diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml
new file mode 100644
index 00000000..c8bcb0ed
--- /dev/null
+++ b/.github/FUNDING.yml
@@ -0,0 +1 @@
+ko_fi: lukezgd
diff --git a/README.md b/README.md
index 4841beff..d9906a3b 100644
--- a/README.md
+++ b/README.md
@@ -13,6 +13,7 @@
- This includes downgrading iPhone 3GS, iPhone 4 GSM and CDMA, iPod touch 2, touch 3, iPad 1
- Restore with SHSH blobs on supported devices
- Restore to other iOS versions with iOS 7 blobs (powdersn0w)
+- Tethered restores to other iOS versions for A5/A6 and other devices
- Jailbreak all 32-bit iOS devices on (almost) any iOS version
- Available on iOS versions 3.1.3 to 9.3.4
- Only unsupported versions are iOS 9.0.x and iPad 2 on 4.3.x
@@ -25,6 +26,7 @@
- Device activation using ideviceactivation (useful for iOS 4 and lower)
- The latest baseband will be flashed for A5/A6 devices with baseband
- Dumping and stitching baseband to IPSW (requires `--disable-bbupdate`)
+- Dumping and stitching activation records to IPSW (requires `--activation-records`)
## Supported devices
- [Identify your device here](https://ipsw.me/device-finder)
diff --git a/bin/linux/arm64/powdersn0w b/bin/linux/arm64/powdersn0w
index 7781794c..24d2a2ee 100755
Binary files a/bin/linux/arm64/powdersn0w and b/bin/linux/arm64/powdersn0w differ
diff --git a/bin/linux/armhf/powdersn0w b/bin/linux/armhf/powdersn0w
index 04fc3da0..8daf20f0 100755
Binary files a/bin/linux/armhf/powdersn0w and b/bin/linux/armhf/powdersn0w differ
diff --git a/bin/linux/x86_64/powdersn0w b/bin/linux/x86_64/powdersn0w
index 6b1eb09f..9f9add95 100755
Binary files a/bin/linux/x86_64/powdersn0w and b/bin/linux/x86_64/powdersn0w differ
diff --git a/bin/macos/powdersn0w b/bin/macos/powdersn0w
index 6d29d694..2081e159 100755
Binary files a/bin/macos/powdersn0w and b/bin/macos/powdersn0w differ
diff --git a/resources/firmware/iPhone3,3/9B206/url b/resources/firmware/iPhone3,3/9B206/url
new file mode 100644
index 00000000..816524f5
--- /dev/null
+++ b/resources/firmware/iPhone3,3/9B206/url
@@ -0,0 +1 @@
+http://appldnld.apple.com/iOS5.1.1/041-4291.20120427.Zs8F0/iPhone3,3_5.1.1_9B206_Restore.ipsw
diff --git a/resources/firmware/iPhone5,2/11D257/index.html b/resources/firmware/iPhone5,2/11D257/index.html
new file mode 100644
index 00000000..60648ee9
--- /dev/null
+++ b/resources/firmware/iPhone5,2/11D257/index.html
@@ -0,0 +1 @@
+{"identifier": "iPhone5,2", "buildid": "11D257", "codename": "Sochi", "restoreramdiskexists": true, "updateramdiskexists": true, "keys": [{"image": "RootFS", "filename": "058-4447-009.dmg", "date": "2021-12-09T08:16:30.738342", "key": "16f99aba62c8325456e9f9c36c9ad31b4498c6f034042540222321b81ec4734b1a3780d0"}, {"image": "UpdateRamdisk", "filename": "058-4357-009.dmg", "date": "2021-12-09T08:16:30.738380", "iv": "c609eba82fe8acb1710ec3539a1d37eb", "key": "b3070f4fb8da78d478ee2f5422b0988883f295208e78ab0d79f84ced490c22dd", "kbag": "c609eba82fe8acb1710ec3539a1d37ebb3070f4fb8da78d478ee2f5422b0988883f295208e78ab0d79f84ced490c22dd"}, {"image": "RestoreRamdisk", "filename": "058-4276-009.dmg", "date": "2021-12-09T08:16:30.738400", "iv": "13b6456bec67fa74faada14e1c3607aa", "key": "4e0bcc542aefc750cd463f6d0ed4710f15fb0ec0d2a11d4e213b6f58c1e20e87", "kbag": "13b6456bec67fa74faada14e1c3607aa4e0bcc542aefc750cd463f6d0ed4710f15fb0ec0d2a11d4e213b6f58c1e20e87"}, {"image": "AppleLogo", "filename": "applelogo@2x~iphone.s5l8950x.img3", "date": "2021-12-09T08:16:30.738417", "iv": "9e81e7de70555a77c8ca9ee14d00420b", "key": "89e683b3820c83b0971e46c28ef3f11e851a4907b85bedffa14c4ccde8e5736c", "kbag": "9e81e7de70555a77c8ca9ee14d00420b89e683b3820c83b0971e46c28ef3f11e851a4907b85bedffa14c4ccde8e5736c"}, {"image": "BatteryCharging0", "filename": "batterycharging0@2x~iphone.s5l8950x.img3", "date": "2021-12-09T08:16:30.738434", "iv": "965f2f774639c72fd930617051ba95c9", "key": "f59bcf24806eaaa712eb0966901ca2aa794f76544e4535bac141fb35dc5dc4d3", "kbag": "965f2f774639c72