May 052015
 

Intro

My old iPhone went dark and needed a restore. I didn’t have access to Mac or Windows PC at the time and I was keen to see if this can be achieved without iTunes.

Thanks to the good folks on the internet it turned out to be perfectly possible so here are my notes for restoring iPhone 3GS using Debian stable (jessie is now stable, yay!).

These notes are for my reference only, don’t blame me if you brick your phone totally, cause fire or start 3rd World War.

First, pic of Moni Agiou Antoniou monastery on Crete:

insta-03

Installing software components

Debian comes with bunch of useful tools bundled, you can use them identify your device (ideviceinfo) or backup content of you phone (idevicebackup2). Lets get them installed:

$ sudo apt-get install build-essential automake cmake libreadline6 autotools-dev libcurl4-openssl-dev autoconf libplist-utils libplist-dev libplist++-dev libzip-dev git curl libreadline-dev libusb-dev libtool libusb-1.0-0-dev libusbmuxd-dev libglib2.0-dev libimobiledevice-dev libusbmuxd-tools libimobiledevice-utils uudeview git-core cython python-dev libssl-dev

$ idevicebackup2 backup --full /ServiceArea/iPhone/ibackup

 

You need few more tools, which aren’t available from Debian repo. So download and compile idevicerestore and dependencies, something along these lines:

 

$ mkdir -p ~/src/idevicerestore
$ cd ~/src/idevicerestore

git clone https://github.com/libimobiledevice/libimobiledevice
cd libimobiledevice/
./autogen.sh
make && sudo make install
cd ..

git clone https://github.com/libimobiledevice/libirecovery
cd libirecovery/
./autogen.sh; sudo make install
cd ..

git clone https://github.com/libimobiledevice/libplist
cd libplist
./autogen.sh
make && sudo make install
cd ..

git clone https://github.com/libimobiledevice/idevicerestore
cd idevicerestore/
./autogen.sh
make && sudo make install

Lets see if it works

 

$ export LD_LIBRARY_PATH=/usr/local/lib
$ which idevicerestore
/usr/local/bin/idevicerestore

$ idevicerestore
Usage: idevicerestore [OPTIONS] FILE
Restore IPSW firmware FILE to an iOS device.

-i, --ecid ECID target specific device by its hexadecimal ECID
e.g. 0xaabb123456 or 00000012AABBCCDD
-u, --udid UDID target specific device by its 40-digit device UDID
NOTE: only works with devices in normal mode.
-d, --debug enable communication debugging
-h, --help prints usage information
-e, --erase perform a full restore, erasing all data (defaults to update)
-c, --custom restore with a custom firmware
-l, --latest use latest available firmware (with download on demand)
DO NOT USE if you need to preserve the baseband (unlock)!
USE WITH CARE if you want to keep a jailbreakable firmware!
The FILE argument is ignored when using this option.
-s, --cydia use Cydia's signature service instead of Apple's
-x, --exclude exclude nor/baseband upgrade
-t, --shsh fetch TSS record and save to .shsh file, then exit
-p, --pwn Put device in pwned DFU mode and exit (limera1n devices only)
-n, --no-action Do not perform any restore action. If combined with -l option
the on demand ipsw download is performed before exiting.
-C, --cache-path DIR Use specified directory for caching extracted
or other reused files.

Looking good.

Proceed with firmware restore

iPhone can be in put into two service modes, recovery and DFU mode (device firmware upgrade). Initially idevicerestore command was failing, process was stuck half way through with “waiting for device” message. It helped to put iPhone into DFU mode and then back into recovery mode. See notes at the bottom of the page on how to do that.

Note, make sure libusb has enough permissions to access your usb device nodes. Usually running the tool with “sudo” should ensure this.

$ idevicerestore --custom --ecid 0000xxxxxxxxxxxx -e /ServiceArea/iPhone/ipsw/sn0wbreeze_iPhone_3GS-6.1.3-10B329_oldbootrom.ipsw

I used *custom* firmware and flag –ecid with hexadecimal ECID of my device, this can be identified via kernel logs when connecting iPhone via USB

$ dmesg |grep ECID

or you can use -u flag with its 40-digit device UDID

dmesg |grep SerialNumber:

Other option would be to use –latest flag, that should, surprisingly, fetch the latest version of firmware matching your hardware from Apple servers. But as per “idevicerestore –help” DO NOT USE –latest if you need to preserve the baseband (unlock). USE WITH CARE if you want to keep a jailbreakable firmware.

Alright, restoring takes a moment so grab a cup of tea with milk and relax. You should see something like that:

 

