diff --git a/custom_bundles.md b/custom_bundles.md index d0551d3..8f37c28 100644 --- a/custom_bundles.md +++ b/custom_bundles.md @@ -102,7 +102,7 @@ - Replace `` with the stock kernelcache `.im4p`. - Use [Ralph0045's](https://twitter.com/Ralph0045) [Kernel64Patcher](https://github.com/Ralph0045/Kernel64Patcher) to patch the kernel: - `Kernel64Patcher kernel.raw kernel.patched -a`. -- Use [this](https://raw.githubusercontent.com/dualbootfun/dualbootfun.github.io/master/source/compareFiles.py) Python 3 script (credits: [mcg29](https://twitter.com/mcg29_)) to create a diff file between the unpatched and patched kernels: +- Use [this](https://raw.githubusercontent.com/dualbootfun/dualbootfun.github.io/d947e2c9b6090a1e65a46ea6a58cd840986ff9d9/source/compareFiles.py) Python 3 script (credits: [mcg29](https://twitter.com/mcg29_)) to create a diff file between the unpatched and patched kernels: - `python3 compareFiles.py kernel.raw kernel.patched`. - Use img4lib to apply the patch onto the stock kernelcache im4p: - `img4 -i -o kernelcache.release.*.patched -P kc.bpatch`. diff --git a/inferius.py b/inferius.py index 1c1f9d7..cdfee8f 100755 --- a/inferius.py +++ b/inferius.py @@ -52,6 +52,8 @@ print('Checking if device is A9...') is_a9 = ipsw.a9_check(firmware_bundle) if is_a9: + if args.verbose: + print('Device is A9, fetching correct board config...') board_configs = ipsw.fetch_a9_boardconfigs(firmware_bundle) if len(board_configs) != 2: sys.exit('Firmware Bundle for A9 is invalid.\nExiting...') @@ -65,6 +67,10 @@ pass else: sys.exit('Invalid input given.\nExiting...') + else: + firm_bundle_number = 0 + if args.verbose: + print('Device is not A9, continuing...') if args.verbose: ipsw_dir = ipsw.extract_ipsw(args.ipsw[0], 'yes') @@ -72,14 +78,14 @@ ipsw_dir = ipsw.extract_ipsw(args.ipsw[0]) print('IPSW extracted! Applying patches to bootchain...') if args.verbose: - patch.patch_bootchain(firmware_bundle, ipsw_dir, 'yes') + patch.patch_bootchain(firmware_bundle, ipsw_dir, firm_bundle_number, 'yes') else: - patch.patch_bootchain(firmware_bundle, ipsw_dir) + patch.patch_bootchain(firmware_bundle, ipsw_dir, firm_bundle_number) print('Grabbing latest LLB and iBoot to put into custom IPSW...') ipsw.grab_latest_llb_iboot(args.device[0], ipsw_dir, firmware_bundle, firm_bundle_number) print('Packing everything into custom IPSW. This may take a while, please wait...') if args.verbose: - ipsw_name = ipsw.make_ipsw(ipsw_dir, firmware_bundle, 'yes') + ipsw_name = ipsw.make_ipsw(ipsw_dir, firmware_bundle, 'yes') else: ipsw_name = ipsw.make_ipsw(ipsw_dir, firmware_bundle) print(f'Done!\nCustom IPSW at: {ipsw_name}') diff --git a/resources/FirmwareBundles/iPhone9,1_13.0_bundle/048-96245-001.asr.patch b/resources/FirmwareBundles/iPhone9,1_13.0_bundle/048-96245-001.asr.patch new file mode 100644 index 0000000..93a73ed Binary files /dev/null and b/resources/FirmwareBundles/iPhone9,1_13.0_bundle/048-96245-001.asr.patch differ diff --git a/resources/FirmwareBundles/iPhone9,1_13.0_bundle/Info.json b/resources/FirmwareBundles/iPhone9,1_13.0_bundle/Info.json new file mode 100644 index 0000000..f8b949a --- /dev/null +++ b/resources/FirmwareBundles/iPhone9,1_13.0_bundle/Info.json @@ -0,0 +1,24 @@ +{ + "version": "13.0", + "boardconfig": "d10", + "processor": "T8010", + "files": { + "ibss": { + "file": "Firmware/dfu/iBSS.d10.RELEASE.im4p", + "sha1": "9d1ad504b1c0452956951b060482e8ce98b0da4d", + "patch": "iBSS.d10.RELEASE.patch"}, + "ibec": { + "file": "Firmware/dfu/iBEC.d10.RELEASE.im4p", + "sha1": "1a8f689a8cfd734ca0b9a90c7d975e3277198e99", + "patch": "iBEC.d10.RELEASE.patch"}, + "ramdisk": { + "file": "048-96245-001.dmg", + "sha1": "bd9d65ddbcad1d6d0b73316e198ac46a2fd665ad", + "patch": "048-96245-001.asr.patch"}, + "kernelcache": { + "file": "kernelcache.release.iphone9", + "sha1": "26ff142be2c9372cfa29d273b3778d39734e2e16", + "patch": "kernelcache.release.iphone9.patch" + } + } +} diff --git a/resources/FirmwareBundles/iPhone9,1_13.0_bundle/iBEC.d10.RELEASE.patch b/resources/FirmwareBundles/iPhone9,1_13.0_bundle/iBEC.d10.RELEASE.patch new file mode 100644 index 0000000..f89c426 Binary files /dev/null and b/resources/FirmwareBundles/iPhone9,1_13.0_bundle/iBEC.d10.RELEASE.patch differ diff --git a/resources/FirmwareBundles/iPhone9,1_13.0_bundle/iBSS.d10.RELEASE.patch b/resources/FirmwareBundles/iPhone9,1_13.0_bundle/iBSS.d10.RELEASE.patch new file mode 100644 index 0000000..bd076b2 Binary files /dev/null and b/resources/FirmwareBundles/iPhone9,1_13.0_bundle/iBSS.d10.RELEASE.patch differ diff --git a/resources/FirmwareBundles/iPhone9,1_13.0_bundle/kernelcache.release.iphone9.patch b/resources/FirmwareBundles/iPhone9,1_13.0_bundle/kernelcache.release.iphone9.patch new file mode 100644 index 0000000..a7d409c Binary files /dev/null and b/resources/FirmwareBundles/iPhone9,1_13.0_bundle/kernelcache.release.iphone9.patch differ diff --git a/resources/FirmwareBundles/iPhone9,3_13.0_bundle/048-96245-001.asr.patch b/resources/FirmwareBundles/iPhone9,3_13.0_bundle/048-96245-001.asr.patch new file mode 100644 index 0000000..93a73ed Binary files /dev/null and b/resources/FirmwareBundles/iPhone9,3_13.0_bundle/048-96245-001.asr.patch differ diff --git a/resources/FirmwareBundles/iPhone9,3_13.0_bundle/Info.json b/resources/FirmwareBundles/iPhone9,3_13.0_bundle/Info.json new file mode 100644 index 0000000..f8b949a --- /dev/null +++ b/resources/FirmwareBundles/iPhone9,3_13.0_bundle/Info.json @@ -0,0 +1,24 @@ +{ + "version": "13.0", + "boardconfig": "d10", + "processor": "T8010", + "files": { + "ibss": { + "file": "Firmware/dfu/iBSS.d10.RELEASE.im4p", + "sha1": "9d1ad504b1c0452956951b060482e8ce98b0da4d", + "patch": "iBSS.d10.RELEASE.patch"}, + "ibec": { + "file": "Firmware/dfu/iBEC.d10.RELEASE.im4p", + "sha1": "1a8f689a8cfd734ca0b9a90c7d975e3277198e99", + "patch": "iBEC.d10.RELEASE.patch"}, + "ramdisk": { + "file": "048-96245-001.dmg", + "sha1": "bd9d65ddbcad1d6d0b73316e198ac46a2fd665ad", + "patch": "048-96245-001.asr.patch"}, + "kernelcache": { + "file": "kernelcache.release.iphone9", + "sha1": "26ff142be2c9372cfa29d273b3778d39734e2e16", + "patch": "kernelcache.release.iphone9.patch" + } + } +} diff --git a/resources/FirmwareBundles/iPhone9,3_13.0_bundle/iBEC.d10.RELEASE.patch b/resources/FirmwareBundles/iPhone9,3_13.0_bundle/iBEC.d10.RELEASE.patch new file mode 100644 index 0000000..f89c426 Binary files /dev/null and b/resources/FirmwareBundles/iPhone9,3_13.0_bundle/iBEC.d10.RELEASE.patch differ diff --git a/resources/FirmwareBundles/iPhone9,3_13.0_bundle/iBSS.d10.RELEASE.patch b/resources/FirmwareBundles/iPhone9,3_13.0_bundle/iBSS.d10.RELEASE.patch new file mode 100644 index 0000000..bd076b2 Binary files /dev/null and b/resources/FirmwareBundles/iPhone9,3_13.0_bundle/iBSS.d10.RELEASE.patch differ diff --git a/resources/FirmwareBundles/iPhone9,3_13.0_bundle/kernelcache.release.iphone9.patch b/resources/FirmwareBundles/iPhone9,3_13.0_bundle/kernelcache.release.iphone9.patch new file mode 100644 index 0000000..a7d409c Binary files /dev/null and b/resources/FirmwareBundles/iPhone9,3_13.0_bundle/kernelcache.release.iphone9.patch differ diff --git a/resources/ipsw.py b/resources/ipsw.py index 4dfb6b7..0bb42ed 100644 --- a/resources/ipsw.py +++ b/resources/ipsw.py @@ -52,12 +52,13 @@ def find_bundle(device_identifier, version, verbose=None): else: sys.exit(f"Firmware bundle for {device_identifier}, {version} doesn't exist!