2022-03-22 09:46:03 +08:00

351 lines
14 KiB
Bash
Executable File

#!/bin/bash
FindDevice() {
local DeviceIn
local i=0
local Timeout=999
local USB
[[ $1 == "DFU" ]] && USB=1227 || USB=1281
[[ -n $2 ]] && Timeout=3
Log "Finding device in $1 mode..."
while (( i < Timeout )); do
if [[ $platform == "linux" ]]; then
DeviceIn=$(lsusb | grep -c "05ac:$USB")
else
[[ $($irecovery -q 2>/dev/null | grep -w "MODE" | cut -c 7-) == "$1" ]] && DeviceIn=1
fi
if [[ $DeviceIn == 1 ]]; then
Log "Found device in $1 mode."
DeviceState="$1"
break
fi
sleep 1
((i++))
done
if [[ $DeviceIn != 1 ]]; then
[[ $2 == "error" ]] && Error "Failed to find device in $1 mode. (Timed out)"
return 1
fi
}
GetDeviceValues() {
local ideviceinfo2
local version
Log "Finding device in Normal mode..."
DeviceState=
ideviceinfo2=$($ideviceinfo -s)
if [[ $? != 0 && $1 != "NoDevice" ]]; then
Log "Finding device in DFU/recovery mode..."
[[ $platform == "linux" ]] && Echo "* Enter your user password when prompted"
DeviceState="$($irecovery -q 2>/dev/null | grep -w "MODE" | cut -c 7-)"
elif [[ $1 == "NoDevice" ]]; then
Log "NoDevice argument detected. Skipping device detection"
DeviceState="NoDevice"
elif [[ -n $ideviceinfo2 ]]; then
DeviceState="Normal"
fi
if [[ $DeviceState == "DFU" || $DeviceState == "Recovery" ]]; then
local ProdCut=7
ProductType=$($irecovery -qv 2>&1 | grep "Connected to iP" | cut -c 14-)
[[ $(echo $ProductType | cut -c 3) == 'h' ]] && ProdCut=9
ProductType=$(echo $ProductType | cut -c -$ProdCut)
UniqueChipID=$((16#$(echo $($irecovery -q | grep "ECID" | cut -c 7-) | cut -c 3-)))
ProductVer="Unknown"
elif [[ $DeviceState == "Normal" ]]; then
ProductType=$(echo "$ideviceinfo2" | grep "ProductType" | cut -c 14-)
[[ ! $ProductType ]] && ProductType=$($ideviceinfo | grep "ProductType" | cut -c 14-)
ProductVer=$(echo "$ideviceinfo2" | grep "ProductVer" | cut -c 17-)
UniqueChipID=$(echo "$ideviceinfo2" | grep "UniqueChipID" | cut -c 15-)
UniqueDeviceID=$(echo "$ideviceinfo2" | grep "UniqueDeviceID" | cut -c 17-)
version="(iOS $ProductVer) "
fi
if [[ ! $DeviceState ]]; then
echo -e "\n${Color_R}[Error] No device detected. Please put the device in normal mode before proceeding. ${Color_N}"
echo "${Color_Y}* Make sure to also trust this computer by selecting \"Trust\" at the pop-up. ${Color_N}"
echo "${Color_Y}* For macOS users, double-check if the device is being detected by iTunes/Finder. ${Color_N}"
echo "${Color_Y}* Recovery or DFU mode is also applicable. ${Color_N}"
echo "${Color_Y}* To perform operations without an iOS device connected, add NoDevice as an argument. ${Color_N}"
echo "${Color_Y}* For more details, read the \"Troubleshooting\" wiki page in GitHub ${Color_N}"
exit 1
elif [[ -n $DeviceState ]]; then
if [[ ! $ProductType ]]; then
read -p "$(Input 'Enter ProductType (eg. iPad2,1):')" ProductType
fi
if [[ ! $UniqueChipID || $UniqueChipID == 0 ]]; then
read -p "$(Input 'Enter UniqueChipID (ECID, must be decimal):')" UniqueChipID
fi
fi
