Hi all now i have something useful to share,my written tutorial with all steps and important info about the custom
ios restore using the asr patch.
-------------------------------- Steps to restore a modified version of ios --------------------------
Important Notes: You can perform this method using the application of george(some options only) or all steps provided by the tutorial.
All steps and tools here works for any ipsw,but to use the app you need to download
The ipsw modded and compatible according your ios version/model here [Only registered and activated users can see links Click here to register] Link of the app--- [Only registered and activated users can see links Click here to register]
App requirement--http://www.microsoft.com/en-us/download/details.aspx?DisplayLang=en&id=15834
So now we can continue
Main requirement: Having our custom keys,to see if are available for our our version ios / model go to this page [Only registered and activated users can see links Click here to register]
Blue---available
Red—not available
HERE BEGIN THE TUTORIAL
1. We will have to download the ipsw (IOS system) that will be used to modify from [Only registered and activated users can see links Click here to register]
2. Once downloaded the ipsw we have to open it with winrar to access
the files, inside will be 3 files.dmg but now we need only one,to differentiate only compare the size
the file we are going to use is the largest among the remaining 2
3. already identified the dmg file,extract it from the ipsw and what we do now is decrypt the file
idecrypt download (software to decrypt) here the link and key [Only registered and activated users can see links Click here to register]
and the key that we need is the ROOT FILESYSTEM
4. Open idecrypt and click on select input file,then you need to select the ubication of the extracted dmg
and put the key in (KEY) then click idecrypt
5. Well now the dmg file is decrypted and we need to open with a software editor called TransMac here the link [Only registered and activated users can see links Click here to register]
now go to applications folder,once there rename the folder named Setup.app with anything example (LOL.app) and go out
6. Now let's rename the same dmg removing
_decrypted leaving the file so (0000000.dmg)
7. done this we need to encrypt the dmg,everything you need in this link [Only registered and activated users can see links Click here to register]
now we must to drag the dmg file to the folder (subfolder encrypted_bak)
8. Open CMD cd on administrator mode and go to the previous folder (encryted_bak) once there write the following line
dmg.exe build (your dmg) encrypted_bak.dmg -k (key root filesystem)
would look like this example
dmg.exe build 058-14563-073.dmg encrypted_bak.dmg -kc24679951764a6fe5e7eef2c3a331b4ee1d0a7efb9a678c9d2091d8af2d23f54e9243a56
and press enter
9.In the same folder we find a new file called encrypted_bak.dmg
this file must be renamed by the original that is in the same folder
now open the ipsw with winrar and replace the encrypted dmg there
10. now we need to decrypt another dmg inside the ipsw, but to know what is the correct dmg you must enter to the page where are all your keys
and look where says (Restore Ramdisk) on the right is the name of a dmg and that is that we need to use
ok once identified the dmg we need to extract it of the ipsw with winrar
11. You need to copy the keys of Restore Ramdisk (IV and KEY), here the files to decrypt [Only registered and activated users can see links Click here to register]
ok now drag the dmg to the folder you downloaded (bin subfolder).
12. Now we'll start with a few cmd codes, we go with cd to the location of the folder (bin)
and we need to write the following lines
xpwntool.exe (your dmg) (dmg) _decrypted.dmg -iv (iv key) -k (key)
would be like this:
xpwntool.exe 058-4107-013.dmg 058-4107-013_decrypted.dmg -iv 4d45b18575f0e48ef0c1f1fea1663e0e -k 294614e2fda8e8c806208e3bd96337877673e166702e5f5df558da48b09
13. finishing in the same folder we find a file called (00000_decrypted.dmg)
This is the decrypted dmg and rename by the original which is in the same folder removing _decrypted would look like (00000.dmg)
14.Now we need to open the dmg using transmac and go to usr/bin
Inside we have to find a file named asr,and this file need to be patched
15.- So now to extract and patch the asr,we are going to use two files
the original asr (asr extracted from the ramdisk) and the asr.patch,this
file can be downloaded depending of your model here
https://fce365.info/2015/09/25/asr-patches/
(you need to register in the forum)
And also we need to download other tools: App to patch the asr file ([Only registered and activated users can see links Click here to register])
Tools to extract and send the asr to the ramdisk 1.- [Only registered and activated users can see links Click here to register] 2.- cmd codes ([Only registered and activated users can see links Click here to register])
16.- Extract the asr file of the ramdisk for that send the dmg (ramdisk)
Decrypted to the downloaded folder (low level tools) so now
We need to use the cmd codes of the link,open cmd and go to
The downloaded folder and use thit line
(hfsplus "your dmg file" grow "15728640") as an example
It should look like this (hfsplus "0000000.dmg" grow "15728640")
Now continue with the next line
(hfsplus "your dmg file" extract "/usr/sbin/asr" "asr")
17.-with the two files (original asr and asr.patch downloaded)
We need to use another line to create the asr patch
But now go to the BSPATCH folder.
