diff --git a/README.md b/README.md index 48a40a3..4c93bcd 100644 --- a/README.md +++ b/README.md @@ -30,10 +30,10 @@ The various command-line options are as follows: # Dependencies - please execute this command: python3 -m pip install pyimg4[compression] fastapi aiohttp ujson wikitextparser uvicorn. +- unzip, python3, libimobiledevice-utils, libusbmuxd-tools, xz-utils, wget, curl, git, libssl-dev, usbmuxd. - A disabled passcode on A10 and A11 devices. -- unzip, python3, libimobiledevice-utils, libusbmuxd-tools, xz-utils. - An .iPSW file containing iOS 15, 14, 13. -- A device running macOS or a Linux distro. It is recommended to use macOS, as it is likely more stable and faster. +- A device running macOS or a Linux distro. It is recommended to use macOS, as it is likely more stable and faster. and for linux it is recommended to use ubuntu or debian. # Issues Putting Device in PwnDFU Mode @@ -41,7 +41,9 @@ The various command-line options are as follows: # importants things -- A8/A8x devices downr1n is not recommended please instead use dualra1n with --downgrade option +- A8/A8x devices downr1n is not recommended please instead use dualra1n with --downgrade option (if you don't have enough storage for a dualboot) + +- you can't downgrade an iphone x if the device is on ios 16 - downgrading ios 16 to 14 or another version, you will have to bypass the setup somehow. good luck on it. diff --git a/binaries/Darwin/Kernel64Patcher b/binaries/Darwin/Kernel64Patcher index 60cf90e..1e9a14d 100755 Binary files a/binaries/Darwin/Kernel64Patcher and b/binaries/Darwin/Kernel64Patcher differ diff --git a/binaries/Linux/Kernel64Patcher b/binaries/Linux/Kernel64Patcher index 2693e24..7bf121c 100755 Binary files a/binaries/Linux/Kernel64Patcher and b/binaries/Linux/Kernel64Patcher differ diff --git a/downr1n.sh b/downr1n.sh index bc44d85..952889a 100755 --- a/downr1n.sh +++ b/downr1n.sh @@ -15,6 +15,10 @@ printr() echo -e "\033[1;31m$1\033[0m" } +printy() { + echo -e "\033[1;33m$1\033[0m" +} + if [ "$(uname)" == "Linux" ]; then if [ "$EUID" -ne 0 ]; then printg "You have to run this as root on Linux." @@ -96,6 +100,8 @@ Options: --downgrade downgrade tethered your device. --jailbreak jailbreak with dualra1n-loader. usage ./downr1n.sh --jailbreak 14.8 --taurine jailbreak with taurine. usage ./downr1n.sh --jailbreak 14.3 --taurine + --aslrdisable This option will path kernel to disable aslr on all process. use this when you creating boot files. + --ptracedisable This option will path kernel to disable ptrace debugger method detection. use this when you creating boot files. --boot this boot the device. --keyServer use this option to downgrade when the keys server is in problem. use ex: --downgrade 14.8 --keyServer --dont-restore this will avoid the restore using futurerestore, this can be used if you wanted only create the boot files, use ex: --downgrade 14.8 --dont-restore @@ -123,6 +129,12 @@ parse_opt() { --taurine) taurine=1 ;; + --aslrdisable) + aslrDisabled=1 + ;; + --ptracedisable) + ptraceDisabled=1 + ;; --keyServer) keyServer=1 ;; @@ -336,12 +348,22 @@ _do_localboot() { python3 -m pyimg4 img4 create -p work/krnl.im4p -o work/kernelcachd -m work/IM4M >/dev/null remote_cp work/kernelcachd root@localhost:/mnt6/"$active"/System/Library/Caches/com.apple.kernelcaches/ >/dev/null - if [ "$os" = 'Linux' ]; then - sed -i 's/\/\kernelcache/\/\kernelcachd/g' work/iBEC.dec - else - LC_ALL=C sed -i.bak -e 's/s\/\kernelcache/s\/\kernelcachd/g' work/iBEC.dec - fi + #printb "[*] Renaming the snapshot" + #output=$(remote_cmd "snaputil -l /mnt1") + #SNAPSHOT=$(echo "$output" | awk '/com.apple.os.update-/ {print $1}') + #if [ $SNAPSHOT ]; then + # remote_cmd "snaputil -n "$SNAPSHOT" backup."