diff --git a/resources/firmware/src/target/k48/9B206/partition b/resources/firmware/src/target/k48/9B206/partition index d2ff38ac..391488a6 100644 --- a/resources/firmware/src/target/k48/9B206/partition +++ b/resources/firmware/src/target/k48/9B206/partition @@ -51,7 +51,7 @@ sleep 1s fsck_hfs -f /dev/rdisk0s1s3 sleep 2s -dd of=/dev/rdisk0s1s3 if=/exploit bs=512k count=1 +dd of=/dev/rdisk0s1s3 if=/exploit bs=64k count=1 sleep 1s fi @@ -61,7 +61,7 @@ sleep 1s fsck_hfs -f /dev/rdisk0s1s4 sleep 2s -dd of=/dev/rdisk0s1s4 if=/exploit bs=512k count=1 +dd of=/dev/rdisk0s1s4 if=/exploit bs=64k count=1 sleep 1s fi diff --git a/resources/firmware/src/target/n18/9B206/partition b/resources/firmware/src/target/n18/9B206/partition index d2ff38ac..391488a6 100644 --- a/resources/firmware/src/target/n18/9B206/partition +++ b/resources/firmware/src/target/n18/9B206/partition @@ -51,7 +51,7 @@ sleep 1s fsck_hfs -f /dev/rdisk0s1s3 sleep 2s -dd of=/dev/rdisk0s1s3 if=/exploit bs=512k count=1 +dd of=/dev/rdisk0s1s3 if=/exploit bs=64k count=1 sleep 1s fi @@ -61,7 +61,7 @@ sleep 1s fsck_hfs -f /dev/rdisk0s1s4 sleep 2s -dd of=/dev/rdisk0s1s4 if=/exploit bs=512k count=1 +dd of=/dev/rdisk0s1s4 if=/exploit bs=64k count=1 sleep 1s fi diff --git a/resources/sshrd/ssh.tar b/resources/sshrd/ssh.tar index d70e4c83..9294b6dc 100644 Binary files a/resources/sshrd/ssh.tar and b/resources/sshrd/ssh.tar differ diff --git a/resources/sshrd/ssh_old.tar b/resources/sshrd/ssh_old.tar index 1f86a1b7..baca1242 100644 Binary files a/resources/sshrd/ssh_old.tar and b/resources/sshrd/ssh_old.tar differ diff --git a/restore.sh b/restore.sh index 6eb00be9..602362f4 100755 --- a/restore.sh +++ b/restore.sh @@ -1284,7 +1284,7 @@ device_enter_mode() { read -p "$(input 'Is your device in PWNED DFU mode using synackuk checkm8-a5? (y/N): ')" opt if [[ $opt != "Y" && $opt != "y" ]]; then local error_msg=$'\n* Please put the device in normal mode and jailbroken before proceeding.' - error_msg+=$'\n* Exit DFU mode by holding the TOP and HOME buttons for 15 seconds.' + error_msg+=$'\n* Exit DFU mode by holding the TOP and HOME buttons for about 15 seconds.' error_msg+=$'\n* For usage of kDFU/pwnDFU, read the "Troubleshooting" wiki page in GitHub' error "32-bit A5 device is not in PWNED DFU mode." "$error_msg" fi @@ -4263,16 +4263,12 @@ device_ramdisk64() { build_id="18C66" fi - if (( device_proc <= 8 )) && [[ $device_type != "iPad5,1" && $device_type != "iPad5,2" ]]; then - local ver="12" - if [[ $device_type == "iPad5"* ]]; then - ver="14" - fi + if [[ $device_proc == 7 ]]; then print "* Version Selection" - print "* The version of the SSH Ramdisk is set to iOS $ver by default." - print "* There is also an option to use iOS 8 ramdisk. Select N to fix devices on iOS 7 not booting after using iOS $ver ramdisk." + print "* The version of the SSH Ramdisk is set to iOS 12 by default. This is the recommended option." + print "* There is also an option to use iOS 8 ramdisk. This is only for fixing devices on iOS 7 not booting after using iOS 12 ramdisk." print "* If not sure, just press Enter/Return. This will select the default version." - read -p "$(input "Select Y to use iOS $ver, select N to use iOS 8 (Y/n) ")" opt + read -p "$(input "Select Y to use iOS 12, select N to use iOS 8 (Y/n) ")" opt if [[ $opt == 'n' || $opt == 'N' ]]; then ios8=1 fi @@ -4600,9 +4596,7 @@ device_ramdisk() { else log "Patch iBEC" "$dir/xpwntool" iBEC.dec iBEC.raw - if [[ $1 == "justboot" && $device_type == "iPad2"* && $build_id == "8"* ]]; then - "$dir/iBoot32Patcher" iBEC.raw iBEC.patched --rsa -b "-v cs_enforcement_disable=1" - elif [[ $1 == "justboot" ]]; then + if [[ $1 == "justboot" ]]; then "$dir/iBoot32Patcher" iBEC.raw iBEC.patched --rsa -b "-v pio-error=0" else "$dir/iBoot32Patcher" iBEC.raw iBEC.patched --rsa --debug -b "rd=md0 -v amfi=0xff cs_enforcement_disable=1" @@ -4859,6 +4853,14 @@ menu_ramdisk() { fi