IRecovery

iRecovery is a libusb-based CLI utility for Mac OS X, Linux, and Windows. It is able to talk to iBoot and iBSS via USB. It's completely open source; the source code is released under the terms of the GNU GPL v3. The full license text can be found in the LICENSE file on github.

It currently connects to:
 * 0x1227 (DFU Mode/WTF Mode 2.0)
 * Recovery Mode 0x1281 (Recovery Mode/iBSS)

Credits
westbaer

Thanks
pod2g, tom3q, planetbeing, geohot and posixninja.

DFU 2.0 (0x1227)
It can upload a file, such as an iBSS, so that you can unplug and spawn a shell with 0x1281.

File Uploading
You can upload a file to 0x9000000 with the following syntax: ./iRecovery -f file In newer builds that use libusb-1.0 this is now ./iRecovery -u file

Two-Way Shell
You can spawn a shell to do all sorts of neat things with the syntax: ./iRecovery -s Once it has spawned, you can type 'help' and iBoot will respond with its built-in command list.

Single Command
./iRecovery -c "command" Sends a single command to the device *without* spawning a shell.

usb_control_msg(0x21, 2) Exploit Command
./iRecovery -k Sends Chronic Dev's + Geohot's latest usb exploit. Implemented into blackra1n. This was updated near October 17, 2009. posixninja's fork In newer builds this is now -e

Auto Boot
You can now enable auto-boot by running: ./iRecovery -a or by sending /auto-boot in a shell.

USB Reset
Reset USB ./iRecovery -r

Batch Scripting
iRecovery now supports batch scripting, this allows you to send commands to iBoot from a pre written list of commands, this also suports scripting such as /auto-boot and /upload ./iRecovery -b or in a shell: /batch

Raw Commands
You can now send raw commands via the -x21 -x40 or -xA1 flags

Example Output
iRecovery -s ====================================== :: :: iBSS for n82ap, Copyright 2009, Apple Inc. :: :: BUILD_TAG: iBoot-596.24 :: :: BUILD_STYLE: RELEASE :: :: USB_SERIAL_NUMBER: CPID:8900 CPRV:30 CPFM:03 SCEP:05 BDID:04 ECID:000003293C113D76 IBFL:00 :: ======================================= Entering recovery mode, starting command prompt ] printenv build-style = "RELEASE" build-version = "iBoot-596.24" config_board = "n82ap" loadaddr = "0x9000000" boot-command = "fsboot" bootdelay = "0" auto-boot = "true" idle-off = "true" boot-device = "nand0" boot-partition = "0" boot-path = "/System/Library/Caches/com.apple.kernelcaches/kernelcache.s5l8900x" display-color-space = "RGB888" display-timing = "optC" framebuffer = "0xfd00000" secure-boot = "0x1"

Supported Raw Commands
Currently Supported by All Firmware: Reboot - Reboots Iphone

More IBoot Commands Information: http://code.google.com/p/chronicdev/wiki/iBootCommands

NOTE: 'bgcolor' appears to be no longer supported -- requires confirmation.

Forks
iH8sn0w/irecovery

GreySyntax/irecovery

Updates

 * A C++ port is also in the works dubbed iRecovery++ (by GreySyntax) can be found at GitHub/NSPwn/iRecoveryplusplus
 * libiRecovery 2.0 in development by OpenJailBreak.org
 * A VB.NET GUI port for Windows has been made under the name Zeratul.

Download

 * Chronic-Dev - libiRecovery (Mac OS X | Linux | Windows)
 * GreySyntax - iRecovery++ (Mac OS X| Linux | Windows (Possibly))

Note: Source only.