The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
IRecovery
iRecovery is a libusb-based CLI utility for Mac OS X, Linux, and Windows. It is able to talk to iBoot and iBSS via USB. It's completely open source; the source code is released under the terms of the GNU GPL v3. The full license text can be found in the LICENSE file on github.
It currently connects to:
- 0x1227 (DFU/WTF Mode 2.0)
- Recovery Mode 0x1281 (Recovery Mode/iBSS)
Credits
westbaer
Thanks
pod2g, tom3q, planetbeing, geohot and posixninja.
Features
DFU 2.0 (0x1227)
It can upload a file, such as an iBSS, so that you can unplug and spawn a shell with 0x1281.
Recovery 2.0 (0x1281)
File Uploading
You can upload a file to 0x9000000 with the following syntax:
./iRecovery -f file
In newer builds that use libusb-1.0 this is now
./iRecovery -u file
Two-Way Shell
You can spawn a shell to do all sorts of neat things with the syntax:
./iRecovery -s
Once it has spawned, you can type 'help' and iBoot will respond with its built-in command list.
Single Command
./iRecovery -c "command"
Sends a single command to the device *without* spawning a shell.
usb_control_msg(0x21, 2) Exploit Command
./iRecovery -k
Sends Chronic Dev's + Geohot's latest usb exploit. Implemented into blackra1n. This was updated near October 17, 2009. posixninja's fork In newer builds this is now -e
Auto Boot
You can now enable auto-boot by running:
./iRecovery -a
or by sending /auto-boot in a shell.
USB Reset
Reset USB
./iRecovery -r
Batch Scripting
iRecovery now supports batch scripting, this allows you to send commands to iBoot from a pre written list of commands, this also suports scripting such as /auto-boot and /upload <file>
./iRecovery -b <file>
or in a shell:
/batch <file>
Raw Commands
You can now send raw commands via the -x21 -x40 or -xA1 flags
Example Output
iRecovery -s
====================================== :: :: iBSS for n82ap, Copyright 2009, Apple Inc. :: :: BUILD_TAG: iBoot-596.24 :: :: BUILD_STYLE: RELEASE :: :: USB_SERIAL_NUMBER: CPID:8900 CPRV:30 CPFM:03 SCEP:05 BDID:04 ECID:000003293C113D76 IBFL:00 :: ======================================= Entering recovery mode, starting command prompt ] printenv build-style = "RELEASE" build-version = "iBoot-596.24" config_board = "n82ap" loadaddr = "0x9000000" boot-command = "fsboot" bootdelay = "0" auto-boot = "true" idle-off = "true" boot-device = "nand0" boot-partition = "0" boot-path = "/System/Library/Caches/com.apple.kernelcaches/kernelcache.s5l8900x" display-color-space = "RGB888" display-timing = "optC" framebuffer = "0xfd00000" secure-boot = "0x1"
Maintained Forks
Updates
Chronic-Dev are working on converting iRecovery to a library more info here chronicdev/libirecovery.
A C++ port is also in the works dubbed iRecovery++ more info here GreySyntax/iRecoveryplusplus