@veeence Not aware of a wiki page; generally, there are the following steps:
* Copy an existing bundle as a template
* Decrypt img3 kbags and put the keys into Info.plist - usually using an AES payload
* Use genpass utility with decrypted ramdisk to get the rootfs vfdecrypt key, put the key and rootfs volume name into Info.plist
* Unpack NOR files, ramdisk and kernelcache using AES keys, apply patches (for minor upgrades, you can apply byte pattern-based patches from previous version, so you don't have to use IDA for every file..)
* Patch asr from the restore ramdisk, use codesign or ldid to fix up its code page hashes.
* Use bsdiff utility to create diffs by diffing unpacked original vs patched files. For 3GS, the exception is LLB - you need to diff encrypted files, using -xn8824k xpwntool option to pack the patched file and append 24kPwn exploit.

Reply · Report Post