iRecovery is a libusb-based CLI utility for Mac OS X, Linux, and Windows. It is able to talk to iBoot and iBSS and iBEC via USB. It's completely open source; the source code is released under the terms of the GNU GPL v3. The full license text can be found in the LICENSE file on github. Please note that there is no official compiled version available.
It currently connects to:
- 0x1227 (DFU Mode/WTF Mode 2.0)
- Recovery Mode 0x1281 (Recovery Mode/iBSS/iBEC)
Credits[edit source]
westbaer
Thanks[edit source]
pod2g, tom3q, planetbeing, geohot and posixninja.
Features[edit source]
DFU 2.0 (0x1227)[edit source]
It can upload a file, such as an iBSS, so that you can unplug and spawn a shell with 0x1281.
Recovery 2.0 (0x1281)[edit source]
File Uploading[edit source]
You can upload a file to 0x9000000 with the following syntax:
./iRecovery -f file
In newer builds that use libusb-1.0 this is now
./iRecovery -u file
Two-Way Shell[edit source]
You can spawn a shell to do all sorts of neat things with the syntax:
./iRecovery -s
Once it has spawned, you can type 'help' and iBoot will respond with its built-in command list.
Single Command[edit source]
./iRecovery -c "command"
Sends a single command to the device *without* spawning a shell.
usb_control_msg(0x21, 2) Exploit Command[edit source]
./iRecovery -k
Sends Chronic Dev's + Geohot's latest usb exploit. Implemented into blackra1n. This was updated near 17 October 2009. posixninja's fork Archived 2009-10-23 at the Wayback Machine In newer builds this is now -e
Auto Boot[edit source]
You can now enable auto-boot by running:
./iRecovery -a
or by sending /auto-boot in a shell.
In newer builds it is now:
./iRecovery -n
USB Reset[edit source]
Reset USB
./iRecovery -r
Batch Scripting[edit source]
iRecovery now supports batch scripting, this allows you to send commands to iBoot from a pre written list of commands, this also supports scripting such as /auto-boot and /upload <file>
./iRecovery -b <file>
or in a shell:
/batch <file>
Raw Commands[edit source]
You can now send raw commands via the -x21 -x40 or -xA1 flags
Example Output[edit source]
iRecovery -s
======================================
::
:: iBSS for n82ap, Copyright 2009, Apple Inc.
::
:: BUILD_TAG: iBoot-596.24
::
:: BUILD_STYLE: RELEASE
::
:: USB_SERIAL_NUMBER: CPID:8900 CPRV:30 CPFM:03 SCEP:05 BDID:04 ECID:000003293C113D76 IBFL:00
::
=======================================
Entering recovery mode, starting command prompt
] printenv
build-style = "RELEASE"
build-version = "iBoot-596.24"
config_board = "n82ap"
loadaddr = "0x9000000"
boot-command = "fsboot"
bootdelay = "0"
auto-boot = "true"
idle-off = "true"
boot-device = "nand0"
boot-partition = "0"
boot-path = "/System/Library/Caches/com.apple.kernelcaches/kernelcache.s5l8900x"
display-color-space = "RGB888"
display-timing = "optC"
framebuffer = "0xfd00000"
secure-boot = "0x1"
Supported Raw Commands[edit source]
Currently Supported by All Firmware:
Reboot - Reboots Iphone
More IBoot Commands Information:
http://code.google.com/p/chronicdev/wiki/iBootCommands
NOTE: 'bgcolor' appears to be no longer supported -- requires confirmation.
Forks[edit source]
Updates[edit source]
- A C++ port is also in the works dubbed iRecovery++ (by GreySyntax) can be found at GitHub/NSPwn/iRecoveryplusplus
- libiRecovery 2.0 in development by OpenJailBreak.org[dead link]
- A VB.NET GUI port for Windows has been made under the name Zeratul.
Download[edit source]
- Chronic-Dev - libiRecovery (Mac OS X | Linux | Windows)
- GreySyntax - iRecovery++ (Mac OS X| Linux | Windows (Possibly))
Note: Source only.