Windows again.

- pretty much the same as last time, except it was way easier to add now thanks to the code restructure
- baseband will not be touched and will be intact this time, unlike before when baseband gets downgraded to the 8.4.1/6.1.3 version
- it's still worse than futurerestore though, just use ota downgrader on linux/macos instead please
This commit is contained in:
LukeZGD 2022-05-29 22:57:53 +08:00
parent 5640c783d7
commit c456b386dd
8 changed files with 218 additions and 49 deletions

View File

@ -3,6 +3,8 @@
- **Downgrade/restore and jailbreak supported iOS devices to signed OTA firmwares**
- **iPhone4Down: Downgrade your iPhone 4 on Linux (using ch3rryflower)**
- **Linux and macOS** are supported
- **Partial support for Windows** - usage is not recommended
- iPhone4Down is focused on Linux only - macOS is untested, Windows is unsupported
- **Read the ["How to Use" wiki page](https://github.com/LukeZGD/iOS-OTA-Downgrader/wiki/How-to-Use) for a step-by-step tutorial**
- **Read the ["Troubleshooting" wiki page](https://github.com/LukeZGD/iOS-OTA-Downgrader/wiki/Troubleshooting) for tips, frequent questions, and troubleshooting**
@ -70,6 +72,7 @@
- [**Debian**](https://www.debian.org/) 11 Bullseye, Testing and Unstable
- [**openSUSE**](https://www.opensuse.org/) Tumbleweed and Leap 15.3
- **macOS** 10.13 and newer
- **Windows** 7 and newer
## Tools and other stuff used
- cURL
@ -81,21 +84,22 @@
- [daibutsuCFW](https://github.com/dora2-iOS/daibutsuCFW) - dora2ios
- [libimobiledevice](https://github.com/libimobiledevice/libimobiledevice) - libimobiledevice
- [libirecovery](https://github.com/libimobiledevice/libirecovery) - libimobiledevice
- [imobiledevice-net](https://github.com/libimobiledevice-win32/imobiledevice-net) - libimobiledevice-win32 (macOS build)
- [idevicerestore](https://github.com/LukeeGD/idevicerestore) - LukeZGD fork
- [imobiledevice-net](https://github.com/libimobiledevice-win32/imobiledevice-net) - libimobiledevice-win32 (macOS/Windows builds)
- ipsw tool from [xpwn](https://github.com/LukeZGD/xpwn) - LukeZGD fork
- Python 2 (for ipwndfu, rmsigchks, SimpleHTTPServer)
- Python 3 (http.server)
- [tsschecker](https://github.com/tihmstar/tsschecker) - tihmstar
- [tsschecker](https://github.com/1Conan/tsschecker) - 1Conan fork
- [futurerestore](https://github.com/futurerestore/futurerestore) - futurerestore beta
- [futurerestore](https://github.com/futurerestore/futurerestore) - futurerestore 194 and beta
- [idevicerestore](https://github.com/LukeeGD/idevicerestore) - LukeZGD fork
- [kloader](https://www.youtube.com/watch?v=fh0tB6fp0Sc)
- [kloader5 for iOS 5](https://www.pmbonneau.com/cydia/com.pmbonneau.kloader5_1.2_iphoneos-arm.deb)
- [kloader_hgsp for iOS 10](https://twitter.com/nyan_satan/status/945203180522045440)
- [partial-zip](https://github.com/matteyeux/partial-zip)
- [zenity](https://github.com/GNOME/zenity)
- [zenity](https://github.com/ncruces/zenity) (macOS)
- 32-bit bundles are from [OdysseusOTA](https://www.youtube.com/watch?v=Wo7mGdMcjxw), [OdysseusOTA2](https://www.youtube.com/watch?v=fh0tB6fp0Sc), [alitek12](https://www.mediafire.com/folder/b1z64roy512wd/FirmwareBundles), [gjest](https://www.reddit.com/r/jailbreak/comments/6yrzzj/release_firmware_bundles_for_ios_841_ipad21234567/)
- [zenity](https://github.com/ncruces/zenity) (macOS/Windows builds)
- 32-bit bundles from [OdysseusOTA](https://www.youtube.com/watch?v=Wo7mGdMcjxw), [OdysseusOTA2](https://www.youtube.com/watch?v=fh0tB6fp0Sc), [alitek12](https://www.mediafire.com/folder/b1z64roy512wd/FirmwareBundles), [gjest](https://www.reddit.com/r/jailbreak/comments/6yrzzj/release_firmware_bundles_for_ios_841_ipad21234567/)
- A7 patches from [MatthewPierson](https://github.com/MatthewPierson/iPhone-5s-OTA-Downgrade-Patches)
- [EtasonJB](https://www.theiphonewiki.com/wiki/EtasonJB)
- [evasi0n](https://www.theiphonewiki.com/wiki/Evasi0n)
- [evasi0n7](https://www.theiphonewiki.com/wiki/Evasi0n7)

