[HOWTO] [MAC] Create Custom Run RS Firmware With Custom Logo

Discussion in 'iPod touch 2G Jailbreak: redsn0w, 24kpwn, etc.' started by Jaikob, Feb 27, 2009.

  1. Jaikob

    Jaikob New Member

    Joined:
    Jan 18, 2009
    Messages:
    473
    Likes Received:
    0
    Device:
    iPhone 3GS (Black)
    This is the new version of the tethered series released by the iPhone Dev Team.

    Please do not attempt if you are command shy.
    I will document my way of doing the Run RS tethered. This basically means that when you boot your ipod, you will not have to put it into DFU, instead it will go right to recovery mode. You would then have to connect to your iPod using rslite, and send "run rs". Just note, this is for Mac and can be adopted to Windoz. This is a more thorough version of the iPhone Dev Team's Tutorial.

    Pre-Requisites:

    2.1.1 Firmware, You know where to get it

    Please Register or Log in to view images


    Patch Files: http://iphwn.org/run_rs_setup.zip
    Gojohnnyboi's Custom Logo Bundle: http://www.ifans.com/forums/attachment.php?attachmentid=33527&d=1234916077 "Thanks Gojohnnyboi

    Please Register or Log in to view images

    "
    and rslite which can be obtained from redsn0w.com

    Restoring to Your Custom Firmware FAQ:
    1. You MUST send normal iBSS, Apply Redsn0w, and Send Patched iBSS before you can restore in iTunes.
    2. Please use the zip command in my tutorial. Some of you are zipping on a level too high. For example, you place all of the firmware files in a directory, and compress the directory. Thats a big No No.

    iBSS problems: I am hearing from the members that using the alternative iBSS patch method at the bottom of the guide has a higher success rate than having pwnage tool patch iBSS.


    ----------------------------------------------------
    Bundle Preparation:
    We are going to prepare the main bundle for PwnageTool

    1. Extract Gojohnnyboi's bundle, and right click and view package contents.
    2. extract the patch files from the iPhone Dev Team, and copy them to the custom boot logo bundle. Overwrite any file if nesessary.
    3. Some of you might think we need to edit Info.plist, but we do not. I will show you how to apply a patch via command prompt (Info.plist way did not work for me)
    4. Once you have copied the patches to the bundle, you can view the contents of Pwnage Tool.app and go to Contents/Resources/FirmwareBundles. Drag and drop your new firmware bundle. (I suggest you download a new pwnage tool.app, and name it something like Pwnage Tool Run RS.app So we can start fresh. Please Note: You must have a working cydia.bundle in CustomPackages, Refer to Redsn0w Readme for that.
    5. Generate your IPSW in advance mode, and yes you can use boot logos

    Please Register or Log in to view images

    Credit to Gojohnnyboy for the bundle, I can't thank him enough.

    --------------------------------------
    Whats Next?
    Unzip the custom firmware generated by Pwnage Tool.

    1. Rename your custom package "RunRS2.2.1.ipsw"
    2. Make a new folder called extracted, and make a copy of RunRS2.2.1.ipsw and put it in the directory.
    3. Open "extracted" directory, and rename the RunRS2.2.1 file to "RunRS2.2.1.zip" yes that is a .zip at the end.
    4. Extract the files from the zip archive.
    (Repeat for the 2.1.1 firmware I had you download earlier.)

    !This is an important Step! Open up the pwned firmware under the extracted folder, and go to "Firmware/all_flash/all_flash.n72ap.production" Rename: iBoot.n72ap.RELEASE.img3 to iBoot2.n72ap.RELEASE.img3.

    Now we are going to need to copy these files from the 2.1.1 firmware:
    1. LLB.n72ap.RELEASE.img3
    2. iBoot.n72ap.RELEASE.img3
    3. recoverymode.s5l8720x.img3

    Now, copy ALL of these files to: “RunRS2.2.1/Firmware/all_flash/all_flash.n72ap.production”. Overwrite all files.

