Mirrors/Legacy-iOS-Kit
2
0
Fork 0
mirror of https://github.com/LukeZGD/Legacy-iOS-Kit.git synced 2024-11-23 16:39:17 +01:00
Code Issues Packages Projects Releases Wiki Activity

A7 10.3.3 support (#31)

Browse Source 
- Lots of changes for A7 stuff and others with updated dependency install
- 32bit-OTA is now iOS-OTA-Downgrader
This commit is contained in:
LukeeGD 2020-07-23 08:47:36 +08:00 committed by GitHub
parent 0f014ba31f
commit f78fab2b91
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
29 changed files with 17406 additions and 171 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored
View File

@ -1,11 +1,13 @@
*.bbfw
*.dfu
*.im4p
*.ipsw
*.json
*.plist
*.shsh
*.shsh2
*.txt
iP*
saved/
resources/firmware/
resources/ipwndfu/
tmp/

43
README.md
View File

@ -1,28 +1,35 @@
# 32bit-OTA-Downgrader
### Downgrade/restore 32-bit iOS devices to iOS 8.4.1 or iOS 6.1.3
# iOS-OTA-Downgrader
### (formerly 32bit-OTA-Downgrader)
### Downgrade/restore iOS devices to signed OTA firmwares
- **Please see "Other notes" below to serve as answers for FAQs**
## Supported devices:
- **iOS 8.4.1**: All A5, A5X, A6, and A6X devices are supported **except iPad2,2 (iPad 2 GSM), iPhone5,3 and 5,4 (iPhone 5C)**
- **iOS 10.3.3**: (Linux only) All A7 devices are supported **except iPad4,6 iPad4,7 iPad4,8 iPad4,9**
- **iOS 8.4.1**: All A5, A5X, A6, and A6X devices are supported **except iPad2,2 (iPad 2 GSM) iPhone5,3 and 5,4 (iPhone 5C)**
- **iOS 6.1.3**: Only iPhone 4S and iPad 2 devices are supported **except iPad2,2 (iPad 2 GSM) and iPad2,4 (iPad 2 Rev A)**
## Prerequisites:
- A supported 32-bit iOS device **jailbroken** on any version
- **iOS [8.4.1](https://ipsw.me/8.4.1) or [6.1.3](https://ipsw.me/6.1.3) IPSW** for your device (the script can also download it for you)
- A supported device:
- A 32-bit iOS device (any version, **jailbreak needed**)
- An A7 device (any version, jailbreak not needed)
- An IPSW for the version you want to downgrade to (the script can also download it for you)
- A **macOS** or a **64-bit Linux install/live USB** (see distros tested on below) (a live USB can be easily created with tools like [balenaEtcher](https://www.balena.io/etcher/) or [Rufus](https://rufus.ie/))
- iOS 7/8 Pangu users: Install the [latest Pangu 7.1.x Untether (deb)](http://apt.saurik.com/debs/io.pangu.axe7_0.3_iphoneos-arm.deb) or [latest Pangu 8.0-8.1.x Untether (deb)](http://apt.saurik.com/debs/io.pangu.xuanyuansword8_0.5_iphoneos-arm.deb)
- iOS 9 and below users: Install [OpenSSH](https://cydia.saurik.com/package/openssh/); The computer and iOS device must be on the same network for SSH to work
- iOS 10 users: Install [MTerminal](http://cydia.saurik.com/package/com.officialscheduler.mterminal/)
- 32-bit users only:
- iOS 7/8 Pangu users: Install the [latest Pangu 7.1.x Untether (deb)](http://apt.saurik.com/debs/io.pangu.axe7_0.3_iphoneos-arm.deb) or [latest Pangu 8.0-8.1.x Untether (deb)](http://apt.saurik.com/debs/io.pangu.xuanyuansword8_0.5_iphoneos-arm.deb)
- iOS 9 and below users: Install [OpenSSH](https://cydia.saurik.com/package/openssh/); The computer and iOS device must be on the same network for SSH to work
- iOS 10 users: Install [MTerminal](http://cydia.saurik.com/package/com.officialscheduler.mterminal/)
1. [Download](https://github.com/LukeZGD/iOS-OTA-Downgrader/archive/master.zip) or `git clone` this repo
2. Open Terminal, cd to the directory where the script is located (example: `cd /home/user/iOS-OTA-Downgrader`)
3. Run `chmod +x restore.sh`
## How to use:
1. [Download](https://github.com/LukeZGD/32bit-OTA-Downgrader/archive/master.zip) or `git clone` this repo
2. Plug in your iOS device in normal mode
3. Open Terminal, cd to the directory where the script is located (example: `cd /home/user/32bit-OTA-Downgrader`)
4. Run `chmod +x restore.sh`
5. Run `./restore.sh`
6. Select option to be used
7. Follow instructions
1. Plug in your iOS device in:
- Normal mode (32-bit)
- Recovery or DFU mode (A7)
2. Run `./restore.sh`
3. Select option to be used
4. Follow instructions
## Other notes:
- **You do NOT need blobs to use this**, the script will get them for you
@ -46,9 +53,11 @@
## Tools and other stuff used by this script:
- cURL
- bspatch
- ideviceinfo
- ifuse
- python3 (http.server)
- ipwndfu
- libimobiledevice utilities
- python2
- python3
- [tsschecker](https://github.com/tihmstar/tsschecker/releases/tag/v212)
- [futurerestore](http://api.tihmstar.net/builds/futurerestore/futurerestore-latest.zip)
- [xpwntool](https://www.youtube.com/watch?v=fh0tB6fp0Sc)

2
resources/buildmanifestsaver.sh
View File

@ -104,7 +104,7 @@ function HWModel {
fi
}
echo "32bit-OTA-Downgrader BuildManifest and Firmware Keys Saver"
echo "iOS-OTA-Downgrader BuildManifest and Firmware Keys Saver"
echo "- by LukeZGD"
for ProductType in "${devices[@]}"

BIN
resources/lib/libfragmentzip.so.0 Executable file
View File

Binary file not shown.