Firmware=resources/firmware/$ProductType
Baseband=0
BasebandURL=$(cat $Firmware/13G37/url 2>/dev/null)
LatestVer="9.3.6"
if [[ $ProductType == "iPad2,2" ]]; then
BasebandURL=$(cat $Firmware/13G36/url)
Baseband="ICE3_04.12.09_BOOT_02.13.Release.bbfw"
BasebandSHA1="e6f54acc5d5652d39a0ef9af5589681df39e0aca"
LatestVer="9.3.5"
elif [[ $ProductType == "iPad2,3" ]]; then
Baseband="Phoenix-3.6.03.Release.bbfw"
BasebandSHA1="8d4efb2214344ea8e7c9305392068ab0a7168ba4"
elif [[ $ProductType == "iPad2,6" || $ProductType == "iPad2,7" ]]; then
Baseband="Mav5-11.80.00.Release.bbfw"
BasebandSHA1="aa52cf75b82fc686f94772e216008345b6a2a750"
elif [[ $ProductType == "iPad3,2" || $ProductType == "iPad3,3" ]]; then
Baseband="Mav4-6.7.00.Release.bbfw"
BasebandSHA1="a5d6978ecead8d9c056250ad4622db4d6c71d15e"
elif [[ $ProductType == "iPhone4,1" ]]; then
Baseband="Trek-6.7.00.Release.bbfw"
BasebandSHA1="22a35425a3cdf8fa1458b5116cfb199448eecf49"
elif [[ $ProductType == "iPad3,5" || $ProductType == "iPad3,6" ||
$ProductType == "iPhone5,1" || $ProductType == "iPhone5,2" ]]; then
BasebandURL=$(cat $Firmware/14G61/url)
Baseband="Mav5-11.80.00.Release.bbfw"
BasebandSHA1="8951cf09f16029c5c0533e951eb4c06609d0ba7f"
LatestVer="10.3.4"
elif [[ $ProductType == "iPad4,2" || $ProductType == "iPad4,3" || $ProductType == "iPad4,5" ||
$ProductType == "iPhone6,1" || $ProductType == "iPhone6,2" ]]; then
BasebandURL=$(cat $Firmware/14G60/url)
Baseband="Mav7Mav8-7.60.00.Release.bbfw"
BasebandSHA1="f397724367f6bed459cf8f3d523553c13e8ae12c"
elif [[ $ProductType != "iPad2"* && $ProductType != "iPad3"* && $ProductType != "iPad4,1" &&
$ProductType != "iPad4,4" && $ProductType != "iPod5,1" && $ProductType != "iPhone5"* ]]; then
Error "Your device $ProductType ${version}is not supported."
else
BasebandURL=0
fi
if [[ $ProductType == "iPad2"* || $ProductType == "iPad3,1" || $ProductType == "iPad3,2" ||
$ProductType == "iPad3,3" || $ProductType == "iPhone4,1" || $ProductType == "iPod5,1" ]]; then
DeviceProc=5
elif [[ $ProductType == "iPhone5"* || $ProductType == "iPad3"* ]]; then
DeviceProc=6
elif [[ $ProductType == "iPhone6"* || $ProductType == "iPad4"* ]]; then
DeviceProc=7
fi
HWModel=$(cat $Firmware/hwmodel)
if [[ ! $BasebandURL || ! $HWModel ]]; then
Error "Missing BasebandURL and/or HWModel values. Is the firmware folder missing?" \
"Reinstall dependencies and try again. For more details, read the \"Troubleshooting\" wiki page in GitHub"
fi
if [[ $ProductType == "iPod5,1" ]]; then
iBSS="${HWModel}ap"
iBSSBuildVer="10B329"
elif [[ $ProductType == "iPad3,1" ]]; then
iBSS="${HWModel}ap"
iBSSBuildVer="11D257"
elif [[ $ProductType == "iPhone6"* ]]; then
iBSS="iphone6"
IPSWType="iPhone_4.0_64bit"
elif [[ $ProductType == "iPad4"* ]]; then
iBSS="ipad4"
IPSWType="iPad_64bit"
else
iBSS="$HWModel"
iBSSBuildVer="12H321"
fi
[[ ! $IPSWType ]] && IPSWType="$ProductType"
iBSS="iBSS.$iBSS.RELEASE"
SEP="sep-firmware.$HWModel.RELEASE.im4p"
Log "$ProductType ${version}connected in $DeviceState mode."
