-
Notifications
You must be signed in to change notification settings - Fork 125
/
Copy pathrestore.sh
executable file
·311 lines (267 loc) · 12.6 KB
/
restore.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
#!/bin/bash
# $0 <exec> $device <ipsw>
if [ "$#" == 1 ]; then
if [ ! -e "/usr/local/bin/brew" ]; then
echo "OOOOF, brew is not installed? Installing..."
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
else
echo "[+] Installing dependencies"
brew install libtool automake lsusb openssl libzip pkg-config
brew install --HEAD libusbmuxd
brew link --overwrite libusbmuxd
brew install --HEAD libimobiledevice
brew link --overwrite libimobiledevice
brew install --HEAD libplist
brew link --overwrite libplist
if [ -e "ipwndfu_public" ]; then
cd ipwndfu_public && git pull origin master
cd ..
else
git clone https://github.com/MatthewPierson/ipwndfu_public
fi
cd ipwndfu_public
string=$(lsusb | grep -c "checkm8")
until [ $string = 1 ];
do
killall iTunes && killall iTunesHelper
echo "Waiting 10 seconds to allow you to enter DFU mode"
sleep 10
echo "Attempting to get into pwndfu mode"
echo "Please just enter DFU mode again on each reboot"
echo "The script will run ipwndfu again and again until the device is in PWNDFU mode"
./ipwndfu -p
string=$(lsusb | grep -c "checkm8")
done
sleep 3
python rmsigchks.py
cd ..
if [ $string == 1 ]; then
echo "We seem to be in pwned DFU mode!"
if [ -e "build" ]; then
echo "[+] Build folder exists! If the script doesn't work please delete the 'Build' folder and run it again"
sleep 3
else
echo "[+] Build folder does not exist! Grabbing dependencies and installing!"
mkdir -p build && cd build
git clone https://github.com/libimobiledevice/libirecovery
git clone https://github.com/tihmstar/libfragmentzip
git clone https://github.com/tihmstar/libgeneral.git
git clone --recursive https://github.com/merculous/futurerestore
git clone -n https://github.com/tihmstar/liboffsetfinder64
git clone https://github.com/tihmstar/img4tool.git
git clone --recursive https://github.com/tihmstar/tsschecker
export PKG_CONFIG_PATH="/usr/local/opt/openssl/lib/pkgconfig"
cd libirecovery
git submodule init && git submodule update
./autogen.sh
make && make install
cd ../libgeneral
git submodule init && git submodule update
./autogen.sh
make && make install
cd ../libfragmentzip
git submodule init && git submodule update
./autogen.sh
make && make install
cd ../futurerestore
git submodule init && git submodule update
./autogen.sh
make && make install
cd ../liboffsetfinder64
git checkout c1b4203f1f8e05d49673548bab8963388be2dbf0
git submodule init && git submodule update
./autogen.sh
make && make install
cd ../img4tool
git submodule init && git submodule update
./autogen.sh
make && make install
cd ../tsschecker
git submodule init && git submodule update
./autogen.sh
make && make install
cd ../..
echo "[+] Dependencies should now be installed and compiled."
fi
rm -rfv ipsw dummy_file *.im4p *.prepatched *.raw *.img4 shsh downgrade*
echo "Killing iTunes as this will be quite annoying with what we are going to do."
killall iTunes && killall iTunesHelper
mkdir -p ipsw
mkdir -p shsh
unzip -d ipsw $1
cp -rv ipsw/Firmware/Mav7Mav8-7.60.00.Release.bbfw .
ls
./igetnonce | grep 'n53ap' &> /dev/null
if [ $? == 0 ]; then
echo "Supported Device"
device="iPhone6,2"
echo $device
fi
./igetnonce | grep 'n51ap' &> /dev/null
if [ $? == 0 ]; then
echo "Supported Device"
device="iPhone6,1"
echo $device
fi
./igetnonce | grep 'j71ap' &> /dev/null
if [ $? == 0 ]; then
echo "Supported Device"
device="iPad4,1"
echo $device
fi
./igetnonce | grep 'j72ap' &> /dev/null
if [ $? == 0 ]; then
echo "Supported Device"
device="iPad4,2"
echo $device
fi
./igetnonce | grep 'j85ap' &> /dev/null
if [ $? == 0 ]; then
echo "Supported Device"
device="iPad4,4"
echo $device
fi
./igetnonce | grep 'j86ap' &> /dev/null
if [ $? == 0 ]; then
echo "Supported Device"
device="iPad4,5"
echo $device
fi
if [ -z "$device" ]
then
echo "Either unsupported device or no device found."
echo "Exiting.."
exit
else
echo "Supported device found."
