-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Ajout du support Wndows compiler en 32 et 64 bits . Télécharger Cygwin pour utiliser Odysseus vidéo a venir pour plus de précision.
- Loading branch information
Dev Jam
committed
Oct 23, 2015
1 parent
30ec2b9
commit acf7bf2
Showing
1,347 changed files
with
26,493 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,91 @@ | ||
| Odysseus | ||
|
|
||
| WARNING: do not do it, unless you have read and understood these instructions. | ||
| If *anything* goes wrong during the restore process, you will have to restore | ||
| to the latest, most likely unjailbreakable firmware. Basically, you are on | ||
| your own. I will not be held responsible for anything YOU do. | ||
|
|
||
| This works only on certain jailbroken 32bit devices. By that, I mean devices | ||
| I have keys for. Also, this will *not* change your baseband. If you go too | ||
| far up/down with iOS version, it may be that the main OS doesn't understand | ||
| the baseband anymore. If that happens, you won't get past activation and | ||
| you cannot re-jailbreak the device. As a consequence, the device will remain | ||
| in activation limbo and you'll have to restore. | ||
|
|
||
| The untether on your device must have tfp0 enabled. Early versions of Pangu | ||
| did not enable tfp0, but latest versions of Pangu, TaiG and evasi0n all have | ||
| tfp0 activated. | ||
|
|
||
| You need to have the valid ticket/blob for the desired firmware. To validate | ||
| the ticket/blob against the desired firmware, you have to: | ||
| a) download desired firmware: | ||
| computer$ curl -O http://path/to/desired.ipsw | ||
| b) convert your precious.shsh to xml: | ||
| computer$ cat precious.shsh | zcat -fc > precious.plist | ||
| computer$ plutil -convert xml1 precious.plist | ||
| c) validate the ticket/blob: | ||
| computer$ ./validate precious.plist desired.ipsw -z | ||
| If you see any ERROR message, then your ticket/blob is probably screwed and you | ||
| should NOT attempt to downgrade. | ||
|
|
||
| Install OpenSSH and Core Utilities (coreutils) on the device, using Cydia or | ||
| whatever app store is the rage these days. | ||
|
|
||
| Save your baseband (enter your device root password, default is alpine): | ||
| computer$ ./sshtool -s baseband.tar -p 22 device_ip_or_name | ||
| It's ok if baseband.tar is a zero sized file if you have an Infineon baseband | ||
| (that is, <= iPhone4) but for Qualcomm (that is >= iPhone4S), your device must | ||
| have the baseband on main filesystem. In this case, any error or empty archive | ||
| means trouble. | ||
|
|
||
| Build the custom firmware. This will take a while. The -memory parameter is | ||
| optional. Use it only if your machine has sufficient physical memory (>=4GB). | ||
| Make sure you have the right bundle in FirmwareBundles/. If the bundle is not | ||
| there, ask for it. | ||
| computer$ ./ipsw desired.ipsw custom.ipsw -memory baseband.tar | ||
| or | ||
| computer$ ./ipsw desired.ipsw custom.ipsw -memory baseband.tar jb.tar ssh.tar | ||
| The latter is meant to save your device if there's a baseband mismatch. Do NOT | ||
| attempt to install Cydia (jailbreak or otherwise) over it even if signal works. | ||
| Its sole purpose is to allow you to re-downgrade to a different iOS version. | ||
| If the ipsw creation fails, try increasing rootfs with `-s' or `-S' options. | ||
|
|
||
| Extract back the pwned iBSS from the custom-built firmware: | ||
| computer$ ./xpwntool `unzip -j custom.ipsw 'Firmware/dfu/iBSS*' | awk '/inflating/{print $2}'` pwnediBSS | ||
|
|
||
| Kickstart the pwned restore (enter your device root password): | ||
| computer$ ./sshtool -k ../kloader -b pwnediBSS -p 22 device_ip_or_name | ||
|
|
||
| Wait for the device to enter DFU. Do NOT press any button. Just plug/unplug | ||
| it, until it is seen as DFU. If it does not appear, do a cold boot by holding | ||
