2022-06-28 23:06:23 -04:00
#+OPTIONS : toc:nil
2021-11-17 01:37:55 -05:00
* iPad Jailbreaking/Downgrading
2022-06-28 23:22:14 -04:00
** iPad 1: just use [[http://3u.com/][3utools]] to update/restore and jailbreak
2021-11-17 01:37:55 -05:00
** iPad2,3 or iPad3,2
2022-06-28 23:22:14 -04:00
We want to be on an untethered jailbreak, which seems to mean iOS 8.4.1. Some sources claim it is also noticably faster
2021-11-17 01:37:55 -05:00
*** steps:
1. JB with Phoenix (via https://jailbreaks.app/legacy.html or 3uTools)
2. Follow instructions here to downgrade to 8.4.1: [[http://www.3u.com/news/articles/5841/untethered-downgrade-iphone-5-ipad234-ipad-mini-to-ios841-without-shsh ][Untethered Downgrade iPhone 5/iPad 2,3,4/iPad mini to iOS 8.4.1 without SHSH ]]
- Use 3uTools v2.55, or it will hang! (as per https://twitter.com/3utools/status/1455107861172797449)
- specifically, 2.58 was bugged at time of testing
- can be downloaded from http://www.3u.com/update-log
- for iPad3,2: Use [[https://github.com/LukeZGD/iOS-OTA-Downgrader/ ][iOS-OTA-Downgrader ]] to enter kDFU instead of kDFUApp
- Ideally this would work for the whole downgrade, but it was a bit buggy :(
3. install jailbreak (preferably daibutsu):
- https://github.com/LukeZGD/iOS-OTA-Downgrader/wiki/Jailbreaking
- used Sideloadly on MacOS
- daibutsu did not support iPad2,3 so EtasonJB was used
2022-06-27 23:12:14 -04:00
2022-06-28 23:22:14 -04:00
* Initial Setup
1. install "openssh" and "apt 0.7 strict" via cydia
2. ssh with =ssh -o PubkeyAuthentication=no mobile@iPad= , password =alpine=
3. =su= to root (also password =alpine= )
4. change passwords for mobile and root users
5. =apt-get install sudo vim=
6. edit =/etc/sudoers= to allow =wheel=
7. edit =/etc/group= to add mobile to =wheel=
8. run =initial-setup.yml= playbook
- sets up ssh pubkey auth
- installs Python 2.7, needed for most ansible commands (retrieved from https://github.com/linusyang/python-for-ios/releases)
9. run =ipads.yml= playbook
- installs [[https://cydia.akemi.ai/?page/net.angelxwind.mikoto ][mikoto ]] to disable OTA update notifications (and some other things)
- installs libactivator
- installs =Maximization= (=be.rud0lf77.maximization= ) for fullscreen/status bar hide
- makes a webclip for https://reservations.claremontmakerspace.org, with tools defined in =hosts= file
2021-11-17 02:24:06 -05:00
2022-06-28 23:22:14 -04:00
* Other notes
** iPad lock/unlock via activator
2021-11-17 01:37:55 -05:00
#+begin_src bash
2022-06-28 23:22:14 -04:00
activator send libactivator.system.sleepbutton # lock
activator send libactivator.lockscreen.dismiss # unlock
2021-11-17 01:37:55 -05:00
#+end_src
2022-06-28 23:22:14 -04:00
- Use Activator to schedule
- might just be easier to config manually
- activator config is in =/private/var/mobile/Library/Caches/libactivator.plist=
- can't do =LAScheduledEvents= events via =activator set=
** Fullscreen/status bar hide
- =Maximization= (=be.rud0lf77.maximization= ) seems to work fine on iPad 1/2/3 and doesn't need to be applied manually
- =Monocle= (=com.rpetrich.monocle= ) works on iPad 2/3, but not iPad 1
2021-11-17 01:37:55 -05:00
2022-06-28 23:22:14 -04:00
** Editing preferences
- can use plutil from http://repo.bingner.com/ to convert from/to binary plist
- to restart the preferences daemon after editing a plist:
#+begin_src bash
launchctl kickstart -k system/com.apple.cfprefsd.xpc.daemon
#+end_src
** Making a webclip
- can place an Info.plist and icon into =~/Library/WebClips/<whatever>.webclip= then respring and it kind of just works
- can launch with =activator send com.apple.webapp= maybe?
2021-11-17 01:37:55 -05:00
- only seems to work when it is already running (ie to switch to it, not launch it)
2022-06-28 23:22:14 -04:00
** Kiosk mode
- in iOS >=6, just use guided access
- in iOS <=7, maybe use IncarcerApp
** Let's Encrypt certificates
- Can install cert PEM via gui, probably too much of a pain to automate it
- profile installed as =/User/Library/ConfigurationProfiles/<something>.stub=
- enabled in =/User/Library/ConfigurationProfiles/PayloadManifest.plist=
- cert also enabled/trusted somewhere else?
- seems like it will only install one cert per pem, so install ISRG root cert