fi
#Credit to @dora2_yururi for ECID/Apnonce getting stuff from Nudaoaddu
ret=$(./igetnonce 2>/dev/null | grep ECID)
ecidhex=$(echo $ret | cut -d '=' -f 2 )
ecidhex2=$(echo $ecidhex | tr '[:lower:]' '[:upper:]')
echo $ecidhex2 >/dev/null
ecid=$(echo "obase=10; ibase=16; $ecidhex2" | bc)
echo $ecid
if [ $device == iPhone6,1 ] || [ $device == iPhone6,2 ]; then # If iPhone 5S
mv -v ipsw/Firmware/dfu/*.iphone6*.im4p .
if [ $device == iPhone6,1 ]; then
cp -rv ipsw/Firmware/all_flash/sep-firmware.n51.RELEASE.im4p .
else
cp -rv ipsw/Firmware/all_flash/sep-firmware.n53.RELEASE.im4p .
fi
img4tool -e --iv f2aa35f6e27c409fd57e9b711f416cfe --key 599d9b18bc51d93f2385fa4e83539a2eec955fce5f4ae960b252583fcbebfe75 -o iBSS.raw iBSS.iphone6.RELEASE.im4p
img4tool -e --iv 75a06e85e2d9835827334738bb84ce73 --key 15c61c585d30ab07497f68aee0a64c433e4b1183abde4cfd91c185b9a70ab91a -o iBEC.raw iBEC.iphone6.RELEASE.im4p
./iBoot64Patcher iBSS.raw iBSS.prepatched
./iBoot64Patcher iBEC.raw iBEC.prepatched
img4tool -c iBSS.im4p -t ibss iBSS.prepatched
img4tool -c iBEC.im4p -t ibec iBEC.prepatched
tsschecker -d "$device" -i 10.3.3 -o -m manifests/BuildManifest_"$device"_1033_OTA.plist -e $ecid -s --save-path shsh
mv -v shsh/*.shsh* shsh/stitch.shsh2
img4tool -c iBSS.img4 -p iBSS.im4p -s shsh/stitch.shsh2
img4tool -c iBEC.img4 -p iBEC.im4p -s shsh/stitch.shsh2
cp -v iBSS.img4 ipsw/Firmware/dfu/iBSS.iphone6.RELEASE.im4p
cp -v iBEC.img4 ipsw/Firmware/dfu/iBEC.iphone6.RELEASE.im4p
fi
if [ $device == iPad4,1 ] || [ $device == iPad4,2 ] || [ $device == iPad4,3 ]; then # If iPad Air
mv -v ipsw/Firmware/dfu/iBEC.ipad4.RELEASE.im4p .
mv -v ipsw/Firmware/dfu/iBSS.ipad4.RELEASE.im4p .
if [ $device == iPad4,1 ]; then
cp -rv ipsw/Firmware/all_flash/sep-firmware.j71.RELEASE.im4p .
fi
if [ $device == iPad4,2 ]; then
cp -rv ipsw/Firmware/all_flash/sep-firmware.j72.RELEASE.im4p .
fi
if [ $device == iPad4,3 ]; then
cp -rv ipsw/Firmware/all_flash/sep-firmware.j73.RELEASE.im4p .
fi
img4tool -e --iv a83dfcc277766ccb5da4220811ec2407 --key b4f8d062a97628231a289ae2a50647c309c43030577dca7fc2eee3a13ddb51ea -o iBEC.raw iBEC.ipad4.RELEASE.im4p
./iBoot64Patcher iBEC.raw iBEC.prepatched
img4tool -c iBEC.im4p -t ibec iBEC.prepatched
img4tool -e --iv 28eed0b4cada986cee0ec95350b64f04 --key c8b8f09e4cc888e4d0045145bceebb3783e146d56393ffce3268aae3225af3d7 -o iBSS.raw iBSS.ipad4.RELEASE.im4p
./iBoot64Patcher iBSS.raw iBSS.prepatched
img4tool -c iBSS.im4p -t ibss iBSS.prepatched
if [ $device == iPad4,3 ]; then
tsschecker -d "$device" --boardconfig j73AP -i 10.3.3 -o -m manifests/BuildManifest_"$device"_1033_OTA.plist -e $ecid -s --save-path shsh
fi
if [ $device = iPad4,1 ] || [ $device = iPad4,2 ]; then
tsschecker -d "$device" -i 10.3.3 -o -m manifests/BuildManifest_"$device"_1033_OTA.plist -e $ecid -s --save-path shsh
fi
mv -v shsh/*.shsh* shsh/stitch.shsh2
img4tool -c iBEC.img4 -p iBEC.im4p -s shsh/stitch.shsh2
cp -v iBEC.img4 ipsw/Firmware/dfu/iBEC.ipad4.RELEASE.im4p
img4tool -c iBSS.img4 -p iBSS.im4p -s shsh/stitch.shsh2
cp -v iBSS.img4 ipsw/Firmware/dfu/iBSS.ipad4.RELEASE.im4p
fi
if [ $device == iPad4,4 ] || [ $device == iPad4,5 ]; then # If iPad Mini 2
mv -v ipsw/Firmware/dfu/iBEC.ipad4b.RELEASE.im4p .
