The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Talk:TinyUmbrella
Didn't he used to support Linux? --JakeAnthraX 19:59, 7 May 2011 (UTC)
- Not that I know of. --Balloonhead66 21:56, 15 July 2011 (UTC)
- The JAR file is in the Mac .app file (right-click>show package contents), wouldn't that work (sortof) with Linux? --rdqronos 20:02, 18 July 2011 (MDT)
Restore / downgrade iPad 2 GSM without baseband
Does anybody know details on how semaphore does a TSS downgrade of an iPad 2 (GSM) firmware, without modifying the baseband and without running into a recovery loop? (see this screenshot) The latest TinyUmbrella release supports such downgrades and there is no bootrom exploit that would allow a kick out of recovery. I thought such a downgrade is possible by getting the SHSH from the local backup and the baseband SHSH from Apple (because of the nonce problem). As long as Apple signs the same baseband, even a baseband downgrade from an iOS5 beta baseband would be possible. Or, in the more common case, a complete restore from iOS 4.3.4 to 4.3.3 (including baseband). But TinyUmbrella doesn't even try to change the baseband, so his method must be totally different. He also twitted me "it is WAY more complicated". Anybody knows more? --http 06:13, 20 July 2011 (MDT)
Source
Where is the source of TinyUmbrella? --XiiiX 16:46, 14 August 2011 (MDT)
- Take the Mac (.PKG) file look at the contents. I am on Windows, so I extracted it to a SUB-dir and navigated to a file called Payload and extracted that to get Payload~. Extracted that to get the app and then the .class files are just Java files that can be decompiled with any free Java decompiler. PS, I used 7-Zip for extraction... --Balloonhead66 20:10, 14 August 2011 (MDT)
Recovery
Does anybody know how TU puts the device into recovery mode? And how to go from recovery to DFU? --Dylan Laws 01:18, 22 January 2012 (MST)
- The iTunes MobileDevice Library has a function to put the device into Recovery Mode. --rud0lf77 08:36, 22 January 2012 (MST)
- Do you know the command? --Dylan Laws 12:32, 22 January 2012 (MST)
- Learn Java, decompile the Java scripts, examine. done :) --5urd 13:47, 22 January 2012 (MST)
- In the Headers of MobileDevice Library you can find: AMDeviceEnterRecovery , have fun with it. --rud0lf77 14:12, 22 January 2012 (MST)
- So, no execution with the DLL through CMD? --Dylan Laws 14:41, 22 January 2012 (MST)
- You can't execute DLLs, you have to get the MobileDevice Header, include it in your Application and then link against the dll. --rud0lf77 15:55, 22 January 2012 (MST)
- Make a C# app, and add
- So, no execution with the DLL through CMD? --Dylan Laws 14:41, 22 January 2012 (MST)
- Do you know the command? --Dylan Laws 12:32, 22 January 2012 (MST)
- The iTunes MobileDevice Library has a function to put the device into Recovery Mode. --rud0lf77 08:36, 22 January 2012 (MST)
struct am_device { unsigned char unknown0[16]; /* 0 - zero */ unsigned int device_id; /* 16 */ unsigned int product_id; /* 20 - set to AMD_IPHONE_PRODUCT_ID */ char *serial; /* 24 - set to UDID, Unique Device Identifier */ unsigned int unknown1; /* 28 */ unsigned int unknown2; /* 32 - reference counter, increased by AMDeviceRetain, decreased by AMDeviceRelease*/ unsigned int lockdown_conn; /* 36 */ unsigned char unknown3[8]; /* 40 */ unsigned int unknown4; /* 48 - used to store CriticalSection Handle*/ unsigned char unknown5[24]; /* 52 */ } [DLLImport("{ABSOLUTEPATHTODLL}")] public static extern mach_error_t AMDeviceEnterRecovery(struct am_device *device); public static void Main(string[] args) { am_device am = new am_device; am.device_id = ... AMDeviceEnterRecovery(&am); }
- --5urd 17:22, 22 January 2012 (MST)