2073
resources/manifests/BuildManifest_iPad4,1_10.3.3.plist Executable file
View File

File diff suppressed because it is too large Load Diff

2147
resources/manifests/BuildManifest_iPad4,2_10.3.3.plist Executable file
View File

File diff suppressed because it is too large Load Diff

2147
resources/manifests/BuildManifest_iPad4,3_10.3.3.plist Executable file
View File

File diff suppressed because it is too large Load Diff

2073
resources/manifests/BuildManifest_iPad4,4_10.3.3.plist Executable file
View File

File diff suppressed because it is too large Load Diff

2147
resources/manifests/BuildManifest_iPad4,5_10.3.3.plist Executable file
View File

File diff suppressed because it is too large Load Diff

2147
resources/manifests/BuildManifest_iPad4,6_10.3.3.plist Executable file
View File

File diff suppressed because it is too large Load Diff

2146
resources/manifests/BuildManifest_iPhone6,1_10.3.3.plist Executable file
View File

File diff suppressed because it is too large Load Diff

2146
resources/manifests/BuildManifest_iPhone6,2_10.3.3.plist Executable file
View File

File diff suppressed because it is too large Load Diff

BIN
resources/patches/iBEC.ipad4.RELEASE.patch Normal file
View File

Binary file not shown.

BIN
resources/patches/iBEC.ipad4b.RELEASE.patch Normal file
View File

Binary file not shown.

BIN
resources/patches/iBEC.iphone6.RELEASE.patch Normal file
View File

Binary file not shown.

BIN
resources/patches/iBSS.ipad4.RELEASE.patch Normal file
View File

Binary file not shown.

BIN
resources/patches/iBSS.ipad4b.RELEASE.patch Normal file
View File

Binary file not shown.

BIN
resources/patches/iBSS.iphone6.RELEASE.patch Normal file
View File

Binary file not shown.

0
resources/tools/futurerestore_linux → resources/tools/futurerestore152_linux
View File

1
resources/tools/futurerestore152_macos Symbolic link
View File

@ -0,0 +1 @@
futurerestore249_macos

BIN
resources/tools/futurerestore249_linux Executable file
View File

Binary file not shown.

BIN
resources/tools/futurerestore249_macos Executable file
View File

Binary file not shown.

BIN
resources/tools/futurerestore_macos
View File

Binary file not shown.

BIN
resources/tools/igetnonce_linux Executable file
View File

Binary file not shown.

0
resources/tools/pzb_linux Normal file → Executable file
View File

0
resources/tools/pzb_macos Normal file → Executable file
View File

BIN
resources/tools/tsschecker_linux
View File

Binary file not shown.

BIN
resources/tools/tsschecker_macos
View File

Binary file not shown.

