Improvements, install script

Also update readme
2025-01-23 13:41:16 +01:00 · 2019-11-21 23:48:05 +08:00 · 2019-11-21 23:48:05 +08:00 · bb7fcd8efc
commit bb7fcd8efc
parent 60660bec6d
3 changed files with 161 additions and 52 deletions
--- a/README.md
+++ b/README.md
@ -1,18 +1,44 @@
 # 841-OTA-Downgrader
- Script that can be used to downgrade almost any 32-bit device to iOS 8.4.1
+Script that can be used to downgrade almost any supported 32-bit device to iOS 8.4.1
+
+### Prerequisites:
+- **Any jailbroken 32-bit iOS device**
+- **OpenSSH** installed on iOS device
+- **MTerminal** installed on iOS device (10.x users)
+- iOS 7 Pangu users should install [this](http://apt.saurik.com/debs/io.pangu.axe7_0.3_iphoneos-arm.deb)
+- iOS 8 Pangu users should install [this](http://apt.saurik.com/debs/io.pangu.xuanyuansword8_0.5_iphoneos-arm.deb)
+- A Linux distro on PC (Tested on **Lubuntu 16.04 live USB** and Arch Linux)
+- For VirtualBox users, add a New USB Filter in the VM settings
+- For VMWare users, enable Autoconnect USB Devices
+- The computer and device must be on the same network
+
+### How to use:
+- When the prerequisites are met, usage should be straightforward:
+1. Download or `git clone` this repo
+2. Open Terminal, cd to the directory where the scripts are located (eg. `cd /home/user/841-OTA-Downgrader`)
+3. Run `chmod +x install.sh restore.sh`
+4. Run `./install.sh`
+5. Run `./restore.sh`
+6. Follow instructions

 ### Tools used by this script:
 - cURL
- partialZipBrowser
- tsschecker
+- [tsschecker](https://github.com/tihmstar/tsschecker)
 - bsdiff (bspatch)
- kloader
- futurerestore
+- [xpwntool](https://www.youtube.com/watch?v=fh0tB6fp0Sc)
+- [kloader](https://www.youtube.com/watch?v=fh0tB6fp0Sc)
+- [kloader5 (iOS 5)](http://www.pmbonneau.com/cydia/))
+- [kloader_hgsp (iOS 10)](https://twitter.com/nyan_satan/status/945203180522045440)
+- [futurerestore](https://github.com/tihmstar/futurerestore)

-### Tested on:
+### Devices tested on:
 - iPad3,3
+- iPhone5,2

 ### Supported devices:
+
+#### All iPad 2, iPad 3, iPad 4, iPod 5, iPhone 4S, and iPhone 5 devices (**NOT 5C**)
+
 - iPad2,1
 - iPad2,2
 - iPad2,3
--- a/install.sh
+++ b/install.sh
@ -0,0 +1,23 @@
+#!/bin/bash
+
+function ubuntu {
+    sudo apt update
+    sudo apt install bsdiff curl ifuse libimobiledevice-utils libzip4 usbmuxd
+}
+
+function arch {
+    sudo pacman -Sy bsdiff libcurl-compat libpng12 libzip openssl-1.0 usbmuxd
+    sudo ln -sf /usr/lib/libzip.so.5 /usr/lib/libzip.so.4
+}
+
+clear
+echo "******* 841-OTA-Downgrader *******"
+echo "          - by LukeZGD            "
+echo
+echo "Install dependencies"
+select opt in "Ubuntu 16.04" "Arch Linux"; do
+    case $opt in
+        "Ubuntu 16.04" ) ubuntu; break;;
+        "Arch Linux" ) arch; break;;
+    esac
+done
--- a/restore.sh
+++ b/restore.sh
@ -53,25 +53,29 @@ key_n41=baf05fe0282f78c18c2e3842be4f9021919d586b55594281f5b5abd0f6e61495
 iv_n42=fdad2b7a35384fa2ffc7221213ca1082
 key_n42=74cd68729b800a20b1f8e8a3cb5517024a09f074eaa05b099db530fb5783275e

