Little utility to boot iBoot on some checkm8-able platforms. Now also can decrypt KBAGs and demote
It doesn't require any modifications to ipwndfu/gaster/etc. shellcodes since it utilizes ipwndfu's custom protocol
You can run it on iOS as well (if you are lucky)
- S5L8940X - Apple A5
- S5L8942X - Apple A5 (32nm)
- S5L8945X - Apple A5X
- S5L8947X - Apple A5 (single-core)
- S5L8950X - Apple A6
- S5L8955X - Apple A6X
- S5L8747X - Haywire SoC
- S7002 - Apple S1
- T8002 - Apple S1P/S2/T1
- T8004 - Apple S3
➜ checkm8_bootkit git:(master) ✗ build/checkm8_bootkit
usage: build/checkm8_bootkit VERB [args]
where VERB is one of the following:
boot <bootloader>
kbag <kbag>
demote
batch <input> <output>
for batch KBAG processing, you must input a text file in following format:
FIRMWARE0 FILE0 KBAG
...
FIRMWAREn FILEn KBAG
in return you'll get the same structure, but with IV+key pair appended to each entry
supported platforms:
s5l8747x, s5l8940x, s5l8942x, s5l8945x, s5l8947x, s5l8950x, s5l8955x, s7002, t8002, t8004
bootloadermust be a path to raw unpacked iBoot image (usually you'd want to load iBSS)kbagmust be a hex string
Set LIBBOOTKIT_DEBUG environment variable to 1 to enable verbose logging
Requirements:
-
- My little libirecovery fork
- Included as a Git module
-
- Only needed if you want to rebuild the payloads
Then just use make:
➜ checkm8_bootkit git:(full) ✗ make
building checkm8_bootkit for Mac
building checkm8_bootkit for iOS
%%%%% done building