Skip to content

Latest commit

 

History

History
executable file
·
88 lines (57 loc) · 4.57 KB

README.md

File metadata and controls

executable file
·
88 lines (57 loc) · 4.57 KB

ODTS

What is ODTS?

Script for mounting volumes on Checkm8 vulnerable iOS devices via Ramdisk

More info - A tool that mounts the internal storage of a T2 machine as a volume. Particularly useful when that machine is inoperable or not functioning due to bad graphics or processor (provided the boards faults aren't shorting out lines that power the FLASH or the T2 co-processor). This is similar to the approach that Apple ASP repair centers take prior to repair attempts on a malfunctining logic board. This tool allows a standard user the ability to functionally perform a data transfer setup diagnostic on a T8012 capable device.

DISCLAIMER

MACOS ONLY - Don't ask for Windows support This is not a finished tool and is very much so a work in progress.

Current device support

  • T8012 T2 devices.

Dependencies

  • Python3 and Python2 (installed with a normal python3 instillation)
  • Python dependencies the script uses are installed automatically if not available when the script loads. You may veiw them in the requirements.txt file.
  • Valid python system root certificate - May be generated by Install Certificates.command at "/Applications/Python 3.x on Mac"

Usage

E.G './odts.py -i iBridge2,5 6.1 --amfi'

Ontrack Data Transfer Setup - A tool for signing and loading firmware images that allow us to ramdisk and mount the volume on T2 Mac devices. Written by Martin, @hotshotmc.

optional arguments:
  -h, --help          show this help message and exit
  -i, --ios   iOS version you wish to boot (DEVICE IOS)
  -q, --ipsw  Path to downloaded IPSW (PATH DEVICE)
  -b, --bootlogo  Path to .PNG you wish to use as a custom Boot Logo (LOGO)
  -p, --pwn           Enter PWNDFU mode, which will also apply signature patches
  --amfi              Apply AMFI patches to kernel (Beta)
  --debug             Send verbose boot log to serial for debugging
  -d, --dualboot  Name of system partition you wish to boot (e.g disk0s1s3 or disk0s1s6)
  -a, --bootargs      Custom boot-args, will prompt user to enter, don't enter a value upon running ODTS (Default is '-v')
  -v, --version       List the version of the tool
  -c, --credits       List credits
  -f, --fix           Fix img4tool/irecovery related issues

EXAMPLE USAGE: ./odts.py -i iBridge2,5 6.1  --amfi

Instructions

  1. cd into the ODTS directory
  2. Run pip3 install -r requirements.txt
  3. Connect your device in DFU mode to your computer
  4. Run ODTS with your desiered options - E.G 'python3 odts.py -i iBridge2,5 6.1'
  5. If all worked correctly device should mount as a volume once the Ramdisk is pushed to it, this can be accessed in diskutility in MacOS
  6. Enjoy!

Known Issues

After a fresh or new install of python the system root certificate is not generated by default. Tmhis may generate an error indicating that python is unable to find the system certificates. It is sometimes necessary to install the system root certificate by running a file called "Install Certificates.command" in your pythons root install directory ("/Applications/Python 3.x on Mac" ). This will generate a system certificate and get passed errors that may be stemming from not having a valid system root certificate.

Credits

[Me] HotshotMC - https://twitter.com/themsukid

[Matty] (moski)

axi0mX - ipwndfu/checkm8

Thimstar - img4tool, tsschecker, iBoot64Patcher

Linus Henze - Fugu

akayn - A11 sigcheckremover support

realnp - ibootim

dayt0n - kairos

Marco Grassi - PartialZip

Merculous - ios-python-tools (iphonewiki.py for keys)

0x7ff - Eclipsa

libimobiledevice team - irecovery

Ralph0045 - dtree_patcher/Kernel64Patcher

mcg29_ - amfi patching stuff

dora2ios - iPwnder32 (A7 checkm8)