Difference between revisions of "PwnStrap"

From The iPhone Wiki
Jump to: navigation, search
m (oops)
m
 
(5 intermediate revisions by 4 users not shown)
Line 1: Line 1:
  +
'''PwnStrap''' is a collection of programs to bootstrap the loading of a new limera1n exploit-based [[PwnageTool]] image.
[http://www.bingner.com/pwnstrap.html Link to original info and some binaries]
 
   
  +
== Procedure ==
This is the procedure to use greenpois0n to bootstrap the loading of a new limera1n exploit-based pwnagetool image via windows or other irecovery and a supported device:
 
# irecovery -c
+
# <code>irecovery -s</code>
# setenv boot-args 2
+
# <code>setenv boot-args 2</code>
# setenv auto-boot false
+
# <code>setenv auto-boot false</code>
# saveenv
+
# <code>saveenv</code>
# run greenpois0n - it will stop on a white screen.
+
# Run [[greenpois0n]]; it will stop on a white screen
# extract iBSS from your custom pwnagetool image
+
# Extract [[iBSS]] from your custom image
# irecovery -f iBSS
+
# <code>irecovery -f iBSS</code>
# irecovery -c
+
# <code>irecovery -s</code>
# setenv boot-args 0
+
# <code>setenv boot-args 0</code>
# saveenv
+
# <code>saveenv</code>
# go image decrypt 0x41000000
+
# <code>go image decrypt 0x41000000</code>
# go jump 0x41000040
+
# <code>go jump 0x41000040</code>
  +
# Restore firmware with [[iTunes]]
# restore your CFW from itunes
 
   
  +
You will need one of the new binaries posted below if you have an Apple TV (2nd generation)
   
  +
== External Links ==
You will need one of the new binaries posted above if you have an AppleTV2
 
  +
* [http://www.bingner.com/pwnstrap.html Original info and some binaries]

Latest revision as of 16:53, 26 March 2017

PwnStrap is a collection of programs to bootstrap the loading of a new limera1n exploit-based PwnageTool image.

Procedure

  1. irecovery -s
  2. setenv boot-args 2
  3. setenv auto-boot false
  4. saveenv
  5. Run greenpois0n; it will stop on a white screen
  6. Extract iBSS from your custom image
  7. irecovery -f iBSS
  8. irecovery -s
  9. setenv boot-args 0
  10. saveenv
  11. go image decrypt 0x41000000
  12. go jump 0x41000040
  13. Restore firmware with iTunes

You will need one of the new binaries posted below if you have an Apple TV (2nd generation)

External Links