|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Tutorial:Creating a NOR-only IPSW"
(the 3G doesn't have different bootroms, so this is not plural, but the 3GS instead) |
m |
||
| (7 intermediate revisions by 5 users not shown) | |||
| Line 1: | Line 1: | ||
| + | This will create an [[IPSW File Format|IPSW]] that only flashes your device's [[NOR]]. It will not touch the [[iOS|operating system]] or [[NAND]]. |
||
| − | 1. Create a custom ipsw |
||
| + | # Create a custom IPSW |
||
| + | # Unpack it, remove rootfs DMG |
||
| + | # Decrypt the ramdisk ([[xpwntool]]) and mount it. |
||
| + | # Edit options.plist (/usr/local/share/restore/options.plist) on the restore ramdisk: |
||
| + | <?xml version="1.0" encoding="UTF-8"?> |
||
| + | <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> |
||
| + | <plist version="1.0"> |
||
| + | <dict> |
||
| + | <key>CreateFilesystemPartitions</key> |
||
| + | <false/> |
||
| + | <key>UpdateBaseband</key> |
||
| + | <false/> |
||
| + | <key>SystemImage</key> |
||
| + | <false/> |
||
| + | </dict> |
||
| + | </plist> |
||
| + | <ol start="5"> |
||
| − | 2. Unpack it, remove rootfs dmg |
||
| + | <li>Unmount and reencrypt the restore ramdisk.</li> |
||
| + | <li>Repack the IPSW.</li> |
||
| + | </ol> |
||
| + | NOTE: This technique only works on devices that have an untethered bootrom exploit ([[Pwnage]] or [[0x24000 Segment Overflow]]). |
||
| − | 3. Decrypt ramdisk (xpwntool), mount it. |
||
| + | [[Category:Tutorials]] |
||
| − | 4. Edit options.plist on the restore ramdisk: |
||
| − | |||
| − | /usr/local/share/restore/options.plist |
||
| − | <pre><?xml version="1.0" encoding="UTF-8"?> |
||
| − | <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> |
||
| − | <plist version="1.0"> |
||
| − | <dict> |
||
| − | <key>CreateFilesystemPartitions</key> |
||
| − | <false/> |
||
| − | <key>UpdateBaseband</key> |
||
| − | <false/> |
||
| − | <key>SystemImage</key> |
||
| − | <false/> |
||
| − | </dict> |
||
| − | </plist> |
||
| − | </pre> |
||
| − | |||
| − | 5. Unmount and reencrypt the restore ramdisk. |
||
| − | |||
| − | 6. Repack the ipsw. |
||
| − | |||
| − | NOTE: It just works with iPod Touch 2G MB and iPhone 3GS old bootrom |
||
Latest revision as of 12:18, 27 August 2013
This will create an IPSW that only flashes your device's NOR. It will not touch the operating system or NAND.
- Create a custom IPSW
- Unpack it, remove rootfs DMG
- Decrypt the ramdisk (xpwntool) and mount it.
- Edit options.plist (/usr/local/share/restore/options.plist) on the restore ramdisk:
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>CreateFilesystemPartitions</key> <false/> <key>UpdateBaseband</key> <false/> <key>SystemImage</key> <false/> </dict> </plist>
- Unmount and reencrypt the restore ramdisk.
- Repack the IPSW.
NOTE: This technique only works on devices that have an untethered bootrom exploit (Pwnage or 0x24000 Segment Overflow).
