2015-10-23

Hi all now i have something useful to share,my written tutorial with all steps and important info about the custom

ios restore using the asr patch.

-------------------------------- Steps to restore a modified version of ios --------------------------

Important Notes: You can perform this method using the application of george(some options only) or all steps provided by the tutorial.

All steps and tools here works for any ipsw,but to use the app you need to download

The ipsw modded and compatible according your ios version/model here [Only registered and activated users can see links Click here to register] Link of the app--- [Only registered and activated users can see links Click here to register]

App requirement--http://www.microsoft.com/en-us/download/details.aspx?DisplayLang=en&id=15834

So now we can continue

Main requirement: Having our custom keys,to see if are available for our our version ios / model go to this page [Only registered and activated users can see links Click here to register]

Blue---available

Red—not available

HERE BEGIN THE TUTORIAL

1. We will have to download the ipsw (IOS system) that will be used to modify from [Only registered and activated users can see links Click here to register]

2. Once downloaded the ipsw we have to open it with winrar to access

the files, inside will be 3 files.dmg but now we need only one,to differentiate only compare the size

the file we are going to use is the largest among the remaining 2

3. already identified the dmg file,extract it from the ipsw and what we do now is decrypt the file

idecrypt download (software to decrypt) here the link and key [Only registered and activated users can see links Click here to register]

and the key that we need is the ROOT FILESYSTEM

4. Open idecrypt and click on select input file,then you need to select the ubication of the extracted dmg

and put the key in (KEY) then click idecrypt

5. Well now the dmg file is decrypted and we need to open with a software editor called TransMac here the link [Only registered and activated users can see links Click here to register]

now go to applications folder,once there rename the folder named Setup.app with anything example (LOL.app) and go out

6. Now let's rename the same dmg removing

_decrypted leaving the file so (0000000.dmg)

7. done this we need to encrypt the dmg,everything you need in this link [Only registered and activated users can see links Click here to register]

now we must to drag the dmg file to the folder (subfolder encrypted_bak)

8. Open CMD cd on administrator mode and go to the previous folder (encryted_bak) once there write the following line

dmg.exe build (your dmg) encrypted_bak.dmg -k (key root filesystem)

would look like this example

dmg.exe build 058-14563-073.dmg encrypted_bak.dmg -kc24679951764a6fe5e7eef2c3a331b4ee1d0a7efb9a678c9d2091d8af2d23f54e9243a56

and press enter

9.In the same folder we find a new file called encrypted_bak.dmg

this file must be renamed by the original that is in the same folder

now open the ipsw with winrar and replace the encrypted dmg there

10. now we need to decrypt another dmg inside the ipsw, but to know what is the correct dmg you must enter to the page where are all your keys

and look where says (Restore Ramdisk) on the right is the name of a dmg and that is that we need to use

ok once identified the dmg we need to extract it of the ipsw with winrar

11. You need to copy the keys of Restore Ramdisk (IV and KEY), here the files to decrypt [Only registered and activated users can see links Click here to register]

ok now drag the dmg to the folder you downloaded (bin subfolder).

12. Now we'll start with a few cmd codes, we go with cd to the location of the folder (bin)

and we need to write the following lines

xpwntool.exe (your dmg) (dmg) _decrypted.dmg -iv (iv key) -k (key)

would be like this:

xpwntool.exe 058-4107-013.dmg 058-4107-013_decrypted.dmg -iv 4d45b18575f0e48ef0c1f1fea1663e0e -k 294614e2fda8e8c806208e3bd96337877673e166702e5f5df558da48b09

13. finishing in the same folder we find a file called (00000_decrypted.dmg)

This is the decrypted dmg and rename by the original which is in the same folder removing _decrypted would look like (00000.dmg)

14.Now we need to open the dmg using transmac and go to usr/bin

Inside we have to find a file named asr,and this file need to be patched

15.- So now to extract and patch the asr,we are going to use two files

the original asr (asr extracted from the ramdisk) and the asr.patch,this

file can be downloaded depending of your model here

https://fce365.info/2015/09/25/asr-patches/

(you need to register in the forum)