\nIf you have provided your own firmware bundle,\nplease make sure it is in 'resources/FirmwareBundles'\nand named {device_identifier}_{version}_bundle") -def grab_latest_llb_iboot(device_identifier, ipsw_dir, firm_bundle, firm_bundle_number: int=None, verbose: str=None): +def grab_latest_llb_iboot(device_identifier, ipsw_dir, firm_bundle, firm_bundle_number): + l_device_identifier = device_identifier.lower() with open(f'{firm_bundle}/Info.json') as f: data = json.load(f) - if firm_bundle_number: + if firm_bundle_number != 0: hardware_model = data['devices'][firm_bundle_number]['boardconfig'] - elif device_identifier.startswith('iPhone6'): + elif l_device_identifier.startswith('iphone6'): hardware_model = 'iphone6' else: hardware_model = data['boardconfig'] @@ -73,7 +74,7 @@ def grab_latest_llb_iboot(device_identifier, ipsw_dir, firm_bundle, firm_bundle_ shutil.copy(f'Firmware/all_flash/iBoot.{hardware_model}.RELEASE.im4p', f'{ipsw_dir}/Firmware/all_flash/') shutil.rmtree('Firmware') -def extract_ibss_ibec(ipsw, firm_bundle, firm_bundle_number: int=None, verbose: str=None): +def extract_ibss_ibec(ipsw, firm_bundle, firm_bundle_number, verbose=None): if os.path.isfile(ipsw): pass else: @@ -86,7 +87,7 @@ def extract_ibss_ibec(ipsw, firm_bundle, firm_bundle_number: int=None, verbose: sys.exit(f'IPSW {ipsw} is not a valid IPSW!\nExiting...') with open(f'{firm_bundle}/Info.json') as f: data = json.load(f) - if firm_bundle_number: + if firm_bundle_number == 0: ibss_path = data['files']['ibss']['file'] ibec_path = data['files']['ibec']['file'] else: @@ -102,6 +103,10 @@ def extract_ibss_ibec(ipsw, firm_bundle, firm_bundle_number: int=None, verbose: ipsw.close() return ibss_path, ibec_path +def fetch_processor(firm_bundle): + with open(f'{firm_bundle}/Info.json') as f: + data = json.load(f) + return data['processor'] def make_ipsw(ipsw_dir, firm_bundle, verbose=None): if os.path.isfile(f'{firm_bundle[26:-7]}_custom.ipsw'): diff --git a/resources/patch.py b/resources/patch.py index 87266c7..2c4f51c 100644 --- a/resources/patch.py +++ b/resources/patch.py @@ -4,11 +4,11 @@ import subprocess import time -def patch_bootchain(firm_bundle, ipsw_path, firm_bundle_number: int=None, verbose: str=None): # Applies patches from firmware bundle onto bootchain +def patch_bootchain(firm_bundle, ipsw_path, firm_bundle_number, verbose=None): # Applies patches from firmware bundle onto bootchain os.makedirs('work/patched_files', exist_ok = True) with open(f'{firm_bundle}/Info.json') as f: data = json.load(f) - if firm_bundle_number: + if firm_bundle_number != 0: ibss = [data['devices'][firm_bundle_number]['files']['ibss']['file'], data['devices'][firm_bundle_number]['files']['ibss']['patch']] ibec = [data['devices'][firm_bundle_number]['files']['ibec']['file'], data['devices'][firm_bundle_number]['files']['ibec']['patch']] kernelcache = [data['files']['kernelcache']['file'], data['files']['kernelcache']['patch']] diff --git a/resources/restore.py b/resources/restore.py index d9946b5..682cb85 100644 --- a/resources/restore.py +++ b/resources/restore.py @@ -4,11 +4,19 @@ import time import sys -def send_ibss_ibec(verbose=None): +def send_ibss_ibec(processor, verbose=None): + with open('work/empty_file', 'w') as f: + f.close() + if processor.lower() == 's5l8960': + subprocess.Popen(f'./resources/bin/irecovery -f work/empty_file', stdout=subprocess.PIPE, shell=True) + time.sleep(5) subprocess.Popen(f'./resources/bin/irecovery -f