|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "IRecovery"
m |
|||
| (59 intermediate revisions by 21 users not shown) | |||
| Line 1: | Line 1: | ||
| + | {{DISPLAYTITLE:iRecovery}} |
||
| − | iRecovery is a libusb-based commandline utility for Mac OS X and Linux (perhaps Windows too). It is able to talk to the iBoot/iBSS in Apple's iPhone/iPod touch via USB. |
||
| + | iRecovery is a libusb-based CLI utility for Mac OS X, Linux, and Windows. It is able to talk to [[iBoot (Bootloader)|iBoot]] and [[iBSS]] and [[iBEC]] via USB. It's completely open source; the source code is released under the terms of the GNU GPL v3. The full license text can be found in the LICENSE file on github. |
||
| + | Please note that there is no official compiled version available. |
||
| + | It currently connects to: |
||
| − | It's completely open-source, the source-code is released under the terms of the GNU General Public License version 3. |
||
| + | * [[DFU 0x1227|0x1227]] ([[DFU Mode]]/[[WTF]] Mode 2.0) |
||
| − | The full license text can be found in the LICENSE file on github. |
||
| + | * [[Recovery Mode (Protocols)#Recovery_Mode_2.x_.28DevID.3D0x1281.29|Recovery Mode 0x1281]] (Recovery Mode/iBSS/iBEC) |
||
| − | |||
| − | It currently connects to 0x1281 (iPhone, iPhone 3G, iPod touch, iPod touch 2G: Recovery Mode/iBSS), 0x1227 (iPhone, |
||
| − | iPhone 3G, iPod touch: WTF Mode; iPod touch 2G: DFU Mode). |
||
==Credits== |
==Credits== |
||
westbaer |
westbaer |
||
| + | |||
| + | ==Thanks== |
||
| + | [[User:Pod2g|pod2g]], [[tom3q]], [[User:Planetbeing|planetbeing]], [[User:Geohot|geohot]] and [[User:posixninja|posixninja]]. |
||
==Features== |
==Features== |
||
===DFU 2.0 (0x1227)=== |
===DFU 2.0 (0x1227)=== |
||
| − | It can upload a file, such as an iBSS, so that you can unplug and spawn a shell with 0x1281. |
+ | It can upload a file, such as an [[iBSS]], so that you can unplug and spawn a shell with 0x1281. |
===Recovery 2.0 (0x1281)=== |
===Recovery 2.0 (0x1281)=== |
||
| Line 19: | Line 22: | ||
You can upload a file to 0x9000000 with the following syntax: |
You can upload a file to 0x9000000 with the following syntax: |
||
./iRecovery -f file |
./iRecovery -f file |
||
| + | In newer builds that use libusb-1.0 this is now |
||
| + | ./iRecovery -u file |
||
====Two-Way Shell==== |
====Two-Way Shell==== |
||
| Line 29: | Line 34: | ||
Sends a single command to the device *without* spawning a shell. |
Sends a single command to the device *without* spawning a shell. |
||
| + | ====usb_control_msg(0x21, 2) Exploit Command==== |
||
| + | ./iRecovery -k |
||
| + | Sends Chronic Dev's + Geohot's latest usb exploit. Implemented into blackra1n. |
||
| + | This was updated near {{date|2009|10|17}}. [http://github.com/posixninja/irecovery posixninja's fork] |
||
| + | In newer builds this is now -e |
||
| + | |||
| + | ====Auto Boot==== |
||
| + | You can now enable auto-boot by running: |
||
| + | ./iRecovery -a |
||
| + | or by sending /auto-boot in a shell. |
||
| + | |||
| + | In newer builds it is now: |
||
| + | ./iRecovery -n |
||
| + | |||
| + | ====USB Reset==== |
||
| + | Reset USB |
||
| + | ./iRecovery -r |
||
| + | |||
| + | ====Batch Scripting==== |
||
| + | iRecovery now supports batch scripting, this allows you to send commands to iBoot from a pre written list of commands, this also supports scripting such as /auto-boot and /upload <file> |
||
| + | ./iRecovery -b <file> |
||
| + | or in a shell: |
||
| + | /batch <file> |
||
| + | |||
| + | ====Raw Commands==== |
||
| + | You can now send raw commands via the -x21 -x40 or -xA1 flags |
||
| + | |||
| + | ==Example Output== |
||
| + | |||
| + | iRecovery -s |
||
| + | ====================================== |
||
| + | :: |
||
| + | :: iBSS for n82ap, Copyright 2009, Apple Inc. |
||
| + | :: |
||
| + | :: BUILD_TAG: iBoot-596.24 |
||
| + | :: |
||
| + | :: BUILD_STYLE: RELEASE |
||
| + | :: |
||
| + | :: USB_SERIAL_NUMBER: CPID:8900 CPRV:30 CPFM:03 SCEP:05 BDID:04 ECID:000003293C113D76 IBFL:00 |
||
| + | :: |
||
| + | ======================================= |
||
| + | |||
| + | Entering recovery mode, starting command prompt |
||
| + | ] printenv |
||
| + | build-style = "RELEASE" |
||
| + | build-version = "iBoot-596.24" |
||
| + | config_board = "n82ap" |
||
| + | loadaddr = "0x9000000" |
||
| + | boot-command = "fsboot" |
||
| + | bootdelay = "0" |
||
| + | auto-boot = "true" |
||
| + | idle-off = "true" |
||
| + | boot-device = "nand0" |
||
| + | boot-partition = "0" |
||
| + | boot-path = "/System/Library/Caches/com.apple.kernelcaches/kernelcache.s5l8900x" |
||
| + | display-color-space = "RGB888" |
||
| + | display-timing = "optC" |
||
| + | framebuffer = "0xfd00000" |
||
| + | secure-boot = "0x1" |
||
| + | |||
| + | == Supported Raw Commands == |
