Thursday, July 8, 2010

Data recovery: not just for iBoot-pwned devices

Deprecated: Now you can use greenpois0n to load an SSH ramdisk on any new device.

Update: wrote a tool to generate upgrade IPSWs automatically
iPad data recovery!
If your user data partition is not corrupted, it's possible to get your data back (say, after some Cydia app made your oversized iTouch hang on boot!)

Should also work for iOS 4.0 new bootrom 3GS iPhones and 3G iTouches.


Will it work if you were jailbroken with:
PwnageTool: Not recommended/might work
SnowBreeze: Not recommended/might work
Spirit: YES
redsn0w: YES
blackra1n: YES
Not jailbroken: YES


Other necessary conditions:
Mountable user data volume - not always the case!

Other warnings:
You'll obviously lose your jailbroken state and will have to re-Spirit if using iPad or just back up and restore if using a PwnageTool/SnowBreeze iOS4 jailbreak!

When should you use this method?
  • You have an iDevice that does not boot (stuck in DFU/on Apple logo) with important data on it (kids pix, financial reports, names of Russian spies)
  • You are not jailbroken with PwnageTool/redsn0w/blackra1n/Sn0wbreeze
    • If you are jailbroken using one of those jailbreak methods, check out SSH ramdisk method first as it guarantees non-destructive recovery.
  • You don't need the device to remain jailbroken/unlocked or can jailbreak/unlock a device that has been restored to latest firmware version.
Download:
Windows versionPython source

Usage:
Use current firmware version that is still being signed by Apple (4.1 ATM)!
Drag and drop original unmodified IPSW file over the tool icon, wait for it to generate a UPG_...ipsw file, restore to that using iTunes.
Make sure you've read the necessary conditions and warnings sections!

Look at the source code if you want an insight into what exactly happens here.




Wednesday, July 7, 2010

iRecovery functionality on Windows without libUSB

itunnel_mux_rev6.exe <- this unfortunately named tool now supports loading stuff into iBoot, including USB exploit payloads.
Usage example: 
itunnel_mux_rev6.exe --ibss iBSS.n88ap.RELEASE.dfu --exploit exploit --ibec
 iBEC.n88ap.RELEASE.dfu --ramdisk  018-6461-399.dmg.ssh --devicetree 
DeviceTree.n88ap.img3 --kernelcache kernelcache.release.n88
Due to some hardcoded structure offsets still left, will probably only work with iTunes 9.2.