| both Home and Power button until the Apple logo appears and then repeat the | ||
| previous step. Kill iTunes before continuing. You may want to disable iTunes | ||
| Helper by removing it from System Preferences -> Users & Groups -> Login Items | ||
| or simply kill it: | ||
| computer$ killall iTunesHelper | ||
|
|
||
| Restore the custom firmware. Make sure you have your precious ticket/blob file | ||
| copied as shsh/ECID-DEVICE-VERSION.shsh before starting. For example, the shsh | ||
| file can be 2144637826347-iPad3,1-7.1.2.shsh. Please note that you may need to | ||
| be root to access USB: | ||
| computer# ./idevicerestore -d -w custom.ipsw | ||
|
|
||
| Enjoy! | ||
|
|
||
| In theory, the last step can be replaced by starting TinyUmbrella and doing the | ||
| restore via iTunes, but I have not tested it that way (and most probably, you'd | ||
| have to downgrade iTunes). | ||
|
|
||
| Credits: | ||
| @planetbeing, dborca for the awesome xpwn | ||
| @winocm for ios-kexec-utils | ||
| @westbaer, p0sixninja, iH8sn0w, GreySyntax for irecovery | ||
| @libimobiledevice people for libimobiledevice | ||
| @iH8sn0w for some ideas and code | ||
| @iH8sn0w, SquiffyPwn, winocm for p0sixspwn | ||
| @daytonhasty for some ideas, testing and writeup | ||
| @JonathanSeals for some ideas | ||
| @tihmstar, CPVideoMaker, SashaKirichenko for testing | ||
| @citrusui for the cool name | ||
|
|
||
| -xerub |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,35 @@ | ||
| NOT working: iOS5 | ||
| - kloader does not work properly on iOS5. May be fixed in the future, but | ||
| until then, there is no way to kickstart this if your device is on iOS5. | ||
| - the baseband for iPhone4,1 is stored differently on iOS5 vs higher iOS | ||
| versions. An extra step is needed to prepare baseband.tar | ||
|
|
||
| NOT working: El Capitan | ||
| - idevicerestore cannot switch from DFU to Recovery. Until it gets fixed, | ||
| there is no way to kickstart this if your computer is running El Capitan. | ||
|
|
||
| Do NOT attempt this if you don't know what you are doing. In case of | ||
| baseband mismatch, there is no way to get past activation screen and | ||
| re-jailbreak the device. To overcome this, a jailbreak.tar and ssh.tar | ||
| must be preinstalled to rootfs. | ||
|
|
||
| iPhone3,1: | ||
| probably ok | ||
|
|
||
| iPhone3,3: | ||
| probably ok | ||
|
|
||
| iPhone4,1: | ||
| 6.1.3 -> 7.1.2 ok | ||
| 7.1.2 -> 6.1.3 BB mismatch (to succeed with this restore, just use README.OTA) | ||
| 8.1.1 -> 6.1.3 BB mismatch (to succeed with this restore, just use README.OTA) | ||
| 8.1.1 -> 7.1.2 ok | ||
|
|
||
| iPhone5,2: | ||
| 8.1.2 -> 7.1.2 ok | ||
|
|
||
| iPhone5,4: | ||
| 8.1.2 -> 7.1.2 ok | ||
|
|
||
| iPad2,1: | ||
| 6.1.3 -> 7.1.2 ok |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| blah... blah... | ||
|
|
||
| ./ipsw iPhone4,1_6.1.3_10B329_Restore.ipsw iPhone4,1_6.1.3_10B329_Downgrade.ipsw -memory -bbupdate -ota iPhone4,1_9A406_10B329.plist | ||
|
|
||
| blah... blah... | ||
|
|
||
| idevicerestore -d -w iPhone4,1_6.1.3_10B329_Downgrade.ipsw | ||
|
|
||
| blah... blah... | ||
|
|
||
| -xerub |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,58 @@ | ||
| This is a (somewhat) complicated process to dump on-device blobs/apticket). | ||
|
|
||
| Install OpenSSH and Core Utilities (coreutils) on the device, using Cydia or | ||
| whatever app store is the rage these days. | ||
|
|
||
| Next, build a custom firmware for your device. It must match your hardware, | ||
| but the actual iOS version is not that important. The -memory parameter is | ||
| optional, use it only if your machine has sufficient physical memory (>=4GB). | ||
| Make sure you have the right bundle in FirmwareBundles/. | ||
| computer$ ./ipsw original.ipsw custom.ipsw -memory | ||