||
| + | |||
| + | Currently Supported by All Firmware:<br> |
||
| + | Reboot - Reboots Iphone |
||
| + | |||
| + | More IBoot Commands Information:<br> |
||
| + | http://code.google.com/p/chronicdev/wiki/iBootCommands |
||
| + | |||
| + | NOTE: 'bgcolor' appears to be no longer supported -- requires confirmation. |
||
| + | |||
| + | ==Forks== |
||
| + | [http://github.com/iH8sn0w/irecovery iH8sn0w/irecovery] |
||
| + | |||
| + | [http://github.com/GreySyntax/irecovery GreySyntax/irecovery] |
||
| + | |||
| + | ==Updates== |
||
| + | * A C++ port is also in the works dubbed iRecovery++ (by [[User:GreySyntax|GreySyntax]]) can be found at [http://github.com/NSPwn/iRecoveryplusplus GitHub/NSPwn/iRecoveryplusplus] |
||
| + | * [https://www.openjailbreak.org/projects/libirecovery-2-0/repository libiRecovery 2.0 in development by OpenJailBreak.org] |
||
| + | * A VB.NET GUI port for Windows has been made under the name [[GiRecovery|Zeratul]]. |
||
==Download== |
==Download== |
||
| + | *[https://github.com/Chronic-Dev/libirecovery Chronic-Dev - libiRecovery (Mac OS X | Linux | Windows)] |
||
| − | [http://github.com/westbaer/irecovery/tree Latest version always on GitHub] |
||
| + | *[https://github.com/GreySyntax/iRecoveryplusplus GreySyntax - iRecovery++ (Mac OS X| Linux | Windows (Possibly))] |
||
| + | |||
| + | |||
| + | Note: Source only. |
||
| + | |||
| + | [[Category:Hacking Software]] |
||
Latest revision as of 14:05, 17 September 2021
iRecovery is a libusb-based CLI utility for Mac OS X, Linux, and Windows. It is able to talk to iBoot and iBSS and iBEC via USB. It's completely open source; the source code is released under the terms of the GNU GPL v3. The full license text can be found in the LICENSE file on github. Please note that there is no official compiled version available.
It currently connects to:
- 0x1227 (DFU Mode/WTF Mode 2.0)
- Recovery Mode 0x1281 (Recovery Mode/iBSS/iBEC)
Contents
Credits
westbaer
Thanks
pod2g, tom3q, planetbeing, geohot and posixninja.
Features
DFU 2.0 (0x1227)
It can upload a file, such as an iBSS, so that you can unplug and spawn a shell with 0x1281.
Recovery 2.0 (0x1281)
File Uploading
You can upload a file to 0x9000000 with the following syntax:
./iRecovery -f file
In newer builds that use libusb-1.0 this is now
./iRecovery -u file
Two-Way Shell
You can spawn a shell to do all sorts of neat things with the syntax:
./iRecovery -s
Once it has spawned, you can type 'help' and iBoot will respond with its built-in command list.
Single Command
./iRecovery -c "command"
Sends a single command to the device *without* spawning a shell.
usb_control_msg(0x21, 2) Exploit Command
./iRecovery -k
Sends Chronic Dev's + Geohot's latest usb exploit. Implemented into blackra1n. This was updated near 17 October 2009. posixninja's fork In newer builds this is now -e
Auto Boot
You can now enable auto-boot by running:
./iRecovery -a
or by sending /auto-boot in a shell.
In newer builds it is now:
./iRecovery -n
USB Reset
Reset USB
./iRecovery -r
Batch Scripting
iRecovery now supports batch scripting, this allows you to send commands to iBoot from a pre written list of commands, this also supports scripting such as /auto-boot and /upload <file>
./iRecovery -b <file>
or in a shell:
/batch <file>
Raw Commands
You can now send raw commands via the -x21 -x40 or -xA1 flags
Example Output
iRecovery -s
====================================== :: :: iBSS for n82ap, Copyright 2009, Apple Inc. :: :: BUILD_TAG: iBoot-596.24 :: :: BUILD_STYLE: RELEASE :: :: USB_SERIAL_NUMBER: CPID:8900 CPRV:30 CPFM:03 SCEP:05 BDID:04 ECID:000003293C113D76 IBFL:00 :: ======================================= Entering recovery mode, starting command prompt ] printenv build-style = "RELEASE" build-version = "iBoot-596.24" config_board = "n82ap" loadaddr = "0x9000000" boot-command = "fsboot" bootdelay = "0" auto-boot = "true" idle-off = "true" boot-device = "nand0" boot-partition = "0" boot-path = "/System/Library/Caches/com.apple.kernelcaches/kernelcache.s5l8900x" display-color-space = "RGB888" display-timing = "optC" framebuffer = "0xfd00000" secure-boot = "0x1"
Supported Raw Commands
Currently Supported by All Firmware:
Reboot - Reboots Iphone
More IBoot Commands Information:
http://code.google.com/p/chronicdev/wiki/iBootCommands
NOTE: 'bgcolor' appears to be no longer supported -- requires confirmation.
Forks
Updates
- A C++ port is also in the works dubbed iRecovery++ (by GreySyntax) can be found at GitHub/NSPwn/iRecoveryplusplus
- libiRecovery 2.0 in development by OpenJailBreak.org
- A VB.NET GUI port for Windows has been made under the name Zeratul.
Download
- Chronic-Dev - libiRecovery (Mac OS X | Linux | Windows)
- GreySyntax - iRecovery++ (Mac OS X| Linux | Windows (Possibly))
Note: Source only.