fd930617051ba95c9f59bcf24806eaaa712eb0966901ca2aa794f76544e4535bac141fb35dc5dc4d3"}, {"image": "BatteryCharging1", "filename": "batterycharging1@2x~iphone.s5l8950x.img3", "date": "2021-12-09T08:16:30.738451", "iv": "cbc4bb3fca585fa18877970ae8bab532", "key": "db3a8402c16aee450b43460162f9cb95312f489a1dff1c56c2bc910464edbe11", "kbag": "cbc4bb3fca585fa18877970ae8bab532db3a8402c16aee450b43460162f9cb95312f489a1dff1c56c2bc910464edbe11"}, {"image": "BatteryFull", "filename": "batteryfull@2x~iphone.s5l8950x.img3", "date": "2021-12-09T08:16:30.738467", "iv": "208203e66f8764b18a14d0edecb4815d", "key": "e3c5e92bd17a8701d4eb7da1d7a7b24d1ca2bedf3dce130f5a180bb09bde40e6", "kbag": "208203e66f8764b18a14d0edecb4815de3c5e92bd17a8701d4eb7da1d7a7b24d1ca2bedf3dce130f5a180bb09bde40e6"}, {"image": "BatteryLow0", "filename": "batterylow0@2x~iphone.s5l8950x.img3", "date": "2021-12-09T08:16:30.738484", "iv": "12ffe5e4a3fb42b9d09c23fd385264c1", "key": "1fb973478062ea8d815db5bd5962542327428c7bf8f68243e0f1dd4292deb413", "kbag": "12ffe5e4a3fb42b9d09c23fd385264c11fb973478062ea8d815db5bd5962542327428c7bf8f68243e0f1dd4292deb413"}, {"image": "BatteryLow1", "filename": "batterylow1@2x~iphone.s5l8950x.img3", "date": "2021-12-09T08:16:30.738501", "iv": "ef8e4d282b7cc1394eab296f1983295d", "key": "abe3dfb85d89a0309d823bb22af28cac11d7afce025faa58a9b735dc593dc3b3", "kbag": "ef8e4d282b7cc1394eab296f1983295dabe3dfb85d89a0309d823bb22af28cac11d7afce025faa58a9b735dc593dc3b3"}, {"image": "DeviceTree", "filename": "DeviceTree.n42ap.img3", "date": "2021-12-09T08:16:30.738516", "iv": "814b4f2f7ea8aa695ba9503663293222", "key": "3df14c776de506ce08353d1c87d997f6f5a75343c83f8f43d313dae058aae2bd", "kbag": "814b4f2f7ea8aa695ba95036632932223df14c776de506ce08353d1c87d997f6f5a75343c83f8f43d313dae058aae2bd"}, {"image": "GlyphPlugin", "filename": "glyphplugin@1136~iphone-lightning.s5l8950x.img3", "date": "2021-12-09T08:16:30.738532", "iv": "0c71f70cb151b1076e2b72b9ded2f44b", "key": "a6d040af2c5c58b7375f8de97a9505aab9e16b6cf24c6a94a72cf4a3091e33de", "kbag": "0c71f70cb151b1076e2b72b9ded2f44ba6d040af2c5c58b7375f8de97a9505aab9e16b6cf24c6a94a72cf4a3091e33de"}, {"image": "iBEC", "filename": "iBEC.n42ap.RELEASE.dfu", "date": "2021-12-09T08:16:30.738549", "iv": "1d45b6ca42dafd5d711e3d23e5fa0fc7", "key": "459912ddeeeb9d4a1c66068c8c1d8f46d8dd72e3e7dfa3ff0326f1ab6bb59c28", "kbag": "1d45b6ca42dafd5d711e3d23e5fa0fc7459912ddeeeb9d4a1c66068c8c1d8f46d8dd72e3e7dfa3ff0326f1ab6bb59c28"}, {"image": "iBoot", "filename": "iBoot.n42ap.RELEASE.img3", "date": "2021-12-09T08:16:30.738565", "iv": "422b9c5e642ff797dc38b9910f084826", "key": "b23dbe781086f6000cba372e5e8ae01c3f61c032ab1fb6729129707e3ccb9463", "kbag": "422b9c5e642ff797dc38b9910f084826b23dbe781086f6000cba372e5e8ae01c3f61c032ab1fb6729129707e3ccb9463"}, {"image": "iBSS", "filename": "iBSS.n42ap.RELEASE.dfu", "date": "2021-12-09T08:16:30.738586", "iv": "d279e5c309be7ac035fd313958a178be", "key": "617f7e2d5d8e2940a325758cd42055b83e2e3d243f068d5a9015b0fe67bed815", "kbag": "d279e5c309be7ac035fd313958a178be617f7e2d5d8e2940a325758cd42055b83e2e3d243f068d5a9015b0fe67bed815"}, {"image": "Kernelcache", "filename": "kernelcache.release.n42", "date": "2021-12-09T08:16:30.738601", "iv": "c7901452e5c32f32a7195a77d126e592", "key": "2697534225bb043f54c2db418b1584c969f3e4f11bca8cb1e6baffe7c815e73e", "kbag": "c7901452e5c32f32a7195a77d126e5922697534225bb043f54c2db418b1584c969f3e4f11bca8cb1e6baffe7c815e73e"}, {"image": "LLB", "filename": "LLB.n42ap.RELEASE.img3", "date": "2021-12-09T08:16:30.738617", "iv": "aec3884b72a2bed79cdeb22dafe435ae", "key": "eab62675bf2b2f8712205da766c1b5d90e725a38200b76aa7726a2ce3cd8d173", "kbag": "aec3884b72a2bed79cdeb22dafe435aeeab62675bf2b2f8712205da766c1b5d90e725a38200b76aa7726a2ce3cd8d173"}, {"image": "RecoveryMode", "filename": "recoverymode@1136~iphone-lightning.s5l8950x.img3", "date": "2021-12-09T08:16:30.738633", "iv": "f91c21637ca0b51522d4c4d4d0a68378", "key": "3349b42d49224378ead053885503e426ebd08d3653538015630783314bab209c", "kbag": "f91c21637ca0b51522d4c4d4d0a683783349b42d49224378ead053885503e426ebd08d3653538015630783314bab209c"}]}
