-
-
Notifications
You must be signed in to change notification settings - Fork 228
Emulator File Setup
Caution
Do not share any files, such as pre-made modified or unmodified images or decrypted, patched, modified or unmodified firmware, etc. It surely violates Apple's EULA. However, if the EULA violation isn't a crime, the other cases aforementioned may be under your jurisdiction, check your local laws.
You must install pyasn1
from your distribution's package manager (e.g. pacman, brew, apt, etc) or pip for the python scripts used in this guide.
Note
In some parts of the guide, Windows users might instead need to write py -3
instead of python3
.
QEMUAppleSilicon/build/qemu-img create -f raw nvme.1 16G # or 32G
QEMUAppleSilicon/build/qemu-img create -f raw nvme.2 8M
QEMUAppleSilicon/build/qemu-img create -f raw nvme.3 128K
QEMUAppleSilicon/build/qemu-img create -f raw nvme.4 8K
QEMUAppleSilicon/build/qemu-img create -f raw nvram 8K
QEMUAppleSilicon/build/qemu-img create -f raw nvme.6 4K
QEMUAppleSilicon/build/qemu-img create -f raw nvme.7 1M
QEMUAppleSilicon/build/qemu-img create -f raw nvme.8 3M
QEMUAppleSilicon/build/qemu-img create -f raw sep_nvram 2K
QEMUAppleSilicon/build/qemu-img create -f raw sep_ssc 128K
Download iOS 14.0 beta 5 ipsw for iPhone12,1
.
mkdir iPhone11_8_iPhone12_1_14.0_18A5351d_Restore && cd iPhone11_8_iPhone12_1_14.0_18A5351d_Restore
unzip ../iPhone11,8,iPhone12,1_14.0_18A5351d_Restore.ipsw
The largest file in iPhone11_8_iPhone12_1_14.0_18A5351d_Restore
can be deleted as it's the main OS disk image.
The iOS version we are using is not signed, so we have to forge a ticket.
Use this script: https://github.com/ChefKissInc/QEMUAppleSiliconTools/raw/refs/heads/master/create_apticket.py
For your convenience, a ticket shsh is also provided: https://github.com/ChefKissInc/QEMUAppleSiliconTools/raw/refs/heads/master/ticket.shsh2
Run the script like this:
python3 create_apticket.py n104ap BuildManifest.plist ticket.shsh2 root_ticket.der
Caution
Do not modify the generated ticket unless you are going to do a fresh restore. The ticket is required for all boot stages, even after installation completes.
Can't put a direct link here, Apple might get mad.
Google Apple ROM Collection
, the result will certainly be secure and fun.
It must be Cebu B1 for t8030/iPhone 11.
Ticket Creation Script: https://github.com/ChefKissInc/QEMUAppleSiliconTools/raw/refs/heads/master/create_septicket.py
img4tool
utility from https://github.com/tihmstar/img4tool
img4
utility from https://github.com/xerub/img4lib
Download iOS 14.7.1 ipsw for iPhone12,1
.
Note
Only the firmware (sep-firmware.n104.RELEASE.img4
) itself should be taken from this ipsw. Files such as the BuildManifest
should be from 14.0 beta 5.
python3 create_septicket.py n104ap BuildManifest.plist ticket.shsh2 sep_root_ticket.der
mkdir temporary && cd temporary
unzip ../iPhone11,8,iPhone12,1_14.7.1_18G82_Restore.ipsw
cd ..
img4tool -e --iv THE_SEP_FW_IV --key THE_SEP_FW_KEY -o sep-firmware.n104.RELEASE temporary/Firmware/all_flash/sep-firmware.n104.RELEASE.img4
img4tool -t rsep -d ff86cbb5e06c820266308202621604696d706c31820258ff87a3e8e0730e300c1604747a3073020407e78000ff868bc9da730e300c160461726d73020400d84000ff87a389da7382010e3082010a160474626d730482010036373166326665363234636164373234643365353332633464666361393732373734353966613362326232366635643962323032383061643961303037666635323834393936383138653962303461336434633034393061663833313630633464356330313832396536633635303836313230666133346539663263323165373237316265623231636139386237386464303064363037326530366464393962666163623262616362623261373830613465636161303363326361333930303931636334613461666231623737326238646234623865653566663365636437373135306531626566333633303034336637373665666265313130316538623433ff87a389da7282010e3082010a160474626d720482010034626631393164373134353637356364306264643131616166373734386138663933373363643865666234383830613130353237633938393833666636366538396438333330623730626237623561333530393864653735353265646635373762656166363137353235613831663161393838373838613865346665363734653936633439353066346136366136343231366561356438653333613833653530353962333536346564633533393664353539653337623030366531633637343633623736306336333164393163306339363965366662373130653962333061386131396338333166353565636365393835363331643032316134363361643030 -c sep-firmware.n104.RELEASE.im4p sep-firmware.n104.RELEASE
img4 -F -o sep-firmware.n104.RELEASE.new.img4 -i sep-firmware.n104.RELEASE.im4p -M sep_root_ticket.der