View File

@ -1,6 +1,7 @@
#!/bin/bash
SaveOTABlobs() {
local APNonce=$1
local ExtraArgs
local SHSHChk
local SHSHContinue
@ -30,8 +31,9 @@ SaveOTABlobs() {
Log "Saving iOS $OSVer blobs with tsschecker..."
BuildManifest="resources/manifests/BuildManifest_${ProductType}_${OSVer}.plist"
ExtraArgs="-d $ProductType -i $OSVer -e $UniqueChipID -m $BuildManifest -o -s -B ${HWModel}ap -g 0x1111111111111111 -b"
SHSHChk=${UniqueChipID}_${ProductType}_${HWModel}ap_${OSVer}-${BuildVer}_3a88b7c3802f2f0510abc432104a15ebd8bd7154.shsh*
ExtraArgs="-d $ProductType -i $OSVer -e $UniqueChipID -m $BuildManifest -o -s -B ${HWModel}ap -b "
[[ -n $APNonce ]] && ExtraArgs+="--apnonce $APNonce" || ExtraArgs+="-g 0x1111111111111111"
SHSHChk=${UniqueChipID}_${ProductType}_${HWModel}ap_${OSVer}-${BuildVer}*.shsh*
$tsschecker $ExtraArgs
SHSH=$(ls $SHSHChk)
@ -49,15 +51,15 @@ SaveOTABlobs() {
if [[ -n $SHSH && $SHSHContinue != 1 ]]; then
mkdir -p saved/shsh 2>/dev/null
cp "$SHSH" saved/shsh
[[ -z $APNonce ]] && cp "$SHSH" saved/shsh
Log "Successfully saved $OSVer blobs."
fi
}
Save712Blobs() {
local SHSHChk
SHSH="${UniqueChipID}-${ProductType}-${OSVer}.shsh"
SHSH7="${UniqueChipID}-${ProductType}-7.1.2.shsh"
SHSH="saved/shsh/$SHSH7"
BuildManifest="BuildManifest_${ProductType}_7.1.2.plist"
if [[ ! -e resources/manifests/$BuildManifest ]]; then
@ -68,7 +70,8 @@ Save712Blobs() {
if [[ -e saved/shsh/$SHSH7 ]]; then
Log "Found existing saved 7.1.2 blobs."
else
return
fi
Log "Saving 7.1.2 blobs with tsschecker..."
$tsschecker -d $ProductType -i 7.1.2 -e $UniqueChipID -m resources/manifests/BuildManifest_${ProductType}_7.1.2.plist -s -b
SHSHChk=$(ls ${UniqueChipID}_${ProductType}_7.1.2-11D257_*.shsh2)
@ -76,8 +79,4 @@ Save712Blobs() {
mkdir saved/shsh 2>/dev/null
mv $SHSHChk saved/shsh/$SHSH7
Log "Successfully saved 7.1.2 blobs."
fi
mkdir shsh
cp saved/shsh/$SHSH7 shsh/$SHSH
}