\ No newline at end of file
diff --git a/resources/firmware/iPhone5,2/11D257/sha1sum b/resources/firmware/iPhone5,2/11D257/sha1sum
new file mode 100644
index 00000000..db38322f
--- /dev/null
+++ b/resources/firmware/iPhone5,2/11D257/sha1sum
@@ -0,0 +1 @@
+1153d88387324db90b4b79323d304036e113829a
diff --git a/resources/firmware/iPhone5,2/13G36/index.html b/resources/firmware/iPhone5,2/13G36/index.html
new file mode 100644
index 00000000..2296d96f
--- /dev/null
+++ b/resources/firmware/iPhone5,2/13G36/index.html
@@ -0,0 +1 @@
+{"identifier": "iPhone5,2", "buildid": "13G36", "codename": "Genoa", "restoreramdiskexists": true, "updateramdiskexists": true, "keys": [{"image": "RootFS", "filename": "058-49065-036.dmg", "date": "2021-12-09T08:16:55.594812", "key": "c1e95d290fffe973f1ff4880137b7b2fa41f8d04a18803a1ad1d6d74db5c20d8ea9c93fd"}, {"image": "UpdateRamdisk", "filename": "058-48920-036.dmg", "date": "2021-12-09T08:16:55.594848", "iv": "068844893d7601074cbdf700a03192a0", "key": "26cb618c1b050aa558111ef99c1dfb934cc734f0e1e95020d4ce61a4a9151e17", "kbag": "068844893d7601074cbdf700a03192a026cb618c1b050aa558111ef99c1dfb934cc734f0e1e95020d4ce61a4a9151e17"}, {"image": "RestoreRamdisk", "filename": "058-49199-036.dmg", "date": "2021-12-09T08:16:55.594868", "iv": "3cdac6e72bdcc6aa2c5cc066267e9549", "key": "ae0a23ed91c8425d9239b92635cb1274dd4447115b61dd6c164812afc771ed7c", "kbag": "3cdac6e72bdcc6aa2c5cc066267e9549ae0a23ed91c8425d9239b92635cb1274dd4447115b61dd6c164812afc771ed7c"}, {"image": "AppleLogo", "filename": "applelogo@2x~iphone.s5l8950x.img3", "date": "2021-12-09T08:16:55.594886", "iv": "5b65c19f8a4b2645033e0435c1484b01", "key": "b0bb92961a1bca0166b24c475e3b8d5da31891ed52c8023120bbe0ce8a819c9d", "kbag": "5b65c19f8a4b2645033e0435c1484b01b0bb92961a1bca0166b24c475e3b8d5da31891ed52c8023120bbe0ce8a819c9d"}, {"image": "BatteryCharging0", "filename": "batterycharging0@2x~iphone.s5l8950x.img3", "date": "2021-12-09T08:16:55.594903", "iv": "00345a18b940e9d402db2df790e4f758", "key": "31d787ceab74a849ae08b0fd66a330f51b042cc45714965672f266f9c774dfc9", "kbag": "00345a18b940e9d402db2df790e4f75831d787ceab74a849ae08b0fd66a330f51b042cc45714965672f266f9c774dfc9"}, {"image": "BatteryCharging1", "filename": "batterycharging1@2x~iphone.s5l8950x.img3", "date": "2021-12-09T08:16:55.594920", "iv": "c49d27587c7ea280b276fe1e4e029def", "key": "222d413e488715a320ce3c525e8018a0ba092f91dfe3d88c1673ef9b19e8443c", "kbag": "c49d27587c7ea280b276fe1e4e029def222d413e488715a320ce3c525e8018a0ba092f91dfe3d88c1673ef9b19e8443c"}, {"image": "BatteryFull", "filename": "batteryfull@2x~iphone.s5l8950x.img3", "date": "2021-12-09T08:16:55.594937", "iv": "a9d393a99ecfb64470edbd35e0e641c5", "key": "1b18c3260644e67744134a118642be92dd49c7c82adb4595e8ccd0f143a65c3c", "kbag": "a9d393a99ecfb64470edbd35e0e641c51b18c3260644e67744134a118642be92dd49c7c82adb4595e8ccd0f143a65c3c"}, {"image": "BatteryLow0", "filename": "batterylow0@2x~iphone.s5l8950x.img3", "date": "2021-12-09T08:16:55.594952", "iv": "a45f71bc69487b2b3f9fde91412a61f8", "key": "7e5cd8e21f9787f1e407307a05fc2dd8500f50d3f7b9c0fb4db8fd212013e1eb", "kbag": "a45f71bc69487b2b3f9fde91412a61f87e5cd8e21f9787f1e407307a05fc2dd8500f50d3f7b9c0fb4db8fd212013e1eb"}, {"image": "BatteryLow1", "filename": "batterylow1@2x~iphone.s5l8950x.img3", "date": "2021-12-09T08:16:55.594967", "iv": "4fc776d92db40484cc0567ede674131f", "key": "68809d7376e51077a320a8a17b51a83229f4c8a6488608173e43ad4e3211f1be", "kbag": "4fc776d92db40484cc0567ede674131f68809d7376e51077a320a8a17b51a83229f4c8a6488608173e43ad4e3211f1be"}, {"image": "DeviceTree", "filename": "DeviceTree.n42ap.img3", "date": "2021-12-09T08:16:55.594983", "iv": "f621863d4002cffc6ef72786e87c6592", "key": "705c22c32fb291a07c160c1fc3b9ac27ba799c00a74a7a785f31d13b44561017", "kbag": "f621863d4002cffc6ef72786e87c6592705c22c32fb291a07c160c1fc3b9ac27ba799c00a74a7a785f31d13b44561017"}, {"image": "GlyphPlugin", "filename": "glyphplugin@1136~iphone-lightning.s5l8950x.img3", "date": "2021-12-09T08:16:55.595000", "iv": "7fc0831a6d63c14b6370002ce4662033", "key": "c41fdadce746fbf67f4892a954d3a33996fd01a90ce619e36f1fa428e18fcf60", "kbag": "7fc0831a6d63c14b6370002ce4662033c41fdadce746fbf67f4892a954d3a33996fd01a90ce619e36f1fa428e18fcf60"}, {"image": "iBEC", "filename": "iBEC.n42.RELEASE.dfu", "date": "2021-12-09T08:16:55.595015", "iv": "d1adff5c7aa50e532c035a79b90d5da6", "key": "0513a558444019cb1ffc3b176ad70fd83882aed61007e11d759dc3cd53066f06", "kbag": "d1adff5c7aa50e532c035a79b90d5da60513a558444019cb1ffc3b176ad70fd83882aed61007e11d759dc3cd53066f06"}, {"image": "iBoot", "filename": "iBoot.n42.RELEASE.img3", "date": "2021-12-09T08:16:55.595032", "iv": "7d7d25b9f8d6d3ea15195f97f429e76e", "key": "d958a3bfdf81fc24114183eec0c1a1e994723772129b5719efad04e504c06f08", "kbag": "7d7d25b9f8d6d3ea15195f97f429e76ed958a3bfdf81fc24114183eec0c1a1e994723772129b5719efad04e504c06f08"}, {"image": "iBSS", "filename": "iBSS.n42.RELEASE.dfu", "date": "2021-12-09T08:16:55.595048", "iv": "02cb95b9e89ab9330f1390d7bce54d54", "key": "08f1756e61c6f68f66a302c830389830fb82ab1ee91d997d52badd2365b953c9", "kbag": "02cb95b9e89ab9330f1390d7bce54d5408f1756e61c6f68f66a302c830389830fb82ab1ee91d997d52badd2365b953c9"}, {"image": "Kernelcache", "filename": "kernelcache.release.n42", "date": "2021-12-09T08:16:55.595064", "iv": "2f2b867f7968c97c8b4fc381d2515920", "key": "980214739bc45b6e1dcade4216d65f6f3f72abee62adc33be92a5899137a3d8e", "kbag": "2f2b867f7968c97c8b4fc381d2515920980214739bc45b6e1dcade4216d65f6f3f72abee62adc33be92a5899137a3d8e"}, {"image": "LLB", "filename": "LLB.n42.RELEASE.img3", "date": "2021-12-09T08:16:55.595079", "iv": "3df4bd052cdace734af34eeee67d2617", "key": "f378980b601dc41194372d70a8bd4a319339c88ba6cb0c6a9c38d0b420442287", "kbag": "3df4bd052cdace734af34eeee67d2617f378980b601dc41194372d70a8bd4a319339c88ba6cb0c6a9c38d0b420442287"}, {"image": "RecoveryMode", "filename": "recoverymode@1136~iphone-lightning.s5l8950x.img3", "date": "2021-12-09T08:16:55.595095", "iv": "d75ced6cddbb430d62fe54e3dcc91b62", "key": "7dfe94f3f33a9970bc95c1565882d09cc75619937d87f543998beb285c7671d2", "kbag": "d75ced6cddbb430d62fe54e3dcc91b627dfe94f3f33a9970bc95c1565882d09cc75619937d87f543998beb285c7671d2"}]}
\ No newline at end of file
diff --git a/resources/firmware/iPhone5,2/13G36/sha1sum b/resources/firmware/iPhone5,2/13G36/sha1sum
new file mode 100644
index 00000000..09480b5a
--- /dev/null
+++ b/resources/firmware/iPhone5,2/13G36/sha1sum
@@ -0,0 +1 @@
+f3aca7ece247a03c93707ced44174f5ddedfc1b2
diff --git a/restore.sh b/restore.sh
index afd40ea7..e2e8a807 100755
--- a/restore.sh
+++ b/restore.sh
@@ -74,6 +74,7 @@ List of options:
--no-version-check Disable script version checking
For 32-bit devices compatible with restores/downgrades (see README):
+ --activation-records Enable dumping/stitching activation records
--disable-bbupdate Disable bbupdate and enable dumping/stitching baseband
--ipsw-hacktivate Enable hacktivation for creating IPSW (iPhone 2G/3G/3GS only)
--ipsw-verbose Enable verbose boot option (powdersn0w only)
@@ -194,7 +195,6 @@ set_tool_paths() {
if [[ -z $device_disable_sudoloop ]]; then
device_sudoloop=1 # Run some tools as root for device detection if set to 1. (for Linux)
- #log "new trap"
trap "clean_sudo" EXIT
fi
if [[ $(uname -m) == "a"* || $device_sudoloop == 1 || $live_cdusb == 1 ]]; then
@@ -219,8 +219,6 @@ set_tool_paths() {
if [[ -z $device_disable_usbmuxd ]]; then
sudo systemctl stop usbmuxd
sudo -b $dir/usbmuxd -pf 2>/dev/null
- sleep 1
- #log "new trap"
trap "clean_usbmuxd" EXIT
fi
fi
@@ -1016,7 +1014,7 @@ device_enter_mode() {
log "Running iproxy for SSH..."
$iproxy 2222 22 >/dev/null &
iproxy_pid=$!
- sleep 2
+ sleep 1
log "Please read the message below:"
print "* Follow these instructions to enter kDFU mode."
@@ -1645,7 +1643,8 @@ ipsw_preference_set() {
:
elif [[ $device_type == "iPhone2,1" || $device_type == "iPod2,1" || $device_proc == 1 ]] && [[ $device_target_other != 1 ]]; then
:
- elif [[ $ipsw_jailbreak == 1 || $device_type == "$device_disable_bbupdate" || $device_target_powder == 1 ]] ||
+ elif [[ $ipsw_jailbreak == 1 || $device_type == "$device_disable_bbupdate" ||
+ $device_target_powder == 1 || $device_target_tethered == 1 ]] ||
[[ $device_type == "iPad2"* && $device_target_vers == "4.3"* ]] ||
[[ $device_type == "iPad1,1" && $device_target_vers != "5"* ]] ||
[[ $device_type == "iPhone3,1" && $device_target_vers == "4"* ]]; then
@@ -1762,7 +1761,7 @@ ipsw_verify() {
local build_id="$2"
local cutver
local device
- IPSWSHA1=$(cat "$device_fw_dir/$build_id/sha1sum" 2>/dev/null)
+ local IPSWSHA1=$(cat "$device_fw_dir/$build_id/sha1sum" 2>/dev/null)
if (( device_proc > 7 )); then
return
fi
@@ -1819,8 +1818,10 @@ ipsw_verify() {
return 1
fi
log "IPSW SHA1sum matches"
- if [[ $build_id == "$device_target_build" ]]; then
- IPSWSHA1t="$IPSWSHA1"
+ if [[ $build_id == "$device_base_build" ]]; then
+ device_base_sha1="$IPSWSHA1"
+ else
+ device_target_sha1="$IPSWSHA1"
fi
}
@@ -1904,12 +1905,12 @@ ipsw_prepare_jailbreak() {
else
JBFiles+=("fstab_rw.tar" "freeze.tar")
case $device_target_vers in
- "6.1.6" | "6.1.3" ) JBFiles+=("p0sixspwn.tar");;
- "4.2.1" | "4.1" | "4.0"* )
+ 6.1.[36] ) JBFiles+=("p0sixspwn.tar");;
+ 4.2.1 | 4.1 | 4.0* | 3* )
JBFiles[0]="fstab_new.tar"
JBFiles+=("greenpois0n/${device_type}_${device_target_build}.tar")
;;
- "5"* | "4.3"* | "4.2"* ) JBFiles+=("g1lbertJB/${device_type}_${device_target_build}.tar");;
+ 5* | 4.3* | 4.2* ) JBFiles+=("g1lbertJB/${device_type}_${device_target_build}.tar");;
esac
for i in {0..2}; do
JBFiles[i]=$jelbrek/${JBFiles[$i]}
@@ -2137,10 +2138,6 @@ ipsw_prepare_bundle() {
mkdir -p $FirmwareBundle
log "Generating firmware bundle for $device_type-$vers ($build) $1..."
- if [[ ! -d $FirmwareBundle2 ]]; then
- IPSWSHA256=$($sha256sum "${ipsw_p//\\//}.ipsw" | awk '{print $1}')
- log "IPSWSHA256: $IPSWSHA256"
- fi
unzip -o -j "$ipsw_p.ipsw" Firmware/all_flash/all_flash.${device_model}ap.production/manifest
mv manifest $FirmwareBundle/
local ramdisk_name=$(echo "$key" | $jq -j '.keys[] | select(.image | startswith("RestoreRamdisk")) | .filename')
@@ -2154,7 +2151,9 @@ ipsw_prepare_bundle() {
"$dir/hfsplus" Ramdisk.raw extract usr/local/share/restore/options.plist
mv options.plist options.$device_model.plist
fi
- if [[ $device_target_vers == "3"* ]]; then
+ if [[ $device_target_vers == "3.2"* ]]; then
+ RootSize=1000
+ elif [[ $device_target_vers == "3"* ]]; then
RootSize=520
elif [[ $platform == "macos" ]]; then
plutil -extract 'SystemPartitionSize' xml1 options.$device_model.plist -o size
@@ -2174,8 +2173,11 @@ ipsw_prepare_bundle() {
printf ".%s" "$device_model" >> $NewPlist
fi
echo -e ".plist" >> $NewPlist
- echo -e "SHA256$IPSWSHA256" >> $NewPlist
- echo -e "SHA1$IPSWSHA1t" >> $NewPlist
+ if [[ $1 == "base" ]]; then
+ echo -e "SHA1$device_base_sha1" >> $NewPlist
+ else
+ echo -e "SHA1$device_target_sha1" >> $NewPlist
+ fi
if [[ $1 == "base" ]]; then
case $device_type in
@@ -2323,7 +2325,7 @@ ipsw_prepare_32bit() {
return
elif [[ $device_type != "$device_disable_bbupdate" && $ipsw_jailbreak != 1 &&
$device_target_build != "9A406" && # the 4s-exclusive 9a406 has unencrypted ramdisks, needs custom ipsw since futurerestore breaks (it expects encrypted ramdisks)
- $device_proc != 4 && $device_actrec != 1 ]]; then
+ $device_proc != 4 && $device_actrec != 1 && $device_target_tethered != 1 ]]; then
log "No need to create custom IPSW for non-jailbroken restores on $device_type-$device_target_build"
return
elif [[ $ipsw_jailbreak == 1 && $device_target_vers == "8"* ]]; then
@@ -2592,7 +2594,6 @@ ipsw_prepare_ios4multipart() {
mkdir -p $saved_path Downgrade Firmware/dfu 2>/dev/null
device_fw_key_check temp $build
log "Getting $vers restore components"
- comps+=("iBSS" "iBEC" "DeviceTree" "Kernelcache" "RestoreRamdisk")
for getcomp in "${comps[@]}"; do
name=$(echo $device_fw_key_temp | $jq -j '.keys[] | select(.image | startswith("'$getcomp'")) | .filename')
iv=$(echo $device_fw_key_temp | $jq -j '.keys[] | select(.image | startswith("'$getcomp'")) | .iv')
@@ -2659,11 +2660,18 @@ ipsw_prepare_ios4multipart() {
"$dir/xpwntool" ramdisk2.orig ramdisk2.dec
"$dir/hfsplus" ramdisk2.dec extract usr/local/share/restore/$options_plist
+ if [[ $device_type == "iPad1,1" && $device_target_vers == "3.2"* ]]; then
+ options_plist="options.k48.plist"
+ rm $options_plist
+ mv options.plist $options_plist
+ fi
+
log "Modify options.plist"
"$dir/hfsplus" RestoreRamdisk.dec rm usr/local/share/restore/$options_plist
- sed -i.bak '/<\/dict>/{N;d;}' $options_plist
- echo "FlashNOR" >> $options_plist
- "$dir/hfsplus" RestoreRamdisk.dec add $options_plist usr/local/share/restore/$options_plist
+ cat $options_plist | sed '$d' | sed '$d' > options2.plist
+ echo "FlashNOR" >> options2.plist
+ cat options2.plist
+ "$dir/hfsplus" RestoreRamdisk.dec add options2.plist usr/local/share/restore/$options_plist
log "Adding exploit and partition stuff"
cp -R ../resources/firmware/src .
@@ -2679,6 +2687,49 @@ ipsw_prepare_ios4multipart() {
mv temp.ipsw "$ipsw_custom.ipsw"
}
+ipsw_prepare_tethered() {
+ local name
+ local iv
+ local key
+ options_plist="options"
+ if [[ $device_type == "iPad1,1" && $device_target_vers == "4"* ]] ||
+ [[ $device_target_vers != "3"* && $device_target_vers != "4"* ]]; then
+ options_plist+=".$device_model"
+ fi
+ options_plist+=".plist"
+
+ if [[ -e "$ipsw_custom.ipsw" ]]; then
+ log "Found existing Custom IPSW. Skipping IPSW creation."
+ return
+ fi
+
+ ipsw_prepare_32bit
+
+ log "Extract RestoreRamdisk and options.plist"
+ device_fw_key_check temp $device_target_build
+ name=$(echo $device_fw_key_temp | $jq -j '.keys[] | select(.image | startswith("RestoreRamdisk")) | .filename')
+ iv=$(echo $device_fw_key_temp | $jq -j '.keys[] | select(.image | startswith("RestoreRamdisk")) | .iv')
+ key=$(echo $device_fw_key_temp | $jq -j '.keys[] | select(.image | startswith("RestoreRamdisk")) | .key')
+ mv "$ipsw_custom.ipsw" temp.ipsw
+ unzip -o -j temp.ipsw $name
+ mv $name ramdisk.orig
+ "$dir/xpwntool" ramdisk.orig ramdisk.dec -iv $iv -k $key
+ "$dir/hfsplus" ramdisk.dec extract usr/local/share/restore/$options_plist
+
+ log "Modify options.plist"
+ "$dir/hfsplus" ramdisk.dec rm usr/local/share/restore/$options_plist
+ cat $options_plist | sed '$d' | sed '$d' > options2.plist
+ echo "FlashNOR" >> options2.plist
+ cat options2.plist
+ "$dir/hfsplus" ramdisk.dec add options2.plist usr/local/share/restore/$options_plist
+
+ log "Repack Restore Ramdisk"
+ "$dir/xpwntool" ramdisk.dec $name -t ramdisk.orig
+ log "Add Restore Ramdisk to IPSW"
+ zip -r0 temp.ipsw $name
+ mv temp.ipsw "$ipsw_custom.ipsw"
+}
+
ipsw_prepare_ios4powder() {
local ExtraArgs="-apticket $shsh_path"
local ExtraArgs2="--boot-partition --boot-ramdisk --logo4 "
@@ -2814,9 +2865,9 @@ ipsw_prepare_powder() {
if [[ $device_target_vers == "9"* ]]; then
ExtraArr[0]+="9"
fi
- if [[ $ipsw_jailbreak == 1 && $ipsw_verbose == 1 ]]; then
+ if [[ $ipsw_jailbreak == 1 && $ipsw_verbose == 1 && $device_target_vers != "7"* ]]; then
ExtraArr+=("-b" "-v cs_enforcement_disable=1 amfi_get_out_of_my_way=1")
- elif [[ $ipsw_jailbreak == 1 ]]; then
+ elif [[ $ipsw_jailbreak == 1 && $device_target_vers != "7"* ]]; then
ExtraArr+=("-b" "cs_enforcement_disable=1 amfi_get_out_of_my_way=1")
elif [[ $ipsw_verbose == 1 ]]; then
ExtraArr+=("-b" "-v")
@@ -3137,12 +3188,11 @@ restore_idevicerestore() {
ipsw_extract custom
if [[ $1 == "norflash" ]]; then
cp "$shsh_path" shsh/$device_ecid-$device_type-5.1.1.shsh
- elif [[ $device_type == "iPad1,1" ]] && [[ $device_target_powder == 1 || $device_target_other == 1 ]] &&
- [[ $device_target_vers == "3"* || $device_target_vers == "4"* ]]; then
+ elif [[ $device_type == "iPad1,1" ]] && [[ $device_target_vers == "3"* || $device_target_vers == "4"* ]]; then
patch_ibss
log "Sending iBSS..."
$irecovery -f pwnediBSS.dfu
- sleep 2
+ sleep 1
log "Sending iBEC..."
$irecovery -f "$ipsw_custom/Firmware/dfu/iBEC.${device_model}ap.RELEASE.dfu"
device_find_mode Recovery
@@ -3307,12 +3357,12 @@ restore_prepare_1033() {
iBEC=$iBECb
fi
$irecovery -f $iBSS.im4p
- sleep 2
+ sleep 1
while (( attempt < 5 )); do
log "Entering pwnREC mode... (Attempt $attempt)"
log "Sending iBSS..."
$irecovery -f $iBSS.im4p
- sleep 2
+ sleep 1
log "Sending iBEC..."
