Light

dora2ios / ipwnder32 Goto Github PK

View Code? Open in Web Editor NEW

71.0 7.0 21.0 1.67 MB

limera1n/A6/A7 devices pwnder

License: GNU General Public License v3.0

C 96.32% Assembly 2.89% Starlark 0.79%

ipwnder32's Introduction

iPwnder32

A Tool for utilizing iOS devices using limera1n/checkm8 BootROM exploit

Features

This tool is intended to take advantage of the BootROM exploit present on iOS devices.
It is written in the C and is only available on macosx.

Supported environments

macOS 10.13 or later (intel/x86_64)
macOS 11.0 - 11.2.3 (M1/arm64)

Library dependencies

libcurl

Make

The [option] flag depends on which architecture you are building for:

./BUILD [option]
  Usage: BUILD [option]
    --intel       Make for Intel Mac (x86_64)
    --M1          Make for M1 Mac (arm64)
    --universal   Make for both x86_64 and arm64
    --help        Show Usage

In order to build for arm64, you will need Xcode 12 or higher.

Usage

./iPwnder32 [options]
    -p [flag]    Put device in pwned (soft)DFU mode
    [flag]
      --noibss:    Do not enter pwnediBSS (s5l895Xx only)
    -f <img>     Send image and boot it
    -t           Jailbreak iOS 10 with 32-bit devices [TBX32]

If you want to put your iOS device into pwned DFU mode, it will look like this:

./iPwnder32 -p

For limera1n devices and s5l8960x, it is now possible to load unsigned images from pwned DFU mode.

For s5l895Xx devices, the device is automatically loaded from DFU mode to pwned iBSS mode. it is now possible to load unsigned images from pwned iBSS mode.
If you want to stop it in pwned DFU mode:

./iPwnder32 -p --noibss

In this mode, your device will be waiting for the iBSS/LLB image. Next, you need to load the iBSS/LLB image into the device by sending the image using the -f flag:

./iPwnder32 -f ibss

Note: The sent image will be loaded after the pwned DFU mode runs iBoot32Patcher to patch the RSA check.

License

This project basically follows GPLv3. However, some of the currently private GPLv3 unused code in this project is not GPLv3 compliant.

Credits

libimobiledevice for libirecovery
iH8sn0w for iBoot32Patcher
axi0mX for ipwndfu
synackuk for belladonna
geohot for limera1n exploit
many creators of iBoot32Patcher fork

README: updated on 2021/02/01

ipwnder32's People

Contributors

Stargazers

Watchers

ipwnder32's Issues

A5 rev b?

Any chance that you could include signature patches for the s5l8947. Would be appreciated if possible.

fail to exploit A7 on M1

Cannot get my 5s into Pwned DFU mode whatsoever. Not sure if it's checkm8 not working correctly on M1, or it's a iPwnder32 issue. Exploit fails every time I run the command.

iPwnder32 fails to pwn dfu on iPhone 5s on macOS 11.3 & 11.3.1 Public Releases

Describe the bug
iPwnder32 fails to pwn dfu on iPhone 5s on macOS 11.3 & 11.3.1 Public Releases. Tested on my iPhone 5s running iOS 12.5.3, with my M1 2020 MacBook Air running macOS 11.3.1 (released earlier today). Also never worked on macOS 11.3. Only worked on macOS 11.2 in my experience.
To Reproduce
Steps to reproduce the behavior:

Build iPwnder32 with -DEHAVE_DEBUG flag
Enter DFU Mode on your 5s
Execute ./iPwnder32 -p
Look for errors like the ones in my screenshot.

Expected behavior
I expected iPwnder to pwn dfu mode my device with 0 issues considering it worked perfectly fine on macOS 11.2 (there wasn't any huge security changes with 11.3 and 11.3.1 coming from 11.2), but instead of saying "successfully entered pwn dfu mode" or whatever it says when it executes successfully, instead I am met with the errors in the screenshot every time I run iPwnder32. libusb and libusbmuxd are installed as well.

Execution environment (please complete the following information):

macOS/iOS Version: macOS - 11.3.1, iOS-12.5.3
BuildVersion: 20E241
Device: MacBookAir10,1
Architecture: arm64
Jailbreak Tool: checkra1n

Target iOS devices (please complete the following information):

Device: iPhone6,1 running latest iOS 12.5.3
CHIP (uint16_t): 0x8960

Build version of iPwnder32 (please complete the following information):

Version: v3.2.0
Build: 3C152

Fail to enter pwndfu mode macOS 11.3

Failing to get iPwnder32 to pwndfu on my iPhone 5s. Using the latest macOS 11.3 public release.

checkm8 for s5l8960x does not complete on iphoneos-arm64 environment

For some reason checkm8 for A7 devices doesn't work on iphoneos-arm64. We need to look it up...

Support for decrypting keybags with the GID key

Is it possible to add support to decrypt keybags with the GID key, like the --decrypt-gid command in ipwndfu?

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.