iRecovery is a libusb-based CLI utility for Mac OS X, Linux, and Windows. It is able to talk to iBoot and iBSS and iBEC via USB. It's completely open source; the source code is released under the terms of the GNU GPL v3. The full license text can be found in the LICENSE file on github. Please note that there is no official compiled version available.
It currently connects to:
- 0x1227 (DFU Mode/WTF Mode 2.0)
- Recovery Mode 0x1281 (Recovery Mode/iBSS/iBEC)
Credits
westbaer
Thanks
pod2g, tom3q, planetbeing, geohot and posixninja.
Features
DFU 2.0 (0x1227)
It can upload a file, such as an iBSS, so that you can unplug and spawn a shell with 0x1281.
Recovery 2.0 (0x1281)
File Uploading
You can upload a file to 0x9000000 with the following syntax:
./iRecovery -f file
In newer builds that use libusb-1.0 this is now
./iRecovery -u file
Two-Way Shell
You can spawn a shell to do all sorts of neat things with the syntax:
./iRecovery -s
Once it has spawned, you can type 'help' and iBoot will respond with its built-in command list.
Single Command
./iRecovery -c "command"
Sends a single command to the device *without* spawning a shell.
usb_control_msg(0x21, 2) Exploit Command
./iRecovery -k
Sends Chronic Dev's + Geohot's latest usb exploit. Implemented into blackra1n. This was updated near 17 October 2009. posixninja's fork [Archived 2009-10-23 at the Wayback Machine] In newer builds this is now -e
Auto Boot
You can now enable auto-boot by running:
./iRecovery -a
or by sending /auto-boot in a shell.
In newer builds it is now:
./iRecovery -n
USB Reset
Reset USB
./iRecovery -r
Batch Scripting
iRecovery now supports batch scripting, this allows you to send commands to iBoot from a pre written list of commands, this also supports scripting such as /auto-boot and /upload <file>
./iRecovery -b <file>
or in a shell:
/batch <file>
Raw Commands
You can now send raw commands via the -x21 -x40 or -xA1 flags
Example Output
iRecovery -s
====================================== :: :: iBSS for n82ap, Copyright 2009, Apple Inc. :: :: BUILD_TAG: iBoot-596.24 :: :: BUILD_STYLE: RELEASE :: :: USB_SERIAL_NUMBER: CPID:8900 CPRV:30 CPFM:03 SCEP:05 BDID:04 ECID:000003293C113D76 IBFL:00 :: ======================================= Entering recovery mode, starting command prompt ] printenv build-style = "RELEASE" build-version = "iBoot-596.24" config_board = "n82ap" loadaddr = "0x9000000" boot-command = "fsboot" bootdelay = "0" auto-boot = "true" idle-off = "true" boot-device = "nand0" boot-partition = "0" boot-path = "/System/Library/Caches/com.apple.kernelcaches/kernelcache.s5l8900x" display-color-space = "RGB888" display-timing = "optC" framebuffer = "0xfd00000" secure-boot = "0x1"
Supported Raw Commands
Currently Supported by All Firmware:
Reboot - Reboots Iphone
More IBoot Commands Information:
http://code.google.com/p/chronicdev/wiki/iBootCommands
NOTE: 'bgcolor' appears to be no longer supported -- requires confirmation.
Forks
Updates
- A C++ port is also in the works dubbed iRecovery++ (by GreySyntax) can be found at GitHub/NSPwn/iRecoveryplusplus
- libiRecovery 2.0 in development by OpenJailBreak.org[dead link]
- A VB.NET GUI port for Windows has been made under the name Zeratul.
Download
- Chronic-Dev - libiRecovery (Mac OS X | Linux | Windows)
- GreySyntax - iRecovery++ (Mac OS X| Linux | Windows (Possibly))
Note: Source only.