Mirrors/Legacy-iOS-Kit
2
0
Fork 0
mirror of https://github.com/LukeZGD/Legacy-iOS-Kit.git synced 2024-11-23 16:39:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
491db76b61
Legacy-iOS-Kit/README.md
LukeZGD 491db76b61 Some pwnDFU fixes 
Skip "Booting iBSS" when iPwnder32 is used
2021-04-19 16:04:30 +08:00

9.1 KiB
Executable File
Raw Blame History

iOS-OTA-Downgrader

Downgrade/restore and jailbreak iOS devices to signed OTA firmwares

  • Linux and macOS are supported by this downgrade script/tool
    • Windows users can create a Linux live USB (see Requirements)
  • iOS 8.4.1 and 6.1.3 downgrades have the option to jailbreak the install
  • You do NOT need blobs to use this, the script will get them for you
  • This script can also restore your device to other iOS versions that you have SHSH blobs for (32-bit devices only, listed under Supported devices)
  • Please read the "Other notes" section for tips, frequent questions, and troubleshooting

Supported devices:

  • You can identify your device here
  • iPhone 5C and iPad mini 3 devices are NOT supported (OTA versions for them are not signed)
  • iPhone 5C can still be restored to versions that you have SHSH blobs for
Target Version Supported Devices
iOS 10.3.3 A7 devices:
iPhone 5S
iPad Air 1
iPad mini 2 (except iPad4,6)
iOS 8.4.1 32-bit devices:
iPhone 4S
iPhone 5
iPad 2, iPad 3, iPad 4
iPad mini 1
iPod touch 5
iOS 6.1.3 iPhone 4S
iPad 2 (except iPad2,4)

Requirements:

  • A supported device in any iOS version (listed above):
    • A 32-bit device (jailbreak needed)
    • An A7 device (jailbreak not needed)
  • An IPSW for the version you want to downgrade to
  • A 64-bit Linux install/live USB or a supported macOS version
    • See supported OS versions and Linux distros below
    • A Linux live USB can be easily created with tools like balenaEtcher or Rufus
  • Users with 32-bit devices must install OpenSSH
    • Users in iOS 10 (A6/A6X) must also install Dropbear from my Cydia repo
For Pangu 32-bit users:
  • For 32-bit users using Pangu, install the latest untether for your iOS version here

Usage:

  1. Download iOS-OTA-Downgrader here and extract the zip archive
  2. Plug in your iOS device
  3. Open a Terminal window
  4. cd to where the zip archive is extracted, and run ./restore.sh
    • You can also drag restore.sh to the Terminal window and press ENTER
  5. Select options to be used
  6. Follow instructions

Supported OS versions/distros:

Other notes:

  • If something in the process does not work for you: try unplugging/replugging the device, switching between different USB ports/cables, also try USB 2.0 ports
  • IPSW file integrity will be verified before restoring and/or creating custom IPSW (if custom IPSW is already created, this will be skipped)
  • For users having issues with missing libraries/tools: Re-install dependencies with ./restore.sh Install
    • Alternatively, delete the libimobiledevice or libirecovery folder in resources then run the script again
  • For A7 devices:
    • Do not use USB-C to lightning cables as this can prevent a successful restore
    • checkm8 ipwndfu is unfortunately pretty unreliable, you may have to try multiple times (for Linux users, also try in a live USB)
    • If the script cannot find your device in pwnREC mode or gets stuck, you may have to start over by hard-resetting and re-entering recovery/DFU mode
    • Use an Intel PC/Mac as entering pwnDFU (checkm8) may be a lot more unreliable on AMD devices
    • Other than the above, unfortunately there's not much else I can do to help regarding entering pwnDFU mode.
  • For 32-bit devices:
    • To make sure that SSH is successful, try these steps: Reinstall OpenSSH/Dropbear, reboot and rejailbreak, then reinstall them again
    • To devices with baseband, this script will restore your device with the latest baseband (except when jailbreak is enabled, and on iPhone5,1 as there are reported issues)
    • This script can also be used to just enter kDFU mode for all supported devices
    • As alternatives to kloader/kDFU, checkm8 A5 or pwnDFU A6 can also be used in DFU advanced menu
      • To enter DFU advanced menu, put your iOS device in DFU mode before running the script
    • This script can work on virtual machines, but I will not provide support for them
    • If you want to use other manually saved blobs for 6.1.3/8.4.1, create a folder named saved, then within it create another folder named shsh. You can then put your blob inside that folder.
      • The naming of the blob should be: (ECID in Decimal)_(ProductType)_(Version)-(BuildVer).shsh(2)
      • Example with path: saved/shsh/123456789012_iPad2,1_8.4.1-12H321.shsh
  • For the jailbreak option (iOS 6.1.3 and 8.4.1):
    • If you have problems with Cydia, remove the ultrasn0w repo and close Cydia using the app switcher, then try opening Cydia again
    • If you cannot find Cydia in your home screen, try accessing Cydia through Safari with cydia:// and install "Jailbreak App Icons Fix" package from my Cydia repo
  • For the jailbreak option (iOS 8.4.1 only):
    • Stashing is already enabled and nosuid is removed from fstab, so no need to install "Stashing for #etasonJB" package
  • For users with A5 Rev A (8942) and A5X (8945) devices:
    • A5 Rev A devices: iPad2,4, iPad mini 1, iPod touch 5
    • A5X devices: iPad 3
    • The jailbreak option might not work on A5 Rev A devices (see issue #70)
    • For users that downgraded without jailbreak option, and have manually jailbroken with the EtasonJB app, it is recommended to install "EtasonJB Disable Bootloop Protection" from my Cydia repo
    • For users that downgraded with the jailbreak option, and to users that have installed "EtasonJB Disable Bootloop Protection", your device might take a very long time to boot, possibly 20 minutes or more
  • My Cydia repo: https://lukezgd.github.io/repo/ - for installing Dropbear, Jailbreak App Icons Fix, EtasonJB Disable Bootloop Protection

Tools and other stuff used by this script: