Skip to content

Commit

Permalink
some other changes
Browse files Browse the repository at this point in the history
  • Loading branch information
LukeZGD committed May 14, 2024
1 parent 2fd5372 commit 708c187
Show file tree
Hide file tree
Showing 5 changed files with 40 additions and 23 deletions.
4 changes: 2 additions & 2 deletions resources/firmware/src/target/k48/9B206/partition
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ sleep 1s
fsck_hfs -f /dev/rdisk0s1s3
sleep 2s

dd of=/dev/rdisk0s1s3 if=/exploit bs=512k count=1
dd of=/dev/rdisk0s1s3 if=/exploit bs=64k count=1
sleep 1s
fi

Expand All @@ -61,7 +61,7 @@ sleep 1s
fsck_hfs -f /dev/rdisk0s1s4
sleep 2s

dd of=/dev/rdisk0s1s4 if=/exploit bs=512k count=1
dd of=/dev/rdisk0s1s4 if=/exploit bs=64k count=1
sleep 1s
fi

Expand Down
4 changes: 2 additions & 2 deletions resources/firmware/src/target/n18/9B206/partition
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ sleep 1s
fsck_hfs -f /dev/rdisk0s1s3
sleep 2s

dd of=/dev/rdisk0s1s3 if=/exploit bs=512k count=1
dd of=/dev/rdisk0s1s3 if=/exploit bs=64k count=1
sleep 1s
fi

Expand All @@ -61,7 +61,7 @@ sleep 1s
fsck_hfs -f /dev/rdisk0s1s4
sleep 2s

dd of=/dev/rdisk0s1s4 if=/exploit bs=512k count=1
dd of=/dev/rdisk0s1s4 if=/exploit bs=64k count=1
sleep 1s
fi

Expand Down
Binary file modified resources/sshrd/ssh.tar
Binary file not shown.
Binary file modified resources/sshrd/ssh_old.tar
Binary file not shown.
55 changes: 36 additions & 19 deletions restore.sh
Original file line number Diff line number Diff line change
Expand Up @@ -1284,7 +1284,7 @@ device_enter_mode() {
read -p "$(input 'Is your device in PWNED DFU mode using synackuk checkm8-a5? (y/N): ')" opt
if [[ $opt != "Y" && $opt != "y" ]]; then
local error_msg=$'\n* Please put the device in normal mode and jailbroken before proceeding.'
error_msg+=$'\n* Exit DFU mode by holding the TOP and HOME buttons for 15 seconds.'
error_msg+=$'\n* Exit DFU mode by holding the TOP and HOME buttons for about 15 seconds.'
error_msg+=$'\n* For usage of kDFU/pwnDFU, read the "Troubleshooting" wiki page in GitHub'
error "32-bit A5 device is not in PWNED DFU mode." "$error_msg"
fi
Expand Down Expand Up @@ -4263,16 +4263,12 @@ device_ramdisk64() {
build_id="18C66"
fi

