From b32a8bfd365409975e2c70f8279482eb592d24c7 Mon Sep 17 00:00:00 2001 From: platinumstufff Date: Fri, 2 May 2025 01:26:13 +0300 Subject: [PATCH] finally fix ioaesaccelerator 2 --- .gitignore | 5 +++ README.md | 4 +- bin/Darwin/aespatched | Bin 0 -> 31636 bytes bin/Darwin/compareFiles.py | 32 ---------------- bin/Darwin/iBoot32Patcher | Bin bin/Darwin/irecovery | Bin bin/Darwin/jq | Bin bin/Darwin/lzssdec | Bin 22704 -> 0 bytes bin/Darwin/partialZipBrowser | Bin bin/Darwin/xpwntool | Bin resources/setup.sh | 7 ++-- ssh_config | 37 ++++++++++++++++++ start.sh | 70 +++++++++++++++++------------------ 13 files changed, 82 insertions(+), 73 deletions(-) create mode 100644 .gitignore create mode 100755 bin/Darwin/aespatched delete mode 100644 bin/Darwin/compareFiles.py mode change 100644 => 100755 bin/Darwin/iBoot32Patcher mode change 100644 => 100755 bin/Darwin/irecovery mode change 100644 => 100755 bin/Darwin/jq delete mode 100644 bin/Darwin/lzssdec mode change 100644 => 100755 bin/Darwin/partialZipBrowser mode change 100644 => 100755 bin/Darwin/xpwntool create mode 100644 ssh_config mode change 100644 => 100755 start.sh diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e2fda57 --- /dev/null +++ b/.gitignore @@ -0,0 +1,5 @@ +.DS_Store +ramdisks/*/ +resources/ipwndfu/ +resources/firstrun +ipwndfu.zip \ No newline at end of file diff --git a/README.md b/README.md index b857b82..ae5925a 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ Bruteforce A5-A6 numeric password with ease. # Prerequsites -1. A computer running macOS. +1. A x86 computer running macOS. 2. A compatible device (A5-A6) # Usage @@ -39,7 +39,7 @@ The tool will use the AES engine as much as possible with no restrictions at the # Other Stuff -- [Reddit Post]() +- [Reddit Post](https://www.reddit.com/r/setupapp/comments/1jn09d5/release_iwannabrute_bruteforce_a5a6_with_ease/) # Credits - [AJAIZ](https://github.com/AsyJAIZ) for original bruteforce method. diff --git a/bin/Darwin/aespatched b/bin/Darwin/aespatched new file mode 100755 index 0000000000000000000000000000000000000000..f5ddad1feaf0a09d2e0d395286f481a27379099d GIT binary patch literal 31636 zcmeHwdwf*Ywf~tsNDy#_hZ>&@8VV7M86=p9)eOm)b7Tf0iH57i$z+(2U|yX$1F;H@ zPNwE~I+|YfmS627-rAPiTd!$ViXs>uC5T=d?L*W)(pKw<(HgY{>Vx@x*FO79W=;Ym z+&_Nz_xW&iKi1xRt-bczYwx}GW5O>#dH-0BAXqX5A(9~of(_0-Nf2U@Ifx0uxo{$! z*IVhVaNX=$wUScPKTA3|CPZ}FQGwT6?OI)(UWDP7rl$!U25&+(9EJ3Gy>g&k*5f*y zPH%V`8iR~bfnJ8-tdZgbL{dSoHzbGaLdhgEe`~MQ>E-f98nA(o%jrR6?9=Ia8v;#j zfgn=M^qPuwdfl8J!6f(OH;TV?e!n-+?hmxdUfEY?rZ@E}ot}seq>tb&y zIoQ~;j;EOERewpRH=FZEaO!8K4SKCDp^*+T(~DfA)9d0y2u|ydRN{zxz2TOPjV)`v zjV<-93{LM~+qF8q_c$KGW}Z?