iRecovery is a libusb-based CLI utility for Mac OS X, Linux, and Windows. It is able to talk to iBoot and iBSS via USB. It's completely open source; the source code is released under the terms of the GNU GPL v3. The full license text can be found in the LICENSE file on github.
It currently connects to:
DFU 2.0 (0x1227)
It can upload a file, such as an iBSS, so that you can unplug and spawn a shell with 0x1281.
Recovery 2.0 (0x1281)
You can upload a file to 0x9000000 with the following syntax:
./iRecovery -f file
In newer builds that use libusb-1.0 this is now
./iRecovery -u file
You can spawn a shell to do all sorts of neat things with the syntax:
Once it has spawned, you can type 'help' and iBoot will respond with its built-in command list.
./iRecovery -c "command"
Sends a single command to the device *without* spawning a shell.
usb_control_msg(0x21, 2) Exploit Command
Sends Chronic Dev's + Geohot's latest usb exploit. Implemented into blackra1n. This was updated near October 17, 2009. posixninja's fork In newer builds this is now -e
You can now enable auto-boot by running:
or by sending /auto-boot in a shell.
iRecovery now supports batch scripting, this allows you to send commands to iBoot from a pre written list of commands, this also suports scripting such as /auto-boot and /upload <file>
./iRecovery -b <file>
or in a shell:
You can now send raw commands via the -x21 -x40 or -xA1 flags
====================================== :: :: iBSS for n82ap, Copyright 2009, Apple Inc. :: :: BUILD_TAG: iBoot-596.24 :: :: BUILD_STYLE: RELEASE :: :: USB_SERIAL_NUMBER: CPID:8900 CPRV:30 CPFM:03 SCEP:05 BDID:04 ECID:000003293C113D76 IBFL:00 :: ======================================= Entering recovery mode, starting command prompt ] printenv build-style = "RELEASE" build-version = "iBoot-596.24" config_board = "n82ap" loadaddr = "0x9000000" boot-command = "fsboot" bootdelay = "0" auto-boot = "true" idle-off = "true" boot-device = "nand0" boot-partition = "0" boot-path = "/System/Library/Caches/com.apple.kernelcaches/kernelcache.s5l8900x" display-color-space = "RGB888" display-timing = "optC" framebuffer = "0xfd00000" secure-boot = "0x1"
Supported Raw Commands
Currently Supported by All Firmware:
Reboot - Reboots Iphone
More IBoot Commands Information:
NOTE: 'bgcolor' appears to be no longer supported -- requires confirmation.
- A C++ port is also in the works dubbed iRecovery++ (by GreySyntax) can be found at GitHub/NSPwn/iRecoveryplusplus]
- A VB.NET port (by Fallensn0w) can be found at GitHub/fallensn0w/vbiRecovery
- A GUI (Graphical User Interface) has been made for Windows under the name Zeratul and it's developed by Fallensn0w and available at @github
(or compiled binary files here.)