Update 3.x offset calculation

- for #536
This commit is contained in:
LukeZGD 2024-07-17 07:30:41 +08:00
parent 26f26b03c4
commit ca8d6361e7
2 changed files with 51 additions and 25 deletions

View File

@ -92,19 +92,18 @@
- iPad 5 - iPad 5
- iPad Pro 9.7/12.9 1st gen - iPad Pro 9.7/12.9 1st gen
- Restoring with **powdersn0w** is supported on the following devices and target version range: - Restoring with **powdersn0w** is supported on the following devices and target version range:
- iPhone 4 GSM - iOS 4.0 to 7.1.1 (4.2.1 and lower are hit or miss) - iPhone 4 GSM - iOS 4.0 to 7.1.1
- iPhone 4 CDMA - iOS 5.0 to 7.1.1 - iPhone 4 CDMA - iOS 5.0 to 7.1.1
- iPhone 4S, 5, 5C, iPad 2 Rev A, iPod touch 5 - iOS 5.0 to 9.3.5 - iPhone 4S, 5, 5C, iPad 2 Rev A, iPod touch 5 - iOS 5.0 to 9.3.5
- iPad 1 - iOS 4.2.1 to 5.1 - iPad 1 - iOS 3.2 to 5.1
- iPod touch 3 - iOS 4.0 to 5.1 - iPod touch 3 - iOS 3.1.1 to 5.1
- For iPad 1 and touch 3, powdersn0w 3.x is experimental
- Using powdersn0w requires iOS 7.1.x blobs for your device - Using powdersn0w requires iOS 7.1.x blobs for your device
- No blob requirement for iPhone 4, iPad 1, iPod touch 3 (7.1.2 and 5.1.1 are signed) - No blob requirement for iPhone 4, iPad 1, iPod touch 3 (7.1.2 and 5.1.1 are signed)
- For iPhone 5 and 5C, both 7.0.x and 7.1.x blobs can be used - For iPhone 5 and 5C, both 7.0.x and 7.1.x blobs can be used
- Restoring **tethered** to any version is supported on the following devices: - Restoring **tethered** to any version is supported on the following devices:
- iPhone 4 (3,2 and 3,3), 4S, 5, 5C - iPhone 4 (3,2 and 3,3), 4S, 5, 5C
- iPad 1, 2, 3, 4, mini 1 - iPad 2, 3, 4, mini 1
- iPod touch 3, 4, 5 - iPod touch 4, 5
- Restoring and jailbreaking to other unsigned versions without blobs is supported on the following devices and target version range: - Restoring and jailbreaking to other unsigned versions without blobs is supported on the following devices and target version range:
- iPhone 3GS - iOS 3.0 to 6.1.3 (all versions) - iPhone 3GS - iOS 3.0 to 6.1.3 (all versions)
- iPod touch 2 - iOS 2.1.1 to 4.1 (all versions) - iPod touch 2 - iOS 2.1.1 to 4.1 (all versions)