NOTE: using cached version data
Found device in Recovery mode
Identified device as iPhone2,1
Extracting Restore.plist from IPSW
Product Version: 6.1.3
Product Build: 10B329 Major: 10
INFO: device serial number is xxxxxxxxxxxx
Device supports Image4: false
Custom firmware requested. Disabled TSS request.
Variant: Customer Erase Install (IPSW)
This restore will erase your device data.
Using cached filesystem from '/ServiceArea/iPhone/ipsw/sn0wbreeze_iPhone_3GS-6.1.3-10B329_oldbootrom/048-2484-005.dmg'
Extracting iBEC.n88ap.RELEASE.dfu...
Not personalizing component iBEC...
Sending iBEC (182724 bytes)...
Getting ApNonce in recovery mode...
Recovery Mode Environment:
iBoot build-version=iBoot-1537.9.55
iBoot build-style=RELEASE
Sending AppleLogo...
Extracting applelogo.s5l8920x.img3...
Not personalizing component AppleLogo...
Sending AppleLogo (16128 bytes)...
Extracting 048-2506-005.dmg...
Not personalizing component RestoreRamDisk...
Sending RestoreRamDisk (16607556 bytes)...
Extracting DeviceTree.n88ap.img3...
Not personalizing component RestoreDeviceTree...
Sending RestoreDeviceTree (60356 bytes)...
Extracting kernelcache.release.n88...
Not personalizing component RestoreKernelCache...
Sending RestoreKernelCache (6625284 bytes)...
About to restore device...
Waiting for device...
Device is now connected in restore mode...
Connecting now...
Connected to com.apple.mobile.restored, version 12
Device has successfully entered restore mode
Hardware Information:
BoardID: 0
ChipID: xxxxxx
UniqueChipID: xxxxxxxxxxxxxxx
ProductionMode: true
Partition NAND device (28)
Waiting for storage device (11)
Creating partition map (12)
Creating partition map (12)
Verifying restore (15)
Checking filesystems (16)
Verifying restore (15)
Checking filesystems (16)
Unknown operation (51)
Waiting for NAND (29)
Waiting for NAND (29)
About to send filesystem...
Connected to ASR
Validating the filesystem
Filesystem validated
Sending filesystem now...
[==================================================] 100.0%
Done sending filesystem
Restoring image (14)
[==================================================] 100.0%
Verifying restore (15)
Checking filesystems (16)
About to send KernelCache...
Extracting kernelcache.release.n88...
Not personalizing component KernelCache...
Sending KernelCache now...
Done sending KernelCache
Loading kernelcache (27)
Mounting filesystems (17)
Unknown operation (25)
About to send NORData...
Found firmware path Firmware/all_flash/all_flash.n88ap.production
Getting firmware manifest Firmware/all_flash/all_flash.n88ap.production/manifest
Extracting LLB.n88ap.RELEASE.img3...
Not personalizing component LLB...
Extracting iBoot.n88ap.RELEASE.img3...
Not personalizing component iBoot...
Extracting DeviceTree.n88ap.img3...
Not personalizing component DeviceTree...
Extracting applelogo.s5l8920x.img3...
Not personalizing component AppleLogo...
Extracting batterylow0.s5l8920x.img3...
Not personalizing component BatteryLow0...
Extracting batterylow1.s5l8920x.img3...
Not personalizing component BatteryLow1...
Extracting glyphcharging.s5l8920x.img3...
Not personalizing component BatteryCharging...
Extracting batterycharging0.s5l8920x.img3...
Not personalizing component BatteryCharging0...
Extracting batterycharging1.s5l8920x.img3...
Not personalizing component BatteryCharging1...
Extracting glyphplugin.s5l8920x.img3...
Not personalizing component BatteryPlugin...
Extracting batteryfull.s5l8920x.img3...
Not personalizing component BatteryFull...
Extracting recoverymode~iphone.s5l8920x.img3...
Not personalizing component RecoveryMode...
Sending NORData now...
Done sending NORData
Unknown operation (18)
[==================================================] 100.0%
Unknown operation (46)
Unknown operation (46)
Unknown operation (49)
Waiting for NAND (29)
Waiting for NAND (29)
Got status message
Status: Restore Finished
Cleaning up...
DONE

 

Note, I had run above twice, after first run iPhone didn’t boot, even though process completed without error. Well.

Finally, once restore is complete and device booted you might be interested in installing two packages from Cyndia – p0sixspwn and ultrasn0w.
That should hopefully let you use SIM cards of other providers.

Simples.

How to get into and out of DFU mode?

DFU Mode : DFU Mode is a special mode where the device can still interface with iTunes, yet it does not load the iBoot. The screen will appear totally black in DFU mode, so you can’t guess whether the device is in DFU or powered down from simply looking at the screen. Because iBoot and the OS are not loaded you can downgrade your iPhone firmware or upgrade with a custom firmware (say created by Pwnage tool).

1. Hold Home and Power button at the same time for 5 seconds.
2. Keep holding Home and Power button until the device screen turns to black.
3. Release Power button and keep holding Home for 10 seconds.

Exit DFU mode:

1. Hold down Home and Power button simultaneously for about 10 seconds.
2. Release the home button and continue to hold the power button until the Apple logo screen comes on, signifying that iDevice is rebooting.

How to enter and exit recovery mode?

Recovery Mode : Recovery Mode is a state of iBoot that is used during standard upgrades and restores. As iBoot is active, it does not allow you to downgrade your device’s software. Also, unless it is ‘pwned,’ it will not allow custom firmware to be flashed.

1. Disconnect the USB cable from your iPhone 3gs but leave the other side connected to your PC.
2. Turn off iPhone 3gs by pressing Home and Sleep/Power button on the top of the iPhone 3gs
3. Continue to hold the Home button while you reconnect the USB cable to your iPhone 3gs this will cause iPhone to turn on
4. You should be good to go, idevicerestore should be detecting your device in recovery mode

Exit recovery mode:

1. Hold down the home and power button for about 15 seconds, this shuts off the iPhone 3gs
2. Press the power button to boot the iPhone 3gs


 

  One Response to “iPhone 3GS – restore or upgrade firmware of iOS devices using Linux”

  1. […] по компиляции и использованию этой программы есть тут. Хотя она вроде как про ойфон, но успешно сработала и […]

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)