Tethered boot on linux via irecovery?

**zbyte** · 04-05-2012 02:06 PM

Hi @all,

i am trying to find a way to tetherboot my atv2 by using linux cmd tools. I used seasonpass
to build and flash the ipsw and also extracted the files used by seasonpass to do a tethered boot:

iBEC.k66ap.RELEASE.dfu
iBSS.k66ap.RELEASE.dfu
kernelcache.release.k66

I found irecovery for linux on github (https://github.com/Chronic-Dev/libirecovery) which
compiles just fine, but is kinda "outdated" as last change was 5 months ago. I know there are
some forks of this, but nothing "up to date", so i don't even know if i can use irecovery to do this.

If i understand it correctly, i also need a proper iboot payload for ios5 (i guess limera1n bootrom
exploit, but where can i get it?), and of course i need to know how to use irecovery to do the
tethered boot. I googled alot and there seems to be little to no info how to do this...

Would be really nice, if someone could help me out here and thnx in advance :-)

**zbyte** · 04-05-2012 05:26 PM

Ok, just an update what i learned so far. limera1n bootrom exploit seems to work with all! iDevices (of course only a4).
I also found "syringe" on github (https://github.com/Chronic-Dev/syringe), which includes the limera1n payload, and some
nice utilities. One of them is "tetheretboot" which seems to be exactly what i was searching for.

You need an arm toolchain to compile it (no clue why), so you can use gnuarm or just use a precompiled :-) one, like this:
http://www.mikrocontroller.net/downl...inux-2.tar.bz2

It compiled just fine, and i can't wait to get home to actually test this:

Code:

tetheredboot -i iBSS.k66ap.RELEASE.dfu -k kernelcache.release.k66

**zbyte** · 04-10-2012 01:54 PM

Just a little update. It doesn't work with "chronic devs" syringe as it is to old (e.g. misses the iBEC upload possibility), but there is a fork from "msftguy" (https://github.com/msftguy/syringe) which is quite "up to date". Compiled it and tried it like this:

Code:

tetheredboot -i iBSS.k66ap.RELEASE.dfu  -b iBEC.k66ap.RELEASE.dfu  -k kernelcache.release.k66

It doesn't work :-( because it can't reconnect after uploading the iBSS file.

So i decided to dive into seasononpass's sourcecode (https://github.com/firecore/Seas0nPa...tAppDelegate.m, method tetheredBootNew) and compared it with tetheredboot. Its quite the same!

I also noticed that with seasonpass the atv2 changes the blinking frequency, short after the iBSS upload.
Therefore, i guess the problem is the usb communication, as there is little to no difference in source code.

So the search continues...