![](repo/ipwndfu.png)
# Open-source jailbreaking tool for many iOS devices
**Read [disclaimer](#disclaimer) before using this software.*
## About this fork
- supports loading of unsigned images.<br>
- supports debugging of images.<br>
- supports T8015 (iPhoneX, iPhone8, iPhone8+).<br>
## Please use at your own risk!
## Usage
***loading unsigned images***<br>
```
$ ./ipwndfu -p
$ ./ipwndfu --patch
Now issue an abort to the device, for example:
$ ./idevicerestore /folder_with_extracted_ipsw
Now (assuming you replaced the ibss and the ibec under /firmware/dfu with a patched one):
$ ./idevicerestore /folder_with_extracted_ipsw
and it should restore and load..
```
***debugging images***<br>
```
$ ./ipwndfu -p
$ ./ipwndfu --demote
$ ./ipwndfu --patch
Now issue an abort to the device, for example:
$ ./idevicerestore /folder_with_extracted_ipsw
Now (it dont matter signed or not):
$ ./idevicerestore /folder_with_extracted_ipsw
you should see that ibss never finish.
open the debugger and you'll see you already at the ibss..
```
## checkm8
* permanent unpatchable bootrom exploit for hundreds of millions of iOS devices
* meant for researchers, this is not a jailbreak with Cydia yet
* allows dumping SecureROM, decrypting keybags for iOS firmware, and demoting device for JTAG
* current SoC support: s5l8947x, s5l8950x, s5l8955x, s5l8960x, t8002, t8004, t8010, t8011, t8015
* future SoC support: s5l8940x, s5l8942x, s5l8945x, s5l8747x, t7000, t7001, s7002, s8000, s8001, s8003, t8012
* full jailbreak with Cydia on latest iOS version is possible, but requires additional work
## Quick start guide for checkm8
1. Use a cable to connect device to your Mac. Hold buttons as needed to enter DFU Mode.
2. First run ```./ipwndfu -p``` to exploit the device. Repeat the process if it fails, it is not reliable.
3. Run ```./ipwndfu --dump-rom``` to get a dump of SecureROM.
4. Run ```./ipwndfu --decrypt-gid KEYBAG``` to decrypt a keybag.
5. Run ```./ipwndfu --demote``` to demote device and enable JTAG.
## Features
* Jailbreak and downgrade iPhone 3GS (new bootrom) with alloc8 untethered bootrom exploit. :-)
* Pwned DFU Mode with steaks4uce exploit for S5L8720 devices.
* Pwned DFU Mode with limera1n exploit for S5L8920/S5L8922 devices.
* Pwned DFU Mode with SHAtter exploit for S5L8930 devices.
* Dump SecureROM on S5L8920/S5L8922/S5L8930 devices.
* Dump NOR on S5L8920 devices.
* Flash NOR on S5L8920 devices.
* Encrypt or decrypt hex data on a connected device in pwned DFU Mode using its GID or UID key.
## Dependencies
This tool should be compatible with Mac and Linux. It won't work in a virtual machine.
* libusb, `If you are using Linux: install libusb using your package manager.`
* [iPhone 3GS iOS 4.3.5 iBSS](#ibss)
## Tutorial
This tool can be used to downgrade or jailbreak iPhone 3GS (new bootrom) without SHSH blobs, as documented in [JAILBREAK-GUIDE](https://github.com/axi0mX/ipwndfu/blob/master/JAILBREAK-GUIDE.md).
## Exploit write-up
Write-up for alloc8 exploit can be found here:
https://github.com/axi0mX/alloc8
## iBSS
Download iPhone 3GS iOS 4.3.5 IPSW from Apple:
http://appldnld.apple.com/iPhone4/041-1965.20110721.gxUB5/iPhone2,1_4.3.5_8L1_Restore.ipsw
In Terminal, extract iBSS using the following command, then move the file to ipwndfu folder:
```
unzip -p iPhone2,1_4.3.5_8L1_Restore.ipsw Firmware/dfu/iBSS.n88ap.RELEASE.dfu > n88ap-iBSS-4.3.5.img3
```
## Coming soon!
* Reorganize and refactor code.
* Easier setup: download iBSS automatically using partial zip.
* Dump SecureROM on S5L8720 devices.
* Install custom boot logos on devices jailbroken with 24Kpwn and alloc8.
* Enable verbose boot on devices jailbroken with 24Kpwn and alloc8.
## Disclaimer
**This is BETA software.**
Backup your data.
This tool is currently in beta and could potentially brick your device. It will attempt to save a copy of data in NOR to nor-backups folder before flashing new data to NOR, and it will attempt to not overwrite critical data in NOR which your device requires to function. If something goes wrong, hopefully you will be able to restore to latest IPSW in iTunes and bring your device back to life, or use nor-backups to restore NOR to the original state, but I cannot provide any guarantees.
**There is NO warranty provided.**
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
## Toolchain
You will not need to use `make` or compile anything to use ipwndfu. However, if you wish to make changes to assembly code in `src/*`, you will need to use an ARM toolchain and assemble the source files by running `make`.