| Do NOT use this custom ipsw to restore your device, because it has no saved | ||
| baseband. See the main README for the proper procedure. | ||
|
|
||
| Extract the pwned iBSS from the custom-built firmware: | ||
| computer$ ./xpwntool `unzip -j custom.ipsw 'Firmware/dfu/iBSS*' | awk '/inflating/{print $2}'` pwnediBSS | ||
|
|
||
| Load the pwned iBSS (enter your device root password): | ||
| computer$ ./sshtool -k ../kloader -b pwnediBSS -p 22 device_ip_or_name | ||
|
|
||
| Wait for the device to enter DFU. Do NOT press any button. Just plug/unplug | ||
| it, until it is seen as DFU. If it does not appear, do a cold boot by holding | ||
| both Home and Power button until the Apple logo appears and then repeat the | ||
| previous step. Kill iTunes before continuing. You may want to disable iTunes | ||
| Helper by removing it from System Preferences -> Users & Groups -> Login Items | ||
| or simply kill it: | ||
| computer$ killall iTunesHelper | ||
|
|
||
| Extract the pwned iBEC from the custom-built firmware: | ||
| computer$ mv `unzip -j custom.ipsw 'Firmware/dfu/iBEC*' | awk '/inflating/{print $2}'` pwnediBEC | ||
|
|
||
| Load the pwned iBEC: | ||
| computer# ./irecovery -f pwnediBEC | ||
|
|
||
| Wait for the device to enter Recovery Mode. Do NOT press any button. Just | ||
| plug/unplug it, until it is seen as Recovery. If it does not appear, do a | ||
| cold boot by holding both Home and Power button until the Apple logo appears | ||
| and then repeat the previous steps. | ||
|
|
||
| Get them blobs: | ||
| computer# ./irecovery -s | ||
| iRecovery> /send ../payload | ||
| iRecovery> go blobs | ||
| iRecovery> /exit | ||
| computer# ./irecovery -g precious.dump | ||
| computer# ./irecovery -s | ||
| iRecovery> reboot | ||
|
|
||
| Unpack blobs against a matching ipsw. This ipsw must match the actual version | ||
| that is flashed on the device. | ||
| computer$ ./ticket precious.dump precious.plist matching.ipsw -z | ||
| computer$ ./validate precious.plist matching.ipsw -z | ||
|
|
||
| Credits: | ||
| @westbaer for irecovery | ||
| @winocm for ios-kexec-utils | ||
| @iH8sn0w for some ideas and code | ||
|
|
||
| -xerub |
Binary file not shown.
Binary file not shown.
143 changes: 143 additions & 0 deletions
143
windows32/FirmwareBundles/Down_iPad2,1_6.1.3_10B329.bundle/Info.plist
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,143 @@ | ||
| <?xml version=1.0 encoding=UTF-8?> | ||
| <!DOCTYPE plist PUBLIC -//Apple Computer//DTD PLIST 1.0//EN http://www.apple.com/DTDs/PropertyList-1.0.dtd> | ||
| <plist version=1.0> | ||
| <dict> | ||
| <key>FilesystemPatches</key> | ||
| <dict/> | ||
| <key>FirmwarePatches</key> | ||
| <dict> | ||
| <key>RestoreKernelCache</key> | ||
| <dict> | ||
| <key>File</key> | ||
| <string>kernelcache.release.k93</string> | ||
| <key>IV</key> | ||
| <string>247ea923c137404f4faec7da75822b08</string> | ||
| <key>Key</key> | ||
| <string>2bbdf3fea41600cd7ae46157af7f19b1726900802f2ec2022aa60b9a27a3261f</string> | ||
| <!--key>Patch</key> | ||
| <string>kernelcache.release.patch</string--> | ||
| <key>DecryptPath</key> | ||
| <string>Downgrade/kernelcache.release.k93</string> | ||
| <key>TypeFlag</key> | ||
| <integer>4</integer> | ||
| </dict> | ||
| <!--key>Update Ramdisk</key> | ||
| <dict> | ||
| <key>File</key> | ||
| <string>048-2679-005.dmg</string> | ||
| <key>IV</key> | ||
| <string>42012fd13eae0dfdac7cb536e159a372</string> | ||
| <key>Key</key> | ||
| <string>d5e306661bfaa4d342d599a3494a35b9c3173c5fdcd11752293b2356011652c3</string> | ||
| <key>TypeFlag</key> | ||
| <integer>8</integer> | ||
| </dict--> | ||
| <key>Restore Ramdisk</key> | ||
| <dict> | ||
| <key>File</key> | ||
| <string>048-2516-005.dmg</string> | ||
| <key>IV</key> | ||
| <string>8775b711d2e09e332f8ebfbebe63cce7</string> | ||
| <key>Key</key> | ||
| <string>d406dc4343eedf9d6567e8303ba39a21f81f99bf701840c888963af58a84fb8f</string> | ||