>lHPTqEnaWAv)Y-GQ>xQp3Qx&^*+&BaAL$#3)Zo?Y zZE5m`Zf~w@ZSuCs!Q;~7=!_ok5+Wy%eq6?4y65$-YaNl=X#Q-aI)CjPhhQ_kg*=Y} zueZr}BK|soPhDEe`<38Sdeq+3t{&a5>GB(fEQ!==E_{LwSs{7UH!_d7r4`Fv<&rT6 zRPuf(3y zT(2O65q<{6-!fAWrXbF%66PUJZZaIvcEKI*TU{>*jbmhsT=kC7c5xlSO_K>>lk0fDdn>ky@l>dFJE{dR}X2Uj#^~zQ;vDaNPwBc>B zZ*Kyhs2mcb`*Lq_e%ZOkd8^aAW^a9c{Xzpjtv>PY_sCY0lp~^=ov{czOH~jRSAR5- z8NSJ*Zp^K>e$ZQQy(=bs3c7tU8v^3OtsK#wf#o47zmTGz4_l+}zzybtM?0swOUSJJ&!4uUl6*v&Yi|S!6KbwOjZT=i0wO>+ai^?ChS`bDBqVfk( z*`rNG9tu0D@Fj$=^l3-!g5cZ<^GX=}32bJ!G9*U#+QjHzh6(>Em}ru+&#nA`*cGEM zT14eL)Bv~gcrFXxVFG+tdkZDY_Geutps6;asdhr@ixnb31+1wr>lCHvXJ~3JYwBm` zgw8Ej2B@io;EwN{gTNDeE9@Bhl3V#pDnpkr^gg$;lZbML7?$#b`Gl?Gaqbni7?$3duW?u-~QjCkGq7tVJG1{9~FIrnz=X9Y6qw!a*6K1p6=jtWS`&w57i769cI03L0`!^qPmkwJ6`mkUqp}A6CX;9h>1|qpZ3M(gBP-qQwSgK zU<9+lR_!N=gnSirW7_4^&Y}(2nmvn?0zsQPTM+JxQ}-R-ZLxM7LYiBBn$@K~Ox-zn zkfN`IiMo|{5|xEcWj`s*g(*A^fC@_fJJqSYP^zycx9GY@CqNA*4ctu zoo8__JzKs;j8|FE6B%O3i=y(Y4etz<^bcCMy#oD)GH7RAWT-ev1ADJ$N!>~LKfMsL zU&RJ_Z-zDcYb5Jq0n+;=WRLP9mA`;kdl`jkus$@G#K43i#uD;WQQ1k{X?L=8F1r}@ z0(y;g{D^*Bg`JM57ClL{qx*9qTPmQviJcO(PMZS~huI*ofUe4PT+3&P)N6Vo^_OO4 zm1Td62w|RC>gu<~{sR*LrVR1!eKZlJ%vos7WW6=t#5DKp3~G&l)`;Q1*7(LQxfHeGi1t z7uyb>w&TxFM~-$2Au6%0EUOJZb;kafjF`|DYo~ya`(j&0qFp1=&XH(@M|atQ@GKE0 zCe{)CzSwif{F{|1cT=&x*gjs`n43x=MwF{Wz$(;L&8 zXO~0QtlM&&ofaw4=T=!+DFJ*I^OSrZ9uU>18JFtAA~CBB4^4JCUT_?C^g3P@l~=@q z-QwN5E;>h0zx~ z07gkH1s}OpCIuHNi?d`=$;wAHZPb)_oKUn7G*46?rkYhoM2!>8f>(fK=|>G+tne&U z_Aqs8lwk|j*j7{_D*IzESUb8ARpZo4NWc;e`B1V#CDb^ni|Bv27lC!#)ahdUCZa`T zJI^#{&zdg!pQiqgZ?-5qDbhL1p~iaCI+R({VvK54CY_Lb*n3Bx9O(cMQuQ(on@GewLiQiweXJhi6;2Rp(8L?AaXo#J+Kcb=#|=_4}_`?@<{#5%;>d-RxyMdY-^tXU&vB&7+7>;XH9kfwb;`=hWqg>}Qqps-1II@{BNnplj0G_dM!;(7(fD_2DTwx#qQj^R=3}b)9;&%77Qr+P zMlp|cB1Ru*OdX-oKn>%hbQ&~4a8k4|R-OmR#vdok2A07g1iEFwD(98~#j)zPBOuFQ z8YvMh13O??1|KlXpb!8gaX%!XxrsMSMU5eOUv z&LdG$QSI>AWED^)%qrN2G|Ymm9`)h*NFLmVr1Z%|Ecggh0MXaxVs(X8pfmBNdcMn5dIV^v|;(<9VrN-$9DY@jgVfJhfmylF>B1pSfh& zG(Vy)+LtF$nWEoAw0w1E5;}`5wM_A}YY`v(7J5nBq^Alb!@aa{#&=R5Xg^2XIt367 zKJEK}hK8{>U^)bpp)vqNHu5g!$!}+~YU@qaeix`@RJ=qa))PWAc@2bhl7>8}Q=Da@ z=msS)Mx#U9KvZWD!E?x)LEf~XMg%l}v{A`1=8x5SdMWibpI6w7QL3l&8AG0{6%hH0 zK#kf>SVQLyO--pN%qlvf<>-haX&DIm3}fsAoJkK=p%6E$t+Ag#X9k~yM^t7q^u*9c z7QUnXdlnPn`B1J@yQ~aUAi|+aZWE(4sW($;Zqvv5b%^aG;ycM8)~a=C{|)^~rS=a@ z0T3UR)UE{OQI_6SERi%K#nPM0c=$kj5ZKl!*nW=eKix`&tz0?aw)Bch1!l61cBP-K zI2H3cuajzAECdX5;&wW2g} zU`_=vE3wM%QEDndH*rv@sTS1=ySTJse(+I{kG&4^gPY*d`X&J%EwMT8%jm4g>Z`~_ zy3m(HR{(=O@D5jGS)}+Xs@~?hZ${Wt-dR)Fmy=2PUGS3l)@?J&t=nn}mHyoWS#t%L zf#s9?m5R#fpRJiSz^?9t!2$)j6->om4cDj@xkH614I>_@(dGB8hSf3Bt_x=cqOIf{&ExG>uPk73?WjY|IjHLV6`hMgV=dEi7pF*6}X+)pW=+7HP zpRSxh-=@hr{rBxj`Ya3dXQa@tJ}!L~TU^=;Ux090A5n?lfOgEvamSy^VXQ`XV;TOs z9*^IdldD$}qUZ)J3ud<+4wg?U6wj|-?