Mirrors/Legacy-iOS-Kit
2
0
Fork 0
mirror of https://github.com/LukeZGD/Legacy-iOS-Kit.git synced 2024-11-23 16:39:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
b20f045cb1
Legacy-iOS-Kit/restore.sh
LukeeGD b20f045cb1 Fix 20.04 libpng12 and add openssl1.0
2020-04-27 13:40:14 +08:00

403 lines
15 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
function BasebandDetect {
Firmware=resources/firmware/$ProductType
BasebandURL=$(cat $Firmware/13G37/url 2>/dev/null)
if [ $ProductType == iPad2,2 ]; then
BasebandURL=$(cat $Firmware/13G36/url)
Baseband=ICE3_04.12.09_BOOT_02.13.Release.bbfw
elif [ $ProductType == iPad2,3 ]; then
Baseband=Phoenix-3.6.03.Release.bbfw
elif [ $ProductType == iPad2,6 ] || [ $ProductType == iPad2,7 ]; then
Baseband=Mav5-11.80.00.Release.bbfw
elif [ $ProductType == iPad3,2 ] || [ $ProductType == iPad3,3 ]; then
Baseband=Mav4-6.7.00.Release.bbfw
elif [ $ProductType == iPhone4,1 ]; then
Baseband=Trek-6.7.00.Release.bbfw
elif [ $ProductType == iPad3,5 ] || [ $ProductType == iPad3,6 ] ||
[ $ProductType == iPhone5,1 ] || [ $ProductType == iPhone5,2 ]; then
BasebandURL=$(cat $Firmware/14G61/url)
Baseband=Mav5-11.80.00.Release.bbfw
else # For Wi-Fi only devices
Baseband=0
fi
}
function Clean {
rm -rf iP*/ tmp/ $(ls ${UniqueChipID}_${ProductType}_${DowngradeVer}-*.shsh2 2>/dev/null) $(ls *.bbfw 2>/dev/null) BuildManifest.plist
}
function Log {
echo "[Log] $1"
}
function Error {
echo "[Error] $1"
[[ ! -z $2 ]] && echo $2
exit
}
function MainMenu {
if [ $(lsusb | grep -c '1227') == 1 ]; then
read -p "[Input] Device in DFU mode detected. Is the device in kDFU mode? (y/N) " kDFUManual
if [[ $kDFUManual == y ]] || [[ $kDFUManual == Y ]]; then
read -p "[Input] Enter ProductType (eg. iPad2,1): " ProductType
read -p "[Input] Enter UniqueChipID (ECID): " UniqueChipID
BasebandDetect
Log "Downgrading device $ProductType in kDFU mode..."
Mode='Downgrade'
SelectVersion
else
Error "Please put the device in normal mode and jailbroken before proceeding"
fi
elif [ ! $ProductType ]; then
Error "Please plug the device in and trust this computer before proceeding"
fi
BasebandDetect
echo "Main Menu"
echo
echo "HardwareModel: ${HWModel}ap"
echo "ProductType: $ProductType"
echo "ProductVersion: $ProductVer"
echo "UniqueChipID (ECID): $UniqueChipID"
echo
echo "[Input] Select an option:"
select opt in "Downgrade device" "Save OTA blobs" "Just put device in kDFU mode" "(Re-)Install Dependencies" "Exit"; do
case $opt in
"Downgrade device" ) Mode='Downgrade'; break;;
"Save OTA blobs" ) Mode='SaveOTABlobs'; break;;
"Just put device in kDFU mode" ) Mode='kDFU'; break;;
"(Re-)Install Dependencies" ) InstallDependencies;;
"Exit" ) exit;;
*) MainMenu;;
esac
done
SelectVersion
}
function SelectVersion {
Selection=("iOS 8.4.1")
if [[ $Mode == 'kDFU' ]]; then
Select841
elif [ $ProductType == iPad2,1 ] || [ $ProductType == iPad2,2 ] ||
[ $ProductType == iPad2,3 ] || [ $ProductType == iPhone4,1 ]; then
Selection+=("iOS 6.1.3")
fi
[[ $Mode == 'Downgrade' ]] && Selection+=("Other")
Selection+=("Back")
echo "[Input] Select iOS version:"
select opt in "${Selection[@]}"; do
case $opt in
"iOS 8.4.1" ) Select841; break;;
"iOS 6.1.3" ) Select613; break;;
"Other" ) SelectOther; break;;
"Back" ) MainMenu; break;;
*) SelectVersion;;
esac
done
}
function Select841 {
echo "iOS 8.4.1 $Mode"
iBSS="iBSS.$HWModel.RELEASE"
DowngradeVer="8.4.1"
DowngradeBuildVer="12H321"
Action
}
function Select613 {
echo "iOS 6.1.3 $Mode"
iBSS="iBSS.${HWModel}ap.RELEASE"
DowngradeVer="6.1.3"
DowngradeBuildVer="10B329"
Action
}
function SelectOther {
echo "Other $Mode"
iBSS="iBSS.$HWModel.RELEASE"
DowngradeBuildVer="12H321"
NotOTA=1
read -p "[Input] Path to IPSW (drag IPSW to terminal window): " IPSW
IPSW="$(basename "$IPSW" .ipsw)"
read -p "[Input] Path to SHSH (drag SHSH to terminal window): " SHSH
Action
}
function Action {
Firmware=$Firmware/$DowngradeBuildVer
IV=$(cat $Firmware/iv)
Key=$(cat $Firmware/key)
if [[ $Mode == 'Downgrade' ]]; then
Downgrade
elif [[ $Mode == 'SaveOTABlobs' ]]; then
SaveOTABlobs
elif [[ $Mode == 'kDFU' ]]; then
kDFU
fi
exit
}
function SaveOTABlobs {
BuildManifest="resources/manifests/BuildManifest_${ProductType}_${DowngradeVer}.plist"
Log "Saving $DowngradeVer blobs with tsschecker..."