-rm -rf iP*/ tmp/ $(ls *.shsh2) BuildManifest.plist
+rm -rf iP*/ tmp/ $(ls *.shsh2)
+
+HardwareModel=$(ideviceinfo | grep 'HardwareModel' | cut -c 16-)
+HardwareModelLower=$(echo $HardwareModel | tr '[:upper:]' '[:lower:]' | sed 's/.\{2\}$//')
+ProductType=$(ideviceinfo | grep 'ProductType' | cut -c 14-)
+ProductVersion=$(ideviceinfo | grep 'ProductVersion' | cut -c 17-)
+VersionDetect=$(echo $ProductVersion | cut -c 1)
+UniqueChipID=$(ideviceinfo | grep 'UniqueChipID' | cut -c 15-)
+iBSS="iBSS.$HardwareModelLower.RELEASE"
+IPSW="${ProductType}_8.4.1_12H321_Restore"

 clear
 echo "******* 841-OTA-Downgrader *******"
 echo "          - by LukeZGD            "
 echo

-HardwareModel=$(ideviceinfo | grep 'HardwareModel' | cut -c 16-)
-HardwareModelLower=$(echo $HardwareModel | tr '[:upper:]' '[:lower:]' | sed 's/.\{2\}$//')
-ProductType=$(ideviceinfo | grep 'ProductType' | cut -c 14-)
-ProductVersion=$(ideviceinfo | grep 'ProductVersion' | cut -c 17-)
-UniqueChipID=$(ideviceinfo | grep 'UniqueChipID' | cut -c 15-)
-iBSS="iBSS.$HardwareModelLower.RELEASE"
-
 if [ ! $HardwareModel ]
 then
    echo "Please plug the device in before proceeding"
-    echo
    exit
+elif [ $HardwareModel == iPad2,1 ] || [ $HardwareModel == iPad2,4 ] || [ $HardwareModel == iPad2,5 ] || [ $HardwareModel == iPad3,1 ] || [ $HardwareModel == iPad3,4 ] || [ $HardwareModel == iPod5,1 ]
+then
+    NoBaseband=1
 fi

 echo "HardwareModel: $HardwareModel"
@ -81,12 +85,10 @@ echo "UniqueChipID (ECID): $UniqueChipID"
 echo "iBSS: $iBSS"
 echo

-IPSW="${ProductType}_8.4.1_12H321_Restore"

 if [ ! -e ${IPSW}.ipsw ]
 then
    echo "iOS 8.4.1 IPSW is missing! Please put the IPSW on the same directory of this script"
-    echo
    exit
 fi

@ -97,7 +99,7 @@ then
    echo "Downloading tsschecker..."
    curl -L -# "https://github.com/tihmstar/tsschecker/releases/download/v212/tsschecker_v212_mac_win_linux.zip" -o "tmp/tsschecker.zip"
    echo "Extracting tsschecker..."
-    unzip -j tmp/tsschecker.zip tsschecker_$platform -d tools/
+    unzip -j tmp/tsschecker.zip tsschecker_$platform -d "tools/"
    chmod +x tools/tsschecker_$platform
    echo
 fi
@ -112,7 +114,7 @@ then
    echo "Downloading futurerestore..."
    curl -L -# "http://api.tihmstar.net/builds/futurerestore/futurerestore-latest.zip" -o "tmp/futurerestore.zip"
    echo "Extracting futurerestore..."
-    unzip -j tmp/futurerestore.zip futurerestore_$platform -d tools/
+    unzip -j tmp/futurerestore.zip futurerestore_$platform -d "tools/"
    chmod +x tools/futurerestore_$platform
    echo 
 fi
@ -122,43 +124,56 @@ then
    exit
 fi