-En1jDbG=Se z+ky~vFxrn1ZDx-e^wapyVfCDhf2Us89$K+!;|KnaVNs&}RK9N{DJ%gQzZV6P4w)qEc46pXE_CZJb;Kg+nVq<~+z5h3;t6 z>KX544SHz{CL6V^RE#fQEtVXRUpI<@9xowii**dpXLp~ZiF=uR=zOypE8A;aOcQM9 z7&@>MX5bh)@IxfKl{;#sXkv2kqVoH`Pa-BATkYz2ORjP&AhFHg~iU7c<3ZA~!e< zY#1^ddQv-v+wT!6T817SJ-;Q-hn>nVCFR$;6eV?61oWZ&)($J{h)fKu0w)f4LzhVE=61>d3%B)&0mtE3FPQv$IgXT{1uwB)YsdG9 zFdu*-Ha`Gey;+zmP?vp0$qxq&|k!QR@ktueg+%Fc+kX z@FI77lZ^>b{dokH;+XLsP$9W(As+r;%Z&+4mmR+eV49jLC#Zv4IR-gBOQK^^JEr|+ zI_7{EN&C#}tD%3mFJR@>?BASAQUs=}Us4j-dq~l{+64#ziYTe~l2~9DSUZLRJJkoi zj^OZaTllKOyK}7_ZB!`!^IQb5Ei1t)>pZaIj66>x7KEOHk7IeeXTiq2!CwQA)QUn0 zHkf>&q~T=Oc{5%39I#im2w$aeF*Q z6(=g^D|_AQ4=66FccJLYcB$Yqb~-^P@=rsn+$96n*z+I|{nR2q5&bm7+VN9H?yh!i zBl6MCST_;|S?}X)lBV}UP!iFAN~z#w6uAE}hOyEvEm)Z+ZV|0d9FQz8JKjW{?b4Ay zu)Q6f`<5_za<0z*kh|ke`D`ivJd=9-=~Pic9;FiOLpagdcP~kpKB=$5&ci$&(!gNb zLpA#%r17)YaFu@UN~BZHT|H_=o@Z%=-P+-0B1uZmv!KET(TO@2iON!OizjoVC>88S z7nMF~8FZk$b_?uQedLuO#z$TjMb)B4G8)vguGeh`?NX$2`zNVi(f43eeJV!pAYJ+z zI6EArhUHpgQ2-cO#Rw=YyB4TQGU>S8`g|oXHhsBcp@>=V*N$$AcHn;=zZ%5M-gTF#dR6}`= zULb^jDaONx#JJ}*tg1<>9lhZlL_}0}iwh|Ept$?pYemaJ@s&@oZ^?4*!Zu5ATbF%= zI>O(k3b2sc+y%J)`AEANC+(bf;^hwHRoUGIABhE@xGlJ%Ti(v}Qah7Q!YO6A^{k?%madFXUF6QJYICcz-SOrFAO|_(Vsw==QDui+ zXNw-q44(T}2OxC7UqHe}NjD(a$rj9S`U+i}hYwfJAi-Sh_PGixwIz z7JSNP2WoI)GIC1}S!4Hcgz!dDy|Gspp6c2zDj07r^meW;=9G5DZoyQikAaOuMYo-n zQB*DZ5iA6ZfldlwJ2fDcnvS*3#K2~qf$%i9x@o&xZQeQ<$C&^hC;N(1h8y2M(aJKi zzxGlEDf?@-Rp^w4TXyPRkz_lMZsrt|+jLO&`0e;Q`|-<(p{*LYno zAvEebgn0V?I{97%^8<#*Z|VI8R?YaP9y_Q%lrttNmvI*L^3Htw6%|g|xMO$dSMv^v!eLSu>cG-!LzG-#6#&Tw&q;;3; zHK)>%PozY3Q?JKz%z5|QJ%FICcDzuLtmVHgx9*~e+^u}*Q3kZ{Qc>(e&Jk6{mKeV} zQ=DcS6h#?2lQ!(c)i;qpl&M2KTEKv)j}8(lNMoCx*{*3J zfZB6Z;0Y+Q_A|2CZ z0Q1Lg>$WiXdWS5Dv(Zw#Y*{QEcJ*51EX)-BNpAjt0>lv6y@4K9U^2R|Uuy+vcge@$ z0#OZbl?sk{Vu{T&I2w8rIPQ|8;VH?bW+)TWKiwTi(?&E1rw~04L`mkIFnn+nte0-{rv3OrfKE*PD4?xJ+|`kgohijD_2SR);@Jf9Z6={y$+C5GMa7<)pVUCF9EYE! zmjY-{qLLehUEUuYpNFQ}yEqjQm5-rcQlAU7 z(Yt*v%q}dX05qEWhpdKuASQZY;p9QVzGZ3sm2jpD3;CTS#j3!!RPl5-dag~EV z0R#y^p@$wc8HA`w>nCAN8A8uv(4ado!|avRO=JnklO<(SuC|DXqu1#u71~7`=YAI`fB`A- z3y;#0D<)nUFZtvyfzK(qcs9uj&8%V#vG63Gs*IMso*zQ#W0O(A5v@78~Z($&&AlQo2Ni4 zXnk7CCo2o{#DGsn)%l-zm)l8J0<3pGygi~i_E{C`EKT~ zV16a@S24eu`8P3tHS=#~{+F45EAwlaU&s8l%&%uY*=32j>zUug{1)c7F+a$B8NNGy z;lmJ!vnnw+hOnyvJ9A<1ujr_TTPgNCiv5scuTqRoVFu|t!bn4e-l zrq~ZD)=jbZDE4m@yBxz~@aq)2jbisu>_-%9r`X#RYoXXB7|DZcDOOIgn?w*J#sF(T z(}cnID0Ty-{h4A1D0YZqf1=pS6dR`4K8htMMiW`XG%Rt0Jrp~iVn3wVr4;)%#Y!ml zuN0%VOM`Tm)=)#S%@nJrm`t$^6kAWR7{zK4OFZ)ZsF2x>1`0weM9DsiOhN2XteL`B z0j$x}1>rTGvx9QZgh*)_*+xJ)fG;52OTf1Q&{pwX0!Z>WO%T3Hz$DZJwGey+&<_~F zh|orW2LOd(@`$0i2pNGl01&kn%GnB;G$Fi`fXji6jh8T;0FnYTaS#_K!