if [[ $1 == "18C66" ]]; then menu_items+=("Install TrollStore") + elif (( device_proc >= 7 )) && [[ $1 == "12"* ]]; then + local top="TOP" + if [[ $device_type == "iPhone7"* ]]; then + top="SIDE" + fi + log "Ramdisk should now boot and fix iOS 7 not booting." + print "* Wait for \"OK\" to show up on screen, then proceed to force restart the device by holding the $top and HOME buttons for about 15 seconds." + return elif (( device_proc <= 8 )); then menu_items+=("Erase All (iOS 7 and 8)") fi @@ -6246,6 +6248,7 @@ menu_other() { ;; iPhone[23],1 ) menu_items+=("Hacktivate Device");; esac + menu_items+=("Revert Hacktivation") ;; esac menu_items+=("Shutdown Device" "Restart Device" "Enter Recovery Mode") @@ -6278,6 +6281,7 @@ menu_other() { done case $selected in "Hacktivate Device" ) mode="hacktivate";; + "Revert Hacktivation" ) mode="reverthacktivate";; "Create Custom IPSW" ) menu_restore ipsw;; "Enter kDFU Mode" ) mode="kdfu";; "Disable/Enable Exploit" ) mode="remove4";; @@ -6645,30 +6649,42 @@ device_hacktivate() { log "Patching lockdownd" $bspatch lockdownd lockdownd.patched "$patch" log "Renaming original lockdownd" - $ssh -p $ssh_port root@127.0.0.1 "mv /usr/libexec/lockdownd /usr/libexec/lockdownd.orig" + $ssh -p $ssh_port root@127.0.0.1 "[[ ! -e /usr/libexec/lockdownd.orig ]] && mv /usr/libexec/lockdownd /usr/libexec/lockdownd.orig" log "Copying patched lockdownd to device" $scp -P $ssh_port lockdownd.patched root@127.0.0.1:/usr/libexec/lockdownd $ssh -p $ssh_port root@127.0.0.1 "chmod +x /usr/libexec/lockdownd; reboot" - log "Done. Your device will reboot now" + log "Done. Your device should reboot now" +} + +device_reverthacktivate() { + print "* This will use revert hacktivation for this device." + print "* This option can only be used if the hacktivation is done using Legacy iOS Kit's \"Hacktivate Device\" option." + pause + device_iproxy + device_sshpass + log "Reverting lockdownd" + $ssh -p $ssh_port root@127.0.0.1 "[[ -e /usr/libexec/lockdownd.orig ]] && rm /usr/libexec/lockdownd && mv /usr/libexec/lockdownd.orig /usr/libexec/lockdownd" + $ssh -p $ssh_port root@127.0.0.1 "chmod +x /usr/libexec/lockdownd; reboot" + log "Done. Your device should reboot now" } restore_customipsw() { print "* You are about to restore with a custom IPSW." if [[ $device_proc == 1 ]]; then - print "* This option is for restoring with custom IPSWs for downgrading and/or jailbreaking the device." + print "* This option is for restoring with other IPSWs for downgrading and/or jailbreaking the device." else print "* This option is only for restoring with IPSWs NOT made with Legacy iOS Kit, like whited00r or GeekGrade." if [[ $device_newbr == 1 ]]; then - warn "Your device is a new bootrom model and custom IPSWs might not be compatible." + warn "Your device is a new bootrom model and some custom IPSWs might not be compatible." print "* For iPhone 3GS, after restoring you will need to go to Other Utilities -> Install alloc8 Exploit" elif [[ $device_type == "iPod2,1" ]]; then print "* You may also use this option for downgrading the device to 3.0 and lower for old bootrom models." else warn "* Do NOT use this option for powdersn0w or jailbreak IPSWs made with Legacy iOS Kit!" fi - if [[ $platform == "macos" ]] && [[ $device_type == "iPod2,1" || $device_proc == 1 ]]; then - warn "* Restoring to 2.x might not work on newer macOS versions." - fi + fi + if [[ $platform == "macos" ]] && [[ $device_type == "iPod2,1" || $device_proc == 1 ]]; then + warn "* Restoring to 2.x might not work on newer macOS versions." fi if [[ $device_proc == 1 ]]; then echo @@ -6942,6 +6958,7 @@ main() { "ideviceinstaller" ) device_ideviceinstaller;; "altserver_linux" ) device_altserver_linux;; "hacktivate" ) device_hacktivate;; + "reverthacktivate" ) device_reverthacktivate;; "restore-latest" ) restore_latest64;; "convert-onboard-blobs" ) shsh_convert_onboard;; * ) :;;