If you are using macOS with Homebrew, you can use binutils and gcc-arm-embedded. You can install them with these commands:
```
brew install binutils
brew cask install https://raw.githubusercontent.com/Homebrew/homebrew-cask/b88346667547cc85f8f2cacb3dfe7b754c8afc8a/Casks/gcc-arm-embedded.rb
```
## Credit
geohot for limera1n exploit
posixninja and pod2g for SHAtter exploit
chronic, CPICH, ius, MuscleNerd, Planetbeing, pod2g, posixninja, et al. for 24Kpwn exploit
pod2g for steaks4uce exploit
walac for pyusb
没有合适的资源?快使用搜索试试~ 我知道了~
iphone紫屏软件 2020 最新苹果紫屏软件
共329个文件
py:87个
pyc:81个
bin:35个
1星 需积分: 50 57 下载量 78 浏览量
2020-05-25
10:04:38
上传
评论 4
收藏 28.03MB ZIP 举报
温馨提示
MAC 10.14及以上系统才能用 配合工程线使用 黑苹果也是支持的 紫屏后可配合万隆或者精诚软件读写码
资源推荐
资源详情
资源评论
收起资源包目录
iphone紫屏软件 2020 最新苹果紫屏软件 (329个子文件)
ACKNOWLEDGEMENTS 436B
ACKNOWLEDGEMENTS 436B
ACKNOWLEDGEMENTS 436B
0x8015.bin 552B
usb_0xA1_2_arm64.bin 528B
usb_0xA1_2_arm64.bin 528B
usb_0xA1_2_arm64.bin 528B
alloc8-shellcode.bin 436B
alloc8-shellcode.bin 436B
alloc8-shellcode.bin 436B
steaks4uce-shellcode.bin 404B
steaks4uce-shellcode.bin 404B
steaks4uce-shellcode.bin 404B
checkm8_armv7.bin 372B
SHAtter-shellcode.bin 372B
SHAtter-shellcode.bin 372B
checkm8_armv7.bin 372B
SHAtter-shellcode.bin 372B
checkm8_armv7.bin 372B
limera1n-shellcode.bin 368B
limera1n-shellcode.bin 368B
limera1n-shellcode.bin 368B
checkm8_arm64.bin 328B
checkm8_arm64.bin 312B
checkm8_arm64.bin 312B
usb_0xA1_2_armv7.bin 292B
usb_0xA1_2_armv7.bin 292B
usb_0xA1_2_armv7.bin 292B
ibss-flash-nor-shellcode.bin 132B
ibss-flash-nor-shellcode.bin 132B
ibss-flash-nor-shellcode.bin 132B
t8010_t8011_disable_wxn_arm64.bin 124B
t8010_t8011_disable_wxn_arm64.bin 124B
t8015_shellcode_arm64.bin 48B
t8010_t8011_disable_wxn_arm64.bin 40B
24Kpwn-shellcode.bin 36B
24Kpwn-shellcode.bin 36B
24Kpwn-shellcode.bin 36B
CodeResources 91KB
libusb-1.0.22.mojave.bottle.dylib 80KB
libusb-1.0.22.mojave.bottle.dylib 80KB
libusb-1.0.22.mojave.bottle.dylib 80KB
eclipsa7000 15KB
eclipsa7001 15KB
eclipsa8000 15KB
eclipsa8003 15KB
EnterDiags 112KB
.gitignore 97B
.gitignore 87B
.gitignore 87B
libusb-1.0.20.mavericks.bottle.1.tar.gz 166KB
libusb-1.0.20.mavericks.bottle.1.tar.gz 166KB
libusb-1.0.20.mavericks.bottle.1.tar.gz 166KB
libusb-1.0.22.mojave.bottle.tar.gz 163KB
libusb-1.0.22.mojave.bottle.tar.gz 163KB
libusb-1.0.22.mojave.bottle.tar.gz 163KB
libusb-1.0.22.el_capitan.bottle.tar.gz 159KB
libusb-1.0.22.el_capitan.bottle.tar.gz 159KB
libusb-1.0.22.el_capitan.bottle.tar.gz 159KB
libusb-1.0.22.sierra.bottle.tar.gz 159KB
libusb-1.0.22.sierra.bottle.tar.gz 159KB
libusb-1.0.22.sierra.bottle.tar.gz 159KB
libusb-1.0.22.high_sierra.bottle.tar.gz 159KB
libusb-1.0.22.high_sierra.bottle.tar.gz 159KB
libusb-1.0.22.high_sierra.bottle.tar.gz 159KB
libusb-1.0.21.yosemite.bottle.tar.gz 157KB
libusb-1.0.21.yosemite.bottle.tar.gz 157KB
libusb-1.0.21.yosemite.bottle.tar.gz 157KB
libusb-1.0.19.mountain_lion.bottle.1.tar.gz 122KB
libusb-1.0.19.mountain_lion.bottle.1.tar.gz 122KB
libusb-1.0.19.mountain_lion.bottle.1.tar.gz 122KB
ibootpatcher 4KB
ibootpatcher 4KB
ibootpatcher 4KB
icon.icns 416KB
go.icns 154KB
diag.D20.img4 6.04MB
diag.D21.img4 6.04MB
diag.D2X.img4 5.91MB
diag.D101.img4 4.21MB
diag.D111.img4 3.96MB
iBoot.D22.img4 1.4MB
iBoot.D21.img4 1.29MB
iBoot.D20.img4 1.29MB
iBoot.D101.img4 389KB
iBoot.D111.img4 389KB
ipwndfu 18KB
ipwndfu 16KB
ipwndfu 16KB
ipwnrecovery 3KB
ipwnrecovery 3KB
ipwnrecovery 3KB
irecovery 64KB
LICENSE 34KB
LICENSE 34KB
LICENSE 34KB
LICENSE 1KB
LICENSE 1KB
LICENSE 1KB
Makefile 3KB
共 329 条
- 1
- 2
- 3
- 4
资源评论
- 会飞的猪_八_戒2021-09-30一星也不想给,mini2 不支持
naiwenoo
- 粉丝: 26
- 资源: 10
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功