Difference between revisions of "PwnStrap"

From The iPhone Wiki
Jump to: navigation, search
m (oops)
m (Fixed an iRecovery syntax error that would course ome issues :))
Line 9: Line 9:
 
# extract iBSS from your custom pwnagetool image
 
# extract iBSS from your custom pwnagetool image
 
# irecovery -f iBSS
 
# irecovery -f iBSS
# irecovery -c
+
# irecovery -s
 
# setenv boot-args 0
 
# setenv boot-args 0
 
# saveenv
 
# saveenv

Revision as of 15:40, 16 February 2011

Link to original info and some binaries

This is the procedure to use greenpois0n to bootstrap the loading of a new limera1n exploit-based pwnagetool image via windows or other irecovery and a supported device:

  1. irecovery -c
  2. setenv boot-args 2
  3. setenv auto-boot false
  4. saveenv
  5. run greenpois0n - it will stop on a white screen.
  6. extract iBSS from your custom pwnagetool image
  7. irecovery -f iBSS
  8. irecovery -s
  9. setenv boot-args 0
  10. saveenv
  11. go image decrypt 0x41000000
  12. go jump 0x41000040
  13. restore your CFW from itunes


You will need one of the new binaries posted above if you have an AppleTV2