Log "ECID: $UniqueChipID"
}
CheckM8() {
local pwnDFUTool
local pwnDFUDevice
local pwnD=1
if [[ $platform == "macos" ]]; then
Selection=("iPwnder32" "ipwnder_lite")
Input "PwnDFU Tool Option"
Echo "* This option selects what tool to use to put your device in pwnDFU mode."
Echo "* If unsure, select 1 for Intel Macs, select 2 for Apple Silicon (M1) Macs."
Echo "* This option is set to iPwnder32 by default (1)."
Input "Select your option:"
select opt in "${Selection[@]}"; do
case $opt in
"ipwnder_lite" ) pwnDFUTool="$ipwnder_lite"; break;;
"ipwndfu" ) pwnDFUTool="ipwndfu"; break;;
* ) pwnDFUTool="$ipwnder32"; break;;
esac
done
else
pwnDFUTool="ipwndfu"
fi
Log "Entering pwnDFU mode with $pwnDFUTool..."
if [[ $pwnDFUTool == "ipwndfu" ]]; then
cd resources/ipwndfu
Echo "* Enter your user password when prompted"
$ipwndfu -p
if [[ $DeviceProc == 7 ]]; then
Log "Running rmsigchks.py..."
$rmsigchks
pwnDFUDevice=$?
cd ../..
else
cd ../..
kDFU iBSS || echo
pwnDFUDevice=$?
fi
else
$pwnDFUTool -p
pwnDFUDevice=$?
fi
[[ $DeviceProc == 7 ]] && pwnD=$($irecovery -q | grep -c "PWND")
if [[ $pwnDFUDevice != 0 && $pwnD != 1 ]]; then
echo -e "\n${Color_R}[Error] Failed to enter pwnDFU mode. Please run the script again ${Color_N}"
echo "${Color_Y}* If the screen is black, exit DFU mode first by holding the TOP and HOME buttons for 15 seconds. ${Color_N}"
echo "${Color_Y}* This step may fail a lot, especially on Linux, and unfortunately there is nothing I can do about the low success rates. ${Color_N}"
echo "${Color_Y}* The only option is to make sure you are using an Intel or Apple Silicon device, and to try multiple times ${Color_N}"
Echo "* For more details, read the \"Troubleshooting\" wiki page in GitHub"
exit 1
elif [[ $pwnDFUDevice == 0 ]]; then
Log "Device in pwnDFU mode detected."
else
Log "Warning - Failed to detect device in pwnDFU mode."
Echo "* If the device entered pwnDFU mode successfully, you may continue"
Echo "* If entering pwnDFU failed, you may have to force restart your device and start over"
fi
}
Recovery() {
local RecoveryDFU
if [[ $DeviceState != "Recovery" ]]; then
Log "Entering recovery mode..."
$ideviceenterrecovery $UniqueDeviceID >/dev/null
FindDevice "Recovery"
fi
Echo "* Get ready to enter DFU mode."
read -p "$(Input 'Select Y to continue, N to exit recovery (Y/n)')" RecoveryDFU
if [[ $RecoveryDFU == 'N' || $RecoveryDFU == 'n' ]]; then
Log "Exiting recovery mode."
$irecovery -n
exit 0
fi
Echo "* Hold TOP and HOME buttons for 8 seconds."
for i in {08..01}; do
echo -n "$i "
sleep 1
done
echo -e "\n$(Echo '* Release TOP button and hold HOME button for 8 seconds.')"
for i in {08..01}; do
echo -n "$i "
sleep 1
done
echo
FindDevice "DFU" error
CheckM8
}
RecoveryExit() {
read -p "$(Input 'Attempt to exit recovery mode? (Y/n)')" Selection
if [[ $Selection != 'N' && $Selection != 'n' ]]; then
Log "Exiting recovery mode."