501
restore.sh
View File

@ -1,79 +1,101 @@
#!/bin/bash
function BasebandDetect {
Firmware=resources/firmware/$ProductType
BasebandURL=$(cat $Firmware/13G37/url 2>/dev/null) # iOS 9.3.6
if [ $ProductType == iPad2,2 ]; then
BasebandURL=$(cat $Firmware/13G36/url) # iOS 9.3.5
Baseband=ICE3_04.12.09_BOOT_02.13.Release.bbfw
BasebandSHA1=e6f54acc5d5652d39a0ef9af5589681df39e0aca
elif [ $ProductType == iPad2,3 ]; then
Baseband=Phoenix-3.6.03.Release.bbfw
BasebandSHA1=8d4efb2214344ea8e7c9305392068ab0a7168ba4
elif [ $ProductType == iPad2,6 ] || [ $ProductType == iPad2,7 ]; then
Baseband=Mav5-11.80.00.Release.bbfw
BasebandSHA1=aa52cf75b82fc686f94772e216008345b6a2a750
elif [ $ProductType == iPad3,2 ] || [ $ProductType == iPad3,3 ]; then
Baseband=Mav4-6.7.00.Release.bbfw
BasebandSHA1=a5d6978ecead8d9c056250ad4622db4d6c71d15e
elif [ $ProductType == iPhone4,1 ]; then
Baseband=Trek-6.7.00.Release.bbfw
BasebandSHA1=22a35425a3cdf8fa1458b5116cfb199448eecf49
elif [ $ProductType == iPad3,5 ] || [ $ProductType == iPad3,6 ] ||
[ $ProductType == iPhone5,1 ] || [ $ProductType == iPhone5,2 ]; then
BasebandURL=$(cat $Firmware/14G61/url) # iOS 10.3.4
Baseband=Mav5-11.80.00.Release.bbfw
BasebandSHA1=8951cf09f16029c5c0533e951eb4c06609d0ba7f
else # For Wi-Fi only devices
Baseband=0
fi
}
trap 'Clean; exit' INT TERM EXIT
function Clean {
rm -rf iP*/ tmp/ $(ls *_${ProductType}_${OSVer}-*.shsh2 2>/dev/null) $(ls *.bbfw 2>/dev/null) BuildManifest.plist
rm -rf iP*/ tmp/ $(ls *_${ProductType}_${OSVer}-*.shsh2 2>/dev/null) $(ls *_${ProductType}_${OSVer}-*.shsh 2>/dev/null) $(ls *.im4p 2>/dev/null) $(ls *.bbfw 2>/dev/null) BuildManifest.plist
}
function Error {
echo "[Error] $1"
[[ ! -z $2 ]] && echo "* $2"
exit
}
function Log {
echo "[Log] $1"
}
function Error {
echo "[Error] $1"
[[ ! -z $2 ]] && echo $2
exit
}
function Main {
clear
echo "******* iOS-OTA-Downgrader *******"
echo " Downgrader script by LukeZGD "
echo
if [[ $OSTYPE == "linux-gnu" ]]; then
platform='linux'
elif [[ $OSTYPE == "darwin"* ]]; then
platform='macos'
else
Error "OSTYPE unknown/not supported." "Supports Linux and macOS only"
fi
cd resources/tools
ln -sf futurerestore249_macos futurerestore152_macos
cd ../..
[[ ! $(ping -c1 google.com 2>/dev/null) ]] && Error "Please check your Internet connection before proceeding."
[[ $(uname -m) != 'x86_64' ]] && Error "Only x86_64 distributions are supported. Use a 64-bit distro and try again"
Clean
mkdir tmp
function MainMenu {
if [ $(lsusb | grep -c '1227') == 1 ]; then
read -p "[Input] Device in DFU mode detected. Is the device in kDFU mode? (y/N) " kDFUManual
if [[ $kDFUManual == y ]] || [[ $kDFUManual == Y ]]; then
read -p "[Input] Enter ProductType (eg. iPad2,1): " ProductType
read -p "[Input] Enter UniqueChipID (ECID): " UniqueChipID
BasebandDetect
DFUDevice=$(lsusb | grep -c '1227')
RecoveryDevice=$(lsusb | grep -c '1281')
if [ ! $(which bspatch) ] || [ ! $(which ideviceinfo) ] || [ ! $(which lsusb) ] || [ ! $(which ssh) ] || [ ! $(which python3) ]; then
InstallDependencies
elif [ $DFUDevice == 1 ] || [ $RecoveryDevice == 1 ]; then
UniqueChipID=$(sudo LD_LIBRARY_PATH=/usr/local/lib irecovery -q | grep 'ECID' | cut -c 7-)
else
HWModel=$(ideviceinfo -s | grep 'HardwareModel' | cut -c 16- | tr '[:upper:]' '[:lower:]' | sed 's/.\{2\}$//')
ProductType=$(ideviceinfo -s | grep 'ProductType' | cut -c 14-)
[ ! $ProductType ] && ProductType=$(ideviceinfo | grep 'ProductType' | cut -c 14-)
ProductVer=$(ideviceinfo -s | grep 'ProductVer' | cut -c 17-)
VersionDetect=$(echo $ProductVer | cut -c 1)
UniqueChipID=$(ideviceinfo -s | grep 'UniqueChipID' | cut -c 15-)
UniqueDeviceID=$(ideviceinfo -s | grep 'UniqueDeviceID' | cut -c 17-)
fi
chmod +x resources/tools/*
SaveExternal firmware
SaveExternal ipwndfu
if [ $DFUDevice == 1 ]; then
Log "Device in DFU mode detected."
GetProductType
BasebandDetect
if [ $A7Device == 1 ]; then
CheckM8
fi
read -p "[Input] Is this a 32-bit device in kDFU mode? (y/N) " DFUManual
if [[ $DFUManual == y ]] || [[ $DFUManual == Y ]]; then
Log "Downgrading device $ProductType in kDFU mode..."
Mode='Downgrade'
SelectVersion
else
Error "Please put the device in normal mode and jailbroken before proceeding."
Error "Please put the device in normal mode (and jailbroken for 32-bit) before proceeding." "Recovery or DFU mode is also applicable for A7 devices"
fi
elif [ $RecoveryDevice == 1 ]; then
GetProductType
BasebandDetect
if [ $A7Device == 1 ]; then
Recovery
else
Error "Non-A7 device detected in recovery mode. Please put the device in normal mode and jailbroken before proceeding"
