extraire (verb): to extract
Simple program to dump onboard SHSH blobs with a valid generator for jailbroken iOS devices. Supports Windows, macOS and Linux.
This program dumps the IMG4 ApTicket from /dev/disk1 on the device, copies it to your computer and converts it to a valid SHSH blob, no external dependencies required.
Even though the dumped SHSH blob is valid, you will still be limited by a few factors:
- SEP/Baseband/Rose firmware compatibility with the currently signed iOS version
- If you've updated to your current iOS version with the Settings app, you cannot use the dumped blob without a bootROM exploit (e.g. checkm8).
OpenSSH Server installed on your jailbroken device. That's it!
pip install -U extraire
Standalone binaries for Windows, macOS and Linux can be found here.
You will need to allow executable permission for macOS and Linux after downloading.
Run chmod +x /path/to/extraire in a terminal (replace /path/to/extraire with the
actual path).
Run extraire only for an interactive guide.
❯ extraire --help
usage: extraire [-h] [-p PASSWORD] [-o OUTPUT] [--non-interactive] [HOST[:PORT]]
positional arguments:
HOST[:PORT] The device's IP address
optional arguments:
-h, --help show this help message and exit
-p PASSWORD, --password PASSWORD
The device's root user password
-o OUTPUT, --output OUTPUT
Where to save the dumped blob
--non-interactive Don't interactively ask for missing value
(assume default if missing)
Clone this repo, install the dependencies with poetry install or pip install ., and
run python3 -m extraire
To build a wheel, do poetry build.
tihmstar: without his img4tool code I wouldn't be able to write code for dealing with IMG4s in Python.