    Now, under "RunRS2.2.1/Firmware/dfu/" COPY iBSS.n72ap.RELEASE.dfu to “RunRS2.2.1/Firmware/all_flash/all_flash.n72ap.production”.

    ----------------------------------
    The Terminal Work:
    Terminal Commands

    Open up terminal and navigate to your "extracted" folder. For example I would type this in terminal:
    cd ~/Desktop/RunRS/extracted

    once in extracted, you need to navigate to RunRS2.2.1/Firmware/all_flash/all_flash.n72ap.production

    After using the command above type:
    cd RunRS2.2.1/Firmware/all_flash/all_flash.n72ap.production

    We need to modify the iBoot2 img3 file, so paste this command in terminal and run it:
    echo -n 2 | dd of=iBoot2.n72ap.RELEASE.img3 conv=notrunc bs=1 seek=16

    Now you know that manifest patch I was talking about earlier, well under RunRS2.2.1/Firmware/all_flash/all_flash.n72ap.production there is a manifest file that needs to be patched. Copy the manifest.patch file from the patches you downloaded from the iPhone Dev Team, and paste it in "RunRS2.2.1/Firmware/all_flash/all_flash.n72ap.production"

    Now run this command to apply the patch (You must be in all_flash.n72ap.production)

    bspatch manifest manifest.new manifest.patch
    rm -rf manifest
    cp manifest.new manifest
    rm -rf manifest.new

    The patch will be applied.
    ----------------------------------------------

    Well we are all done, so lets package everything up, this is also via terminal.

    Go to the RunRS2.2.1 directory like so:

    cd ~/Desktop/RunRS/extracted/RunRS2.2.1

    And lets zip the files up into a usable ipsw for iTunes:

    zip -r ../CustomFirmware.ipsw ./

    Under "extracted" you will find your firmware file that you can use to Restore with in iTunes.

    -----------------------------------------

    Now that the dirty stuff is done, its easy from here on out.

    Make sure you have the rslite binary on your desktop.

    Restore your iPod with the firmware we made. Once that is done you will reboot to the recovery screen.

    Now we need to set our Environmental Variables, Run rslite so (In terminal):

    cd ~/Desktop
    ./rslite

    Run these codes one at a time

    setenv rs "arm7_stop;mw 0x9000000 0xe59f3014;mw 0x9000004 0xe3a02a02;mw 0x9000008 0xe1c323b4;mw 0x900000c 0xe59f300c;mw 0x9000010 0xe3e02000;mw 0x9000014 0xe503223f;mw 0x9000018 0xeafffffe;mw 0x900001c 0x0ff1a100;mw 0x9000020 0x0ff2afff;arm7_go;run rs1"

    setenv rs1 "sha1 0x8000000 0x3000000;arm7_stop;mw 0xff006d4 0x21906943;mw 0xff006d8 0x68da6898;mw 0xff006dc 0x9300699b;mw 0xff006e0 0x69c40509;mw 0xff006e4 0x47a02300;mw 0xff006e8 0xf0002000;mw 0xff006ec 0xe002fde3;tsys"

    setenv debug-uarts true

    saveenv
    ---------------------------------------------

    Now, the moment of truth, run this from rslite: "run rs"
    You should boot!



    iBSS notes:

    ----------------------------------
    Some are having problems with iBSS not matching MuscleNerd's SHA crypt. This is a workaround for that.
    download the 2.2.1 firmware.
    Extract iBSS from the firmware

    Get the iBSS patch from the patch link at the top of this page. and place them on the desktop.
    Put it in a directory on your desktop:

    cd ~/Desktop
    mkdir patchibss
    mv iBSS.n27ap.RELEASE.dfu patchibss
    mv iBSS.patch patchibss

    Now lets manually patch it:

    cd patchibss
    bspatch iBSS.n72ap.RELEASE.dfu iBSS.n27ap.RELEASE.dfu.new iBSS.patch
    rm -rf iBSS.n72ap.RELEASE.dfu
    cp iBSS.n72ap.RELEASE.dfu.new iBSS.n27ap.RELEASE.dfu
    rm -rf iBSS.n72ap.RELEASE.dfu.new