fi
elif [ ! $ProductType ]; then
Error "Please plug the device in and trust this computer before proceeding."
Error "Please put the device in normal mode (and jailbroken for 32-bit) before proceeding." "Recovery or DFU mode is also applicable for A7 devices"
fi
BasebandDetect
echo "Main Menu"
echo "*** Main Menu ***"
echo
echo "HardwareModel: ${HWModel}ap"
echo "ProductType: $ProductType"
echo "ProductVersion: $ProductVer"
echo "UniqueChipID (ECID): $UniqueChipID"
echo "* HardwareModel: ${HWModel}ap"
echo "* ProductType: $ProductType"
echo "* ProductVersion: $ProductVer"
echo "* UniqueChipID (ECID): $UniqueChipID"
echo
echo "[Input] Select an option:"
select opt in "Downgrade device" "Save OTA blobs" "Just put device in kDFU mode" "(Re-)Install Dependencies" "(Any other key to exit)"; do
select opt in "Downgrade device" "Save OTA blobs" "(Re-)Install Dependencies" "(Any other key to exit)"; do
case $opt in
"Downgrade device" ) Mode='Downgrade'; break;;
"Save OTA blobs" ) Mode='SaveOTABlobs'; break;;
"Just put device in kDFU mode" ) Mode='kDFU'; break;;
"(Re-)Install Dependencies" ) InstallDependencies; exit;;
* ) exit;;
esac
@ -82,23 +104,24 @@ function MainMenu {
}
function SelectVersion {
Selection=("iOS 8.4.1")
if [[ $Mode == 'kDFU' ]]; then
if [[ $ProductType == iPad4* ]] || [[ $ProductType == iPhone6* ]]; then
OSVer='10.3.3'
BuildVer='14G60'
Action
elif [ $ProductType == iPad2,1 ] || [ $ProductType == iPad2,2 ] ||
[ $ProductType == iPad2,3 ] || [ $ProductType == iPhone4,1 ]; then
fi
Selection=("iOS 8.4.1")
if [ $ProductType == iPad2,1 ] || [ $ProductType == iPad2,2 ] ||
[ $ProductType == iPad2,3 ] || [ $ProductType == iPhone4,1 ]; then
Selection+=("iOS 6.1.3")
fi
[[ $Mode == 'Downgrade' ]] && Selection+=("Other")
Selection+=("Back")
echo "[Input] Select iOS version:"
select opt in "${Selection[@]}"; do
case $opt in
"iOS 8.4.1" ) OSVer='8.4.1'; BuildVer='12H321'; break;;
"iOS 6.1.3" ) OSVer='6.1.3'; BuildVer='10B329'; break;;
"Other" ) OSVer='Other'; break;;
"Back" ) MainMenu; break;;
*) SelectVersion;;
*) exit;;
esac
done
Action
@ -107,41 +130,59 @@ function SelectVersion {
function Action {
Log "Option: $Mode"
if [[ $OSVer == 'Other' ]]; then
echo "Move/copy the IPSW and SHSH to the directory where the script is located"
echo "* Move/copy the IPSW and SHSH to the directory where the script is located"
read -p "[Input] Path to IPSW (drag IPSW to terminal window): " IPSW
IPSW="$(basename $IPSW .ipsw)"
read -p "[Input] Path to SHSH (drag SHSH to terminal window): " SHSH
elif [ $A7Device == 1 ] && [[ $pwnDFUDevice != 1 ]] && [[ $Mode == 'Downgrade' ]]; then
Recovery
fi
if [[ $ProductType == iPod5,1 ]]; then
if [ $ProductType == iPod5,1 ]; then
iBSS="iBSS.${HWModel}ap.RELEASE"
iBSSBuildVer='10B329'
elif [[ $ProductType == iPad3,1 ]]; then
elif [ $ProductType == iPad3,1 ]; then
iBSS="iBSS.${HWModel}ap.RELEASE"
iBSSBuildVer='11D257'
elif [ $ProductType == iPhone6,1 ] || [ $ProductType == iPhone6,2 ]; then
iBSS="iBSS.iphone6.RELEASE"
iBEC="iBEC.iphone6.RELEASE"
elif [ $ProductType == iPad4,1 ] || [ $ProductType == iPad4,2 ] || [ $ProductType == iPad4,3 ]; then
iBSS="iBSS.ipad4.RELEASE"
iBEC="iBEC.ipad4.RELEASE"
elif [ $ProductType == iPad4,4 ] || [ $ProductType == iPad4,5 ]; then
iBSS="iBSS.ipad4b.RELEASE"
iBEC="iBEC.ipad4b.RELEASE"
else
iBSS="iBSS.$HWModel.RELEASE"
iBSSBuildVer='12H321'
fi
IV=$(cat $Firmware/$iBSSBuildVer/iv)
Key=$(cat $Firmware/$iBSSBuildVer/key)
IV=$(cat $Firmware/$iBSSBuildVer/iv 2>/dev/null)
Key=$(cat $Firmware/$iBSSBuildVer/key 2>/dev/null)
if [[ $Mode == 'Downgrade' ]]; then
Downgrade
elif [[ $Mode == 'SaveOTABlobs' ]]; then
SaveOTABlobs
elif [[ $Mode == 'kDFU' ]]; then
kDFU
fi
exit
}
function SaveOTABlobs {
BuildManifest="resources/manifests/BuildManifest_${ProductType}_${OSVer}.plist"
Log "Saving $OSVer blobs with tsschecker..."
env "LD_PRELOAD=libcurl.so.3" resources/tools/tsschecker_$platform -d $ProductType -i $OSVer -o -s -e $UniqueChipID -m $BuildManifest
SHSH=$(ls *_${ProductType}_${OSVer}-*.shsh2)
[ ! -e "$SHSH" ] && Error "Saving $OSVer blobs failed. Please run the script again" "It is also possible that $OSVer for $ProductType is no longer signed"
BuildManifest="resources/manifests/BuildManifest_${ProductType}_${OSVer}.plist"
if [ $A7Device == 1 ]; then
APNonce=$(sudo LD_LIBRARY_PATH=/usr/local/lib irecovery -q | grep 'NONC' | cut -c 7-)
echo "* APNonce: $APNonce"
fi
if [ $A7Device == 1 ]; then