There paste the original asr and asr.patch and then
Open cmd and go to BSPATCH then use this line
(bspatch.exe asr asr.patched asr.patch)
Press enter and in the same folder will appear the asr.patched file
Only rename it as the original asr.
18.- Now we are going to delete the asr file inside the dmg(ramdisk)
Open cmd and go to (low level tools)folder and use this line
(hfsplus "your dmg file" rm "/usr/sbin/asr") press enter
And now the asr inside the ramdisk is deleted to check this
Open that dmg with transmac and go to usr/sbin there and
Should not be the file.
19.-Now we need to send the patched asr file to the ramdisk
For that we must continue with cmd in the same folder (low level tools)
And use these lines
(hfsplus "your dmg file" grow "15728640") press enter
And continue with this (hfsplus "your dmg file" add "asr.patched" "/usr/sbin/asr") press enter and continue using this
(hfsplus "su archivo.dmg" chmod "/usr/sbin/asr" 100755)
Done,the asr patch was sent,to check it open the dmg(ramdisk)
And go to /usr/sbin there must be the asr file with assigned size.
20.-Now we need to encript the ramdisk with the same process
As the step 12,only change the line
xpwntool.exe (your dmg) (your dmg)_ecrypted_bak.dmg -iv (iv key) -k (key)
Should be like this
xpwntool.exe 058-4107-013.dmg 058-4107-013_ecrypted_bak.dmg -iv 4d45b18575f0e48ef0c1f1fea1663e0e -k 294614e2fda8e8c806208e3bd96337877673e166702e5f5df558da48b09
In the same folder you will get a new file (0000_ecrypted_bak) only rename it
As the original.
21.- Replace that dmg inside the ipsw using winrar,for that delete the original
and drag the encrypted dmg to the ipsw.
22.-Now the final step,restore the modded ipsw with F.C.E. 365 Firmware Manager
Or using libimobiledevice ([Only registered and activated users can see links Click here to register])
----To restore using the app go to iDevice Restore and in firmware file
Select the modded ipsw,now in Devices UDID put your udid code,to get the code
Download itools here [Only registered and activated users can see links Click here to register]
Now connect your idevice and open itools,then it should recognize your device
And click in more details there search the UDID,only copy it and paste
In devices udid of the app,then select the type of restore (CUSTOM RESTORE)
And finally click START RESTORE PROCESS.
----To restore using libimobiledevice open cmd and go to libi...folder
There put this line (idevicerestore.exe -u—UDID of your device)
So should be like this example
idevicerestore.exe -u--2cf6a1a48a59ec23bbf679dda528041d2313628f -c iPhone4.1_8.4.1_12H321_Restore.ipsw
(to select the ipsw you can drag it or copy the name with the .ipsw extension
The ipsw being in the same folder).
Done now press enter and the process should begin,your idevice will
Reboot repeatedly but this is normal,at the end should appear the word
DONE that means a successfully restore...
:::::::::::::: I sincerely hope have helped::::::::::::::
---------------------------------------------CREDITS------------------------------------------------
GeoSn0w (F.C.E.365 TV)
Mario Silva (Youtube Channel)
------------------------------------------------------------------------------------------------------------------