mirror of
https://github.com/LukeZGD/Legacy-iOS-Kit.git
synced 2024-12-26 00:01:50 +01:00
21a60c280a
Lower minimum macOS version (10.11) (untested) - added pwned restore option for 64-bit restoring - ios 4 powder nvram fix - thanks to testingthings (@throwaway167074) for the fix impl
12 KiB
12 KiB
Legacy iOS Kit
- (formerly iOS-OTA-Downgrader)
- An all-in-one tool to restore/downgrade, save SHSH blobs, and jailbreak legacy iOS devices
- Supported on Linux and macOS
- Read the "How to Use" wiki page for instructions
- Read the "Troubleshooting" wiki page for tips, frequent questions, and troubleshooting
Features
- Legacy iOS Kit supports all 32-bit iOS devices, and some 64-bit (A7/A8/A9/A10/A11) devices
- Devices that received iOS 16 and newer are mostly not supported and only have limited functionality (such as sideload on Linux etc.)
- S5L8900 devices (iPhone 2G, 3G, touch 1) are only partially supported, some features like SSH ramdisk are not available
- Restore to signed OTA versions (iOS 8.4.1 and/or 6.1.3) on A5/A6 devices
- Restore some 32-bit devices to other iOS versions without blobs
- This includes downgrading iPhone 3GS, iPhone 4 GSM and CDMA, iPod touch 2, touch 3, iPad 1
- Restore with SHSH blobs on supported devices
- Restore to other iOS versions with iOS 7 blobs (powdersn0w)
- Tethered downgrades/restores to other iOS versions for A5/A6 and other devices
- Jailbreak all 32-bit iOS devices on (almost) any iOS version
- Available on iOS versions 3.1 to 9.3.4
- Only unsupported versions are iOS 9.0.x
- Hacktivation for iPhone 2G, 3G, 3GS, 4 GSM (activate without valid SIM card)
- FourThree Utility - Dualboot iOS 4.3.x for the iPad 2
- Restore to iOS 10.3.3 (signed OTA version) on supported A7 devices
- Install IPA files for supported devices with AppSync Unified installed
- Sideload IPA files for supported devices on Linux
- Save SHSH blobs for signed OTA versions for supported devices
- Save onboard and Cydia SHSH blobs for 32-bit devices
- Save onboard SHSH blobs for jailbroken 64-bit devices (deverser)
- Enter pwned iBSS/kDFU mode for supported 32-bit devices
- Boot SSH Ramdisk for supported 32-bit and 64-bit devices
- Save onboard SHSH blobs using SSH Ramdisk for the supported 64-bit devices
- Install TrollStore using SSH Ramdisk for the supported 64-bit devices on iOS 14/15
- Clear NVRAM for 32-bit devices
- Device activation using ideviceactivation (useful for iOS 4 and lower)
- The latest baseband will be flashed for A5/A6 devices (for iPhone 4S, 5, 5C, iPad 4, mini 1)
- Dumping and stitching baseband to IPSW (requires
--disable-bbupdate
) - Dumping and stitching activation records to IPSW (requires
--activation-records
) - Data Management - Backup and restore, mount device, erase device
Supported devices
- Identify your device here
- iPhone 5C and iPad mini 3 devices are NOT supported by OTA downgrades
- These devices still support restoring to other iOS versions with SHSH blobs, see below
- See the table below for OTA downgrading support:
Target Version | Supported Devices |
---|---|
iOS 10.3.3 | A7 devices: |
iPhone 5S | |
iPad Air 1 | |
iPad mini 2 (except iPad4,6) | |
iOS 8.4.1 | 32-bit devices: |
iPhone 4S | |
iPhone 5 | |
iPad 2, iPad 3, iPad 4 | |
iPad mini 1 | |
iPod touch 5 | |
iOS 6.1.3 | iPhone 4S |
iPad 2 (except iPad2,4) |
- Restoring with SHSH blobs, jailbreaking, and using SSH ramdisks are supported on the following devices:
- iPhone 2G, 3G, iPod touch 1 (SSH ramdisks not supported)
- iPhone 3GS, 4, 4S, 5, 5C
- iPad 1, 2, 3, 4, mini 1
- iPod touch 2, 3, 4, 5
- Restoring with SHSH blobs and using SSH Ramdisks are also supported on some 64-bit devices:
- See SEP/BB Compatibility Chart for iOS versions that can be restored to
