The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Tutorial:Creating a NOR-only IPSW"
(Better wording?) |
(untethered bootrom exploit need) |
||
Line 26: | Line 26: | ||
6. Repack the ipsw. |
6. Repack the ipsw. |
||
− | NOTE: This technique only works with the [[N72ap|iPod touch 2G]] [[Models|MB-version]] and the [[N88ap|iPhone 3GS]] old [[bootrom]] |
+ | NOTE: This technique only works with the [[N72ap|iPod touch 2G]] [[Models|MB-version]] and the [[N88ap|iPhone 3GS]] old [[bootrom]] (devices that are vulnerable to bootrom untethered exploit) |
Revision as of 14:06, 25 June 2011
1. Create a custom ipsw
2. Unpack it, remove rootfs dmg
3. Decrypt ramdisk (xpwntool), mount it.
4. Edit options.plist on the restore ramdisk:
/usr/local/share/restore/options.plist
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>CreateFilesystemPartitions</key> <false/> <key>UpdateBaseband</key> <false/> <key>SystemImage</key> <false/> </dict> </plist>
5. Unmount and reencrypt the restore ramdisk.
6. Repack the ipsw.
NOTE: This technique only works with the iPod touch 2G MB-version and the iPhone 3GS old bootrom (devices that are vulnerable to bootrom untethered exploit)