$irecovery -n
fi
exit 0
}
kDFU() {
local kloader
local VerDetect=$(echo $ProductVer | cut -c 1)
if [[ ! -e saved/$ProductType/$iBSS.dfu ]]; then
Log "Downloading iBSS..."
$partialzip "$(cat $Firmware/$iBSSBuildVer/url)" Firmware/dfu/$iBSS.dfu $iBSS.dfu
mkdir -p saved/$ProductType 2>/dev/null
mv $iBSS.dfu saved/$ProductType
fi
if [[ ! -e saved/$ProductType/$iBSS.dfu ]]; then
Error "Failed to save iBSS. Please run the script again"
fi
Log "Patching iBSS..."
$bspatch saved/$ProductType/$iBSS.dfu tmp/pwnediBSS resources/patches/$iBSS.patch
if [[ $1 == iBSS ]]; then
cd resources/ipwndfu
if [[ $platform == "macos" ]]; then
Echo "* Attempting to send pwned iBSS."
Echo "* This will fail on Apple Silicon Macs, as well as on macOS 12.3 and later."
Echo "* If this is the case, you need to send pwned iBSS yourself before continuing."
Echo "* For more details, read the \"Troubleshooting\" wiki page in GitHub"
fi
Log "Sending iBSS..."
$ipwndfu -l ../../tmp/pwnediBSS
local ret=$?
cd ../..
return $ret
fi
[[ $VerDetect == 1 ]] && kloader="kloader_hgsp"
[[ $VerDetect == 5 ]] && kloader="kloader5"
[[ ! $kloader ]] && kloader="kloader"
Log "Running iproxy for SSH..."
$iproxy 2222 22 &
iproxyPID=$!
sleep 2
echo
Log "Copying stuff to device via SSH..."
Echo "* Make sure OpenSSH/Dropbear is installed on the device and running!"
Echo "* Dropbear is only needed for devices on iOS 10"
Echo "* To make sure that SSH is successful, try these steps:"
Echo "* Reinstall OpenSSH/Dropbear, reboot and rejailbreak, then reinstall them again"
echo
Input "Enter the root password of your iOS device when prompted."
Echo "* Note that you will be prompted twice. Do not worry that your input is not visible, it is still being entered."
Echo "* The default password is \"alpine\""
$SCP -P 2222 resources/tools/$kloader tmp/pwnediBSS root@127.0.0.1:/tmp
if [[ $? == 0 ]]; then
$SSH -p 2222 root@127.0.0.1 "chmod +x /tmp/$kloader; /tmp/$kloader /tmp/pwnediBSS" &
else
Log "Cannot connect to device via USB SSH."
Echo "* Please try the steps above to make sure that SSH is successful"
Echo "* Alternatively, you may use kDFUApp by tihmstar (from my repo, see \"Troubleshooting\" wiki page)"
Input "Press Enter/Return to continue anyway (or press Ctrl+C to cancel and try again)"
read -s
Log "Will try again with Wi-Fi SSH..."
Echo "* Make sure that the device and your PC/Mac are on the same network!"
Echo "* You can check for your device's IP Address in: Settings > WiFi/WLAN > tap the 'i' next to your network name"
read -p "$(Input 'Enter the IP Address of your device:')" IPAddress
Log "Copying stuff to device via SSH..."
$SCP resources/tools/$kloader tmp/pwnediBSS root@$IPAddress:/tmp
if [[ $? == 1 ]]; then
Error "Cannot connect to device via SSH." \
"Please try the steps above to make sure that SSH is successful"
fi
$SSH root@$IPAddress "chmod +x /tmp/$kloader; /tmp/$kloader /tmp/pwnediBSS" &
fi
Log "Entering kDFU mode..."
Echo "* Press TOP or HOME button when the device disconnects and its screen goes black"
FindDevice "DFU"
}