Difference between revisions of "Tutorial:Creating a NOR-only IPSW"

From The iPhone Wiki
Jump to: navigation, search
m
 
(One intermediate revision by one other user not shown)
Line 1: Line 1:
  +
This will create an [[IPSW File Format|IPSW]] that only flashes your device's [[NOR]]. It will not touch the [[iOS|operating system]] or [[NAND]].
This will flash your device to NOR-only
 
# Create a custom ipsw
+
# Create a custom IPSW
# Unpack it, remove rootfs dmg
+
# Unpack it, remove rootfs DMG
 
# Decrypt the ramdisk ([[xpwntool]]) and mount it.
 
# Decrypt the ramdisk ([[xpwntool]]) and mount it.
 
# Edit options.plist (/usr/local/share/restore/options.plist) on the restore ramdisk:
 
# Edit options.plist (/usr/local/share/restore/options.plist) on the restore ramdisk:
Line 16: Line 16:
 
</dict>
 
</dict>
 
</plist>
 
</plist>
  +
# Unmount and reencrypt the restore ramdisk.
 
  +
<ol start="5">
# Repack the [[IPSW]].
 
  +
<li>Unmount and reencrypt the restore ramdisk.</li>
NOTE: This technique only works on devices vulnerable to the [[2kPwn]] bootrom exploit.
 
  +
<li>Repack the IPSW.</li>
  +
</ol>
  +
  +
NOTE: This technique only works on devices that have an untethered bootrom exploit ([[Pwnage]] or [[0x24000 Segment Overflow]]).
  +
  +
[[Category:Tutorials]]

Latest revision as of 12:18, 27 August 2013

This will create an IPSW that only flashes your device's NOR. It will not touch the operating system or NAND.

  1. Create a custom IPSW
  2. Unpack it, remove rootfs DMG
  3. Decrypt the ramdisk (xpwntool) and mount it.
  4. Edit options.plist (/usr/local/share/restore/options.plist) on the restore ramdisk:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
   <key>CreateFilesystemPartitions</key>
   <false/>
   <key>UpdateBaseband</key>
   <false/>
   <key>SystemImage</key>
   <false/>
</dict>
</plist>
  1. Unmount and reencrypt the restore ramdisk.
  2. Repack the IPSW.

NOTE: This technique only works on devices that have an untethered bootrom exploit (Pwnage or 0x24000 Segment Overflow).