#bfRWKa%S zdsv8tpOW_h09>62Qz>T#_@~65karmXO3Wc|7l3^TXAvtZX@6VAW+yyUI2h<j;4C*q3XlXX$~5 zGiE)9E})6rKjAEYfVTpUeU|}|a*7cO4tUf7>|4rnu19FW6wauz9K`V@9x2G2N0Hx? zM;}G75fGM9f%o8oaO_Jw^4ka+%xe7?BatG+;ZZnCCp^Oa4V>^zIO+!W?SxOg_7{Q< z!Y!c)eFh)>piIQ(!u3(&lWuq#N?pLd8$-Tz zfvfC-{p!Y+wy^BIEf8!8H2Ho0hQKxUt6Re|CDu1K1+Fw~S$ zl)i8w%2)e>>jJX9%_qxXVT2S22JO;Hr>n~8_XnB+L7$8S6!SL#tCB*ZHL3)vY^|>k zfh20U&W9GPwacycjlo7afCw7EaFLqQWP8ZBK`$q4tP_HDhLrShMU{Mo*XwXBuJeT& z{odAk{5m<{YnJ>gs*vh$@CChc(AOx3B)G zsilHo2SE*C#DU+!Uo8j&iv-~@3a>!nFX_L>ohqCq)CyThz*LBOhR+l-25drR{|tmP zgsiTaLT>j=A*XkykU20*m}JMjaMw9Pb~h%)-V22c8%<|(gv`Q=1xwc@z|R-5hUW^F z0Sq?qYneVJ3o`hyTUH?L6GW!l5ms`QZ)jX`@VG|GUiA8lJ6(%pQPAV1!1wE}ma$*URN{{B|C8^RUo>P4yXkm_wr;BQ)n5 zu#HEIzbjy*8(}5avtGN-U)LNx?BQYm#X4-m>Pf6cFzr*=g%yKB^EW&{J-uf^I!v>E zDxSe#&o$}kbmEu#6_)Gyg@!yY*WuM&SGiXJ4dyn$a&gpLDu(@6X z&m0={8KF7ffQ|MInA&ILpAJt;;IsrzOW?EwPD|jl1Wrrfv;&YvR&@U3%cPbQ4#6yvO`lPdP{PU-xaD7wjMrzB}bPmRe zzob2c^Sc&TrN2ptXuK_nQzeB{N03@hwDQs}`>93!W3sc@9|#6r zLgXlZbIraqW*7T$_~{Z-D=+fPx3>jwxVNZrZF>!e=*9{(uDLB+-}e5&9IM+dtx;M?pFNLPjBgH8sii!sBF>YR4rA> z$rcHbfpjTW-?YL}h(FBN-tMbw+~8P*c&O3qZ}NpgUXmjFn~5MckX38z-eT!K#EEVw z^tLQo?46KQ*yv3eg0)<>r$lS4p;SFKr4!3r=gKs!PmR)8JgxOrLbK`5P3S$^eU!)e zm|NR~d~;%puX%LZ#!+eBb?xn5{7ukMYm2X`QNG=~p-_l)^V1&CpMhBte~Z-Tzs>7! zxXrsR>Iyi9ZJD1|@SsrU`S{%n)FkN12$(rtNa zY}At;-A4{3hYBZAWm3tL@g3Qkq1T;695>s>STJLroNM|iudWWPZe2%463yyx$~vOk z2*FMZX~K>AA3ZI zo_OXdVwYU{@(DQ}I0X_*LV*@Jczc<{wW{h0FZD+MsZ-IHJ0W=J6iAeFISiZvZd1tB zOss3^xZ_;u%6QGgr-W_reKZZ5>mG@9IdqPgi)5sltGs|AvCg#2q;_3_Ye?K|LetjP zHOgKe{sb}oW#dN7x!z!ajVE1uy2i#|+}P46yRbf>{w-q{De^Z3d_mWGD$<=+q(mQt z(DdWnWExH1nnX*Q31~R0v`5dXl1p&e+uVrj;{Z!Pl);vkx~~R;tyJ>>D+epW=k+zw zxP?)r|9$Dk))p$DjTER0tZQt6d4&sM${8NX36Ok@^rIu`Oi)xdl4)Ae>TzF88J(0- z?{8`i=@T0R>zl$MR>c+u(sekM?Pd@zgs~K28evc<5V(ysq=$iW0F9vB?F?kYl)zpB zn*+`M<~9Nk7+~A&1om^Vxpf2M;t+?S0hB#JAgp^#pa9ut@#0Q6!zgb8kga8@4jj|U*?wRGq%)#yX_J#`_`b;Ko{Fp zMP8wyS_oze!{-Z`!oUTfl3c5VuUnEft*|9S$l%MKu-h`ud+_^#bke0x$vElt_=6dl zS&>abW>yb*1Dn95!OMSVjFXo~GRMKo!k)xMLeWzb$g% zaAqyOHd~LyX7A4E%^1$;${5J%&8{5IM)E+$Kt?2EIFog2FYY~UxNi^P<;q2t2opSA z)ji5#<6iVN4jcD%)9`MG${Y8g%Q-yE@AK~FuyIfNJcoPj`aRy?Io!|Tf~h*a$Q(W2 z$zkLEk{%dQea1cJ4h|dlnMXKm+-r(>lR)K-`^`rb* z_nQibjeE#G4p;K~$j=RY4llLp^ytk4$@AMBrne6S+i;Oc_0by$g6SsAgM_rH&E*tmy(o#08(2YwGr&szyL?q%r}6~V?m`9^{*5HdbQ1(m@9d!s_| zH{juaVvBu`>M&)o?@uQ9VwBXA^nA$#x0zr}KxyUon&6`*_=^~xsq`C7@KzH{uisP4 zp9@_{g;$v1s0rR~fm za@it8kfeX~VmTG2m&&Pdvk9j6$v}n{>fa_EPSX3P3I4GO-eH0dnBYI?aFYJ83C_g& zl3M>16Fk!dpJ#&SnBW2v>@dM4CfI3$B@?{L1mA3e>r61FeZc{@2#%h&(HlBUxh470wG+3+IEYgY(0! zg{y~afNO+X4|f|}6I?S~3mna@ZE##m zt1zGYfTtDzlLMbr{8KvVNg;5eBc3sejdiw@QY^Xc9y!#Z+zFlL(EZYck!Z6#VI(@W z7>zXk1EY!Jnof#N5uF`)Oca-$uum9iY^k1DKZy?pw?oGHy{aQZ173XQtMIq^}pi{_(II42%(CY*5&9gdZH zFG*F8?