mv -v ipsw/Firmware/dfu/iBSS.ipad4b.RELEASE.im4p .
if [ $device == iPad4,4 ]; then
cp -rv ipsw/Firmware/all_flash/sep-firmware.j85.RELEASE.im4p .
else
cp -rv ipsw/Firmware/all_flash/sep-firmware.j86.RELEASE.im4p .
fi
img4tool -e --iv 3067a2585100890afd3b266926ac254b --key dcdf5a9eb3ae0464e984333e15876faa116525ca4b61f361283a808ca09c7480 -o iBEC.raw iBEC.ipad4b.RELEASE.im4p
./iBoot64Patcher iBEC.raw iBEC.prepatched
img4tool -c iBEC.im4p -t ibec iBEC.prepatched
img4tool -e --iv b3aafc6e758290c3aeec057105d16b36 --key 77659e333d13ebb5ad804daf4fbbaf4a9c86bc6065e88ac0190df8c119a916f3 -o iBSS.raw iBSS.ipad4b.RELEASE.im4p
./iBoot64Patcher iBSS.raw iBSS.prepatched
img4tool -c iBSS.im4p -t ibss iBSS.prepatched
tsschecker -d "$device" -i 10.3.3 -o -m manifests/BuildManifest_"$device"_1033_OTA.plist -e $ecid -s --save-path shsh
mv -v shsh/*.shsh* shsh/stitch.shsh2
img4tool -c iBEC.img4 -p iBEC.im4p -s shsh/stitch.shsh2
cp -v iBEC.img4 ipsw/Firmware/dfu/iBEC.ipad4b.RELEASE.im4p
img4tool -c iBSS.img4 -p iBSS.im4p -s shsh/stitch.shsh2
cp -v iBSS.img4 ipsw/Firmware/dfu/iBSS.ipad4b.RELEASE.im4p
fi
cd ipsw
zip ../downgrade.ipsw -r9 *
cd ..
echo "checkm8" >> dummy_file
raw=$(irecovery -q | grep NONC)
apnonce=$(echo $raw | cut -d ':' -f 2)
if [ $device == iPad4,1 ] || [ $device == iPad4,2 ] || [ $device == iPad4,3 ] || [ $device == iPad4,4 ] || [ $device == iPad4,5 ]; then
irecovery -f dummy_file
sleep 1
irecovery -f iBSS.img4
sleep 1
irecovery -f iBEC.img4
sleep 2
if [ $device == iPad4,3 ]; then
tsschecker -d "$device" --boardconfig j73AP -i 10.3.3 -o -m manifests/BuildManifest_"$device"_1033_OTA.plist -e $ecid --apnonce $apnonce -s
else
tsschecker -d "$device" -i 10.3.3 -o -m manifests/BuildManifest_"$device"_1033_OTA.plist -e $ecid --apnonce $apnonce -s
fi
fi
if [ $device == iPhone6,1 ] || [ $device == iPhone6,2 ]; then
irecovery -f dummy_file
sleep 1
irecovery -f iBSS.img4
sleep 1
irecovery -f iBEC.img4
sleep 2
tsschecker -d "$device" -i 10.3.3 -o -m manifests/BuildManifest_"$device"_1033_OTA.plist -e $ecid --apnonce $apnonce -s
fi
mv -v *.shsh* shsh/apnonce.shsh2
echo "Done prepping files! Time to downgrade!!!"
echo "****RESTORING!****"
echo "Waiting for device to reconnect..."
sleep 5
if [ $device == iPhone6,1 ] || [ $device == iPhone6,2 ] || [ $device == iPad4,5 ] || [ $device == iPad4,2 ] || [ $device == iPad4,3 ]; then
futurerestore -t shsh/apnonce.shsh2 -s sep-firmware.*.RELEASE.im4p -m manifests/BuildManifest_"$device"_1033_OTA.plist -b Mav7Mav8-7.60.00.Release.bbfw -p manifests/BuildManifest_"$device"_1033_OTA.plist downgrade.ipsw
fi
if [ $device == iPad4,4 ] || [ $device == iPad4,1 ]; then
futurerestore -t shsh/apnonce.shsh2 -s sep-firmware.*.RELEASE.im4p -m manifests/BuildManifest_"$device"_1033_OTA.plist --no-baseband downgrade.ipsw
fi
echo "Cleaning up :D"
rm -rfv dummy_file iBSS* iBEC* *.bbfw *.im4p downgrade ipsw *.ipsw
echo "If you see this, we're done! Shoutout to the devs and Matty for making this possible! - Merculous"
echo "P.S. You know, this could look even better and be even easier if we port it to Python :D"
else
echo "Did not find checkm8 within lsusb. We are going to exit. Please enter pwned DFU and run again!"
exit
fi
fi
else
echo "Usage: $0 PathToIpsw (ipsw must be in this directory)"
echo "Example: $0 iPhone_4.0_64bit_10.3.3_14G60_Restore.ipsw"
fi