$irecovery -f $iBEC.im4p
sleep 5
@@ -3358,7 +3408,11 @@ restore_prepare() {
;;
4 )
- if [[ $device_target_powder == 1 ]]; then
+ if [[ $device_target_tethered == 1 ]]; then
+ shsh_save version $device_latest_vers
+ device_enter_mode pwnDFU
+ restore_idevicerestore
+ elif [[ $device_target_powder == 1 ]]; then
shsh_save version $device_latest_vers
if [[ $device_target_vers == "3"* || $device_target_vers == "4"* ]]; then
device_enter_mode pwnDFU
@@ -3453,7 +3507,12 @@ restore_prepare() {
[56] )
# 32-bit devices A5/A6
- if [[ $device_target_other != 1 && $device_target_powder != 1 && $device_target_tethered != 1 ]]; then
+ if [[ $device_target_tethered == 1 ]]; then
+ shsh_save version $device_latest_vers
+ device_enter_mode pwnDFU
+ restore_idevicerestore
+ return
+ elif [[ $device_target_other != 1 && $device_target_powder != 1 ]]; then
shsh_save
fi
if [[ $device_target_vers == "$device_latest_vers" ]]; then
@@ -3631,7 +3690,7 @@ device_ramdisk() {
if [[ -z $url ]]; then
log "Getting URL for $device_type-$build_id"
url="$(curl "https://api.ipsw.me/v4/ipsw/$device_type/$build_id" | $jq -j ".url")"
- if [[ $(echo "$IPSWSHA1" | grep -c '<') != 0 ]]; then
+ if [[ $(echo "$url" | grep -c '<') != 0 ]]; then
url="$(curl "https://api.ipsw.me/v4/device/$device_type?type=ipsw" | $jq -j ".firmwares[] | select(.buildid == \"$build_id\") | .url")"
fi
mkdir $device_fw_dir/$build_id 2>/dev/null
@@ -3775,7 +3834,7 @@ device_ramdisk() {
log "Sending iBSS..."
$irecovery -f $ramdisk_path/iBSS
if [[ $device_type != "iPod2,1" && $device_proc != 1 ]]; then
- sleep 2
+ sleep 1
log "Sending iBEC..."
$irecovery -f $ramdisk_path/iBEC
fi
@@ -3803,7 +3862,7 @@ device_ramdisk() {
log "Running iproxy for SSH..."
$iproxy 2222 22 >/dev/null &
iproxy_pid=$!
- sleep 2
+ sleep 1
device_sshpass alpine
;;
esac
@@ -3815,7 +3874,7 @@ device_ramdisk() {
local opt
log "Mounting root filesystem"
$ssh -p 2222 root@127.0.0.1 "mount.sh root"
- sleep 2
+ sleep 1
#log "Let's just dump both activation and baseband tars"
log "Creating baseband.tar"
$ssh -p 2222 root@127.0.0.1 "cd /mnt1; tar -cvf baseband.tar usr/local/standalone"
@@ -3857,7 +3916,7 @@ device_ramdisk() {
local untether
log "Mounting root filesystem"
$ssh -p 2222 root@127.0.0.1 "mount.sh root"
- sleep 2
+ sleep 1
log "Getting iOS version"
$scp -P 2222 root@127.0.0.1:/mnt1/System/Library/CoreServices/SystemVersion.plist .
if [[ $platform == "macos" ]]; then
@@ -3955,7 +4014,6 @@ device_ramdisk() {
if [[ $ipsw_openssh == 1 ]]; then
device_send_rdtar sshdeb.tar
fi
- sleep 3
if [[ $vers == "8"* ]]; then
log "Sending daibutsu/move.sh"
$scp -P 2222 $jelbrek/daibutsu/move.sh root@127.0.0.1:/mnt1
@@ -4025,7 +4083,7 @@ shsh_save_onboard() {
log "Sending iBSS..."
$irecovery -f pwnediBSS.dfu
fi
- sleep 2
+ sleep 1
patch_ibec
log "Sending iBEC..."
$irecovery -f pwnediBEC.dfu
@@ -4288,15 +4346,22 @@ menu_restore() {
case $device_type in
iPhone1,[12] | iPhone2,1 | iPhone3,2 | iPad1,1 | iPod[1234],1 )
if [[ -z $1 ]]; then
- menu_items+=("Other (Custom IPSW)")
+ : #menu_items+=("Other (Custom IPSW)")
fi
;;
esac
if [[ $device_proc != 1 ]]; then
- menu_items+=("Other (Use SHSH Blobs)")
+ if [[ $device_type != "iPod2,1" ]]; then
+ menu_items+=("Other (Use SHSH Blobs)")
+ fi
+ if [[ $device_proc == 5 || $device_proc == 6 ]]; then
+ menu_items+=("Other (Tethered)")
+ fi
+ case $device_type in
+ iPhone3,2 | iPod4,1 ) menu_items+=("Other (Tethered)");;
+ esac
if (( device_proc < 7 )); then
menu_items+=("DFU IPSW")
- #menu_items+=("Other (Tethered)" "DFU IPSW")
fi
fi
menu_items+=("Go Back")
@@ -4440,14 +4505,8 @@ menu_ipsw() {
print "* Selected Target IPSW: $ipsw_path.ipsw"
print "* Target Version: $device_target_vers-$device_target_build"
case $device_target_build in
- 7* ) warn "Selected target version is not supported and will most likely fail.";;
- 8[CE]* ) warn "Selected target version will restore but is most likely not functional.";;
+ 7* | 8[CE]* ) warn "Selected target version will restore but is most likely not functional.";;
esac
- if [[ $device_type == "iPhone3"* ]]; then
- case $device_target_build in
- 7 | 8[ABCE]* ) print "* Note that the 2nd restore is also supposed to error out";;
- esac
- fi
else
print "* Select Target IPSW to continue"
local lo
@@ -4509,28 +4568,16 @@ menu_ipsw() {
fi
elif [[ $1 == *"Tethered"* ]]; then
- menu_items+=("Select Base IPSW (tethered)")
if [[ -n $ipsw_path ]]; then
print "* Selected Target IPSW: $ipsw_path.ipsw"
print "* Target Version: $device_target_vers-$device_target_build"
else
print "* Select Target IPSW to continue"
fi
- echo
- local text2="(iOS 8.4.1)"
- case $device_type in
- iPhone4,1 | iPad2,[123] ) text2="(iOS 6.1.3)";;
- iPhone2,1 | iPod4,1 ) text2="(iOS 6.1.6)";;
- iPad1,1 | iPod3,1 ) text2="(iOS 5.1.1)";;
- iPhone3,[123] ) text2="(iOS 7.1.2)";;
- esac
- if [[ -n $ipsw_base_path ]]; then
- print "* Selected Base $text2 IPSW: $ipsw_base_path.ipsw"
- print "* Base Version: $device_base_vers-$device_base_build"
- else
- print "* Select Base $text2 IPSW to continue"
- fi
- if [[ -n $ipsw_path && -n $ipsw_base_path ]] && [[ -n $shsh_path || $2 == "ipsw" ]]; then
+ warn "This is a tethered downgrade. Not recommended unless you know what you are doing."