    You can move these files into your RunRS2.2.1 Custom folder. Then zip everything up once all done.


    iRecovery Users, Use ShortVars method if You cannot Set Guide Variables:


    setenv rs "arm7_stop;mw 0x9000000 0xe59f3014;mw 0x9000004 0xe3a02a02;mw 0x9000008 0xe1c323b4;run rs1"
    setenv rs1 "mw 0x900000c 0xe59f300c;mw 0x9000010 0xe3e02000;mw 0x9000014 0xe503223f;run rs2"
    setenv rs2 "mw 0x9000018 0xeafffffe;mw 0x900001c 0x0ff1a100;mw 0x9000020 0x0ff2afff;arm7_go;run rs3"
    setenv rs3 "sha1 0x8000000 0x3000000;arm7_stop;mw 0xff006d4 0x21906943;mw 0xff006d8 0x68da6898;run rs4"
    setenv rs4 "mw 0xff006dc 0x9300699b;mw 0xff006e0 0x69c40509;mw 0xff006e4 0x47a02300;run rs5"
    setenv rs5 "mw 0xff006e8 0xf0002000;mw 0xff006ec 0xe002fde3;tsys"
    saveenv

    -------------------------------------------
    Credit: Gojohnnyboi for his firmware bundle, The iPhone Dev Team for making this possible, MuscleNerd for the support he gave me, and the IRC. Thanks Guys

    Please Register or Log in to view images



    I hope this helps you guys out

    Please Register or Log in to view images



    If you see any error, please do not hesitate to post and or suggest.
  2. gojohnnyboi

    gojohnnyboi Well-Known Member

    Joined:
    Jan 25, 2008
    Messages:
    3,339
    Likes Received:
    55
    bow chicka wow wow.. =]

    this is the shiz eh? i <3 having the boot set up like this
  3. 0xjf

    0xjf Member

    Joined:
    Jan 10, 2009
    Messages:
    709
    Likes Received:
    9
    Device:
    iPhone 5S
    beast! thanks
  4. mitchell209

    mitchell209 Active Member

    Joined:
    Jan 21, 2009
    Messages:
    8,024
    Likes Received:
    5
    Device:
    iPhone 4 (Black)
    Great guide, now we just need one for Windows. Lol.
  5. danward

    danward New Member

    Joined:
    Feb 15, 2009
    Messages:
    12
    Likes Received:
    0
    Device:
    iPhone 3GS (Black)
    Thank you so much for this, it works like a charm
  6. nasa geek

    nasa geek New Member

    Joined:
    Feb 20, 2009
    Messages:
    90
    Likes Received:
    0
    Device:
    2G iPod touch
    could a majority of these commands be run while ssh'd into an iPod with the required files in it? I am aching to get this running but I'm using Windows.
  7. Jaikob

    Jaikob New Member

    Joined:
    Jan 18, 2009
    Messages:
    473
    Likes Received:
    0
    Device:
    iPhone 3GS (Black)
    I've been suggesting to people give linux a try, and use the commands in that environment.
  8. shiben589

    shiben589 Member

    Joined:
    Feb 9, 2008
    Messages:
    932
    Likes Received:
    1
    Device:
    2G iPod touch
    i think ill just wait for a windows tutorial, im sure there's a way to do it off ur ipod and so on if u need a mac only command, but i dont want to partition and dual boot, i dont want a new os, and i h8 virtual desktops cuz they nvr work properly.
  9. pmilzie

    pmilzie New Member

    Joined:
    Jan 31, 2009
    Messages:
    46
    Likes Received:
    0
    Device:
    2G iPod touch
    Awesome, thanks Jaikob, anybody fyi: i have late 08 macbook 10.5.6 and i had to apply the ibss patch. great tutorial

    Please Register or Log in to view images

  10. fastfreddy101

    fastfreddy101 New Member

    Joined:
    Jan 31, 2009
    Messages:
    276
    Likes Received:
    0
    Device:
    2G iPod touch
    didint MN say you wouldint need to rejailbreak to use the run rs thing?

Share This Page