LD_LIBRARY_PATH=/usr/local/lib resources/tools/tsschecker_$platform -d $ProductType -B ${HWModel}ap -i $OSVer -e $UniqueChipID -m $BuildManifest --apnonce $APNonce -o -s
else
LD_LIBRARY_PATH=/usr/local/lib resources/tools/tsschecker_$platform -d $ProductType -i $OSVer -e $UniqueChipID -m $BuildManifest -o -s
SHSH=$(ls *_${ProductType}_${OSVer}-*.shsh2)
fi
[ ! $SHSH ] && SHSH=$(ls *_${ProductType}_${HWModel}ap_${OSVer}-*.shsh)
[ ! $SHSH ] && Error "Saving $OSVer blobs failed. Please run the script again" "It is also possible that $OSVer for $ProductType is no longer signed"
mkdir -p saved/shsh 2>/dev/null
cp "$SHSH" saved/shsh
Log "Successfully saved $OSVer blobs."
@ -187,7 +228,7 @@ function kDFU {
Log "Unmounting device... (Enter root password of your PC/Mac when prompted)"
sudo umount mount
echo
Log "Open MTerminal and run these commands:"
echo "* Open MTerminal and run these commands:"
echo
echo '$ su'
echo "(Enter root password of your iOS device, default is 'alpine')"
@ -196,8 +237,8 @@ function kDFU {
echo "# ./pwn.sh"
else
# SSH kloader and pwnediBSS
echo "Make sure SSH is installed and working on the device!"
echo "Please enter Wi-Fi IP address of device for SSH connection"
echo "* Make sure SSH is installed and working on the device!"
echo "* Please enter Wi-Fi IP address of device for SSH connection"
read -p "[Input] IP Address: " IPAddress
Log "Connecting to device via SSH... (Enter root password of your iOS device, default is 'alpine')"
Log "Copying stuff to device..."
@ -207,40 +248,135 @@ function kDFU {
ssh root@$IPAddress "chmod 755 /$kloader && /$kloader /pwnediBSS" &
fi
echo
echo "Press home/power button once when screen goes black on the device"
echo "* Press home/power button once when screen goes black on the device"
Log "Finding device in DFU mode..."
while [[ $DFUDevice != 1 ]]; do
DFUDevice=$(lsusb | grep -c "1227")
DFUDevice=$(lsusb | grep -c '1227')
sleep 2
done
Log "Found device in DFU mode."
}
function Recovery {
RecoveryDevice=$(lsusb | grep -c '1281')
if [[ $RecoveryDevice != 1 ]]; then
Log "Entering recovery mode..."
ideviceenterrecovery $UniqueDeviceID >/dev/null
while [[ $RecoveryDevice != 1 ]]; do
RecoveryDevice=$(lsusb | grep -c '1281')
sleep 2
done
fi
Log "A7 device in recovery mode detected. Get ready to enter DFU mode"
read -p "[Input] Select Y to continue, N to exit recovery (Y/n) " RecoveryDFU
if [[ $RecoveryDFU == n ]] || [[ $RecoveryDFU == N ]]; then
Log "Exiting recovery mode."
sudo LD_LIBRARY_PATH=/usr/local/lib irecovery -n
exit
fi
echo "* Hold POWER and HOME button for 10 seconds."
for i in {10..01}; do
echo -n "$i "
sleep 1
done
echo -e "\n* Release POWER and hold HOME button for 10 seconds."
for i in {10..01}; do
echo -n "$i "
DFUDevice=$(lsusb | grep -c '1227')
sleep 1
if [[ $DFUDevice == 1 ]]; then
echo -e "\n[Log] Device in DFU mode detected."
CheckM8
fi
done
echo -e "\n[Error] Failed to detect device in DFU mode. Please run the script again"
exit
}
function CheckM8 {
DFUManual=0
Log "Entering pwnDFU mode with ipwndfu..."
cd resources/ipwndfu
sudo python2 ipwndfu -p
pwnDFUDevice=$(sudo lsusb -v -d 05ac:1227 2>/dev/null | grep -c 'checkm8')
if [ $pwnDFUDevice == 1 ]; then
Log "Detected device in pwnDFU mode. Running rmsigchks.py..."
sudo python2 rmsigchks.py
cd ../..
Log "Downgrading device $ProductType in pwnDFU mode..."
Mode='Downgrade'
SelectVersion
else
Error "Entering pwnDFU failed. Please run the script again"
fi
}
function Downgrade {
if [ $OSVer != 'Other' ]; then
SaveOTABlobs
IPSW="${ProductType}_${OSVer}_${BuildVer}_Restore"
if [ ! -e "$IPSW.ipsw" ]; then
if [[ $OSVer != 'Other' ]]; then
if [[ $ProductType == iPad4* ]]; then
IPSW="iPad_64bit"
elif [[ $ProductType == iPhone6* ]]; then
IPSW="iPhone_64bit"
else
IPSW="${ProductType}"
SaveOTABlobs
fi
IPSW="${IPSW}_${OSVer}_${BuildVer}_Restore"
IPSWCustom="${ProductType}_${OSVer}_${BuildVer}_Custom"
if [ ! -e $IPSW.ipsw ]; then
Log "iOS $OSVer IPSW cannot be found. Downloading IPSW..."
curl -L $(cat $Firmware/$BuildVer/url) -o tmp/$IPSW.ipsw
mv tmp/$IPSW.ipsw .
fi
Log "Verifying IPSW..."
IPSWSHA1=$(cat $Firmware/$BuildVer/sha1sum)
IPSWSHA1L=$(sha1sum "$IPSW.ipsw" | awk '{print $1}')
[ $IPSWSHA1L != $IPSWSHA1 ] && Error "Verifying IPSW failed. Delete/replace the IPSW and run the script again"
if [ ! $kDFUManual ]; then
if [ ! -e $IPSWCustom.ipsw ]; then
Log "Verifying IPSW..."
IPSWSHA1=$(cat $Firmware/$BuildVer/sha1sum)
IPSWSHA1L=$(sha1sum $IPSW.ipsw | awk '{print $1}')
[[ $IPSWSHA1L != $IPSWSHA1 ]] && Error "Verifying IPSW failed. Delete/replace the IPSW and run the script again"