env "LD_PRELOAD=libcurl.so.3" resources/tools/tsschecker_$platform -d $ProductType -i $DowngradeVer -o -s -e $UniqueChipID -m $BuildManifest
SHSH=$(ls ${UniqueChipID}_${ProductType}_${DowngradeVer}-*.shsh2)
[ ! -e "$SHSH" ] && Error "Saving $DowngradeVer blobs failed. Please run the script again" "It is also possible that $DowngradeVer for $ProductType is no longer signed"
mkdir -p saved/shsh 2>/dev/null
cp "$SHSH" saved/shsh
Log "Successfully saved $DowngradeVer blobs."
}
function kDFU {
if [ ! -e saved/$ProductType/$iBSS.dfu ]; then
# Downloading 8.4.1 iBSS for "other" downgrades
Log "Downloading iBSS..."
resources/tools/pzb_$platform -g Firmware/dfu/${iBSS}.dfu -o $iBSS.dfu $(cat $Firmware/url)
mkdir -p saved/$ProductType 2>/dev/null
mv $iBSS.dfu saved/$ProductType
fi
Log "Decrypting iBSS..."
Log "IV = $IV"
Log "Key = $Key"
resources/tools/xpwntool_$platform saved/$ProductType/$iBSS.dfu tmp/iBSS.dec -k $Key -iv $IV -decrypt
dd bs=64 skip=1 if=tmp/iBSS.dec of=tmp/iBSS.dec2
Log "Patching iBSS..."
bspatch tmp/iBSS.dec2 tmp/pwnediBSS resources/patches/$iBSS.patch
# Regular kloader only works on iOS 6 to 9, so other versions are provided for iOS 5 and 10
if [[ $VersionDetect == 1 ]]; then
kloader='kloader_hgsp'
elif [[ $VersionDetect == 5 ]]; then
kloader='kloader5'
else
kloader='kloader'
fi
if [[ $VersionDetect == 1 ]]; then
# ifuse+MTerminal is used instead of SSH for devices on iOS 10
[ ! $(which ifuse) ] && Error "ifuse not found. Please re-install dependencies and try again" "For macOS systems, install osxfuse and ifuse with brew"
WifiAddr=$(ideviceinfo -s | grep 'WiFiAddress' | cut -c 14-)
WifiAddrDecr=$(echo $(printf "%x\n" $(expr $(printf "%d\n" 0x$(echo "${WifiAddr}" | tr -d ':')) - 1)) | sed 's/\(..\)/\1:/g;s/:$//')
echo '#!/bin/bash' > tmp/pwn.sh
echo "nvram wifiaddr=$WifiAddrDecr
chmod 755 kloader_hgsp
./kloader_hgsp pwnediBSS" >> tmp/pwn.sh
Log "Mounting device with ifuse..."
mkdir mount
ifuse mount
Log "Copying stuff to device..."
cp "tmp/pwn.sh" "resources/tools/$kloader" "tmp/pwnediBSS" "mount/"
Log "Unmounting device..."
sudo umount mount
echo
Log "Open MTerminal and run these commands:"
echo
echo '$ su'
echo "(enter root password, default is 'alpine')"
echo "# cd Media"
echo "# chmod +x pwn.sh"
echo "# ./pwn.sh"
else
# SSH kloader and pwnediBSS
echo "Make sure SSH is installed and working on the device!"
echo "Please enter Wi-Fi IP address of device for SSH connection"
read -p "[Input] IP Address: " IPAddress
Log "Coonecting to device via SSH... Please enter root password when prompted (default is 'alpine')"
Log "Copying stuff to device..."