<$f?j(yK};^rB%(5WHw+2}aPCl=C4YCZ`vubJHuq3!H02q9e&Qh-}QT=MBB zv4|Y!2$tuhp1ty=$MZaJ)4r0Ca`U$MJo*lh<>)DyB zw_ZPN_15dBtloP4c-1&pWg!k!DP$+96rm$j{Qq;YHY3x2XMKAQ**wcusLZ$&45KEPP{jyUss4vl}R~38lKe3V2W)~`*a2J}) z%M)C0l`X>k6`13zej0Pfk&??*jTcMal0b{Et_e?@>ZR2_e4(JD#OrMg;jI%%J=w&n z5{R#8gRcpqmqWot*zTebe&@Oo?`Xy>21-j%g#Gii!LVO$L^bSc&QWAgHGXL9BV^m7XsFX!lj80lS zI;m)M(h}-i7;Wk6;z`yh-Sn$I6{NBWA{A0!n+JuzY7sg$o%3<6GbWtz%?e|;_9Rn@ Vj%04_$&k`oo3w=W*5VxT{{n|eIU)c6 literal 0 HcmV?d00001 diff --git a/bin/Darwin/compareFiles.py b/bin/Darwin/compareFiles.py deleted file mode 100644 index 59207a9..0000000 --- a/bin/Darwin/compareFiles.py +++ /dev/null @@ -1,32 +0,0 @@ -#Copyright (c) 2020, @mcg29_ - -#!/usr/local/bin/python3 - -import os -import sys - -if __name__ == "__main__": - args = sys.argv - if len(args) < 3: - print("Usage: kcache.raw kcache.patched") - sys.exit(0) - patched = open(args[2], "rb").read() - original = open(args[1], "rb").read() - lenP = len(patched) - lenO = len(original) - if lenP != lenO: - print("size does not match, can't compare files! exiting...") - sys.exit(1) - diff = [] - for i in range(lenO): - originalByte = original[i] - patchedByte = patched[i] - if originalByte != patchedByte: - diff.append([hex(i),hex(originalByte), hex(patchedByte)]) - diffFile = open('kc.bpatch', 'w+') - diffFile.write('#AMFI\n\n') - for d in diff: - data = str(d[0]) + " " + (str(d[1])) + " " + (str(d[2])) - diffFile.write(data+ '\n') - print(data) - diff --git a/bin/Darwin/iBoot32Patcher b/bin/Darwin/iBoot32Patcher old mode 100644 new mode 100755 diff --git a/bin/Darwin/irecovery b/bin/Darwin/irecovery old mode 100644 new mode 100755 diff --git a/bin/Darwin/jq b/bin/Darwin/jq old mode 100644 new mode 100755 diff --git a/bin/Darwin/lzssdec b/bin/Darwin/lzssdec deleted file mode 100644 index 3143cd4a128976bdaaeefd2cafdc4eb92a5361b6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 22704 zcmeHOeQ;FO6~CKoAcT*X0P@imc{rOIDuE;fNWfs$-8FB`h6EB!ip1w;_k~20Y}|dT zp#_XAD|tND$=FfRj?=WItz)aDDk-8uAV`9x5SR|2pn?u`1EsYsjWHnGbMAYaj}@75 z{Li^}=H7G9x#ygF?(d$vz`c*71DCIlCd3d=NOK$^Bn9f(1VVyj7W4?24po3EiY4X( z+bY|NVw8?7hLP+IIrNhT6NqA&t)gtC3bp4)%81TGYy`p~qx4}>l%*zFXMn`|yD}LT z19EGkrh`1LYp@te^I#u3qUe+TRlY${tiPNYnm@z#te&7hMAKH;-?P%Oy%pE~!x#WoK2azbm@GJN1B&AK@<=s7^)E<&(X&4QmGZk^7Nx ztG3<;^i4&6c!~8bivEVjY8%{QZ9}yO6l3FSovHb2)SVz7>tnco%##+FTNJJ4GV`zz zUh_kebs6xq=se~L1>@xJh8yf1C{gHgtX#fSYZe-1Q-Gg0fqoWfFZyTUHhlkbf#%qPjUOU`Wppv=Ve4lxxxvW$O z{G-XP^qG~2IS`36zk|SVTc3vZEwr#@UKU)PcJI!ie>xYu2>-_C_7oTb{T_Kv zpx?~}Pk}^Dm;rN!1cNeuGIY51;<&&UZvWkZjyNSD4kVWrH9sClgoM{iP z#-T*Qn?c7s`(6K$-nT&_sAK5}gleF}HFS=5i-MQUI8L}t&w^!f$auR=>9x&1Cxn8H zxFW@9qBcV49mL9^^a-Jm488Cc&{tnXCG{B;Kqh?*`2v}w$MAW03{0X@Z6UXt+h_y} zyWvbA?