View File

@ -43,10 +43,20 @@ SetToolPaths() {
python="/usr/bin/python"
xmlstarlet=/
zenity="./resources/tools/zenity_macos"
elif [[ $OSTYPE == "msys" ]]; then
platform="win"
platformver="$(cmd /c ver)"
MPath+="$platform"
bspatch="./resources/tools/bspatch_win"
futurerestore="./resources/tools/futurerestore_win"
python=/
fi
if [[ $platform != "win" ]]; then
expect="$(which expect)"
git="$(which git)"
fi
ideviceenterrecovery="$MPath/ideviceenterrecovery"
ideviceinfo="$MPath/ideviceinfo"
idevicerestore="./resources/tools/idevicerestore_$platform"
@ -84,6 +94,9 @@ SetToolPaths() {
rmsigchks="$(which python2) rmsigchks.py"
SimpleHTTPServer="$python -m http.server 8888"
fi
else
ping="ping -n 1"
zenity="./resources/tools/zenity_$platform"
fi
Log "Running on platform: $platform ($platformver)"
@ -171,6 +184,14 @@ InstallDepends() {
Echo "* The script will detect this automatically and will use the Homebrew versions of the tools"
Echo "* Install using this command: 'brew install libimobiledevice libirecovery'"
elif [[ $platform == "win" ]]; then
pacman -Sy --noconfirm --needed ca-certificates curl openssh unzip zip
Log "Downloading Windows tools..."
SaveFile https://github.com/LukeZGD/iOS-OTA-Downgrader-Keys/releases/download/tools/tools_win.zip tools_win.zip a34cbce38d89f96b97e62199aece78a58dd00e15
Log "Extracting Windows tools..."
unzip -oq tools_win.zip -d ../resources
libimobiledevice=("https://github.com/LukeZGD/iOS-OTA-Downgrader-Keys/releases/download/tools/libimobiledevice_win.zip" "75ae3af3347b89107f0f6b7e41fde42e6ccdd404")
else
Error "Distro not detected/supported by the install script." "See the repo README for supported OS versions/distros"
fi
@ -192,5 +213,6 @@ InstallDepends() {
cd ..
Log "Install script done! Please run the script again to proceed"
ExitWin
exit 0
}

View File

@ -76,10 +76,11 @@ GetDeviceValues() {
if [[ ! $DeviceState ]]; then
echo -e "\n${Color_R}[Error] No device detected. Please put the device in normal mode before proceeding. ${Color_N}"
echo "${Color_Y}* Make sure to also trust this computer by selecting \"Trust\" at the pop-up. ${Color_N}"
echo "${Color_Y}* For macOS users, double-check if the device is being detected by iTunes/Finder. ${Color_N}"
echo "${Color_Y}* For Windows/macOS users, double-check if the device is being detected by iTunes/Finder. ${Color_N}"
echo "${Color_Y}* Recovery or DFU mode is also applicable. ${Color_N}"
echo "${Color_Y}* To perform operations without an iOS device connected, add NoDevice as an argument. ${Color_N}"
echo "${Color_Y}* For more details, read the \"Troubleshooting\" wiki page in GitHub ${Color_N}"
ExitWin
exit 1
elif [[ -n $DeviceState ]]; then
if [[ ! $ProductType ]]; then
@ -478,3 +479,30 @@ Ramdisk4() {
Echo " mount_hfs /dev/disk0s1s1 /mnt1"
Echo " mount_hfs /dev/disk0s1s2 /mnt1/private/var"
}
EnterPwnREC() {
local Attempt=1
if [[ $ProductType == "iPad4,4" || $ProductType == "iPad4,5" ]]; then
Log "iPad mini 2 device detected. Setting iBSS and iBEC to \"ipad4b\""
iBEC=$iBECb
iBSS=$iBSSb
fi
while (( $Attempt < 4 )); do
Log "Entering pwnREC mode... (Attempt $Attempt)"
Log "Sending iBSS..."
$irecovery -f $IPSWCustom/Firmware/dfu/$iBSS.im4p
$irecovery -f $IPSWCustom/Firmware/dfu/$iBSS.im4p
Log "Sending iBEC..."
$irecovery -f $IPSWCustom/Firmware/dfu/$iBEC.im4p
sleep 3
FindDevice "Recovery" timeout
[[ $? == 0 ]] && break
((Attempt++))
done
if (( $Attempt == 4 )); then
Error "Failed to enter pwnREC mode. You may have to force restart your device and start over entering pwnDFU mode again"
fi
}