-echo "Downloading ota.json..."
-curl -L -# "https://api.ipsw.me/v2.1/ota.json/condensed" -o "tmp/ota.json"
-echo 'Copying ota.json to /tmp or $TMPDIR...'
-if [ $platform == macos ] 
+if [ ! -e /tmp/ota.json ] && [ ! -e $TMPDIR/ota.json ]
 then
-    cp tmp/ota.json $TMPDIR
-else
-    cp tmp/ota.json /tmp
+    echo "Downloading ota.json..."
+    curl -L -# "https://api.ipsw.me/v2.1/ota.json/condensed" -o "tmp/ota.json"
+    echo 'Copying ota.json to /tmp or $TMPDIR...'
+    if [ $platform == macos ] 
+    then
+        cp tmp/ota.json $TMPDIR
+    else
+        cp tmp/ota.json /tmp
+    fi
+    echo
 fi
-echo
-if [ ! -e tmp/ota.json ]
+if [ ! -e /tmp/ota.json ] && [ ! -e $TMPDIR/ota.json ]
 then
    echo "Download ota.json failed. Please run the script again"
+    rm -rf tmp/ 
    exit
 fi

-echo "Downloading BuildManifest.plist..."
-OTAFirmware=$(curl "https://api.ipsw.me/v4/ota/download/$ProductType/12H321?prerequisite=12H143" -s -L -I -o /dev/null -w '%{url_effective}')
-pzb -g AssetData/boot/BuildManifest.plist $OTAFirmware
+echo "Downloading OTA Firmware..."
+curl -L -# "https://api.ipsw.me/v4/ota/download/$ProductType/12H321?prerequisite=12H143" -o "tmp/otafirmware.zip"
+echo "Extracting BuildManifest.plist..."
+unzip -j tmp/otafirmware.zip AssetData/boot/BuildManifest.plist -d "tmp/"
 echo
-if [ ! -e BuildManifest.plist ]
+if [ ! -e tmp/BuildManifest.plist ]
 then
-    echo "Download BuildManifest.plist failed. Please run the script again"
+    echo "Download/extract BuildManifest.plist failed. Please run the script again"
+    rm -rf tmp/
    exit
 fi

 echo "Saving 8.4.1 blobs with tsschecker..."
-env "LD_PRELOAD=libcurl.so.3" tools/tsschecker_$platform -d $ProductType -i 8.4.1 -o -s -e $UniqueChipID -m BuildManifest.plist
+if [[ ! $NoBaseband ]]
+then
+    env "LD_PRELOAD=libcurl.so.3" tools/tsschecker_$platform -d $ProductType -i 8.4.1 -o -s -e $UniqueChipID -m tmp/BuildManifest.plist
+else
+    echo "Detected device has no baseband"
+    env "LD_PRELOAD=libcurl.so.3" tools/tsschecker_$platform -d $ProductType -i 8.4.1 -o -s -b -e $UniqueChipID -m tmp/BuildManifest.plist
+fi
 echo
 if [ ! -e $(ls *.shsh2) ]
 then
    echo "Saving 8.4.1 blobs failed. Please run the script again"
+    rm -rf tmp/ BuildManifest.plist
    exit
 fi

 echo "Extracting 8.4.1 IPSW..."
-unzip -q ${IPSW}.ipsw -d $IPSW/
+unzip -q ${IPSW}.ipsw -d "$IPSW/"
 echo

 echo "Decrypting iBSS..."
@ -174,30 +189,51 @@ echo "Patching iBSS..."
 bspatch tmp/iBSS.dec2 tmp/pwnediBSS patches/$iBSS.patch
 echo

-if [[ $(echo $ProductVersion | cut -c 1) == 1 ]]
+if [[ $VersionDetect == 1 ]]
 then
    kloader="kloader_hgsp"
-elif [[ $(echo $ProductVersion | cut -c 1) == 5 ]]
+elif [[ $VersionDetect == 5 ]]
 then
    kloader="kloader5"
 else
    kloader="kloader"
 fi