^ak1k#7Zy7pX;#`V9KX><~f=j)F~i4_tK@<(}s@KTI9Z*g(~mgxl~&zJuG8 z4&p%GNstnm2RHX=6GIBW4CZ^rgPf*tcrzI2q3dz$2=s+FKt2pco~k(*jJz1^^ugR7 z@3PF(fxKEeTN%t2#%)z|AlQ3hw#?I+9pUkye<=sX4%0C_Odo)VW`Y*UmvC)G56PvO zF!(79hOb3Mg1UZ(5RAwP;a5PUoDu>Dn(jBRHdmS-FpHI)p#LiRKO!idL#i7=RZu<- zKMC~G`PgHcR-_!XD@X0h6+yY`P<+W&rQ2cnOi(P-9EyuqdK`wcz@*uNhqz5fIFrHS z+@@==L5@&*8L$rJGlz0cP$wxT0t4~f=0mu5E_o+$82%Z#fb%v2e!Z`OIFPpt7ER*cLnJE0pp50`u%j0Dw^EWqIxl)~gKq{U*4SSq?Kh%V`h zhp9>LYVay>yFcN%jeiDyxN-(6$Kz4%U5Hw`ADl3BuK^~TrW95HDb27dr}mvSrVY|A_UZhp^@Gfpb6wHq+@`__?@u$7+k=)RV{P? zJaERSR}*^e1OzBTY9TL#N&ux&KuHKK#~$Be5L|^0V3bk^tU0H}n50_rBi*wsz*;Ks zC$+Ewe{Uikie)uSfi$t_VPl{_k$a|tYwrL-JoUfCGR-$Zz*&|Qrg0lnuH%u~1aT5M z6%sj~Mx3Kg0+kZG(rpK)kn!hWeUR@nXq2|(BFNe?;KMrmoLS+7V27Nj7A9L~|656f zBu*Qa#N15s-j|WcNvP>CRVmcLoGmN0D@V-A-|Wigkgb8d>i~on#d_$$QHza2(V}<` zGoZ_YcgaZMryUdbr@U1;>oD|VdIy#eKi!-CFjN%mgJ3NXY`<9<707#zPLmFcopR%8 z9CR971fIj*G?*^RbheI&{+dJ0I|kZzl`{v{naaq9rH;^oGk{X&X|rlI!4{d-GE<4+ zgIW6p7yMF}nR2-H$#Jmn%2D`H4IhU1BJf8iXI`?}RJQIfd*NCgj`xx1e7%1Hp3W(# z1+ZlWX+D=)T&BDiJT6xXuHq8RiSiObEzj99E=fzAa=s-|a1}Tpi}-QBKS{s5}Pt;C$ajI)QilrFc*Y9`a993owxi5_>!&5@~d0 zXC(DMu*gX2725XEwx6~Gw7o{#>$Js(n@DOLZH=@YMcYJZ9ibUdfRed1lKKeH)*4tY z>Ae8I^EFejcLsa6VedHh@D{(f8+%K!w+DNL*n0zeKgQn6*jt0WHthMa_bm1{VQ(w+ zB0q0$ZYJ^Y0zk-on3NXm;GZ8`At-WLXMTeWF6b4i1IBB0=@Z}dt&-(o(aDYc1DUrK2baeEph9yQ@1GKo~z z`F%Bu`BXPwwN{pVNhCERr)ds0i}~t0=NcHw$Z8rPuBw$&-6)^m#JfC=YtiuLTIhmm z@QbO%;B!J$&j1!gl&<_$sN|VsJ=~xWDw$;wiRUf=9`NTI#7_uHz$1m#Z4Orujah|Vweh|!|^1p zc@#0c27hFwj5QjLRU}|tj<(;Xw8DHC>kB&FuG3d_x=W|~b$VE*Cv4=~@X7peClJ>+2@BWZ&BvKnYTu-^H(U z@G@m9DC?J9IQAei^a=}@8f3JqEZ`b}t9RDbd8lF&a#FodlF_W$04$*4^>~qOK^8u< zmp%SE;At_4VtoyK$S=A4vIPG>z=?~Us$c8Cz0K^@-;I7FVUI!9)DHl``<=UOPQ03? z-?eiFdeckqTk!4|?p+4$(tlHQ)_nN< z>tgso48J9Y$G6kr_V{oxoc~n}|8flfdJKiD=aDav#nV|!t_2_ZYQg|?V zp@V6wCu}rTqe&V~&uCr_CgfL+oY(30E}l1U!NSb!1=(4+qM8{GH zma3)sSdyYA8wd(!J=J^ugdhX+s zOYTp+{Y3lJ8COr9%>ToL)dA)6xt8*Q_vOtmbx(S@!Ezz%>Jy6|YTKUw-+9*nAVh}# zf0BWZ#$um7``sjDHpCEM2rvW~0t^9$07HNwzz|>vFa#I^3;~7!Lx3T`5MT%}1Q-Gg f0fqoWfFZyTU /dev/console echo "Fixing disabled" -cd /mnt2/mobile/Library/Preferences/ > /mnt1/private/etc/antilock.txt +cd /mnt2/mobile/Library/Preferences/ for file in com.apple.springboard.plist.???????; do if [ -f "$file" ]; then - rm "$file" - echo "Deleted: $file" + rm "$file" > /dev/null fi done -mv /mnt2/mobile/Library/Preferences/com.apple.springboard.plist /mnt2/mobile/Library/Preferences/com.apple.springboard.plist.bak +mv /mnt2/mobile/Library/Preferences/com.apple.springboard.plist /mnt2/mobile/Library/Preferences/com.apple.springboard.plist.bak > /dev/null rm /mnt2/mobile/Library/Preferences/com.apple.springboard.plist > /dev/null rm /mnt2/mobile/Library/SpringBoard/LockoutStateJournal.plist > /dev/null diff --git a/ssh_config b/ssh_config new file mode 100644 index 0000000..13ce31d --- /dev/null +++ b/ssh_config @@ -0,0 +1,37 @@ + PubkeyAcceptedAlgorithms +ssh-rsa + PubkeyAcceptedAlgorithms +ssh-rsa + PubkeyAcceptedAlgorithms +ssh-rsa + PubkeyAcceptedAlgorithms +ssh-rsa + PubkeyAcceptedAlgorithms +ssh-rsa + PubkeyAcceptedAlgorithms +ssh-rsa + PubkeyAcceptedAlgorithms +ssh-rsa + PubkeyAcceptedAlgorithms +ssh-rsa + PubkeyAcceptedAlgorithms +ssh-rsa + PubkeyAcceptedAlgorithms +ssh-rsa + PubkeyAcceptedAlgorithms +ssh-rsa + PubkeyAcceptedAlgorithms +ssh-rsa + PubkeyAcceptedAlgorithms +ssh-rsa + PubkeyAcceptedAlgorithms +ssh-rsa + PubkeyAcceptedAlgorithms +ssh-rsa + PubkeyAcceptedAlgorithms +ssh-rsa + PubkeyAcceptedAlgorithms +ssh-rsa + PubkeyAcceptedAlgorithms +ssh-rsa + PubkeyAcceptedAlgorithms +ssh-rsa + PubkeyAcceptedAlgorithms +ssh-rsa + PubkeyAcceptedAlgorithms +ssh-rsa + PubkeyAcceptedAlgorithms +ssh-rsa + PubkeyAcceptedAlgorithms +ssh-rsa + PubkeyAcceptedAlgorithms +ssh-rsa + PubkeyAcceptedAlgorithms +ssh-rsa + PubkeyAcceptedAlgorithms +ssh-rsa + PubkeyAcceptedAlgorithms +ssh-rsa + PubkeyAcceptedAlgorithms +ssh-rsa + PubkeyAcceptedAlgorithms +ssh-rsa + PubkeyAcceptedAlgorithms +ssh-rsa + PubkeyAcceptedAlgorithms +ssh-rsa + PubkeyAcceptedAlgorithms +ssh-rsa + PubkeyAcceptedAlgorithms +ssh-rsa + PubkeyAcceptedAlgorithms +ssh-rsa + PubkeyAcceptedAlgorithms +ssh-rsa + PubkeyAcceptedAlgorithms +ssh-rsa + PubkeyAcceptedAlgorithms +ssh-rsa diff --git a/start.sh b/start.sh old mode 100644 new mode 100755 index 8206de9..acab1a1 --- a/start.sh +++ b/start.sh @@ -1,6 +1,6 @@ #!/bin/bash -script_version="1.0" +script_version="1.1.0" mk_bruteforce_ramdisk() { device=$1 @@ -148,33 +148,10 @@ mk_bruteforce_ramdisk() { echo "Patching kernel..." - #offset for lzssdec - OFFSET=$(xxd -p kernelcache | tr -d '\n' | grep -bo "cefaedfe" | awk -F: 'NR==1 {print $1}') + ../../bin/Darwin/aespatched kernelcache kernelcache.dec - if [ -z "$OFFSET" ]; then - echo "Cannot find offset for lzssdec" - exit 1 - fi - - DECIMAL_OFFSET=$(($OFFSET / 2)) - ADJUSTED_OFFSET=$(($DECIMAL_OFFSET - 1)) - - ../../bin/Darwin/lzssdec -o "$ADJUSTED_OFFSET" < kernelcache > kernelcache.dec mv kernelcache kernelcache.orig - PATTERN="b0f5fa6f00f0" - HEX_PATTERN=$(echo "$PATTERN" | sed 's/\?