View File

@ -37,12 +37,14 @@ FutureRestore() {
Log "Proceeding to futurerestore..."
[[ $platform == "linux" ]] && Echo "* Enter your user password when prompted"
if [[ $platform != "win" ]]; then
cd resources
$SimpleHTTPServer &
ServerPID=$!
cd ..
fi
if [[ $DeviceProc == 7 ]]; then
if [[ $DeviceProc == 7 && $platform != "win" ]]; then
# Send dummy file for device detection
$irecovery -f README.md
sleep 2
@ -112,10 +114,37 @@ DowngradeOTA() {
FutureRestore
}
DowngradeOTAWin() {
IPSWCustom="${IPSWType}_${OSVer}_${BuildVer}_CustomWin"
if [[ $DeviceProc != 7 ]]; then
JailbreakOption
SaveOTABlobs
fi
IPSWFindVerify
if [[ $DeviceProc == 7 ]]; then
IPSWSetExtract extract
IPSW64
EnterPwnREC
local APNonce=$($irecovery -q | grep "NONC" | cut -c 7-)
Log "APNONCE: $APNonce"
SaveOTABlobs $APNonce
IPSWSetExtract set
FutureRestore
return
fi
kDFU
IPSW32
IPSWSetExtract
iDeviceRestore
}
Downgrade() {
Log "Select your options when asked. If unsure, go for the defaults (press Enter/Return)."
echo
if [[ $OSVer == "Other" ]]; then
if [[ $platform == "win" ]]; then
DowngradeOTAWin
return
elif [[ $OSVer == "Other" ]]; then
DowngradeOther
return
fi
@ -123,6 +152,8 @@ Downgrade() {
}
iDeviceRestore() {
mkdir shsh
cp $SHSH shsh/${UniqueChipID}-${ProductType}-${OSVer}.shsh
Log "Proceeding to idevicerestore..."
Echo "* Enter your user password when prompted"
[[ $platform == "macos" ]] && sudo codesign --sign - --force --deep $idevicerestore
@ -133,6 +164,10 @@ iDeviceRestore() {
Echo "* If this is the \"Killed: 9\" error or similar, try these steps:"
Echo "* Using Terminal, cd to where the script is located, then run"
Echo "* sudo codesign --sign - --force --deep resources/tools/idevicerestore_macos"
elif [[ $platform == "win" && $? != 0 ]]; then
Log "An error seems to have occurred in idevicerestore."
Echo "* Windows users may encounter errors like \"Unable to send APTicket\" or \"Unable to send iBEC\" in the restore process."
Echo "* To fix this, follow troubleshooting steps here: https://github.com/LukeZGD/iOS-OTA-Downgrader/wiki/Troubleshooting#windows"
else
echo
Log "Restoring done!"

