[TUTORIAL] Enable LogoMe without redsn0w

Discussion in 'iPod touch 2G Jailbreak: redsn0w, 24kpwn, etc.' started by madcowz, Apr 28, 2009.

  1. madcowz

    madcowz New Member

    Joined:
    Jan 6, 2009
    Messages:
    797
    Likes Received:
    0
    Device:
    4G iPod touch
    This is for all of you that want to be able to use LogoMe but don't want to restore and re-jailbreak all over again. Assume you are not a complete n00b. Sorry this looks like a wall of text.

    First, if you don't already have XPwn compiled for your system, I have xpwntool (what you need for this to work) compiled for MAC. Windows users will have to download it themselves and compile it themselves.

    xpwntool (Mac) link: http://www.[PIRACY.mu].com/?d=J9A84LP7 When you download this copy it into /usr/bin (cd into the directory that xpwntool is in and type in "sudo cp xpwntool /usr/bin/xpwntool" without the quotes and type in your password when asked).

    Then, you want to download my patch for the DeviceTree here: http://www.[PIRACY.mu].com/?d=CPHYPN6R

    Lastly, in order to prepare you will need a stock copy of the 2.2.1 firmware.

    Put all files (patch, both firmwares, etc.) in the SAME directory.
    -----------------------------------------------------------------------------------------------

    EDIT: I made a PwnageTool/XPwn bundle that will make a NOR-Only .ipsw! You do not need to delete anything, the 300 MB ipsw it makes is NOR-Only straight from PwnageTool. YOU STILL NEED TO APPLY 24KPWN FOR IT TO BE UNTETHERED! Use the bundle in a GUI. http://www.[PIRACY.mu].com/?d=4J3PQN4I

    In order to install the bundle (Mac, Windows is a little different and requries extracting the app):

    Just right click Untetherizer.app and go into Contents and then Resources. Then go to xpwn, and then FirmwareBundles.
    Unzip the the bundle I gave you, and replace the old one with it. Then make an .ipsw as NORMAL. Then restore to it straight from the tool. Note that the .ipsw is a full 300 MB, but it will automatically skip the RootFS flash. Just send the DFU pre-boot and go!

    If all esle fails, the instructions are still listed below!

    -----------------------------------------------------------------------------------------------

    1. Extract the stock DeviceTree from you 2.2.1 ipsw. Rename it to a .zip, unzip it and go to Firmware/all_flash/all_flash.n72ap.production/DeviceTree.n72ap.img3. You can delete the stock .ipsw once this step is done.

    2. Decrypt it using xpwntool (long code is ALL ONE LINE).

    xpwntool DeviceTree.n72ap.img3 DeviceTree.n72ap.decrypted.img3 -k bfc1b2d5b61d2162c43fa614eca8a744 -iv 61a00d92a1d95f8794c6c6b92c8f9ac3

    3. Using my patch, patch the DeviceTree (code is ALL ONE LINE).

    bspatch DeviceTree.n72ap.decrypted.img3 DeviceTree.n72ap.decryptedpatched.img3 DeviceTree.n72ap.patch

    4. Re-Encrypt the patched DeviceTree (code is ALL ONE LINE).

    xpwntool DeviceTree.n72ap.decryptedpatched.img3 DeviceTree.n72ap.patched.img3 -t DeviceTree.n72ap.img3 -k bfc1b2d5b61d2162c43fa614eca8a744 -iv 61a00d92a1d95f8794c6c6b92c8f9ac3

    5. Remove all the stuff that isn't needed and rename the patched DeviceTree (code is FOUR SEPARATE LINES).

    rm -rf DeviceTree.n72ap.img3
    rm -rf DeviceTree.n72ap.decrypted.img3
    rm -rf DeviceTree.n72ap.decrpytedpatched.img3
    mv DeviceTree.n72ap.patched.img3 DeviceTree.n72ap.img3

    6. Make a NOR-Only .ipsw that you would normally restore to (using QuickFreedom or Untetherizer). Rename it to a .zip and unzip it. Go to Firmware/all_flash/all_flash.n72ap.production/ and REPLACE the old DeviceTree with the patched one you made.

    7. cd into the "root" directory of the .ipsw (where you see the ramdisk, the kernelcache, Restore.plist and the Firmware folder) in Terminal and type in:

    zip -r ../LogoMeNOROnly.ipsw ./

    8. Your .ipsw should be created! Send the redsn0w patch over to the iPod and resore with your NOR-Only .ipsw!!!
    -----------------------------------------------------------------------------------------------

    Please Note: This has been tested, and it should work. I AM NOT RESPONSIBLE FOR ANY DAMAGE THIS MAY HAVE CAUSED; DFU IS YOUR FRIEND.

    And if anybody wants to use this in a tool or something then go ahead.
  2. jfb392

    jfb392 New Member

    Joined:
    Oct 20, 2007
    Messages:
    2,512
    Likes Received:
    21
    Device:
    iPod touch
    This was supposed to be added into redTool weeks ago, but I guess it wasn't update-worthy enough or something?
    Anyways, nice job.
    It's good to see someone understands that patching is useful, rather than distributing the patched image.

    Please Register or Log in to view images

  3. madcowz

    madcowz New Member

    Joined:
    Jan 6, 2009
    Messages:
    797
    Likes Received:
    0
    Device:
    4G iPod touch
    LOL actually I got that bit from you saying that on the verbose boot patch thread.

    Please Register or Log in to view images

    Plus I got bsdiff working 100% finally.
  4. Gamma

    Gamma Active Member

    Joined:
    Apr 2, 2008
    Messages:
    1,964
    Likes Received:
    3
    Device:
    iPod touch
  5. madcowz

    madcowz New Member

    Joined:
    Jan 6, 2009
    Messages:
    797
    Likes Received:
    0
    Device:
    4G iPod touch
    I just updated the post with an easy bundle that can be put in the XPwn/PwnageTool/WinPwn flows.

    Please, remember that you STILL NEED TO APPLY 24kpwn! So it is best used in Untetherizer or redTool.

    EDIT: Please note: The .ipsw that is generated is a full sized .ipsw, but the ramdisks are patched so that it will not load the RootFS. Please do not delete anything to make it NOR-Only as it already is, and doing so my result in damage to your device (probably not).
    ------------------double post merged------------------
    Well I made a bundle that can be added to redTool or a GUI, see the first post.
  6. kzr22

    kzr22 New Member

    Joined:
    Dec 30, 2008
    Messages:
    460
    Likes Received:
    0
    Device:
    2G iPod touch
    this kind of pointless no offense because redsn0w 0.3 doesnt delete anything
  7. mitchell209

    mitchell209 Active Member

    Joined:
    Jan 21, 2009
    Messages:
    8,024
    Likes Received:
    5
    Device:
    iPhone 4 (Black)
    But it can mess up your Cydia, which nobody wants.
    And it can just mess up during the jailbreak, which means you have to restore anyway.
  8. kzr22

    kzr22 New Member

    Joined:
    Dec 30, 2008
    Messages:
    460
    Likes Received:
    0
    Device:
    2G iPod touch
    i did it fine with no problems
  9. madcowz

    madcowz New Member

    Joined:
    Jan 6, 2009
    Messages:
    797
    Likes Received:
    0
    Device:
    4G iPod touch
    I just made this so that if anyone wants to have LogoMe without using the somewhat buggy redsn0w when they are already jailbroken, then they can use this.
  10. kzr22

    kzr22 New Member

    Joined:
    Dec 30, 2008
    Messages:
    460
    Likes Received:
    0
    Device:
    2G iPod touch
    kks cool thx

Share This Page