| <key>Decrypt</key> | ||
| <true/> | ||
| <key>TypeFlag</key> | ||
| <integer>8</integer> | ||
| </dict> | ||
| <key>iBSS</key> | ||
| <dict> | ||
| <key>File</key> | ||
| <string>Firmware/dfu/iBSS.k93ap.RELEASE.dfu</string> | ||
| <key>IV</key> | ||
| <string>b69f753dccd09c9b98d345ec73bbf044</string> | ||
| <key>Key</key> | ||
| <string>6e4cce9ea6f2ec346cba0b279beab1b43e44a0680f1fde789a00f66a1e68ffab</string> | ||
| <key>Patch</key> | ||
| <string>iBSS.k93ap.RELEASE.patch</string> | ||
| <key>Decrypt</key> | ||
| <true/> | ||
| <key>TypeFlag</key> | ||
| <integer>8</integer> | ||
| </dict> | ||
| <key>iBEC</key> | ||
| <dict> | ||
| <key>File</key> | ||
| <string>Firmware/dfu/iBEC.k93ap.RELEASE.dfu</string> | ||
| <key>IV</key> | ||
| <string>3a0726b7bc091915dd928eed21478728</string> | ||
| <key>Key</key> | ||
| <string>69eaeb223db61b557c36d65fa7e6e4ec1c0d7547dfce9d46077f7e5b0fcba98f</string> | ||
| <key>Patch</key> | ||
| <string>iBEC.k93ap.RELEASE.patch</string> | ||
| <key>Decrypt</key> | ||
| <true/> | ||
| <key>TypeFlag</key> | ||
| <integer>8</integer> | ||
| </dict> | ||
| <key>RestoreDeviceTree</key> | ||
| <dict> | ||
| <key>File</key> | ||
| <string>Firmware/all_flash/all_flash.k93ap.production/DeviceTree.k93ap.img3</string> | ||
| <key>IV</key> | ||
| <string>557d2b8116b04cf93bf7bff023ed6bf2</string> | ||
| <key>Key</key> | ||
| <string>7c9c0c49075fd6c47e1598f23901266237e30e60dcfc7174b8c2ea6f42532bfb</string> | ||
| <key>DecryptPath</key> | ||
| <string>Downgrade/DeviceTree.k93ap.img3</string> | ||
| </dict> | ||
| <key>RestoreLogo</key> | ||
| <dict> | ||
| <key>File</key> | ||
| <string>Firmware/all_flash/all_flash.k93ap.production/applelogo.s5l8940x.img3</string> | ||
| <key>IV</key> | ||
| <string>623b2592ad563ea16bd8a86af6960bcb</string> | ||
| <key>Key</key> | ||
| <string>0e7aa7bbcfddc88dfe0e56e021363028502621c52c709afc3744850977e2fb9f</string> | ||
| <key>DecryptPath</key> | ||
| <string>Downgrade/[email protected]</string> | ||
| </dict> | ||
| </dict> | ||
| <key>RamdiskPatches</key> | ||
| <dict> | ||
| <key>asr</key> | ||
| <dict> | ||
| <key>File</key> | ||
| <string>usr/sbin/asr</string> | ||
| <key>Patch</key> | ||
| <string>asr.patch</string> | ||
| </dict> | ||
| <!--key>restored_external</key> | ||
| <dict> | ||
| <key>File</key> | ||
| <string>usr/local/bin/restored_external</string> | ||
| <key>Patch</key> | ||
| <string>restored.patch</string> | ||
| </dict--> | ||
| </dict> | ||
| <key>RamdiskMountVolume</key> | ||
| <string>ramdisk</string> | ||
| <key>RamdiskOptionsPath</key> | ||
| <string>/usr/local/share/restore/options.k93.plist</string> | ||
| <key>RootFilesystem</key> | ||
| <string>048-2634-005.dmg</string> | ||
| <key>RootFilesystemSize</key> | ||
| <integer>1063</integer> | ||
| <key>RootFilesystemKey</key> | ||
| <string>70f5ac054bf50a522fd39071f6acbd92954804599c1507b881d7d9c4026005e3867bfab0</string> | ||
| <key>RootFilesystemMountVolume</key> | ||
| <string>BrightonMaps10B329.K93OS</string> | ||
| <key>SHA1</key> | ||
| <string>241a02bb446c21e44e8470b77e09b5fbfba7d6c4</string> | ||
| <key>Filename</key> | ||
| <string>iPad2,1_6.1.3_10B329_Restore.ipsw</string> | ||
| <key>Name</key> | ||
| <string>iPad2,1_6.1.3_10B329</string> | ||
| <key>DownloadUrl</key> | ||
| <string></string> | ||
| <key>Platform</key> | ||
| <integer>1</integer> | ||
| <key>SubPlatform</key> | ||
| <integer>6</integer> | ||
| </dict> | ||
| </plist> |
Binary file added
BIN
+209 Bytes
windows32/FirmwareBundles/Down_iPad2,1_6.1.3_10B329.bundle/asr.patch
Binary file not shown.
Binary file added
BIN
+249 Bytes
windows32/FirmwareBundles/Down_iPad2,1_6.1.3_10B329.bundle/iBEC.k93ap.RELEASE.patch
Binary file not shown.
Binary file added
BIN
+184 Bytes
windows32/FirmwareBundles/Down_iPad2,1_6.1.3_10B329.bundle/iBSS.k93ap.RELEASE.patch
Binary file not shown.
Oops, something went wrong.