View File

@ -5458,7 +5458,7 @@ device_ramdisk() {
$scp -P $ssh_port $jelbrek/$untether root@127.0.0.1:/mnt1 $scp -P $ssh_port $jelbrek/$untether root@127.0.0.1:/mnt1
# 3.1.3-4.1 untether needs to be extracted early (before data partition is mounted) # 3.1.3-4.1 untether needs to be extracted early (before data partition is mounted)
case $vers in case $vers in
4.1 | 4.0* ) 4.1 | 4.0* | 3.2* )
untether="${device_type}_${build}.tar" untether="${device_type}_${build}.tar"
log "Extracting $untether" log "Extracting $untether"
$ssh -p $ssh_port root@127.0.0.1 "tar -xvf /mnt1/$untether -C /mnt1; rm /mnt1/$untether" $ssh -p $ssh_port root@127.0.0.1 "tar -xvf /mnt1/$untether -C /mnt1; rm /mnt1/$untether"
@ -5483,6 +5483,7 @@ device_ramdisk() {
5* ) device_send_rdtar g1lbertJB.tar;; 5* ) device_send_rdtar g1lbertJB.tar;;
4.2.1 | 4.1 | 4.0* | 3* ) 4.2.1 | 4.1 | 4.0* | 3* )
untether="${device_type}_${build}.tar" untether="${device_type}_${build}.tar"
log "fstab"
if [[ $device_type == "iPod2,1" ]]; then if [[ $device_type == "iPod2,1" ]]; then
$scp -P $ssh_port $jelbrek/fstab_old root@127.0.0.1:/mnt1/private/etc/fstab $scp -P $ssh_port $jelbrek/fstab_old root@127.0.0.1:/mnt1/private/etc/fstab
else else
@ -5563,21 +5564,7 @@ device_ramdisk() {
iPad1,1 | iPod3,1 ) iPad1,1 | iPod3,1 )
device_ramdisk_iosvers device_ramdisk_iosvers
if [[ $device_vers == "3"* ]]; then if [[ $device_vers == "3"* ]]; then
log "iOS 3.x detected, running exploit commands" device_ramdisk_ios3exploit
local offset="$($ssh -p $ssh_port root@127.0.0.1 "echo -e 'p\nq\n' | fdisk -e /dev/rdisk0" | grep AF | grep 63)"
offset="${offset##*-}"
offset="$(echo ${offset%]*} | tr -d ' ')"
local size=$((offset-8))
offset=$((size+64))
log "Got offset $offset. Will resize partition 1 to $size"
$ssh -p $ssh_port root@127.0.0.1 "echo -e 'e 1\n\n\n\n$size\ne 3\nAF\n\n${offset}\n16\nw\ny\nq\n' | fdisk -e /dev/rdisk0"
echo
log "Writing exploit ramdisk"
$scp -P $ssh_port ../resources/firmware/src/target/$device_model/9B206/exploit root@127.0.0.1:/
$ssh -p $ssh_port root@127.0.0.1 "dd of=/dev/rdisk0s3 if=/exploit bs=64k count=1"
fi
if [[ $device_type == "iPad1,1" ]]; then
$scp -P $ssh_port ../saved/iPad1,1/iBoot3_$device_ecid root@127.0.0.1:/mnt1/iBEC
fi fi
;; ;;
esac esac
@ -5595,6 +5582,46 @@ device_ramdisk() {
menu_ramdisk menu_ramdisk
} }
device_ramdisk_ios3exploit() {
log "iOS 3.x detected, running exploit commands"
local offset="$($ssh -p $ssh_port root@127.0.0.1 "echo -e 'p\nq\n' | fdisk -e /dev/rdisk0" | grep AF | head -1)"
offset="${offset##*-}"
offset="$(echo ${offset%]*} | tr -d ' ')"
offset=$((offset+64))
log "Got offset $offset"
$ssh -p $ssh_port root@127.0.0.1 "echo -e 'e 3\nAF\n\n${offset}\n8\nw\ny\nq\n' | fdisk -e /dev/rdisk0"
echo
log "Writing exploit ramdisk"
$scp -P $ssh_port ../resources/firmware/src/target/$device_model/9B206/exploit root@127.0.0.1:/
$ssh -p $ssh_port root@127.0.0.1 "dd of=/dev/rdisk0s3 if=/exploit bs=64k count=1"
if [[ $device_type == "iPad1,1" ]]; then
$scp -P $ssh_port ../saved/iPad1,1/iBoot3_$device_ecid root@127.0.0.1:/mnt1/iBEC
fi
case $device_vers in
3.1.3 | 3.2* ) read -p "$(input "Do you also want to jailbreak it now? (Y/n) ")" opt;;
* ) opt='n';;
esac
if [[ $opt != 'N' && $opt != 'n' ]]; then
untether="greenpois0n/${device_type}_${device_build}.tar"
log "Sending $untether"
$scp -P $ssh_port $jelbrek/$untether root@127.0.0.1:/mnt1
log "Extracting $untether"
$ssh -p $ssh_port root@127.0.0.1 "tar -xvf /mnt1/$untether -C /mnt1; rm /mnt1/$untether"
log "Mounting data partition"
$ssh -p $ssh_port root@127.0.0.1 "mount.sh pv"
log "fstab"
$scp -P $ssh_port $jelbrek/fstab_new root@127.0.0.1:/mnt1/private/etc/fstab
device_send_rdtar cydiasubstrate.tar
device_send_rdtar cydiahttpatch.tar
if [[ $device_vers == "3.1.3" || $device_vers == "3.2" ]]; then
device_send_rdtar freeze.tar data
if [[ $ipsw_openssh == 1 ]]; then
device_send_rdtar sshdeb.tar
fi
fi
fi
}
device_ramdisk_iosvers() { device_ramdisk_iosvers() {
device_vers= device_vers=
device_build= device_build=
@ -6481,8 +6508,7 @@ menu_restore() {
menu_items+=("Other (Tethered)") menu_items+=("Other (Tethered)")
fi fi
case $device_type in case $device_type in
iPhone3,[23] | iPad1,1 | iPod[34],1 ) iPhone3,[23] | iPod4,1 ) menu_items+=("Other (Tethered)");;
menu_items+=("Other (Tethered)");;
esac esac
if (( device_proc < 7 )); then if (( device_proc < 7 )); then
menu_items+=("DFU IPSW") menu_items+=("DFU IPSW")
@ -6781,9 +6807,10 @@ menu_ipsw() {
print "* Target Version: $device_target_vers-$device_target_build" print "* Target Version: $device_target_vers-$device_target_build"
case $device_target_build in case $device_target_build in
8[ABC]* ) warn "iOS 4.2.1 and lower are hit or miss. It may not restore/boot properly";; 8[ABC]* ) warn "iOS 4.2.1 and lower are hit or miss. It may not restore/boot properly";;
7[CD]* ) warn "Jailbreak option is not supported for this version. It is recommended to select 3.1.3 instead.";;
8E* ) warn "iOS 4.2.x for the CDMA 4 is not supported. It will not restore/boot properly";; 8E* ) warn "iOS 4.2.x for the CDMA 4 is not supported. It will not restore/boot properly";;
8* ) warn "Not all devices support iOS 4. It may not restore/boot properly";; 8* ) warn "Not all devices support iOS 4. It may not restore/boot properly";;
7* ) warn "3.x support is experimental. It may not restore/boot properly";; 7* ) warn "Not all 3.x versions will work. It may not restore/boot properly";;
esac esac
ipsw_cancustomlogo2= ipsw_cancustomlogo2=
case $device_target_vers in case $device_target_vers in