View File

@ -2,7 +2,7 @@
JailbreakSet() {
Jailbreak=1
IPSWCustom="${IPSWType}_${OSVer}_${BuildVer}_Custom"
[[ -z $IPSWCustom ]] && IPSWCustom="${IPSWType}_${OSVer}_${BuildVer}_Custom"
if [[ $ProductType == "iPhone4,1" || $ProductType == "iPhone5,2" ]] && [[ $OSVer == "8.4.1" ]]; then
Input "Jailbreak Tool Option"
@ -21,6 +21,7 @@ JailbreakSet() {
[[ $OSVer == "8.4.1" ]] && JBDaibutsu=1
fi
[[ $platform == "win" ]] && IPSWCustom="${IPSWCustom}JB"
if [[ $JBDaibutsu == 1 ]]; then
JBName="daibutsu"
IPSWCustom="${IPSWCustom}D"
@ -65,7 +66,7 @@ JailbreakOption() {
fi
echo
if [[ $Jailbreak != 1 ]]; then
if [[ $Jailbreak != 1 || $platform == "win" ]]; then
return
fi
Input "Memory Option for creating custom IPSW"
@ -123,6 +124,7 @@ IPSWFindVerify() {
}
IPSWSetExtract() {
if [[ $1 != "extract" ]]; then
if [[ -e "$IPSWCustom.ipsw" ]]; then
Log "Setting restore IPSW to: $IPSWCustom.ipsw"
IPSWRestore="$IPSWCustom"
@ -130,9 +132,12 @@ IPSWSetExtract() {
Log "Setting restore IPSW to: $IPSW.ipsw"
IPSWRestore="$IPSW"
fi
fi
if [[ $1 != "set" ]]; then
Log "Extracting IPSW: $IPSWRestore.ipsw"
unzip -oq "$IPSWRestore.ipsw" -d "$IPSWRestore"/
fi
}
IPSW32() {
@ -148,6 +153,7 @@ IPSW32() {
fi
if [[ $JBDaibutsu == 1 ]]; then
[[ $platform == "win" ]] && ipsw="${ipsw}2"
ExtraArgs+="-daibutsu "
echo '#!/bin/bash' > tmp/reboot.sh
echo "mount_hfs /dev/disk0s1s1 /mnt1; mount_hfs /dev/disk0s1s2 /mnt2" >> tmp/reboot.sh
@ -190,15 +196,19 @@ IPSW32() {
JBFiles[$i]=../resources/jailbreak/${JBFiles[$i]}
done
fi
if [[ $platform == "win" ]]; then
WinBundles="windows/"
else
ExtraArgs+="-bbupdate"
fi
if [[ ! -e $IPSWCustom.ipsw ]]; then
Log "Preparing custom IPSW..."
cd tmp
if [[ $JBDaibutsu == 1 ]]; then
cp -R ../resources/firmware/JailbreakBundles FirmwareBundles
cp -R ../resources/firmware/${WinBundles}JailbreakBundles FirmwareBundles
else
cp -R ../resources/firmware/FirmwareBundles FirmwareBundles
cp -R ../resources/firmware/${WinBundles}FirmwareBundles FirmwareBundles
fi
$ipsw ./../$IPSW.ipsw ./../$IPSWCustom.ipsw $ExtraArgs $JBMemory ${JBFiles[@]}
cd ..
@ -355,3 +365,28 @@ IPSW4() {
"You may try selecting N for memory option"
fi
}
IPSW64() {
if [[ -e $IPSWCustom.ipsw ]]; then
Log "Found existing Custom IPSW. Skipping IPSW creation."
return
fi
Log "Preparing custom IPSW..."
$bspatch $IPSW/Firmware/dfu/$iBSS.im4p $iBSS.im4p resources/patches/$iBSS.patch
$bspatch $IPSW/Firmware/dfu/$iBEC.im4p $iBEC.im4p resources/patches/$iBEC.patch
if [[ $ProductType == "iPad4"* ]]; then
$bspatch $IPSW/Firmware/dfu/$iBSSb.im4p $iBSSb.im4p resources/patches/$iBSSb.patch
$bspatch $IPSW/Firmware/dfu/$iBECb.im4p $iBECb.im4p resources/patches/$iBECb.patch
mv -f $iBSSb.im4p $iBECb.im4p $IPSW/Firmware/dfu
fi
mv -f $iBSS.im4p $iBEC.im4p $IPSW/Firmware/dfu
cd $IPSW
zip -rq0 ../$IPSWCustom.ipsw *
cd ..
mv $IPSW $IPSWCustom
if [[ ! -e $IPSWCustom.ipsw ]]; then
Error "Failed to find custom IPSW. Please run the script again"
fi
}

7
restore.cmd Executable file
View File

@ -0,0 +1,7 @@
@echo off
C:\msys64\msys2.exe "./restore.sh"
rem Add the argument at the end of the line above if needed
rem Examples:
rem C:\msys64\msys2.exe "./restore.sh" NoDevice
rem C:\msys64\msys2.exe "./restore.sh" PwnedDevice