$SNAPSHOT" /mnt1" + #fi + + if [ "$os" = 'Linux' ]; then + #sed -i 's/com\.apple\.os\.update-/downr1n\.rfsnapshot-/g' work/iBEC.dec + sed -i 's/\/\kernelcache/\/\kernelcachd/g' work/iBEC.dec + else + #LC_ALL=C sed -i.bak -e 's/com\.apple\.os\.update-/downr1n\.rfsnapshot-/g' work/iBEC.dec + LC_ALL=C sed -i.bak -e 's/s\/\kernelcache/s\/\kernelcachd/g' work/iBEC.dec + fi + "$dir"/iBoot64Patcher work/iBEC.dec work/iBEC.patched -b "-v wdt=-1 debug=0x2014e `if [ "$cpid" = '0x8960' ] || [ "$cpid" = '0x7000' ] || [ "$cpid" = '0x7001' ]; then echo "-restore"; fi`" -n -l >/dev/null "$dir"/img4 -i work/iBEC.patched -o work/iBEC.img4 -M work/IM4M -A -T "$(if [[ "$cpid" == *"0x801"* ]]; then echo "ibss"; else echo "ibec"; fi)" >/dev/null cp -v work/iBEC.img4 "boot/${deviceid}" @@ -366,8 +388,8 @@ usage() { ask() { printg "Do you want to activate the iBoot localboot path? YES or NO." printg "Activating this path can help avoid a lot of problems and is generally more stable." - printg "If you activate it, you will need to use --boot again after it finishes to boot with localboot." - printg "If localboot breaks your boot process (like you can't boot), please execute ./downr1n.sh --downgrade (version) --dont-restore to fix the boot files." + #printg "If you activate it, you will need to use --boot again after it finishes to boot with localboot." + printy "If localboot breaks your boot process (like you can't boot), please execute ./downr1n.sh --downgrade (version) --dont-restore to fix the boot files." } _kill_if_running() { @@ -604,6 +626,11 @@ else fi chmod +x "$dir"/* +if [ "$os" = 'Darwin' ]; then + find "$dir" -type f -exec file {} \; | grep "Mach-O" | cut -d: -f1 | while read -r binaries_file; do + xattr -d com.apple.quarantine "$binaries_file" + done +fi # ============ # Start @@ -986,7 +1013,7 @@ if [ true ]; then "$dir"/img4 -i work/kernelcache -o work/kcache.raw >/dev/null - "$dir"/Kernel64Patcher work/kcache.raw work/kcache.patched $(if [[ "$version" = "15."* ]]; then echo "-e -o -r -b15"; fi) $(if [[ "$version" = "14."* ]]; then echo "-b"; fi) $(if [[ "$version" = "13."* ]]; then echo "-b13 -n"; fi) $(if [ ! "$taurine" = "1" ]; then echo "-l"; fi) >/dev/null + "$dir"/Kernel64Patcher work/kcache.raw work/kcache.patched `if [ "$ptraceDisabled" = "1" ]; then echo "-t"; fi` `if [ "$aslrDisabled" = "1" ]; then echo "-c"; fi` `if [[ "$version" = "15."* ]]; then echo "-e -o -r -b15"; fi` `if [[ "$version" = "14."* ]]; then echo "-b"; fi` `if [[ "$version" = "13."* ]]; then echo "-b13 -n"; fi` `if [ ! "$taurine" = "1" ]; then echo "-l"; fi` >/dev/null sysDir="/mnt6/$active/" if [[ "$version" = "13."* ]]; then @@ -1183,7 +1210,7 @@ if [ true ]; then fi printg "[*] Patching the kernel" - "$dir"/Kernel64Patcher work/kcache.raw work/kcache.patched $(if [[ "$version" = "15."* ]]; then echo "-e -o -r -b15"; fi) $(if [[ "$version" = "14."* ]]; then echo "-b"; fi) $(if [[ "$version" = "13."* ]]; then echo "-b13 -n"; fi) >/dev/null + "$dir"/Kernel64Patcher work/kcache.raw work/kcache.patched `if [ "$ptraceDisabled" = "1" ]; then echo "-t"; fi` `if [ "$aslrDisabled" = "1" ]; then echo "-c"; fi` `if [[ "$version" = "15."* ]]; then echo "-e -o -r -b15"; fi` `if [[ "$version" = "14."* ]]; then echo "-b"; fi` `if [[ "$version" = "13."* ]]; then echo "-b13 -n"; fi` >/dev/null if [[ "$deviceid" == *'iPhone8'* ]] || [[ "$deviceid" == *'iPad6'* ]] || [[ "$deviceid" == *'iPad5'* ]]; then python3 -m pyimg4 im4p create -i work/kcache.patched -o work/kcache.im4p -f rkrn --extra work/kpp.bin --lzss >/dev/null