scp resources/tools/$kloader tmp/pwnediBSS root@$IPAddress:/
[ $? == 1 ] && Error "Cannot connect to device via SSH." "Please check your ~/.ssh/known_hosts file and try again"
Log "Entering kDFU mode..."
ssh root@$IPAddress "chmod 755 /$kloader && /$kloader /pwnediBSS" &
fi
echo
echo "Press home/power button once when screen goes black on the device"
FindDFU
}
function FindDFU {
Log "Finding device in DFU mode..."
while [[ $DFUDevice != 1 ]]; do
DFUDevice=$(lsusb | grep -c "1227")
sleep 2
done
Log "Found device in DFU mode."
}
function Downgrade {
if [ ! $NotOTA ]; then
SaveOTABlobs
IPSW="${ProductType}_${DowngradeVer}_${DowngradeBuildVer}_Restore"
if [ ! -e "$IPSW.ipsw" ]; then
Log "iOS $DowngradeVer IPSW is missing, downloading IPSW..."
curl -L $(cat $Firmware/url) -o tmp/$IPSW.ipsw
mv tmp/$IPSW.ipsw .
fi
Log "Verifying IPSW..."
SHA1IPSW=$(cat $Firmware/sha1sum)
SHA1IPSWL=$(sha1sum "$IPSW.ipsw" | awk '{print $1}')
[ $SHA1IPSW != $SHA1IPSWL ] && Error "SHA1 of IPSW does not match. Please run the script again"
if [ ! $kDFUManual ]; then
Log "Extracting iBSS from IPSW..."
mkdir -p saved/$ProductType 2>/dev/null
unzip -o -j "$IPSW.ipsw" Firmware/dfu/$iBSS.dfu -d saved/$ProductType
fi
fi
[ ! $kDFUManual ] && kDFU
Log "Extracting IPSW..."
unzip -q "$IPSW.ipsw" -d "$IPSW/"
Log "Preparing for futurerestore (starting local server)..."
cd resources
sudo bash -c "python3 -m http.server 80 &"
cd ..
if [ $Baseband == 0 ]; then
Log "Device $ProductType has no baseband"
Log "Proceeding to futurerestore..."
sudo env "LD_PRELOAD=libcurl.so.3" resources/tools/futurerestore_$platform -t "$SHSH" --no-baseband --use-pwndfu "$IPSW.ipsw"
else
if [ ! -e saved/$ProductType/*.bbfw ]; then
Log "Downloading baseband..."
resources/tools/pzb_$platform -g Firmware/$Baseband -o $Baseband $BasebandURL
resources/tools/pzb_$platform -g BuildManifest.plist -o BuildManifest.plist $BasebandURL
mkdir -p saved/$ProductType 2>/dev/null
cp $(ls *.bbfw) BuildManifest.plist saved/$ProductType
else
cp saved/$ProductType/*.bbfw saved/$ProductType/BuildManifest.plist .
fi
if [ ! -e *.bbfw ]; then
echo "[Error] Downloading baseband failed!"
echo "Your device is still in kDFU mode, you may run the script again"
echo "If you continue, futurerestore can attempt to download the baseband again"
read -p "[Input] Continue anyway? (y/N)" Continue
if [[ $Continue == y ]] || [[ $Continue == Y ]]; then
Log "Proceeding to futurerestore..."
sudo env "LD_PRELOAD=libcurl.so.3" resources/tools/futurerestore_$platform -t "$SHSH" --latest-baseband --use-pwndfu "$IPSW.ipsw"
else
exit
fi
fi
if [[ $Continue != y ]] && [[ $Continue != Y ]]; then
Log "Proceeding to futurerestore..."
sudo env "LD_PRELOAD=libcurl.so.3" resources/tools/futurerestore_$platform -t "$SHSH" -b $(ls *.bbfw) -p BuildManifest.plist --use-pwndfu "$IPSW.ipsw"
fi
fi
echo
Log "futurerestore done!"
Log "Stopping local server..."
ps aux | awk '/python3/ {print "sudo kill -9 "$2" 2>/dev/null"}' | bash
Log "Downgrade script done!"
