From ca8d6361e713e45c295c97606fad66d685faf039 Mon Sep 17 00:00:00 2001 From: LukeZGD <26163116+LukeZGD@users.noreply.github.com> Date: Wed, 17 Jul 2024 07:30:41 +0800 Subject: [PATCH] Update 3.x offset calculation - for #536 --- README.md | 11 +++++---- restore.sh | 65 ++++++++++++++++++++++++++++++++++++++---------------- 2 files changed, 51 insertions(+), 25 deletions(-) diff --git a/README.md b/README.md index 680b2de..d68b0df 100644 --- a/README.md +++ b/README.md @@ -92,19 +92,18 @@ - iPad 5 - iPad Pro 9.7/12.9 1st gen - Restoring with **powdersn0w** is supported on the following devices and target version range: - - iPhone 4 GSM - iOS 4.0 to 7.1.1 (4.2.1 and lower are hit or miss) + - iPhone 4 GSM - iOS 4.0 to 7.1.1 - iPhone 4 CDMA - iOS 5.0 to 7.1.1 - iPhone 4S, 5, 5C, iPad 2 Rev A, iPod touch 5 - iOS 5.0 to 9.3.5 - - iPad 1 - iOS 4.2.1 to 5.1 - - iPod touch 3 - iOS 4.0 to 5.1 - - For iPad 1 and touch 3, powdersn0w 3.x is experimental + - iPad 1 - iOS 3.2 to 5.1 + - iPod touch 3 - iOS 3.1.1 to 5.1 - Using powdersn0w requires iOS 7.1.x blobs for your device - No blob requirement for iPhone 4, iPad 1, iPod touch 3 (7.1.2 and 5.1.1 are signed) - For iPhone 5 and 5C, both 7.0.x and 7.1.x blobs can be used - Restoring **tethered** to any version is supported on the following devices: - iPhone 4 (3,2 and 3,3), 4S, 5, 5C - - iPad 1, 2, 3, 4, mini 1 - - iPod touch 3, 4, 5 + - iPad 2, 3, 4, mini 1 + - iPod touch 4, 5 - Restoring and jailbreaking to other unsigned versions without blobs is supported on the following devices and target version range: - iPhone 3GS - iOS 3.0 to 6.1.3 (all versions) - iPod touch 2 - iOS 2.1.1 to 4.1 (all versions) diff --git a/restore.sh b/restore.sh index 149f37e..0d1acf1 100755 --- a/restore.sh +++ b/restore.sh @@ -5458,7 +5458,7 @@ device_ramdisk() { $scp -P $ssh_port $jelbrek/$untether root@127.0.0.1:/mnt1 # 3.1.3-4.1 untether needs to be extracted early (before data partition is mounted) case $vers in - 4.1 | 4.0* ) + 4.1 | 4.0* | 3.2* ) untether="${device_type}_${build}.tar" log "Extracting $untether" $ssh -p $ssh_port root@127.0.0.1 "tar -xvf /mnt1/$untether -C /mnt1; rm /mnt1/$untether" @@ -5483,6 +5483,7 @@ device_ramdisk() { 5* ) device_send_rdtar g1lbertJB.tar;; 4.2.1 | 4.1 | 4.0* | 3* ) untether="${device_type}_${build}.tar" + log "fstab" if [[ $device_type == "iPod2,1" ]]; then $scp -P $ssh_port $jelbrek/fstab_old root@127.0.0.1:/mnt1/private/etc/fstab else @@ -5563,21 +5564,7 @@ device_ramdisk() { iPad1,1 | iPod3,1 ) device_ramdisk_iosvers if [[ $device_vers == "3"* ]]; then - log "iOS 3.x detected, running exploit commands" - local offset="$($ssh -p $ssh_port root@127.0.0.1 "echo -e 'p\nq\n' | fdisk -e /dev/rdisk0" | grep AF | grep 63)" - offset="${offset##*-}" - offset="$(echo ${offset%]*} | tr -d ' ')" - local size=$((offset-8)) - offset=$((size+64)) - log "Got offset $offset. Will resize partition 1 to $size" - $ssh -p $ssh_port root@127.0.0.1 "echo -e 'e 1\n\n\n\n$size\ne 3\nAF\n\n${offset}\n16\nw\ny\nq\n' | fdisk -e /dev/rdisk0" - echo - log "Writing exploit ramdisk" - $scp -P $ssh_port ../resources/firmware/src/target/$device_model/9B206/exploit root@127.0.0.1:/ - $ssh -p $ssh_port root@127.0.0.1 "dd of=/dev/rdisk0s3 if=/exploit bs=64k count=1" - fi - if [[ $device_type == "iPad1,1" ]]; then - $scp -P $ssh_port ../saved/iPad1,1/iBoot3_$device_ecid root@127.0.0.1:/mnt1/iBEC + device_ramdisk_ios3exploit fi ;; esac @@ -5595,6 +5582,46 @@ device_ramdisk() { menu_ramdisk } +device_ramdisk_ios3exploit() { + log "iOS 3.x detected, running exploit commands" + local offset="$($ssh -p $ssh_port root@127.0.0.1 "echo -e 'p\nq\n' | fdisk -e /dev/rdisk0" | grep AF | head -1)" + offset="${offset##*-}" + offset="$(echo ${offset%]*} | tr -d ' ')" + offset=$((offset+64)) + log "Got offset $offset" + $ssh -p $ssh_port root@127.0.0.1 "echo -e 'e 3\nAF\n\n${offset}\n8\nw\ny\nq\n' | fdisk -e /dev/rdisk0" + echo + log "Writing exploit ramdisk" + $scp -P $ssh_port ../resources/firmware/src/target/$device_model/9B206/exploit root@127.0.0.1:/ + $ssh -p $ssh_port root@127.0.0.1 "dd of=/dev/rdisk0s3 if=/exploit bs=64k count=1" + if [[ $device_type == "iPad1,1" ]]; then + $scp -P $ssh_port ../saved/iPad1,1/iBoot3_$device_ecid root@127.0.0.1:/mnt1/iBEC + fi + case $device_vers in + 3.1.3 | 3.2* ) read -p "$(input "Do you also want to jailbreak it now? (Y/n) ")" opt;; + * ) opt='n';; + esac + if [[ $opt != 'N' && $opt != 'n' ]]; then + untether="greenpois0n/${device_type}_${device_build}.tar" + log "Sending $untether" + $scp -P $ssh_port $jelbrek/$untether root@127.0.0.1:/mnt1 + log "Extracting $untether" + $ssh -p $ssh_port root@127.0.0.1 "tar -xvf /mnt1/$untether -C /mnt1; rm /mnt1/$untether" + log "Mounting data partition" + $ssh -p $ssh_port root@127.0.0.1 "mount.sh pv" + log "fstab" + $scp -P $ssh_port $jelbrek/fstab_new root@127.0.0.1:/mnt1/private/etc/fstab + device_send_rdtar cydiasubstrate.tar + device_send_rdtar cydiahttpatch.tar + if [[ $device_vers == "3.1.3" || $device_vers == "3.2" ]]; then + device_send_rdtar freeze.tar data + if [[ $ipsw_openssh == 1 ]]; then + device_send_rdtar sshdeb.tar + fi + fi + fi +} + device_ramdisk_iosvers() { device_vers= device_build= @@ -6481,8 +6508,7 @@ menu_restore() { menu_items+=("Other (Tethered)") fi case $device_type in - iPhone3,[23] | iPad1,1 | iPod[34],1 ) - menu_items+=("Other (Tethered)");; + iPhone3,[23] | iPod4,1 ) menu_items+=("Other (Tethered)");; esac if (( device_proc < 7 )); then menu_items+=("DFU IPSW") @@ -6781,9 +6807,10 @@ menu_ipsw() { print "* Target Version: $device_target_vers-$device_target_build" case $device_target_build in 8[ABC]* ) warn "iOS 4.2.1 and lower are hit or miss. It may not restore/boot properly";; + 7[CD]* ) warn "Jailbreak option is not supported for this version. It is recommended to select 3.1.3 instead.";; 8E* ) warn "iOS 4.2.x for the CDMA 4 is not supported. It will not restore/boot properly";; 8* ) warn "Not all devices support iOS 4. It may not restore/boot properly";; - 7* ) warn "3.x support is experimental. It may not restore/boot properly";; + 7* ) warn "Not all 3.x versions will work. It may not restore/boot properly";; esac ipsw_cancustomlogo2= case $device_target_vers in