- iPhone 5S, 6, 6S, SE 2016, 7 (including Plus variants)
- iPad Air 1, 2
- iPad mini 2, 3, 4
- iPod touch 6, 7
- Restoring with iOS 16.6.x SHSH blobs using futurerestore is also supported on these devices (SSH ramdisks not supported):
- iPhone 8, X
- iPad 5
- iPad Pro 9.7/12.9 1st gen
- Restoring with powdersn0w is supported on the following devices and target version range:
- iPhone 4 GSM - iOS 4.0 to 7.1.1 (all versions except 4.2.1)
- iPhone 4 CDMA - iOS 5.0 to 7.1.1
- iPhone 4S, 5, 5C, iPad 2 Rev A, iPod touch 5 - iOS 5.0 to 9.3.5
- iPad 1 - iOS 4.2.1 to 5.1
- iPod touch 3 - iOS 4.0 to 5.1
- Using powdersn0w requires iOS 7.1.x blobs for your device
- No blob requirement for iPhone 4, iPad 1, iPod touch 3 (7.1.2 and 5.1.1 are signed)
- For iPhone 5 and 5C, both 7.0.x and 7.1.x blobs can be used
- Restoring and jailbreaking to other unsigned versions without blobs is supported on the following devices and target version range:
- iPhone 3GS - iOS 3.0 to 6.1.3 (all versions)
- iPod touch 2 - iOS 2.1.1 to 4.1 (all versions)
- iPhone 2G, 3G, iPod touch 1 - all versions
- For 2G, 3G, and touch 1, supported jailbreak versions are only 3.1.3, as well as 4.1 and 4.2.1 for the 3G
- Lowest downgradable version is 2.0. Going to 1.x does not work
- For 3GS and touch 2, 2.x and 3.0.x are not supported for jailbreaking. 3.1 and newer only
Supported OS versions/distros
Supported architectures: x86_64, arm64, armhf
- Ubuntu 22.04 and newer, and Ubuntu-based distros like Linux Mint
- Arch Linux and Arch-based distros like EndeavourOS
- Fedora 37 and newer
- Debian 12 Bookworm and newer, Sid, and Debian-based distros
- openSUSE Tumbleweed
- Gentoo and Gentoo-based distros
- macOS 10.11 and newer (10.13/10.15 and newer recommended)
Tools and other stuff used
- curl
- bspatch
- powdersn0w_pub - dora2ios; LukeZGD fork
- ipwndfu - axi0mX, Linus Henze, synackuk; LukeZGD fork
- ipwnder_lite - dora2ios (used on macOS); LukeZGD fork
- iPwnder32 - dora2ios (old version with libusb used on Linux)
- gaster - 0x7ff; verygenericname/Nathan fork
- daibutsuCFW - dora2ios; LukeZGD fork
- daibutsu - dora/kok3shidoll, Clarity
- libimobiledevice - libimobiledevice
- libirecovery - libimobiledevice
- libideviceactivation - libimobiledevice
- ideviceinstaller - libimobiledevice
- ifuse - libimobiledevice
- anisette-server from Provision - Dadoum (used for sideloading on Linux)
- AltServer-Linux - NyaMisty (used for sideloading on Linux)
- Sideloader - Dadoum (used for sideloading on Linux)
- tsschecker - tihmstar; 1Conan fork (v413)
- futurerestore - tihmstar
- LukeZGD fork used for restoring 32-bit devices
- LukeeGD fork used for restoring A7 devices
- futurerestore nightly used for restoring A8/A9/A10/A11 devices
- iBoot32Patcher - dora2ios fork
- idevicerestore - libimobiledevice; LukeZGD fork
- kloader from Odysseus
- kloader from axi0mX (used on iOS 4/5 only)
- kloader for iOS 5
- kloader_hgsp from nyan_satan (used on h3lix only)
- jq
- partialZipBrowser
- zenity; macOS build
- 32-bit bundles from OdysseusOTA, OdysseusOTA2, alitek12, gjest (modified bundles for daibutsuCFW)
- A7 patches from MatthewPierson
- iPad 2 iOS 4.3.x bundles from selfisht, Ralph0045
- datautils0 - comex (used for iPad 2 4.3.x kernel diffs)
- sshpass
- Bootstrap tar from SpiritNET
- Cydia HTTPatch for 3.1.3 downgrades/jailbreaks
- Pangu
- p0sixspwn
- evasi0n
- g1lbertJB
- UntetherHomeDepot
- greenpois0n
- Some patches from PwnageTool, sn0wbreeze, redsn0w
- Some patches made using patchers from Bundle-Creation
- SSH Ramdisk tars from Ralph0045's SSH-Ramdisk-Maker-and-Loader and msftguy's ssh-rd
- 64-bit SSH Ramdisk stuff is based on Nathan's SSHRD_Script (iOS 12+), and exploit3dguy's iram tar from iarchive.app (iOS 8)