+ print "* Tethered downgrade: you need to use Legacy iOS Kit every time to boot the device."
+ print "* Booting can be done by going to: Other Utilities -> Just Boot"
+ if [[ -n $ipsw_path ]]; then
menu_items+=("$start")
fi
@@ -4597,7 +4644,6 @@ menu_ipsw() {
"Create IPSW" ) mode="custom-ipsw";;
"Select Target IPSW" ) menu_ipsw_browse "$1";;
"Select Base IPSW" ) menu_ipsw_browse "base";;
- "Select Base IPSW (tethered)" ) menu_ipsw_browse "base2";;
"Select Target SHSH" ) menu_shsh_browse "$1";;
"Select Base SHSH" ) menu_shsh_browse "base";;
"Download Target IPSW" ) ipsw_download "../$newpath";;
@@ -4762,24 +4808,6 @@ menu_ipsw_browse() {
ipsw_base_path="$newpath"
return
;;
- "base2" )
- local basec
- case $device_type in
- iPhone4,1 | iPad2,[123] ) basec="6.1.3";;
- iPhone2,1 | iPod4,1 ) basec="6.1.6";;
- iPad1,1 | iPod3,1 ) basec="5.1.1";;
- iPhone3,[123] ) basec="7.1.2";;
- * ) basec="8.4.1";;
- esac
- if [[ $device_base_vers != "$basec" ]]; then
- log "Selected IPSW is the correct version for base."
- pause
- return
- fi
- ipsw_verify "$newpath" "$device_base_build"
- ipsw_base_path="$newpath"
- return
- ;;
*"powdersn0w"* )
if [[ $device_target_build == "14"* ]]; then
log "Selected IPSW ($device_target_vers) is not supported as target version."
@@ -4854,7 +4882,6 @@ menu_other() {
if [[ $device_type == "iPhone"* ]]; then
menu_items+=("Dump Baseband")
fi
- #menu_items+=("Activation Records" "Clear NVRAM")
menu_items+=("Clear NVRAM")
if [[ $device_type != "iPod2,1" ]]; then
menu_items+=("Just Boot")
@@ -4862,6 +4889,7 @@ menu_other() {
else
menu_items+=("Enter pwnDFU Mode")
fi
+ menu_items+=("Activation Records")
case $device_type in
iPhone3,[13] | iPad1,1 | iPod3,1 ) menu_items+=("Disable/Enable Exploit");;
iPhone2,1 ) menu_items+=("Install alloc8 Exploit");;
@@ -4965,10 +4993,19 @@ device_dump() {
local arg="$1"
local dump="../saved/$device_type/$arg.tar"
local dmps
+ local dmp2
case $arg in
"baseband" ) dmps="/usr/local/standalone";;
- "activation" ) dmps="/private/var/root/Library/Lockdown";;
+ "activation" )
+ dmp2="private/var/root/Library/Lockdown"
+ case $device_vers in
+ [34567]* ) dmps="/$dmp2";;
+ 8* ) dmps="/private/var/mobile/Library/mad";;
+ * ) dmps="/private/var/containers/Data/System/*/Library/activation_records";;
+ esac
+ ;;
esac
+
log "Dumping files for $arg: $dmps"
if [[ -s $dump ]]; then
log "Found existing dumped $arg: $dump"
@@ -4997,10 +5034,15 @@ device_dump() {
log "Running iproxy for SSH..."
$iproxy 2222 22 >/dev/null &
iproxy_pid=$!
- sleep 2
+ sleep 1
device_sshpass
log "Creating $arg.tar"
- $ssh -p 2222 root@127.0.0.1 "tar -cvf /tmp/$arg.tar $dmps"
+ if [[ $arg == "activation" ]]; then
+ $ssh -p 2222 root@127.0.0.1 "mkdir -p /tmp/$dmp2; cp -R $dmps/* /tmp/$dmp2"
+ $ssh -p 2222 root@127.0.0.1 "cd /tmp; tar -cvf $arg.tar $dmp2"
+ else
+ $ssh -p 2222 root@127.0.0.1 "tar -cvf /tmp/$arg.tar $dmps"
+ fi
log "Copying $arg.tar"
$scp -P 2222 root@127.0.0.1:/tmp/$arg.tar .
cp $arg.tar $dump
@@ -5148,8 +5190,8 @@ main() {
set_tool_paths
log "Checking Internet connection..."
- local try=("www.apple.com"
- "google.com"
+ local try=("google.com"
+ "www.apple.com"
"208.67.222.222")
local check
for i in "${try[@]}"; do
@@ -5245,7 +5287,7 @@ for i in "$@"; do
"--disable-bbupdate" ) device_disable_bbupdate=1;;
"--disable-sudoloop" ) device_disable_sudoloop=1;;
"--disable-usbmuxd" ) device_disable_usbmuxd=1;;
- #"--activation-records" ) device_actrec=1;;
+ "--activation-records" ) device_actrec=1;;
"--ipsw-hacktivate" ) ipsw_hacktivate=1;;
esac
done