cfw_install: handle pre-decrypted DMGs from restore_offline#334
Open
renegadelink wants to merge 1 commit into
Open
cfw_install: handle pre-decrypted DMGs from restore_offline#334renegadelink wants to merge 1 commit into
renegadelink wants to merge 1 commit into
Conversation
restore_offline (Makefile) decrypts .dmg.aea files in place and mv's
the decrypted DMG back over the original .aea path. Subsequent runs of
cfw_install.sh / cfw_install_dev.sh then call `ipsw fw aea --key` on a
file that no longer has the AEA1 magic and abort with:
failed to parse AEA: invalid AEA header: found '...' expected 'AEA1'
Check for the AEA1 magic first; copy the file straight to the cached
CryptexSystemOS.dmg when it's already a raw DMG.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Collaborator
|
nice!, once I get some time to test it and verify it works and there are no regressions I will merge this |
Contributor
There was a problem hiding this comment.
Pull request overview
Adjusts Cryptex SystemOS handling in the CFW install scripts to support make restore_offline, which may leave the BuildManifest cryptex path pointing at an already-decrypted raw DMG (still named *.aea) rather than an AEA container.
Changes:
- Detects whether the SystemOS image starts with the
AEA1magic before runningipsw fw aea --key/aea decrypt. - If the image is not
AEA1, treats it as already-decrypted and copies it directly to the cachedCryptexSystemOS.dmg. - Applies the same logic to both
cfw_install.shandcfw_install_dev.sh.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| scripts/cfw_install.sh | Gate AEA key extraction/decryption on AEA1 header; copy-through when the image is already a DMG. |
| scripts/cfw_install_dev.sh | Mirrors the same AEA1 header check and DMG copy-through behavior for the dev installer flow. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| echo " key: $AEA_KEY" | ||
| echo " Decrypting SystemOS..." | ||
| aea decrypt -i "$RESTORE_DIR/$CRYPTEX_SYSOS" -o "$SYSOS_DMG" -key-value "$AEA_KEY" | ||
| if [[ "$(xxd -l 4 -p "$RESTORE_DIR/$CRYPTEX_SYSOS")" == "41454131" ]]; then |
Comment on lines
248
to
+251
| if [[ ! -f "$SYSOS_DMG" ]]; then | ||
| echo " Extracting AEA key..." | ||
| AEA_KEY=$(ipsw fw aea --key "$RESTORE_DIR/$CRYPTEX_SYSOS") | ||
| echo " key: $AEA_KEY" | ||
| echo " Decrypting SystemOS..." | ||
| aea decrypt -i "$RESTORE_DIR/$CRYPTEX_SYSOS" -o "$SYSOS_DMG" -key-value "$AEA_KEY" | ||
| if [[ "$(xxd -l 4 -p "$RESTORE_DIR/$CRYPTEX_SYSOS")" == "41454131" ]]; then | ||
| echo " Extracting AEA key..." | ||
| AEA_KEY=$(ipsw fw aea --key "$RESTORE_DIR/$CRYPTEX_SYSOS") |
Collaborator
|
sorry for taking a long time to review and test this, I am still working on the 26.4 fix, so I didn't have time to yet |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
make restore_offline(added in #311) decrypts.dmg.aeacrypteximages in place — it
mvs the decrypted DMG back over the original.aeafilename so the BuildManifest path keeps working. However,cfw_install.shandcfw_install_dev.shthen unconditionally callipsw fw aea --keyon that same path, which fails because the fileno longer has the
AEA1magic:This patch checks the first 4 bytes for the
AEA1magic beforeinvoking
ipsw fw aea/aea decrypt. When the file is already araw DMG (post-
restore_offline), it's copied straight to the cachedCryptexSystemOS.dmginstead.Repro
make restore_offline(decrypts AEA images in place)make cfw_install_jb(orcfw_install/cfw_install_dev)🤖 Generated with Claude Code