Tutorial:Creating a NOR-only IPSW

From The iPhone Wiki
Jump to: navigation, search

This will flash your device to NOR-only

  1. Create a custom ipsw
  2. Unpack it, remove rootfs dmg
  3. Decrypt the ramdisk (xpwntool) and mount it.
  4. Edit options.plist (/usr/local/share/restore/options.plist) on the restore ramdisk:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  1. Unmount and reencrypt the restore ramdisk.
  2. Repack the IPSW.

NOTE: This technique only works on devices vulnerable to the 2kPwn bootrom exploit.