Saturday, November 20, 2010
Sunday, November 7, 2010
Booting 4.2 bundle - instructions
Instructions
- Download the appropriate tetheredboot binary for Windows or OS X from https://github.com/msftguy/syringe/downloads
- Update: OS X version does NOT need libUSB from MacPorts any more.
- Put the device in DFU mode
- Use the command line tetheredboot -i iBSS.CPUap.RELEASE.dfu -k kernelcache.release.CPU to boot, where CPU is k48 for iPad, n90 for iPhone4
- These files (iBSS and kernelcache) need to be extracted from custom ipsw you made using the bundle!
- Look here for bundles: https://sites.google.com/site/msftguy/file/
Thursday, July 8, 2010
Data recovery: not just for iBoot-pwned devices
Deprecated: Now you can use greenpois0n to load an SSH ramdisk on any new device.
Update: wrote a tool to generate upgrade IPSWs automatically
iPad data recovery!
Update: wrote a tool to generate upgrade IPSWs automatically
iPad data recovery!
If your user data partition is not corrupted, it's possible to get your data back (say, after some Cydia app made your oversized iTouch hang on boot!)
Will it work if you were jailbroken with:
PwnageTool: Not recommended/might work
SnowBreeze: Not recommended/might work
Spirit: YES
redsn0w: YES
blackra1n: YES
Not jailbroken: YES
Other necessary conditions:
Other necessary conditions:
Mountable user data volume - not always the case!
Other warnings:
You'll obviously lose your jailbroken state and will have to re-Spirit if using iPad or just back up and restore if using a PwnageTool/SnowBreeze iOS4 jailbreak!
When should you use this method?
Windows version, Python source
Usage:
Use current firmware version that is still being signed by Apple (4.1 ATM)!
Drag and drop original unmodified IPSW file over the tool icon, wait for it to generate a UPG_...ipsw file, restore to that using iTunes.
Make sure you've read the necessary conditions and warnings sections!
Look at the source code if you want an insight into what exactly happens here.
Other warnings:
You'll obviously lose your jailbroken state and will have to re-Spirit if using iPad or just back up and restore if using a PwnageTool/SnowBreeze iOS4 jailbreak!
When should you use this method?
- You have an iDevice that does not boot (stuck in DFU/on Apple logo) with important data on it (kids pix, financial reports, names of Russian spies)
- You are not jailbroken with PwnageTool/redsn0w/blackra1n/Sn0wbreeze
- If you are jailbroken using one of those jailbreak methods, check out SSH ramdisk method first as it guarantees non-destructive recovery.
- You don't need the device to remain jailbroken/unlocked or can jailbreak/unlock a device that has been restored to latest firmware version.
Windows version, Python source
Usage:
Use current firmware version that is still being signed by Apple (4.1 ATM)!
Drag and drop original unmodified IPSW file over the tool icon, wait for it to generate a UPG_...ipsw file, restore to that using iTunes.
Make sure you've read the necessary conditions and warnings sections!
Look at the source code if you want an insight into what exactly happens here.
Wednesday, July 7, 2010
iRecovery functionality on Windows without libUSB
itunnel_mux_rev6.exe <- this unfortunately named tool now supports loading stuff into iBoot, including USB exploit payloads.
Usage example:
Usage example:
itunnel_mux_rev6.exe --ibss iBSS.n88ap.RELEASE.dfu --exploit exploit --ibec iBEC.n88ap.RELEASE.dfu --ramdisk 018-6461-399.dmg.ssh --devicetree DeviceTree.n88ap.img3 --kernelcache kernelcache.release.n88Due to some hardcoded structure offsets still left, will probably only work with iTunes 9.2.
Wednesday, June 23, 2010
OLD BOOTROM + Spirit => 4.0 JB
Updated for FW 4.0/4.0.1 + 'Star' jailbreak. You'll need NOR files from a custom 4.0 ipsw made with PwnageTool 4.0.1.
You still obviously need to have an old bootrom 3GS, however you don't currently need any SHSH while Apple still signs 4.0.1
The fact that Star jailbreak uses Safari, however, means it will be patched in weeks, so back up those hashes while you can..
Now that 4.0 is jailbroken, potential uses of this method include installing 4.1 betas, rolling back to 3.x and similar fun activities.
STOP if you have a new bootrom (week 40+, tethered only 3.1.2 JB etc). Here's how to check bootrom ver
- your hardware is iPhone 3GS with OLD BOOTROM
- you HAVE 3.1.3 SHSH (**)
- you DON'T have 3.1.2 SHSH (otherwise, just use blackra1n/redsn0w).
- you WANT iOS4/JB
Update: thanks to movie for those awesome step by step instructions!
Update2: someone made a Cydia package. Looking at type of questions people ask in the comments, that might be the only option for 80% of them. Apple's license terms, of course, don't allow to redistribute their binaries, so I just link to it. Their description also says it works with 3.1.2/Spirit - I very much doubt that.
This tool can be used to flash pwned nor files (containing LLB exploit) on the phone running Spirit JB (script has hardcoded offsets for 3.1.3 3GS).
You still obviously need to have an old bootrom 3GS, however you don't currently need any SHSH while Apple still signs 4.0.1
The fact that Star jailbreak uses Safari, however, means it will be patched in weeks, so back up those hashes while you can..
Now that 4.0 is jailbroken, potential uses of this method include installing 4.1 betas, rolling back to 3.x and similar fun activities.
STOP if you have a new bootrom (week 40+, tethered only 3.1.2 JB etc). Here's how to check bootrom ver
- your hardware is iPhone 3GS with OLD BOOTROM
- you HAVE 3.1.3 SHSH (**)
- you DON'T have 3.1.2 SHSH (otherwise, just use blackra1n/redsn0w).
- you WANT iOS4/JB
Update: thanks to movie for those awesome step by step instructions!
Update2: someone made a Cydia package. Looking at type of questions people ask in the comments, that might be the only option for 80% of them. Apple's license terms, of course, don't allow to redistribute their binaries, so I just link to it. Their description also says it works with 3.1.2/Spirit - I very much doubt that.
This tool can be used to flash pwned nor files (containing LLB exploit) on the phone running Spirit JB (script has hardcoded offsets for 3.1.3 3GS).
Thursday, May 27, 2010
On bluetooth in 4.0
- Bluetooth in 4.0 has a couple of new profiles: HID (meh) and.. Braille. Wait, what's exciting about Braille? Two things:
- It is one of the three services that call OpenSerialPort()
- It is the only one of them that
isn't handled by OSisn't generally handled by the OS, unless you enable some obscure accessibility feature, unlike WiAP and Nike sensor profiles, meaning there are no side effects to connecting the service to arbitrary BT devices with serial profile.
Sunday, May 16, 2010
Tuesday, March 23, 2010
Fixing Blacksn0w on 3.1.3
Update: Ultrasn0w now supports 05.11 thru 05.13 with a new exploit that should fix all possible WiFi issues and any OS 4.0 problems. http://ultrasn0w.com/
Subscribe to:
Posts (Atom)