if (( device_proc <= 8 )) && [[ $device_type != "iPad5,1" && $device_type != "iPad5,2" ]]; then
local ver="12"
if [[ $device_type == "iPad5"* ]]; then
ver="14"
fi
if [[ $device_proc == 7 ]]; then
print "* Version Selection"
print "* The version of the SSH Ramdisk is set to iOS $ver by default."
print "* There is also an option to use iOS 8 ramdisk. Select N to fix devices on iOS 7 not booting after using iOS $ver ramdisk."
print "* The version of the SSH Ramdisk is set to iOS 12 by default. This is the recommended option."
print "* There is also an option to use iOS 8 ramdisk. This is only for fixing devices on iOS 7 not booting after using iOS 12 ramdisk."
print "* If not sure, just press Enter/Return. This will select the default version."
read -p "$(input "Select Y to use iOS $ver, select N to use iOS 8 (Y/n) ")" opt
read -p "$(input "Select Y to use iOS 12, select N to use iOS 8 (Y/n) ")" opt
if [[ $opt == 'n' || $opt == 'N' ]]; then
ios8=1
fi
Expand Down Expand Up @@ -4600,9 +4596,7 @@ device_ramdisk() {
else
log "Patch iBEC"
"$dir/xpwntool" iBEC.dec iBEC.raw
if [[ $1 == "justboot" && $device_type == "iPad2"* && $build_id == "8"* ]]; then
"$dir/iBoot32Patcher" iBEC.raw iBEC.patched --rsa -b "-v cs_enforcement_disable=1"
elif [[ $1 == "justboot" ]]; then
if [[ $1 == "justboot" ]]; then
"$dir/iBoot32Patcher" iBEC.raw iBEC.patched --rsa -b "-v pio-error=0"
else
"$dir/iBoot32Patcher" iBEC.raw iBEC.patched --rsa --debug -b "rd=md0 -v amfi=0xff cs_enforcement_disable=1"
Expand Down Expand Up @@ -4859,6 +4853,14 @@ menu_ramdisk() {
fi
if [[ $1 == "18C66" ]]; then
menu_items+=("Install TrollStore")
elif (( device_proc >= 7 )) && [[ $1 == "12"* ]]; then
local top="TOP"
if [[ $device_type == "iPhone7"* ]]; then
top="SIDE"
fi
log "Ramdisk should now boot and fix iOS 7 not booting."
print "* Wait for \"OK\" to show up on screen, then proceed to force restart the device by holding the $top and HOME buttons for about 15 seconds."
return
elif (( device_proc <= 8 )); then
menu_items+=("Erase All (iOS 7 and 8)")
fi
Expand Down Expand Up @@ -6246,6 +6248,7 @@ menu_other() {
;;
iPhone[23],1 ) menu_items+=("Hacktivate Device");;
esac
menu_items+=("Revert Hacktivation")
;;
esac
menu_items+=("Shutdown Device" "Restart Device" "Enter Recovery Mode")
Expand Down Expand Up @@ -6278,6 +6281,7 @@ menu_other() {
done
case $selected in
"Hacktivate Device" ) mode="hacktivate";;
"Revert Hacktivation" ) mode="reverthacktivate";;
"Create Custom IPSW" ) menu_restore ipsw;;
"Enter kDFU Mode" ) mode="kdfu";;
"Disable/Enable Exploit" ) mode="remove4";;
Expand Down Expand Up @@ -6645,30 +6649,42 @@ device_hacktivate() {
log "Patching lockdownd"
$bspatch lockdownd lockdownd.patched "$patch"
log "Renaming original lockdownd"
$ssh -p $ssh_port root@127.0.0.1 "mv /usr/libexec/lockdownd /usr/libexec/lockdownd.orig"
$ssh -p $ssh_port root@127.0.0.1 "[[ ! -e /usr/libexec/lockdownd.orig ]] && mv /usr/libexec/lockdownd /usr/libexec/lockdownd.orig"
log "Copying patched lockdownd to device"
$scp -P $ssh_port lockdownd.patched root@127.0.0.1:/usr/libexec/lockdownd
$ssh -p $ssh_port root@127.0.0.1 "chmod +x /usr/libexec/lockdownd; reboot"
log "Done. Your device will reboot now"
log "Done. Your device should reboot now"
}

device_reverthacktivate() {
print "* This will use revert hacktivation for this device."
print "* This option can only be used if the hacktivation is done using Legacy iOS Kit's \"Hacktivate Device\" option."
pause
device_iproxy
device_sshpass
log "Reverting lockdownd"
$ssh -p $ssh_port root@127.0.0.1 "[[ -e /usr/libexec/lockdownd.orig ]] && rm /usr/libexec/lockdownd && mv /usr/libexec/lockdownd.orig /usr/libexec/lockdownd"
$ssh -p $ssh_port root@127.0.0.1 "chmod +x /usr/libexec/lockdownd; reboot"
log "Done. Your device should reboot now"
}

restore_customipsw() {
print "* You are about to restore with a custom IPSW."
if [[ $device_proc == 1 ]]; then
print "* This option is for restoring with custom IPSWs for downgrading and/or jailbreaking the device."
print "* This option is for restoring with other IPSWs for downgrading and/or jailbreaking the device."
else
print "* This option is only for restoring with IPSWs NOT made with Legacy iOS Kit, like whited00r or GeekGrade."
if [[ $device_newbr == 1 ]]; then
warn "Your device is a new bootrom model and custom IPSWs might not be compatible."
warn "Your device is a new bootrom model and some custom IPSWs might not be compatible."
print "* For iPhone 3GS, after restoring you will need to go to Other Utilities -> Install alloc8 Exploit"
elif [[ $device_type == "iPod2,1" ]]; then
print "* You may also use this option for downgrading the device to 3.0 and lower for old bootrom models."
else
warn "* Do NOT use this option for powdersn0w or jailbreak IPSWs made with Legacy iOS Kit!"
fi
if [[ $platform == "macos" ]] && [[ $device_type == "iPod2,1" || $device_proc == 1 ]]; then
warn "* Restoring to 2.x might not work on newer macOS versions."
fi
fi
if [[ $platform == "macos" ]] && [[ $device_type == "iPod2,1" || $device_proc == 1 ]]; then
warn "* Restoring to 2.x might not work on newer macOS versions."
fi
if [[ $device_proc == 1 ]]; then
echo
Expand Down Expand Up @@ -6942,6 +6958,7 @@ main() {
"ideviceinstaller" ) device_ideviceinstaller;;
"altserver_linux" ) device_altserver_linux;;
"hacktivate" ) device_hacktivate;;
"reverthacktivate" ) device_reverthacktivate;;
"restore-latest" ) restore_latest64;;
"convert-onboard-blobs" ) shsh_convert_onboard;;
* ) :;;
Expand Down

0 comments on commit 708c187

Please sign in to comment.