And also we need to download other tools: App to patch the asr file ([Only registered and activated users can see links Click here to register])

Tools to extract and send the asr to the ramdisk 1.- [Only registered and activated users can see links Click here to register] 2.- cmd codes ([Only registered and activated users can see links Click here to register])

16.- Extract the asr file of the ramdisk for that send the dmg (ramdisk)

Decrypted to the downloaded folder (low level tools) so now

We need to use the cmd codes of the link,open cmd and go to

The downloaded folder and use thit line

(hfsplus "your dmg file" grow "15728640") as an example

It should look like this (hfsplus "0000000.dmg" grow "15728640")

Now continue with the next line

(hfsplus "your dmg file" extract "/usr/sbin/asr" "asr")

17.-with the two files (original asr and asr.patch downloaded)

We need to use another line to create the asr patch

But now go to the BSPATCH folder.

There paste the original asr and asr.patch and then

Open cmd and go to BSPATCH then use this line

(bspatch.exe asr asr.patched asr.patch)

Press enter and in the same folder will appear the asr.patched file

Only rename it as the original asr.

18.- Now we are going to delete the asr file inside the dmg(ramdisk)

Open cmd and go to (low level tools)folder and use this line

(hfsplus "your dmg file" rm "/usr/sbin/asr") press enter

And now the asr inside the ramdisk is deleted to check this

Open that dmg with transmac and go to usr/sbin there and

Should not be the file.

19.-Now we need to send the patched asr file to the ramdisk

For that we must continue with cmd in the same folder (low level tools)

And use these lines

(hfsplus "your dmg file" grow "15728640") press enter

And continue with this (hfsplus "your dmg file" add "asr.patched" "/usr/sbin/asr") press enter and continue using this

(hfsplus "su archivo.dmg" chmod "/usr/sbin/asr" 100755)

Done,the asr patch was sent,to check it open the dmg(ramdisk)

And go to /usr/sbin there must be the asr file with assigned size.

20.-Now we need to encript the ramdisk with the same process

As the step 12,only change the line

xpwntool.exe (your dmg) (your dmg)_ecrypted_bak.dmg -iv (iv key) -k (key)

Should be like this

xpwntool.exe 058-4107-013.dmg 058-4107-013_ecrypted_bak.dmg -iv 4d45b18575f0e48ef0c1f1fea1663e0e -k 294614e2fda8e8c806208e3bd96337877673e166702e5f5df558da48b09

In the same folder you will get a new file (0000_ecrypted_bak) only rename it

As the original.

21.- Replace that dmg inside the ipsw using winrar,for that delete the original

and drag the encrypted dmg to the ipsw.

22.-Now the final step,restore the modded ipsw with F.C.E. 365 Firmware Manager

Or using libimobiledevice ([Only registered and activated users can see links Click here to register])

----To restore using the app go to iDevice Restore and in firmware file

Select the modded ipsw,now in Devices UDID put your udid code,to get the code

Download itools here [Only registered and activated users can see links Click here to register]

Now connect your idevice and open itools,then it should recognize your device

And click in more details there search the UDID,only copy it and paste

In devices udid of the app,then select the type of restore (CUSTOM RESTORE)

And finally click START RESTORE PROCESS.

----To restore using libimobiledevice open cmd and go to libi...folder

There put this line (idevicerestore.exe -u—UDID of your device)

So should be like this example

idevicerestore.exe -u--2cf6a1a48a59ec23bbf679dda528041d2313628f -c iPhone4.1_8.4.1_12H321_Restore.ipsw

(to select the ipsw you can drag it or copy the name with the .ipsw extension

The ipsw being in the same folder).

Done now press enter and the process should begin,your idevice will

Reboot repeatedly but this is normal,at the end should appear the word

DONE that means a successfully restore...

:::::::::::::: I sincerely hope have helped::::::::::::::

---------------------------------------------CREDITS------------------------------------------------

GeoSn0w (F.C.E.365 TV)

Mario Silva (Youtube Channel)

------------------------------------------------------------------------------------------------------------------

Show more