Requirements

Hardware

1. Computer on OS X. Should be possible to use Linux or even Windows, but I only consider OS X


2. Jailbroken 32-bit iOS device with tfp0 patched on 5.0+

Software

On computer

1. xpwn - bunch of tools for interaction with IMG3 files, RootFS DMG images, etc. Available on GitHub


2. reimagine - tool for interaction with IMG3 files written by @danzatt. You may use xpwntool instead, but in my case it often produced broken IMG3s (specially logos). Available on GitHub


3. imagine - another tool for interaction with IMG3 files written by @Morpheus______. It includes Device Tree parser, we'll need it to verify patched Device Trees. Available on The iPhone Wiki (in External Links)


4. image3maker - utility for packing raw images into IMG3 containers. Available on GitHub


5. iRecovery - tool for interacting with iBoot shell. Available on GitHub


6. Some hexadecimal editor, use your favorite


7. Some disassembler. For example, IDA Pro. This is expensive thing, but should be possible to find leaked versions


8. ida_patcher - tool for applying .dif files produced by IDA Pro. Available on GitHub. You should be able to use hex-editor instead though


9. SSH client. Should be built-in on OS X and Linux


10. iBoot32Patcher - tool written by @iH8sn0w. Patches iOS bootloaders out of signature checks, inject boot-args, etc. Available on GitHub

On device

1. OpenSSH - allows you access device's command shell remotely and transfer files. Available in Cydia


2. dualbootstuff package. It contains gptfdisk, hfs_resize, kloader and other tools we'll use. Available in my Cydia repository (nyansatan.github.io/apt)


3. diskdev-cmds package. Just for umount. Available in Cydia


4. nano - CLI text editor we'll use it to edit fstab and launchd.conf. Available in Cydia


5. Way Out - GUI in the spirit of classical Setup.app for kloader/multi_kloader. We'll use it to boot second iOS. Available in my Cydia repository

> Part 1: Preparing Root FS