work/ipsw/ibss.img4', stdout=subprocess.PIPE, shell=True) time.sleep(5) subprocess.Popen(f'./resources/bin/irecovery -f work/ipsw/ibec.img4', stdout=subprocess.PIPE, shell=True) time.sleep(5) + if processor.lower() == 't8010' or 't8015': + subprocess.Popen(f'./resources/bin/irecovery -c go', stdout=subprocess.PIPE, shell=True) + time.sleep(5) if verbose: print('[VERBOSE] Checking if device is in pwnrecovery...') lsusb = subprocess.Popen('./resources/bin/lsusb', stdout=subprocess.PIPE, shell=True) diff --git a/restituere.py b/restituere.py index 4048d04..1ad30be 100755 --- a/restituere.py +++ b/restituere.py @@ -41,16 +41,10 @@ lsusb = subprocess.Popen('./resources/bin/lsusb', stdout=subprocess.PIPE, shell=True) time.sleep(10) lsusb_output = str(lsusb.stdout.read()) - if 'Apple Mobile Device (DFU)' in lsusb_output: + if 'Apple Mobile Device (DFU Mode)' in lsusb_output: pass else: - sys.exit('Device not found!\nExiting...') - device_identifier = args.device[0] - device_identifier = device_identifier.lower() - if device_identifier.startswith('iphone8') or device_identifier == 'ipad6,11' or device_identifier == 'ipad6,12': - sys.exit('Error: A9 devices are currently not supported!\nExiting...') #TODO: Implement A9 support - else: - pass + sys.exit('DFU device not found!\nExiting...') print('Fetching some required info...') if args.verbose: print('[VERBOSE] Fetching ECID...') @@ -88,25 +82,47 @@ firmware_bundle = ipsw.find_bundle(args.device[0], args.version[0], 'yes') else: firmware_bundle = ipsw.find_bundle(args.device[0], args.version[0]) + is_a9 = ipsw.a9_check(firmware_bundle) + if is_a9: + if args.verbose: + print('Device is A9, fetching correct board config...') + board_configs = ipsw.fetch_a9_boardconfigs(firmware_bundle) + if len(board_configs) != 2: + sys.exit('Firmware Bundle for A9 is invalid.\nExiting...') + firm_bundle_number = input(f'A9 device detected, please choose the correct board config for your device:\n[1] {board_configs[0]}\n[2] {board_configs[1]}\nChoice: ') + try: + int(firm_bundle_number) + except ValueError: + sys.exit('Input not a number!.\nExiting...') + firm_bundle_number = int(firm_bundle_number) + if 0 < firm_bundle_number < 3: + pass + else: + sys.exit('Invalid input given.\nExiting...') + else: + firm_bundle_number = 0 + if args.verbose: + print('Device is not A9, continuing...') if args.verbose: print('Extracting iBSS and iBEC from custom IPSW...') if args.verbose: - ibss_path, ibec_path = ipsw.extract_ibss_ibec(args.ipsw[0], firmware_bundle, 'yes') + ibss_path, ibec_path = ipsw.extract_ibss_ibec(args.ipsw[0], firmware_bundle, firm_bundle_number, 'yes') else: - ibss_path, ibec_path = ipsw.extract_ibss_ibec(args.ipsw[0], firmware_bundle) + ibss_path, ibec_path = ipsw.extract_ibss_ibec(args.ipsw[0], firmware_bundle, firm_bundle_number) print('Signing iBSS and iBEC with SHSH blob...') if args.verbose: patch.sign_ibss_ibec(ibss_path, ibec_path, 'yes') else: patch.sign_ibss_ibec(ibss_path, ibec_path) + processor = ipsw.fetch_processor(firmware_bundle) print('Preparations done! Beginning restore...') if args.verbose: - restore.send_ibss_ibec('yes') + restore.send_ibss_ibec(processor, 'yes') else: - restore.send_ibss_ibec() + restore.send_ibss_ibec(processor) if args.verbose: - restore.restore(args.ipsw[0], restore.is_cellular(device_identifier), 'yes') + restore.restore(args.ipsw[0], restore.is_cellular(args.device[0]), 'yes') else: - restore.restore(args.ipsw[0], restore.is_cellular(device_identifier)) + restore.restore(args.ipsw[0], restore.is_cellular(args.device[0])) else: exit(parser.print_help(sys.stderr)) \ No newline at end of file