Difference between revisions of "Tutorial:Creating a NOR-only IPSW"

From The iPhone Wiki
Jump to: navigation, search
(Better wording?)
(untethered bootrom exploit need)
Line 26: Line 26:
 
6. Repack the ipsw.
 
6. Repack the ipsw.
   
NOTE: This technique only works with the [[N72ap|iPod touch 2G]] [[Models|MB-version]] and the [[N88ap|iPhone 3GS]] old [[bootrom]].
+
NOTE: This technique only works with the [[N72ap|iPod touch 2G]] [[Models|MB-version]] and the [[N88ap|iPhone 3GS]] old [[bootrom]] (devices that are vulnerable to bootrom untethered exploit)

Revision as of 14:06, 25 June 2011

1. Create a custom ipsw

2. Unpack it, remove rootfs dmg

3. Decrypt ramdisk (xpwntool), mount it.

4. Edit options.plist on the restore ramdisk:

/usr/local/share/restore/options.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
   <key>CreateFilesystemPartitions</key>
   <false/>
   <key>UpdateBaseband</key>
   <false/>
   <key>SystemImage</key>
   <false/>
</dict>
</plist>

5. Unmount and reencrypt the restore ramdisk.

6. Repack the ipsw.

NOTE: This technique only works with the iPod touch 2G MB-version and the iPhone 3GS old bootrom (devices that are vulnerable to bootrom untethered exploit)