The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information.

Difference between revisions of "Tutorial:Creating a NOR-only IPSW"

From The iPhone Wiki
Jump to: navigation, search
(untethered bootrom exploit need)
m (now uses # and better wording on the NOTE)
Line 1: Line 1:
  +
This will flash your device to NOR-only
1. Create a custom ipsw
  
  +
# Create a custom ipsw
 
2. Unpack it, remove rootfs dmg
 +
# Unpack it, remove rootfs dmg
  +
# Decrypt the ramdisk ([[xpwntool]]) and mount it.
 
  +
# Edit options.plist (/usr/local/share/restore/options.plist) on the restore ramdisk:
3. Decrypt ramdisk (xpwntool), mount it.
  
  +
<?xml version="1.0" encoding="UTF-8"?>
 
  +
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
4. Edit options.plist on the restore ramdisk:
  
  +
<plist version="1.0">
 
  +
<dict>
/usr/local/share/restore/options.plist
  
  +
<key>CreateFilesystemPartitions</key>
<pre>&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt;
  
  +
&lt;false/&gt;
&lt;!DOCTYPE plist PUBLIC &quot;-//Apple//DTD PLIST 1.0//EN&quot; &quot;http://www.apple.com/DTDs/PropertyList-1.0.dtd&quot;&gt;
  
&lt;dict&gt;
 +
&lt;false/&gt;
&lt;key&gt;CreateFilesystemPartitions&lt;/key&gt;
 +
&lt;key&gt;SystemImage&lt;/key&gt;
&lt;false/&gt;
 +
&lt;false/&gt;
&lt;key&gt;UpdateBaseband&lt;/key&gt;
 +
&lt;/dict&gt;
&lt;false/&gt;
 +
&lt;/plist&gt;
  +
# Unmount and reencrypt the restore ramdisk.
&lt;key&gt;SystemImage&lt;/key&gt;
  
  +
# Repack the [[IPSW]].
&lt;false/&gt;
  
  +
NOTE: This technique only works on devices vulnerable to the [[2kPwn]] bootrom exploit.
&lt;/dict&gt;
  
&lt;plist version=&quot;1.0&quot;&gt;
 +
&lt;key&gt;UpdateBaseband&lt;/key&gt;
&lt;/plist&gt;
  
</pre>
  
 
5. Unmount and reencrypt the restore ramdisk.
  
 
6. Repack the ipsw.
  
 
NOTE: This technique only works with the [[N72ap|iPod touch 2G]] [[Models|MB-version]] and the [[N88ap|iPhone 3GS]] old [[bootrom]] (devices that are vulnerable to bootrom untethered exploit)
  

Revision as of 00:50, 26 June 2011

This will flash your device to NOR-only

  1. Create a custom ipsw
  2. Unpack it, remove rootfs dmg
  3. Decrypt the ramdisk (xpwntool) and mount it.
  4. Edit options.plist (/usr/local/share/restore/options.plist) on the restore ramdisk:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd%22>
<plist version="1.0">
<dict>
   <key>CreateFilesystemPartitions</key>
   <false/>
   <key>UpdateBaseband</key>
   <false/>
   <key>SystemImage</key>
   <false/>
</dict>
</plist>
  1. Unmount and reencrypt the restore ramdisk.
  2. Repack the IPSW.

NOTE: This technique only works on devices vulnerable to the 2kPwn bootrom exploit.

Retrieved from "https://www.theiphonewiki.com/w/index.php?title=Tutorial:Creating_a_NOR-only_IPSW&oldid=18661"