Difference between revisions of "Tutorial:Creating a NOR-only IPSW"

Revision as of 00:57, 26 June 2011

This will flash your device to NOR-only

Create a custom ipsw
Unpack it, remove rootfs dmg
Decrypt the ramdisk (xpwntool) and mount it.
Edit options.plist (/usr/local/share/restore/options.plist) on the restore ramdisk:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
   <key>CreateFilesystemPartitions</key>
   <false/>
   <key>UpdateBaseband</key>
   <false/>
   <key>SystemImage</key>
   <false/>
</dict>
</plist>

Unmount and reencrypt the restore ramdisk.
Repack the IPSW.

NOTE: This technique only works on devices vulnerable to the 2kPwn bootrom exploit.

Difference between revisions of "Tutorial:Creating a NOR-only IPSW"

Revision as of 00:57, 26 June 2011

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Miscellaneous

Tools

Revision as of 00:54, 26 June 2011 (view source) 5urd (talk \| contribs) (this doesn't matter, the mediawiki software will encode it to valid html (look at the source) (also, the dtd link was doing "....dtd&quot" in the link) ← Older edit	Revision as of 00:57, 26 June 2011 (view source) 5urd (talk \| contribs) m (NOR-only ipsw moved to Tutorial:Creating a NOR-only IPSW) Newer edit →
(No difference)