-echo "Make sure SSH is installed and working on the device!"
-echo "Please enter Wi-Fi IP address of device for SSH connection:"
-read IPAddress
-echo "Will now connect to device using SSH"
-echo "Please enter root password when prompted (default is 'alpine')"
-echo
-
-echo "Copying stuff to device..."
-scp tools/$kloader tmp/pwnediBSS root@$IPAddress:/
-echo
-
-echo "Entering pwnDFU mode... (press Ctrl+C after entering root password to continue)"
-ssh root@$IPAddress "chmod 0755 /$kloader && /$kloader /pwnediBSS"
-echo
+if [[ $VersionDetect == 1 ]]
+then
+    WifiAddr=$(ideviceinfo | grep 'WiFiAddress' | cut -c 14-)
+    WifiAddrDecr=$(echo $(printf "%x\n" $(expr $(printf "%d\n" 0x$(echo "${WifiAddr}" | tr -d ':')) - 1)) | sed 's/\(..\)/\1:/g;s/:$//')
+    mkdir mountdir
+    echo "Mounting device using ifuse..."
+    ifuse mountdir
+    echo "Copying stuff to device..."
+    cp "tools/$kloader" "tmp/pwnediBSS" "mountdir/"
+    umount mountdir
+    rm -rf mountdir
+    echo
+    echo "Enter MTerminal and run these commands:"
+    echo
+    echo "su"
+    echo "(enter root password, default is 'alpine')"
+    echo "nvram wifiaddr=$WifiAddrDecr"
+    echo "cd /var/mobile/Media"
+    echo "chmod 0755 kloader_hgsp"
+    echo "./kloader_hgsp pwnediBSS"
+    echo
+else
+    echo "Make sure SSH is installed and working on the device!"
+    echo "Please enter Wi-Fi IP address of device for SSH connection:"
+    read IPAddress
+    echo "Will now connect to device using SSH"
+    echo "Please enter root password when prompted (default is 'alpine')"
+    echo
+    echo "Copying stuff to device..."
+    scp tools/$kloader tmp/pwnediBSS root@$IPAddress:/
+    echo
+    echo "Entering pwnDFU mode... (press Ctrl+C after entering root password to continue)"
+    ssh root@$IPAddress "chmod 0755 /$kloader && /$kloader /pwnediBSS"
+    echo
+fi

 echo "Press home/power button once when screen goes black on the device, then press [enter]"
 read
@ -205,4 +241,28 @@ echo "Will now proceed to futurerestore in 5 seconds..."
 sleep 5
 echo

-sudo env "LD_PRELOAD=libcurl.so.3" tools/futurerestore_$platform -t $(ls *.shsh2) --latest-baseband --use-pwndfu ${IPSW}.ipsw
+while [ ! $ScriptDone ]
+do
+    
+    if [[ ! $NoBaseband ]]
+    then
+        sudo env "LD_PRELOAD=libcurl.so.3" tools/futurerestore_$platform -t $(ls *.shsh2) --latest-baseband --use-pwndfu ${IPSW}.ipsw
+    else
+        echo "Detected device has no baseband"
+        sudo env "LD_PRELOAD=libcurl.so.3" tools/futurerestore_$platform -t $(ls *.shsh2) --latest-baseband --use-pwndfu --no-baseband ${IPSW}.ipsw
+    fi
+    
+    echo "futurerestore done!"
+    echo "If futurerestore failed to download baseband or for some reason, you can choose to retry"
+    echo "Retry? (y/n)"
+    read retry
+    if [ retry != y ] && [ retry != Y ]
+    then
+        ScriptDone=1
+    fi
+
+done
+
+rm -rf iP*/ tmp/ $(ls *.shsh2)
+
+echo "Script done!"