Tutorial:Creating a NOR-only IPSW
Revision as of 00:54, 26 June 2011 by 5urd (this doesn't matter, the mediawiki software will encode it to valid html (look at the source) (also, the dtd link was doing "....dtd"" in the link)
This will flash your device to NOR-only
- Create a custom ipsw
- Unpack it, remove rootfs dmg
- Decrypt the ramdisk (xpwntool) and mount it.
- Edit options.plist (/usr/local/share/restore/options.plist) on the restore ramdisk:
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>CreateFilesystemPartitions</key> <false/> <key>UpdateBaseband</key> <false/> <key>SystemImage</key> <false/> </dict> </plist>
- Unmount and reencrypt the restore ramdisk.
- Repack the IPSW.
NOTE: This technique only works on devices vulnerable to the 2kPwn bootrom exploit.