summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar Nikias Bassen2013-04-24 14:12:33 +0200
committerGravatar Nikias Bassen2013-04-24 14:12:33 +0200
commit89078bb47ff20ea5de1d665272552fd16e8b2d18 (patch)
treec638673ce6f0a37e8217475ad1f4af3253f2e428
parentddf0da04e26d634eb459a6d4a0d452d34c62e83b (diff)
downloadidevicerestore-89078bb47ff20ea5de1d665272552fd16e8b2d18.tar.gz
idevicerestore-89078bb47ff20ea5de1d665272552fd16e8b2d18.tar.bz2
limera1n: use chip_id constants from libirecovery to detect device model
-rw-r--r--src/limera1n.c17
1 files changed, 11 insertions, 6 deletions
diff --git a/src/limera1n.c b/src/limera1n.c
index 29cb02a..5d9eb4f 100644
--- a/src/limera1n.c
+++ b/src/limera1n.c
@@ -36,20 +36,25 @@ int limera1n_exploit(struct irecv_device *device, irecv_client_t *pclient)
unsigned char shellcode[0x800];
unsigned int max_size = 0x24000;
//unsigned int load_address = 0x84000000;
- unsigned int stack_address = 0x84033F98;
- unsigned int shellcode_address = 0x84023001;
+ unsigned int stack_address = 0;
+ unsigned int shellcode_address = 0;
unsigned int shellcode_length = 0;
-
- if (device->chip_id == 8930) {
+ if (device->chip_id == irecv_devices[DEVICE_IPHONE4].chip_id) {
max_size = 0x2C000;
stack_address = 0x8403BF9C;
shellcode_address = 0x8402B001;
- }
- if (device->chip_id == 8920) {
+ } else if (device->chip_id == irecv_devices[DEVICE_IPHONE3GS].chip_id) {
max_size = 0x24000;
stack_address = 0x84033FA4;
shellcode_address = 0x84023001;
+ } else if (device->chip_id == irecv_devices[DEVICE_IPOD3G].chip_id) {
+ max_size = 0x24000;
+ stack_address = 0x84033F98;
+ shellcode_address = 0x84023001;
+ } else {
+ error("Unsupported ChipID 0x%04x. Can't exploit with limera1n.\n", device->chip_id);
+ return -1;
}
memset(shellcode, 0x0, 0x800);