Tutorial:Creating a NOR-only IPSW

From The iPhone Wiki
Revision as of 14:06, 25 June 2011 by Zmaster (talk | contribs) (untethered bootrom exploit need)
Jump to: navigation, search

1. Create a custom ipsw

2. Unpack it, remove rootfs dmg

3. Decrypt ramdisk (xpwntool), mount it.

4. Edit options.plist on the restore ramdisk:

/usr/local/share/restore/options.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
   <key>CreateFilesystemPartitions</key>
   <false/>
   <key>UpdateBaseband</key>
   <false/>
   <key>SystemImage</key>
   <false/>
</dict>
</plist>

5. Unmount and reencrypt the restore ramdisk.

6. Repack the ipsw.

NOTE: This technique only works with the iPod touch 2G MB-version and the iPhone 3GS old bootrom (devices that are vulnerable to bootrom untethered exploit)