/./g') - MATCH_OFFSET=$(xxd -p kernelcache.dec | tr -d '\n' | grep -abo "$HEX_PATTERN" | awk -F: 'NR==1 {print $1}') - - if [ -z "$MATCH_OFFSET" ]; then - echo "Cannot find offset for IOAESAccelerator patch" - exit 1 - fi - ADJUSTED_MATCH_OFFSET=$((MATCH_OFFSET / 2 + 4)) - - dd if=/dev/zero bs=1 count=4 conv=notrunc of=kernelcache.dec seek=$ADJUSTED_MATCH_OFFSET 2>/dev/null - printf '\x0C\x46\x0C\x46' | dd of=kernelcache.dec bs=1 seek=$ADJUSTED_MATCH_OFFSET conv=notrunc 2>/dev/null - ../../bin/Darwin/xpwntool kernelcache.dec kernelcache -t kernelcache.orig cd ../../ @@ -321,10 +298,16 @@ check_ramdisk_cache(){ pwn_device() { + if [ "$is_fake_device" = true ]; then + echo "device is fake, exiting" + exit + fi + if [[ -z "${is_a5+x}" ]]; then echo "Detected $device_name ($deviceid)." if (system_profiler SPUSBDataType 2> /dev/null | grep ' Apple Mobile Device (DFU Mode)' >> /dev/null | bin/Darwin/irecovery -q 2> /dev/null | grep 'PWND' >> /dev/null); then echo "Device already in pwnDFU. Continuing..." + ipwndfu send_ibss else case $pwnder in "ipwndfu") ipwndfu pwn ;; @@ -493,14 +476,29 @@ download_file() { } get_device_info() { - if ! (system_profiler SPUSBDataType 2> /dev/null | grep ' Apple Mobile Device (DFU Mode)' >> /dev/null); then - echo "[*] Waiting for device in DFU mode" - fi - - while ! (system_profiler SPUSBDataType 2> /dev/null | grep ' Apple Mobile Device (DFU Mode)' >> /dev/null); do - sleep 1 + fake_deviceid="" + for arg in "$@"; do + case $arg in + fake-deviceid=*) + fake_deviceid="${arg#*=}" + ;; + esac done - deviceid=$(bin/Darwin/irecovery -q | grep PRODUCT | sed 's/PRODUCT: //') + if [[ -n "$fake_deviceid" ]]; then + echo "[*] Using fake device: $fake_deviceid" + is_fake_device=true + deviceid="$fake_deviceid" + else + if ! (system_profiler SPUSBDataType 2> /dev/null | grep ' Apple Mobile Device (DFU Mode)' > /dev/null); then + echo "[*] Waiting for device in DFU mode" + fi + + while ! (system_profiler SPUSBDataType 2> /dev/null | grep ' Apple Mobile Device (DFU Mode)' > /dev/null); do + sleep 1 + done + + deviceid=$(bin/Darwin/irecovery -q | grep PRODUCT | sed 's/PRODUCT: //') + fi case $deviceid in # "iPhone3,1") device_name="iPhone 4 (GSM)" pwnder="ipwnder32" ;; # "iPhone3,2") device_name="iPhone 4 (GSM, Rev A)" pwnder="ipwnder32" ;; @@ -570,6 +568,9 @@ send_ramdisk() { ../../bin/Darwin/irecovery -f kernelcache echo "Booting device now..." ../../bin/Darwin/irecovery -c bootx + echo "" + echo "Device should show text on screen now." + echo "After passcode is found please reboot using home + power button." } version_check() { @@ -743,8 +744,7 @@ done if [[ ! -e "./resources/firstrun" || $(cat "./resources/firstrun") != "$platform_ver" || $check_fail == 1 ]]; then install_depends fi - -get_device_info +get_device_info "$@" echo "" echo "Enter ramdisk version (9.0.2 is default)" echo "" @@ -772,4 +772,4 @@ othertmp=$(ls "$(dirname "$0")" | grep -c tmp) pushd "$(dirname "${BASH_SOURCE[0]}")" > /dev/null -main +main "$@"