else
IPSW=$IPSWCustom
fi
if [ ! $DFUManual ]; then
Log "Extracting iBSS from IPSW..."
mkdir -p saved/$ProductType 2>/dev/null
unzip -o -j "$IPSW.ipsw" Firmware/dfu/$iBSS.dfu -d saved/$ProductType
unzip -o -j $IPSW.ipsw Firmware/dfu/$iBSS.dfu -d saved/$ProductType
fi
fi
[ ! $kDFUManual ] && kDFU
[ ! $DFUManual ] && kDFU
Log "Extracting IPSW..."
unzip -q "$IPSW.ipsw" -d "$IPSW/"
unzip -q $IPSW.ipsw -d $IPSW/
if [ $A7Device == 1 ]; then
if [ ! -e $IPSWCustom.ipsw ]; then
Log "Preparing custom IPSW..."
cp $IPSW/Firmware/all_flash/$SEP .
bspatch $IPSW/Firmware/dfu/$iBSS.im4p $iBSS.im4p resources/patches/$iBSS.patch
bspatch $IPSW/Firmware/dfu/$iBEC.im4p $iBEC.im4p resources/patches/$iBEC.patch
cp -f $iBSS.im4p $iBEC.im4p $IPSW/Firmware/dfu
cd $IPSW
zip ../$IPSWCustom.ipsw -r0 *
cd ..
mv $IPSW $IPSWCustom
IPSW=$IPSWCustom
else
cp $IPSW/Firmware/dfu/$iBSS.im4p .
cp $IPSW/Firmware/dfu/$iBEC.im4p .
cp $IPSW/Firmware/all_flash/$SEP .
fi
Log "Entering PWNREC mode..."
sudo LD_LIBRARY_PATH=/usr/local/lib irecovery -f $iBSS.im4p
sudo LD_LIBRARY_PATH=/usr/local/lib irecovery -f $iBEC.im4p
sleep 5
RecoveryDevice=$(lsusb | grep -c '1281')
if [[ $RecoveryDevice != 1 ]]; then
echo -e "\n[Error] Failed to send iBSS/iBEC. Please try again"
exit
fi
SaveOTABlobs
fi
Log "Preparing for futurerestore... (Enter root password of your PC/Mac when prompted)"
cd resources
@ -250,30 +386,43 @@ function Downgrade {
if [ $Baseband == 0 ]; then
Log "Device $ProductType has no baseband"
Log "Proceeding to futurerestore..."
sudo env "LD_PRELOAD=libcurl.so.3" resources/tools/futurerestore_$platform -t "$SHSH" --no-baseband --use-pwndfu "$IPSW.ipsw"
if [ $A7Device == 1 ]; then
sudo LD_LIBRARY_PATH=/usr/local/lib resources/tools/futurerestore249_$platform -t $SHSH -s $SEP -m $BuildManifest --no-baseband $IPSW.ipsw
else
sudo LD_PRELOAD=libcurl.so.3 resources/tools/futurerestore152_$platform -t $SHSH --no-baseband --use-pwndfu $IPSW.ipsw
fi
else
if [ ! -e saved/$ProductType/*.bbfw ]; then
if [ $A7Device == 1 ]; then
cp $IPSW/Firmware/$Baseband .
elif [ ! saved/$ProductType/*.bbfw ]; then
Log "Downloading baseband..."
resources/tools/pzb_$platform -g Firmware/$Baseband -o $Baseband $BasebandURL
resources/tools/pzb_$platform -g BuildManifest.plist -o BuildManifest.plist $BasebandURL
mkdir -p saved/$ProductType 2>/dev/null
cp $(ls *.bbfw) BuildManifest.plist saved/$ProductType
cp $Baseband BuildManifest.plist saved/$ProductType
else
cp saved/$ProductType/*.bbfw saved/$ProductType/BuildManifest.plist .
fi
BasebandSHA1L=$(sha1sum $(ls *.bbfw) | awk '{print $1}')
if [ ! -e *.bbfw ] || [ $BasebandSHA1L != $BasebandSHA1 ]; then
rm saved/$ProductType/*.bbfw saved/$ProductType/BuildManifest.plist
BasebandSHA1L=$(sha1sum $Baseband | awk '{print $1}')
if [ ! *.bbfw ] || [[ $BasebandSHA1L != $BasebandSHA1 ]]; then
rm -f saved/$ProductType/*.bbfw saved/$ProductType/BuildManifest.plist
echo "[Error] Downloading/verifying baseband failed."
echo "Your device is still in kDFU mode and you may run the script again"
echo "You can also continue and futurerestore can attempt to download the baseband again"
echo "Proceeding to futurerestore in 10 seconds (Press Ctrl+C to cancel)"
echo "* Your device is still in kDFU mode and you may run the script again"
echo "* You can also continue and futurerestore can attempt to download the baseband again"
echo "* Proceeding to futurerestore in 10 seconds (Press Ctrl+C to cancel)"
sleep 10
Log "Proceeding to futurerestore..."
sudo env "LD_PRELOAD=libcurl.so.3" resources/tools/futurerestore_$platform -t "$SHSH" --latest-baseband --use-pwndfu "$IPSW.ipsw"
if [ $A7Device == 1 ]; then
sudo LD_LIBRARY_PATH=/usr/local/lib resources/tools/futurerestore249_$platform -t $SHSH -s $SEP -m $BuildManifest --latest-baseband $IPSW.ipsw
else
sudo LD_PRELOAD=libcurl.so.3 resources/tools/futurerestore152_$platform -t $SHSH --latest-baseband --use-pwndfu $IPSW.ipsw
fi
elif [ $A7Device == 1 ]; then
Log "Proceeding to futurerestore..."
sudo LD_LIBRARY_PATH=/usr/local/lib resources/tools/futurerestore249_$platform -t $SHSH -s $SEP -m $BuildManifest -b $Baseband -p $BuildManifest $IPSW.ipsw
else
Log "Proceeding to futurerestore..."
sudo env "LD_PRELOAD=libcurl.so.3" resources/tools/futurerestore_$platform -t "$SHSH" -b $(ls *.bbfw) -p BuildManifest.plist --use-pwndfu "$IPSW.ipsw"
sudo LD_PRELOAD=libcurl.so.3 resources/tools/futurerestore152_$platform -t $SHSH -b $Baseband -p BuildManifest.plist --use-pwndfu $IPSW.ipsw
fi
fi
