@ -65,6 +65,7 @@ dd of=/dev/rdisk0s1s4 if=/exploit bs=512k count=1
sleep 1s
fi
nvram -c
nvram boot-partition=2
sleep 1s

Binary file not shown.

View File

@ -0,0 +1,112 @@
#!/bin/bash
isIOS5=0
if [ -e "/dev/rdisk0s2" ]; then
nvram -d boot-partition
nvram -d boot-ramdisk
sleep 1s
reboot_
fi
mount_hfs /dev/disk0s1s1 /mnt1
if [ ! -e "/dev/rdisk0s1s3" ]; then
mount_hfs /dev/disk0s1s2 /mnt1/private/var
else
isIOS5=1
mount_hfs /dev/disk0s1s3 /mnt1/private/var
fi
sleep 1s
sleep 1s
rm -rf /mnt1/System/Library/LaunchDaemons/com.apple.mobile.softwareupdated.plist
rm -rf /mnt1/System/Library/LaunchDaemons/com.apple.softwareupdateservicesd.plist
if [ -e "/ios8" ]; then
# step1
mv -v /mnt1/System/Library/LaunchDaemons/* /mnt1/Library/LaunchDaemons/
sleep 3s
# step2
mv -v /mnt1/Library/LaunchDaemons/bootps.plist /mnt1/System/Library/LaunchDaemons/
mv -v /mnt1/Library/LaunchDaemons/com.apple.CrashHousekeeping.plist /mnt1/System/Library/LaunchDaemons/
mv -v /mnt1/Library/LaunchDaemons/com.apple.MobileFileIntegrity.plist /mnt1/System/Library/LaunchDaemons/
mv -v /mnt1/Library/LaunchDaemons/com.apple.jetsamproperties.*.plist /mnt1/System/Library/LaunchDaemons/
mv -v /mnt1/Library/LaunchDaemons/com.apple.mDNSResponder.plist /mnt1/System/Library/LaunchDaemons/com.apple.mDNSResponder.plist__
sleep 3s
# step3
mv -v /mnt1/usr/libexec/CrashHousekeeping /mnt1/usr/libexec/CrashHousekeeping_
mv -v /mnt1/reloader /mnt1/usr/libexec/CrashHousekeeping
sleep 1s
fi
if [ -e "/ios9" ]; then
# step1
mv -v /mnt1/System/Library/LaunchDaemons/* /mnt1/Library/LaunchDaemons/
sleep 3s
# step2
mv -v /mnt1/Library/LaunchDaemons/bootps.plist /mnt1/System/Library/LaunchDaemons/
mv -v /mnt1/Library/LaunchDaemons/com.apple.CrashHousekeeping.plist /mnt1/System/Library/LaunchDaemons/
mv -v /mnt1/Library/LaunchDaemons/com.apple.MobileFileIntegrity.plist /mnt1/System/Library/LaunchDaemons/
mv -v /mnt1/Library/LaunchDaemons/com.apple.jetsamproperties.*.plist /mnt1/System/Library/LaunchDaemons/
sleep 3s
# step3
mv -v /mnt1/usr/libexec/CrashHousekeeping /mnt1/usr/libexec/CrashHousekeeping_
mv -v /mnt1/reloader /mnt1/usr/libexec/CrashHousekeeping
sleep 1s
fi
sleep 1s
Data_GUID="$((echo -e "i\n2\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*Partition unique GUID: //p')"
LogicalSector="$((echo -e "p\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*Logical sector size: //p' | sed 's/ .*//')"
System_LastSector="$((echo -e "i\n1\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*Last sector: //p' | sed 's/ .*//')"
Data_LastSector="$((echo -e "i\n2\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*Last sector: //p' | sed 's/ .*//')"
Data_Attributeflags="$((echo -e "i\n2\nq") | gptfdisk /dev/rdisk0s1 2>/dev/null | sed -n -e 's/^.*flags: //p')"
Exploit_LastSector="$((524288/$LogicalSector))"
New_Data_LastSector="$(($Data_LastSector-$Exploit_LastSector))"
New_Data_SectorSize="$(($New_Data_LastSector-$System_LastSector))"
New_Data_Size="$(($New_Data_SectorSize*$LogicalSector))"
hfs_resize /mnt1/private/var $New_Data_Size
sleep 1s
if [ "$Data_Attributeflags" = "0001000000000000" ]; then
echo -e "d\n2\nn\n\n$New_Data_LastSector\n\nc\n2\nData\nx\na\n2\n48\n\nc\n2\n$Data_GUID\ns\n4\nm\nn\n3\n\n$Data_LastSector\n\nw\nY\n" | gptfdisk /dev/rdisk0s1
else
echo -e "d\n2\nn\n\n$New_Data_LastSector\n\nc\n2\nData\nx\na\n2\n48\n49\n\nc\n2\n$Data_GUID\ns\n4\nm\nn\n3\n\n$Data_LastSector\n\nw\nY\n" | gptfdisk /dev/rdisk0s1
fi
sleep 1s
if [ $isIOS5 == 0 ]; then
newfs_hfs -s -v exploit /dev/rdisk0s1s3
sleep 1s
fsck_hfs -f /dev/rdisk0s1s3
sleep 2s
dd of=/dev/rdisk0s1s3 if=/exploit bs=512k count=1
sleep 1s
fi
if [ $isIOS5 == 1 ]; then
newfs_hfs -s -v exploit /dev/rdisk0s1s4
sleep 1s
fsck_hfs -f /dev/rdisk0s1s4
sleep 2s
dd of=/dev/rdisk0s1s4 if=/exploit bs=512k count=1
sleep 1s
fi
nvram -c
nvram boot-partition=2
nvram boot-ramdisk="/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/disk.dmg"
sleep 1s
reboot_

Binary file not shown.

Binary file not shown.

Binary file not shown.

BIN
resources/ssh.tar Normal file

Binary file not shown.

View File

@ -2,8 +2,9 @@
if not exist "C:\Program Files\iTunes\iTunes.exe" (
if not exist "C:\Program Files (x86)\iTunes\iTunes.exe" (
echo [Error] iTunes does not seem to be installed.
echo [Error] iTunes does not seem to be installed in C drive.
echo * Please install iTunes 12.6.5 or older before proceeding.
echo * Do not change the install location from the defaults.
echo * Read the "How to Use" wiki page in GitHub for more details.
pause >nul
exit
@ -11,8 +12,9 @@ if not exist "C:\Program Files\iTunes\iTunes.exe" (
)
if not exist "C:\msys64\msys2.exe" (
echo [Error] MSYS2 does not seem to be installed.
echo [Error] MSYS2 does not seem to be installed in C drive.
echo * Please install MSYS2 first before proceeding.
echo * Do not change the install location from the defaults.
echo * Read the "How to Use" wiki page in GitHub for more details.
pause >nul
exit

1755
restore.sh

File diff suppressed because it is too large Load Diff