View File

@ -32,6 +32,7 @@ Error() {
echo -e "\n${Color_R}[Error] $1 ${Color_N}"
[[ -n $2 ]] && echo "${Color_R}* $2 ${Color_N}"
echo
ExitWin
exit 1
}
@ -43,6 +44,13 @@ Log() {
echo "${Color_G}[Log] $1 ${Color_N}"
}
ExitWin() {
if [[ $platform == "win" ]]; then
Input "Press Enter/Return to exit."
read -s
fi
}
Main() {
local Selection=()
@ -97,7 +105,9 @@ Main() {
InstallDepends
fi
if [[ $platform != "win" ]]; then
SaveExternal LukeZGD ipwndfu
fi
GetDeviceValues $1
Clean
mkdir tmp
@ -150,12 +160,13 @@ Main() {
if [[ $Mode == "IPSW32" ]]; then
echo
[[ $platform == "win" ]] && IPSWCustom="${IPSWType}_${OSVer}_${BuildVer}_CustomWin"
JailbreakOption
if [[ -e "$IPSWCustom.ipsw" ]]; then
Log "Found existing Custom IPSW, stopping here."
Echo "* If you want to re-create the custom IPSW, move/delete the existing one first."
exit 0
elif [[ $Jailbreak != 1 ]]; then
elif [[ $Jailbreak != 1 && $platform != "win" ]]; then
if [[ $DeviceProc == 4 && $OSVer == "7.1.2" ]]; then
Log "Creating custom IPSW is not needed for non-jailbroken 7.1.2 restores."
exit 0
@ -175,15 +186,38 @@ Main() {
Log "Custom IPSW has been created: $IPSWCustom.ipsw"
[[ $Jailbreak == 1 ]] && Echo "* This custom IPSW has a jailbreak built in ($JBName)"
Echo "* Run the script again and select Downgrade Device to use the custom IPSW."
[[ $DeviceProc != 4 ]] && Echo "* You may also use futurerestore manually (make sure to use the latest beta)"
if [[ $DeviceProc != 4 && $platform != "win" ]]; then
Echo "* You may also use futurerestore manually (make sure to use the latest beta)"
fi
ExitWin
exit 0
elif [[ $Mode != "Downgrade"* && $Mode != *"4" ]]; then
$Mode
ExitWin
exit 0
fi
if [[ $Mode == *"4" || $DeviceProc == 7 ]]; then
if [[ $DeviceProc == 4 && $platform == "win" ]]; then
Error "Your device ($ProductType) is unsupported on Windows."
elif [[ $DeviceProc == 7 && $platform == "win" ]]; then
local Message="If you want to restore your A7 device on Windows, put the device in pwnDFU mode."
if [[ $DeviceState == "Normal" ]]; then
Error "$Message"
elif [[ $DeviceState == "Recovery" ]]; then
Log "A7 device detected in recovery mode."
Log "$Message"
RecoveryExit
elif [[ $DeviceState == "DFU" ]]; then
Log "A7 device detected in DFU mode."
Echo "* Make sure that your device is already in pwnDFU mode with signature checks disabled."
Echo "* If your device is not in pwnDFU mode, the restore will not proceed!"
Echo "* Entering pwnDFU mode is not supported on Windows. You need to use a Mac/Linux machine or another iOS device to do so."
Input "Press Enter/Return to continue (or press Ctrl+C to cancel)"
read -s
fi
elif [[ $Mode == *"4" || $DeviceProc == 7 ]]; then
if [[ $DeviceState == "Normal" ]]; then
Echo "* The device needs to be in recovery/DFU mode before proceeding."
read -p "$(Input 'Send device to recovery mode? (y/N):')" Selection
@ -213,7 +247,9 @@ Main() {
Echo "* If you do not know what you are doing, EXIT NOW by pressing Ctrl+C and restart your device in normal mode."
Input "Select the mode that your device is currently in:"
Selection=("kDFU mode")
if [[ $platform != "win" ]]; then
[[ $DeviceProc == 5 ]] && Selection+=("pwnDFU mode (A5)") || Selection+=("DFU mode (A4/A6)")
fi
Selection+=("Any other key to exit")
select opt in "${Selection[@]}"; do
case $opt in
@ -232,7 +268,7 @@ Main() {
Log "Downgrading $ProductType in kDFU/pwnDFU mode..."
elif [[ $DeviceState == "Recovery" ]]; then
if [[ $DeviceProc == 4 || $DeviceProc == 6 ]]; then
if [[ $DeviceProc == 4 || $DeviceProc == 6 ]] && [[ $platform != "win" ]]; then
Recovery
else
Log "32-bit A${DeviceProc} device detected in recovery mode."
@ -244,6 +280,7 @@ Main() {
fi
Downgrade
ExitWin
exit 0
}
@ -287,7 +324,9 @@ SelectVersion() {
fi
fi
if [[ $platform != "win" ]]; then
[[ $Mode == "Downgrade"* ]] && Selection+=("Other (use SHSH blobs)")
fi
Selection+=("(Any other key to exit)")
echo