@ -287,50 +436,51 @@ function Downgrade {
function InstallDependencies {
echo "Install Dependencies"
. /etc/os-release 2>/dev/null
mkdir tmp
cd tmp
Log "Installing dependencies..."
if [[ $(which pacman) ]]; then
# Arch Linux
Log "Installing dependencies for Arch with pacman..."
sudo pacman -Sy --noconfirm --needed bsdiff curl libcurl-compat libpng12 libzip openssh openssl-1.0 python unzip usbutils
sudo pacman -S --noconfirm libimobiledevice usbmuxd
cd tmp
git clone https://aur.archlinux.org/ifuse.git
cd ifuse
makepkg -sic --noconfirm
sudo pacman -Sy --noconfirm --needed bsdiff curl libcurl-compat libpng12 libimobiledevice libzip openssh openssl-1.0 python2 python unzip usbmuxd usbutils
Compile libimobiledevice ifuse
sudo ln -sf /usr/lib/libzip.so.5 /usr/lib/libzip.so.4
elif [[ $VERSION_ID == "18.04" ]] || [[ $VERSION_ID == "20.04" ]]; then
# Ubuntu Bionic, Focal
Log "Running APT update..."
sudo apt update
Log "Installing dependencies for Ubuntu $VERSION_ID with APT..."
sudo apt -y install binutils bsdiff curl ifuse libimobiledevice-utils python3 usbmuxd
cd tmp
sudo apt -y install autoconf automake binutils bsdiff build-essential checkinstall curl git ifuse libimobiledevice-utils libplist3 libreadline-dev libtool-bin libusb-1.0-0-dev python2 python3 usbmuxd
curl -L http://archive.ubuntu.com/ubuntu/pool/universe/c/curl3/libcurl3_7.58.0-2ubuntu2_amd64.deb -o libcurl3.deb
ar x libcurl3.deb data.tar.xz
tar xf data.tar.xz
sudo cp usr/lib/x86_64-linux-gnu/libcurl.so.4.* /usr/lib/libcurl.so.3
if [[ $VERSION_ID == "20.04" ]]; then
URLlibpng12=http://ppa.launchpad.net/linuxuprising/libpng12/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.54-1ubuntu1.1+1~ppa0~focal_amd64.deb
curl -L http://archive.ubuntu.com/ubuntu/pool/universe/libz/libzip/libzip4_1.1.2-1.1_amd64.deb -o libzip4.deb
sudo dpkg -i libzip4.deb
sudo apt -y install libusbmuxd6 libzip5
curl -L http://archive.ubuntu.com/ubuntu/pool/main/o/openssl1.0/libssl1.0.0_1.0.2n-1ubuntu5.3_amd64.deb -o libssl1.0.0.deb
sudo dpkg -i libssl1.0.0.deb
curl -L http://archive.ubuntu.com/ubuntu/pool/universe/libz/libzip/libzip4_1.1.2-1.1_amd64.deb -o libzip4.deb
sudo dpkg -i libssl1.0.0.deb libzip4.deb
else
URLlibpng12=http://mirrors.edge.kernel.org/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.54-1ubuntu1.1_amd64.deb
sudo apt -y install libzip4
curl -L http://archive.ubuntu.com/ubuntu/pool/main/libu/libusbmuxd/libusbmuxd6_2.0.2-3_amd64.deb -o libusbmuxd6.deb
curl -L http://archive.ubuntu.com/ubuntu/pool/universe/libz/libzip/libzip5_1.5.1-0ubuntu1_amd64.deb -o libzip5.deb
sudo dpkg -i libusbmuxd6.deb libzip5.deb
fi
curl -L $URLlibpng12 -o libpng12.deb
sudo dpkg -i libpng12.deb
sudo ln -sf /usr/lib/x86_64-linux-gnu/libimobiledevice.so.6 /usr/local/lib/libimobiledevice-1.0.so.6
sudo ln -sf /usr/lib/x86_64-linux-gnu/libplist.so.3 /usr/local/lib/libplist-2.0.so.3
sudo ln -sf /usr/lib/x86_64-linux-gnu/libusbmuxd.so.6 /usr/local/lib/libusbmuxd-2.0.so.6
elif [[ $(which dnf) ]]; then
sudo dnf install -y bsdiff ifuse libimobiledevice-utils libpng12 libzip
cd tmp
sudo dnf install -y automake bsdiff ifuse libimobiledevice-utils libpng12 libtool libusb-devel libzip make python2 readline-devel
curl -L http://ftp.pbone.net/mirror/ftp.scientificlinux.org/linux/scientific/6.1/x86_64/os/Packages/openssl-1.0.0-10.el6.x86_64.rpm -o openssl-1.0.0.rpm
rpm2cpio openssl-1.0.0.rpm | cpio -idmv
sudo cp usr/lib64/libcrypto.so.1.0.0 usr/lib64/libssl.so.1.0.0 /usr/lib64
sudo ln -sf libzip.so.5 libzip.so.4
sudo ln -sf /usr/lib64/libimobiledevice.so.6 /usr/local/lib/libimobiledevice-1.0.so.6
sudo ln -sf /usr/lib64/libplist.so.3 /usr/local/lib/libplist-2.0.so.3
sudo ln -sf /usr/lib64/libusbmuxd.so.6 /usr/local/lib/libusbmuxd-2.0.so.6
sudo ln -sf /usr/lib64/libzip.so.5 /usr/lib64/libzip.so.4
elif [[ $OSTYPE == "darwin"* ]]; then
# macOS
@ -338,56 +488,103 @@ function InstallDependencies {
Log "Homebrew is not detected/installed, installing Homebrew..."
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)"
fi
Log "Installing dependencies for macOS with Homebrew..."
brew uninstall --ignore-dependencies usbmuxd
brew uninstall --ignore-dependencies libimobiledevice
brew install --HEAD usbmuxd
brew install --HEAD libimobiledevice
brew install libzip lsusb python3
brew install make automake autoconf libtool pkg-config gcc
brew cask install osxfuse
brew install ifuse
else
Error "Distro not detected/supported by the install script." "See the repo README for OS versions/distros tested on"
fi
Compile libimobiledevice libirecovery
