Tutorial:Creating a NOR-only IPSW

From The iPhone Wiki
Revision as of 14:06, 25 June 2011 by Zmaster (talk | contribs) (untethered bootrom exploit need)
Jump to: navigation, search

1. Create a custom ipsw

2. Unpack it, remove rootfs dmg

3. Decrypt ramdisk (xpwntool), mount it.

4. Edit options.plist on the restore ramdisk:


<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">

5. Unmount and reencrypt the restore ramdisk.

6. Repack the ipsw.

NOTE: This technique only works with the iPod touch 2G MB-version and the iPhone 3GS old bootrom (devices that are vulnerable to bootrom untethered exploit)