|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Tutorial:Creating a NOR-only IPSW"
m (now uses # and better wording on the NOTE) |
(this doesn't matter, the mediawiki software will encode it to valid html (look at the source) (also, the dtd link was doing "....dtd"" in the link) |
||
| Line 4: | Line 4: | ||
# Decrypt the ramdisk ([[xpwntool]]) and mount it. |
# Decrypt the ramdisk ([[xpwntool]]) and mount it. |
||
# Edit options.plist (/usr/local/share/restore/options.plist) on the restore ramdisk: |
# Edit options.plist (/usr/local/share/restore/options.plist) on the restore ramdisk: |
||
| − | + | <?xml version="1.0" encoding="UTF-8"?> |
|
| − | + | <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> |
|
| − | + | <plist version="1.0"> |
|
| − | + | <dict> |
|
| − | + | <key>CreateFilesystemPartitions</key> |
|
| − | + | <false/> |
|
| − | + | <key>UpdateBaseband</key> |
|
| − | + | <false/> |
|
| − | + | <key>SystemImage</key> |
|
| − | + | <false/> |
|
| − | + | </dict> |
|
| − | + | </plist> |
|
# Unmount and reencrypt the restore ramdisk. |
# Unmount and reencrypt the restore ramdisk. |
||
# Repack the [[IPSW]]. |
# Repack the [[IPSW]]. |
||
Revision as of 00:54, 26 June 2011
This will flash your device to NOR-only
- Create a custom ipsw
- Unpack it, remove rootfs dmg
- Decrypt the ramdisk (xpwntool) and mount it.
- Edit options.plist (/usr/local/share/restore/options.plist) on the restore ramdisk:
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>CreateFilesystemPartitions</key> <false/> <key>UpdateBaseband</key> <false/> <key>SystemImage</key> <false/> </dict> </plist>
- Unmount and reencrypt the restore ramdisk.
- Repack the IPSW.
NOTE: This technique only works on devices vulnerable to the 2kPwn bootrom exploit.