[[ $platform == linux ]] && sudo cp ../resources/lib/* /usr/local/lib
Log "Install script done! Please run the script again to proceed"
exit
}
# --- MAIN SCRIPT STARTS HERE ---
function Compile {
git clone https://github.com/$1/$2.git
cd $2
./autogen.sh
sudo make install
cd ..
sudo rm -rf $2
}
trap 'Clean; exit' INT TERM EXIT
clear
echo "******* 32bit-OTA-Downgrader *******"
echo " Downgrade script by LukeZGD "
echo
if [[ $OSTYPE == "linux-gnu" ]]; then
platform='linux'
elif [[ $OSTYPE == "darwin"* ]]; then
platform='macos'
else
Error "OSTYPE unknown/not supported." "Supports Linux and macOS only"
fi
[[ ! $(ping -c1 google.com 2>/dev/null) ]] && Error "Please check your Internet connection before proceeding."
[[ $(uname -m) != 'x86_64' ]] && Error "Only x86_64 distributions are supported. Use a 64-bit distro and try again"
function SaveExternal {
if [[ ! $(ls resources/$1 2>/dev/null) ]]; then
if [[ $1 == 'ipwndfu' ]]; then
ExternalURL="https://github.com/LukeZGD/ipwndfu/archive/master.zip"
ExternalFile="ipwndfu-master"
else
ExternalURL="https://github.com/LukeZGD/iOS-OTA-Downgrader/archive/$1.zip"
ExternalFile="iOS-OTA-Downgrader-$1"
fi
Log "Downloading $1..."
curl -Ls $ExternalURL -o tmp/$ExternalFile.zip
unzip -q tmp/$ExternalFile.zip -d tmp
mkdir resources/$1
mv tmp/$ExternalFile/* resources/$1
fi
}
HWModel=$(ideviceinfo -s | grep 'HardwareModel' | cut -c 16- | tr '[:upper:]' '[:lower:]' | sed 's/.\{2\}$//')
ProductType=$(ideviceinfo -s | grep 'ProductType' | cut -c 14-)
[ ! $ProductType ] && ProductType=$(ideviceinfo | grep 'ProductType' | cut -c 14-)
# ProductType=iPhone5,2; HWModel=n42 # Test mode
ProductVer=$(ideviceinfo -s | grep 'ProductVer' | cut -c 17-)
VersionDetect=$(echo $ProductVer | cut -c 1)
UniqueChipID=$(ideviceinfo -s | grep 'UniqueChipID' | cut -c 15-)
function GetProductType {
ProductType=$(sudo LD_LIBRARY_PATH=/usr/local/lib resources/tools/igetnonce_$platform)
[ ! $ProductType ] && "[Input] Enter ProductType (eg. iPad2,1): " ProductType
echo "* ProductType: $ProductType"
echo "* UniqueChipID: $UniqueChipID"
}
if [ ! $(which bspatch) ] || [ ! $(which ideviceinfo) ] || [ ! $(which lsusb) ] || [ ! $(which ssh) ] || [ ! $(which python3) ]; then
InstallDependencies
else
chmod +x resources/tools/*
Clean
mkdir tmp
rm -rf resources/firmware
curl -Ls https://github.com/LukeZGD/32bit-OTA-Downgrader/archive/firmware.zip -o tmp/firmware.zip
unzip -q tmp/firmware.zip -d tmp
mkdir resources/firmware
mv tmp/32bit-OTA-Downgrader-firmware/* resources/firmware
MainMenu
fi
function BasebandDetect {
Firmware=resources/firmware/$ProductType
BasebandURL=$(cat $Firmware/13G37/url 2>/dev/null) # iOS 9.3.6
if [ $ProductType == iPad2,2 ]; then
BasebandURL=$(cat $Firmware/13G36/url) # iOS 9.3.5
Baseband=ICE3_04.12.09_BOOT_02.13.Release.bbfw
BasebandSHA1=e6f54acc5d5652d39a0ef9af5589681df39e0aca
elif [ $ProductType == iPad2,3 ]; then
Baseband=Phoenix-3.6.03.Release.bbfw
BasebandSHA1=8d4efb2214344ea8e7c9305392068ab0a7168ba4
elif [ $ProductType == iPad2,6 ] || [ $ProductType == iPad2,7 ]; then
Baseband=Mav5-11.80.00.Release.bbfw
BasebandSHA1=aa52cf75b82fc686f94772e216008345b6a2a750
elif [ $ProductType == iPad3,2 ] || [ $ProductType == iPad3,3 ]; then
Baseband=Mav4-6.7.00.Release.bbfw
BasebandSHA1=a5d6978ecead8d9c056250ad4622db4d6c71d15e
elif [ $ProductType == iPhone4,1 ]; then
Baseband=Trek-6.7.00.Release.bbfw
BasebandSHA1=22a35425a3cdf8fa1458b5116cfb199448eecf49
elif [ $ProductType == iPad3,5 ] || [ $ProductType == iPad3,6 ] ||
[ $ProductType == iPhone5,1 ] || [ $ProductType == iPhone5,2 ]; then
BasebandURL=$(cat $Firmware/14G61/url) # iOS 10.3.4
Baseband=Mav5-11.80.00.Release.bbfw
BasebandSHA1=8951cf09f16029c5c0533e951eb4c06609d0ba7f
elif [ $ProductType == iPad4,2 ] || [ $ProductType == iPad4,3 ] || [ $ProductType == iPad4,5 ] ||
[ $ProductType == iPhone6,1 ] || [ $ProductType == iPhone6,2 ]; then
BasebandURL=$(cat $Firmware/14G60/url)
Baseband=Mav7Mav8-7.60.00.Release.bbfw
BasebandSHA1=f397724367f6bed459cf8f3d523553c13e8ae12c
A7Device=1
else # For Wi-Fi only devices
Baseband=0
if [ $ProductType == iPad4,1 ] || [ $ProductType == iPad4,4 ]; then
A7Device=1
fi
fi
[ $ProductType == iPhone6,1 ] && HWModel=n51
[ $ProductType == iPhone6,2 ] && HWModel=n53
[ $ProductType == iPad4,1 ] && HWModel=j71
[ $ProductType == iPad4,2 ] && HWModel=j72
[ $ProductType == iPad4,3 ] && HWModel=j73
[ $ProductType == iPad4,4 ] && HWModel=j85
[ $ProductType == iPad4,5 ] && HWModel=j86
SEP=sep-firmware.$HWModel.RELEASE.im4p
}
Main