David Buchanan DavidBuchanan314

## README.md

      
              2 files
            
          
              0 forks
            
          
              0 comments
            
          
              2 stars
            
          
                DavidBuchanan314
                / README.md
            
            
              Last active
              January 21, 2024 04:03
            
              
                Classic iPod software reinstall/restore without iTunes, on Linux
              
          
    iTunes-less Classic iPod Restore Guide

I have tested this on a classic 4th-gen monochrome "clickwheel" iPod. I imagine this process works similarly for iPods of the same era. I'm not the first person to do this, but a lot of documentation is on dead wikis and is generally hard to come by.
Extract your firmware image from an .ipsw file, set the IPOD and FW_IMAGE variables in the bash script, and run it as root. Then cross your fingers.
If everything worked, the partition layout should look something like this:
Disk /dev/sdc: 119.08 GiB, 127865454080 bytes, 249737215 sectors


## life.c
          #define F\
          for(i=l;i\
          <l*4; i++)
          main(){int
          i,j,w=512,
                    n,l=w*w,o[
                    ]={~w,-w,-
                    w+1,-1,1,w
                    -1,w,w+1},
                    b[l*5];F b

## GetMeIn.c
/*
Decompiled from GetMeIn: https://forum.xda-developers.com/web-os/general/getmein-one-time-rooting-jailbreaking-t3887904

tl;dr it scans memory for its own `struct cred` in memory, changes its uid/gids to root.
*/

int __fastcall do_the_patching(uint8_t *a1, unsigned __int8 *creds, int a3, unsigned int a4)
{
  int i; // [sp+20h] [bp-Ch]
  uint8_t *memptr; // [sp+24h] [bp-8h]

## procdump.py
import mmap
import sys


PID = int(sys.argv[1])
outdir = sys.argv[2]


mem = open("/proc/{}/mem".format(PID), "rb")

## ptr2obj.py
# import nothing
"""
Tested in cpython 3.6, 3.8 (from the arch repos) on 64-bit arch linux
"""

nullfunc = lambda: None

#from types import CodeType, FunctionType
CodeType = nullfunc.__code__.__class__
FunctionType = nullfunc.__class__

## terse_aes_128.py
def xor_bytes(a, b):
	return bytearray([ai^bi for ai, bi in zip(a, b)])

def ff_divmod(r, b, q=0):
	while True:
		diff = r.bit_length() - b.bit_length()
		if diff < 0: break
		q ^= 1 << diff
		r ^= b << diff
	return q, r

## crash_chrome.txt
epic🏴󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁󠁁

## oeminfo.xml
<XrML>
	<BODY type="LICENSE" version="2.0">
		<ISSUED>2002-08-13T10:11</ISSUED>
		<DESCRIPTOR>
			<OBJECT type="OEM-Certificate">
				<ID type="MS-GUID">{67DB85BE-8627-47A3-B13A-FE3C6C63AE0F}</ID>
				<NAME>Dell</NAME>
				<ADDRESS type="URL">www.dell.com</ADDRESS>
			</OBJECT>
		</DESCRIPTOR>

## dell_axim_x3_romdump.cpp
#include "stdafx.h"

static unsigned char *rom = (unsigned char *) 0x80000000L;
const size_t rom_size = 0x4000000, block_size = 0x10000;

int WINAPI WinMain(	HINSTANCE hInstance,
					HINSTANCE hPrevInstance,
					LPTSTR    lpCmdLine,
					int       nCmdShow)
{

## fast_sideways_xor.py
import random
import time

def cursed(x):
	return format(x, "b").count("1") % 2

def woke(x):
	while x > 1:
		midpoint = x.bit_length()//2
		mask = (1<<midpoint)-1
	#define F\
	for(i=l;i\
	<l*4; i++)
	main(){int
	i,j,w=512,
	n,l=w*w,o[
	]={~w,-w,-
	w+1,-1,1,w
	-1,w,w+1},
	b[l*5];F b
	/*
	Decompiled from GetMeIn: https://forum.xda-developers.com/web-os/general/getmein-one-time-rooting-jailbreaking-t3887904

	tl;dr it scans memory for its own `struct cred` in memory, changes its uid/gids to root.
	*/

	int __fastcall do_the_patching(uint8_t a1, unsigned __int8 creds, int a3, unsigned int a4)
	{
	int i; // [sp+20h] [bp-Ch]
	uint8_t *memptr; // [sp+24h] [bp-8h]
	import mmap
	import sys


	PID = int(sys.argv[1])
	outdir = sys.argv[2]


	mem = open("/proc/{}/mem".format(PID), "rb")
	# import nothing
	"""
	Tested in cpython 3.6, 3.8 (from the arch repos) on 64-bit arch linux
	"""

	nullfunc = lambda: None

	#from types import CodeType, FunctionType
	CodeType = nullfunc.__code__.__class__
	FunctionType = nullfunc.__class__
	def xor_bytes(a, b):
	return bytearray([ai^bi for ai, bi in zip(a, b)])

	def ff_divmod(r, b, q=0):
	while True:
	diff = r.bit_length() - b.bit_length()
	if diff < 0: break
	q ^= 1 << diff
	r ^= b << diff
	return q, r
	<XrML>
	<BODY type="LICENSE" version="2.0">
	<ISSUED>2002-08-13T10:11</ISSUED>
	<DESCRIPTOR>
	<OBJECT type="OEM-Certificate">
	<ID type="MS-GUID">{67DB85BE-8627-47A3-B13A-FE3C6C63AE0F}</ID>
	<NAME>Dell</NAME>
	<ADDRESS type="URL">www.dell.com</ADDRESS>
	</OBJECT>
	</DESCRIPTOR>
	#include "stdafx.h"

	static unsigned char rom = (unsigned char ) 0x80000000L;
	const size_t rom_size = 0x4000000, block_size = 0x10000;

	int WINAPI WinMain( HINSTANCE hInstance,
	HINSTANCE hPrevInstance,
	LPTSTR lpCmdLine,
	int nCmdShow)
	{
	import random
	import time

	def cursed(x):
	return format(x, "b").count("1") % 2

	def woke(x):
	while x > 1:
	midpoint = x.bit_length()//2
	mask = (1<<midpoint)-1