@@ -21,14 +21,16 @@ def print_help():
2121 print ' --dump-nor=file\t \t dump NOR to file'
2222 print ' --flash-nor=file\t \t flash NOR (header and firmware only) from file'
2323 print ' --24kpwn\t \t \t install 24Kpwn exploit to NOR'
24+ print ' --remove-24kpwn\t \t remove 24Kpwn exploit from NOR'
25+ print ' --remove-alloc8\t \t remove alloc8 exploit from NOR'
2426 print ' --decrypt-gid=hexdata\t \t AES decrypt with GID key'
2527 print ' --encrypt-gid=hexdata\t \t AES encrypt with GID key'
2628 print ' --decrypt-uid=hexdata\t \t AES decrypt with UID key'
2729 print ' --encrypt-uid=hexdata\t \t AES encrypt with UID key'
2830
2931if __name__ == '__main__' :
3032 try :
31- advanced = ['dump=' , 'hexdump=' , 'dump-rom' , 'dump-nor=' , 'flash-nor=' , '24kpwn' , 'decrypt-gid=' , 'encrypt-gid=' , 'decrypt-uid=' , 'decrypt-gid=' ]
33+ advanced = ['dump=' , 'hexdump=' , 'dump-rom' , 'dump-nor=' , 'flash-nor=' , '24kpwn' , 'remove-24kpwn' , 'remove-alloc8' , ' decrypt-gid=' , 'encrypt-gid=' , 'decrypt-uid=' , 'decrypt-gid=' ]
3234 opts , args = getopt .getopt (sys .argv [1 :], 'pxf:' , advanced )
3335 except getopt .GetoptError :
3436 print 'ERROR: Invalid arguments provided.'
@@ -83,8 +85,8 @@ if __name__ == '__main__':
8385 sys .exit (1 )
8486
8587 print 'Preparing modified NOR with alloc8 exploit.'
86- # Decrypt LLB and remove 24Kpwn first.
87- nor .images [0 ] = image3 . Image3 (nor .images [0 ]). newDecryptedImage3 ( )
88+ # Remove 24Kpwn first.
89+ nor .images [0 ] = image3_24Kpwn . remove_exploit (nor .images [0 ])
8890 new_nor = alloc8 .exploit (nor , device .config .version )
8991 device .flash_nor (new_nor .dump ())
9092
@@ -181,13 +183,57 @@ if __name__ == '__main__':
181183 print 'ERROR: 24Kpwn exploit cannot be installed, because NOR has no valid LLB. Exiting.'
182184 sys .exit (1 )
183185
184- if len (nor .images [0 ]) >= 0x24000 :
185- # Decrypt LLB and remove previous 24Kpwn exploit.
186- nor .images [0 ] = image3 .Image3 (nor .images [0 ]).newDecryptedImage3 ()
187-
186+ # Remove existing 24Kpwn exploit.
187+ if len (nor .images [0 ]) > 0x24000 :
188+ nor .images [0 ] = image3_24Kpwn .remove_exploit (nor .images [0 ])
188189 nor .images [0 ] = image3_24Kpwn .exploit (nor .images [0 ], device .securerom_dump ())
189190 device .flash_nor (nor .dump ())
190191
192+ if opt == '--remove-24kpwn' :
193+ device = PwnedDFUDevice ()
194+ if device .config .cpid != '8920' :
195+ print 'This is not a compatible device. 24Kpwn exploit is only supported on iPhone 3GS.'
196+ sys .exit (1 )
197+
198+ print 'WARNING: This feature is for researchers only. Device will probably not boot into iOS until it is restored in iTunes.'
199+ raw_input ("Press ENTER to continue." )
200+
201+ dump = device .nor_dump (saveBackup = True )
202+
203+ nor = nor .NorData (dump )
204+
205+ if len (nor .images ) == 0 :
206+ print 'ERROR: NOR has no valid LLB. It seems that 24Kpwn exploit is not installed. Exiting.'
207+ sys .exit (1 )
208+ if len (nor .images [0 ]) <= 0x24000 :
209+ print 'ERROR: LLB is not oversized. It seems that 24Kpwn exploit is not installed. Exiting.'
210+ sys .exit (1 )
211+
212+ print 'Preparing modified NOR without 24Kpwn exploit.'
213+ nor .images [0 ] = image3_24Kpwn .remove_exploit (nor .images [0 ])
214+ device .flash_nor (nor .dump ())
215+
216+ if opt == '--remove-alloc8' :
217+ device = PwnedDFUDevice ()
218+ if device .config .cpid != '8920' :
219+ print 'This is not a compatible device. alloc8 exploit is for iPhone 3GS only.'
220+ sys .exit (1 )
221+
222+ print 'WARNING: This feature is for researchers only. Device will probably not boot into iOS until it is restored in iTunes.'
223+ raw_input ("Press ENTER to continue." )
224+
225+ dump = device .nor_dump (saveBackup = True )
226+
227+ nor = nor .NorData (dump )
228+
229+ if len (nor .images ) < 700 :
230+ print 'ERROR: It seems that alloc8 exploit is not installed. There are less than 700 images in NOR. Exiting.'
231+ sys .exit (1 )
232+
233+ print 'Preparing modified NOR without alloc8 exploit.'
234+ new_nor = alloc8 .remove_exploit (nor )
235+ device .flash_nor (new_nor .dump ())
236+
191237 if opt == '--decrypt-gid' :
192238 device = PwnedDFUDevice ()
193239 print 'Decrypting with S5L%s GID key.' % device .config .cpid
0 commit comments