}
function InstallDependencies {
echo "Install Dependencies"
. /etc/os-release 2>/dev/null
if [[ $(which pacman) ]]; then
Arch
elif [[ $VERSION_ID == "16.04" ]] || [[ $VERSION_ID == "18.04" ]] || [[ $VERSION_ID == "20.04" ]]; then
Ubuntu
elif [[ $OSTYPE == "darwin"* ]]; then
macOS
else
Error "Distro not detected/supported by install script." "See the repo README for OS versions/distros tested on"
fi
Log "Install script done! Please run the script again to proceed"
}
function Arch {
Log "Installing dependencies for Arch with pacman..."
sudo pacman -Sy --noconfirm bsdiff curl ifuse libcurl-compat libpng12 libzip openssh openssl-1.0 python unzip usbutils
sudo pacman -S --noconfirm libimobiledevice usbmuxd
sudo ln -sf /usr/lib/libzip.so.5 /usr/lib/libzip.so.4
}
function macOS {
if [[ ! $(which brew) ]]; then
Log "Homebrew is not detected/installed, installing Homebrew..."
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)"
fi
Log "Installing dependencies for macOS with Homebrew..."
brew uninstall --ignore-dependencies usbmuxd
brew uninstall --ignore-dependencies libimobiledevice
brew install --HEAD usbmuxd
brew install --HEAD libimobiledevice
brew install libzip lsusb python3
brew cask install osxfuse
brew install ifuse
}
function Ubuntu {
Log "Running APT update..."
sudo apt update
Log "Installing dependencies for Ubuntu $VERSION_ID with APT..."
sudo apt -y install bsdiff curl ifuse libimobiledevice-utils python3 usbmuxd
if [[ $VERSION_ID != "16.04" ]]; then
sudo apt -y install binutils
mkdir tmp
cd tmp
curl -L http://archive.ubuntu.com/ubuntu/pool/universe/c/curl3/libcurl3_7.58.0-2ubuntu2_amd64.deb -o libcurl3.deb
ar x libcurl3.deb data.tar.xz
tar xf data.tar.xz
sudo cp usr/lib/x86_64-linux-gnu/libcurl.so.4.* /usr/lib/libcurl.so.3
if [[ $VERSION_ID == "20.04" ]]; then
URLlibpng12=http://ppa.launchpad.net/linuxuprising/libpng12/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.54-1ubuntu1.1+1~ppa0~focal_amd64.deb
curl -L http://archive.ubuntu.com/ubuntu/pool/universe/libz/libzip/libzip4_1.1.2-1.1_amd64.deb -o libzip4.deb
sudo dpkg -i libzip4.deb
curl -L http://archive.ubuntu.com/ubuntu/pool/universe/o/openssl1.0/openssl1.0_1.0.2n-1ubuntu5.3_amd64.deb -o openssl1.0.deb
sudo dpkg -i openssl1.0.deb
else
URLlibpng12=http://mirrors.edge.kernel.org/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.54-1ubuntu1.1_amd64.deb
sudo apt -y install libzip4
fi
curl -L $URLlibpng12 -o libpng12.deb
sudo dpkg -i libpng12.deb
else
sudo apt -y install libzip4
fi
}
# --- MAIN SCRIPT STARTS HERE ---
trap 'Clean; exit' INT TERM EXIT
clear
echo "******* 32bit-OTA-Downgrader *******"
echo " Downgrade script by LukeZGD "
echo
if [[ $OSTYPE == "linux-gnu" ]]; then
platform='linux'
elif [[ $OSTYPE == "darwin"* ]]; then
platform='macos'
else
Error "OSTYPE unknown/not supported" "Supports Linux and macOS only"
fi
[[ ! $(ping -c1 google.com 2>/dev/null) ]] && Error "Please check your Internet connection before proceeding"
[[ $(uname -m) != 'x86_64' ]] && Error "Only x86_64 distributions are supported. Use a 64-bit distro and try again"
HWModel=$(ideviceinfo -s | grep 'HardwareModel' | cut -c 16- | tr '[:upper:]' '[:lower:]' | sed 's/.\{2\}$//')
ProductType=$(ideviceinfo -s | grep 'ProductType' | cut -c 14-)
[ ! $ProductType ] && ProductType=$(ideviceinfo | grep 'ProductType' | cut -c 14-)
ProductVer=$(ideviceinfo -s | grep 'ProductVer' | cut -c 17-)
VersionDetect=$(echo $ProductVer | cut -c 1)
UniqueChipID=$(ideviceinfo -s | grep 'UniqueChipID' | cut -c 15-)
if [ ! $(which bspatch) ] || [ ! $(which ideviceinfo) ] || [ ! $(which lsusb) ] || [ ! $(which ssh) ] || [ ! $(which python3) ]; then
InstallDependencies
else
chmod +x resources/tools/*
Clean
mkdir tmp
rm -rf resources/firmware
curl -Ls https://github.com/LukeZGD/32bit-OTA-Downgrader/archive/firmware.zip -o tmp/firmware.zip
unzip -q tmp/firmware.zip -d tmp
mkdir resources/firmware
mv tmp/32bit-OTA-Downgrader-firmware/* resources/firmware
MainMenu
fi
Reference in New Issue View Git Blame Copy Permalink