-
-
Notifications
You must be signed in to change notification settings - Fork 273
Emulator File Setup
Caution
Do not share any files, such as pre-made modified or unmodified images or decrypted, patched, modified or unmodified firmware, etc.
Do not share any IVs or keys.
Do not automate the download, setup, patching, or anything related or similar of images, firmware, and any other files.
That all surely violates Apple's EULA. EULA violations or any of the aforementioned actions may be a crime in your jurisdiction.
Warning
Do not put the files inside the build folder or source tree of the emulator, otherwise you have a high risk of losing them.
You must install pyasn1 and pyasn1-modules from your distribution's package manager (e.g. pacman, brew, apt, etc) or pip for the python scripts used in this guide.
Note
In some parts of the guide, Windows users might instead need to write py -3 instead of python3.
./QEMUAppleSilicon/build/qemu-img create -f raw root 16G
./QEMUAppleSilicon/build/qemu-img create -f raw firmware 8M
./QEMUAppleSilicon/build/qemu-img create -f raw syscfg 128K
./QEMUAppleSilicon/build/qemu-img create -f raw ctrl_bits 8K
./QEMUAppleSilicon/build/qemu-img create -f raw nvram 8K
./QEMUAppleSilicon/build/qemu-img create -f raw effaceable 4K
./QEMUAppleSilicon/build/qemu-img create -f raw panic_log 1M
./QEMUAppleSilicon/build/qemu-img create -f raw sep_nvram 64K
./QEMUAppleSilicon/build/qemu-img create -f raw sep_ssc 128KNote
The root can also be 32G.
Download iOS 14.0 beta 5 ipsw for iPhone12,1.
mkdir iPhone11_8_iPhone12_1_14.0_18A5351d_Restore && cd iPhone11_8_iPhone12_1_14.0_18A5351d_Restore
unzip ../iPhone11,8,iPhone12,1_14.0_18A5351d_Restore.ipsw
cd ..The largest file in iPhone11_8_iPhone12_1_14.0_18A5351d_Restore can be deleted as it's the main OS disk image.
The iOS version we are using is not signed, so we have to forge a ticket.
Use this script: https://git.chefkiss.dev/ChefKiss/QEMUAppleSiliconTools/raw/branch/master/create_apticket.py
For your convenience, a ticket shsh is also provided: https://git.chefkiss.dev/ChefKiss/QEMUAppleSiliconTools/raw/branch/master/ticket.shsh2
Run the script like this:
python3 create_apticket.py n104ap iPhone11_8_iPhone12_1_14.0_18A5351d_Restore/BuildManifest.plist ticket.shsh2 root_ticket.derCaution
Do not modify the generated ticket unless you are going to do a fresh restore. The ticket is required for all boot stages, even after installation completes.
Can't put a direct link here, Apple might get mad.
Google Apple ROM Collection, the result will certainly be secure and fun.
It must be Cebu B1 for t8030/iPhone 11.
Ticket Creation Script: https://git.chefkiss.dev/ChefKiss/QEMUAppleSiliconTools/raw/branch/master/create_septicket.py
img4 utility from https://github.com/xerub/img4lib
python3 create_septicket.py n104ap iPhone11_8_iPhone12_1_14.0_18A5351d_Restore/BuildManifest.plist ticket.shsh2 sep_root_ticket.derimg4 -i iPhone11_8_iPhone12_1_14.0_18A5351d_Restore/Firmware/all_flash/sep-firmware.n104.RELEASE.im4p -o sep-firmware.n104.RELEASE -k THE_SEP_FW_IV_AND_THE_SEP_FW_KEY_CONCATENATEDYou can find the keys by googling "iOS firmware keys".
img4 -A -F -o sep-firmware.n104.RELEASE.new.img4 -i sep-firmware.n104.RELEASE -M sep_root_ticket.der -T rsep -V ff86cbb5e06c820266308202621604696d706c31820258ff87a3e8e0730e300c1604747a3073020407d98000ff868bc9da730e300c160461726d73020400d20000ff87a389da7382010e3082010a160474626d730482010039643535663434646630353239653731343134656461653733396135313135323233363864626361653434386632333132313634356261323237326537366136633434643037386439313434626564383530616136353131343863663363356365343365656536653566326364636666336664313532316232623062376464353461303436633165366432643436623534323537666531623633326661653738313933326562383838366339313537623963613863366331653137373730336531373735616663613265313637626365353435626635346366653432356432653134653734336232303661386337373234386661323534663439643532636435ff87a389da7282010e3082010a160474626d720482010064643434643762663039626238333965353763383037303431326562353636343131643837386536383635343337613861303266363464383431346664343764383634336530313335633135396531393062656535643435333133363838653063323535373435333533326563303163363530386265383236333738353065623761333036343162353464313236306663313434306562663862343063306632646262616437343964643461656339376534656238646532346330663265613432346161613438366664663631363961613865616331313865383839383566343138643263366437363364303434363063393531386164353766316235636664