Tutorial:Creating a NOR-only IPSW

This will create an IPSW that only flashes your device's NOR. It will not touch the operating system or NAND.  <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">  CreateFilesystemPartitions UpdateBaseband SystemImage
 * 1) Create a custom IPSW
 * 2) Unpack it, remove rootfs DMG
 * 3) Decrypt the ramdisk (xpwntool) and mount it.
 * 4) Edit options.plist (/usr/local/share/restore/options.plist) on the restore ramdisk:

Unmount and reencrypt the restore ramdisk. Repack the IPSW. 

NOTE: This technique only works on devices that have an untethered bootrom exploit (Pwnage or 0x24000 Segment Overflow).