summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorGravatar Nikias Bassen2017-11-14 04:22:28 +0800
committerGravatar Nikias Bassen2017-11-14 04:22:28 +0800
commit08d610d5811ed0aa3fecf48ff9e9cee2190b1981 (patch)
tree2415c78ee61b79d7622f9015490dc35fd52a6627 /src
parentb023935f5e36fe32ce649dcf0a9a2f7291d281a6 (diff)
downloadidevicerestore-08d610d5811ed0aa3fecf48ff9e9cee2190b1981.tar.gz
idevicerestore-08d610d5811ed0aa3fecf48ff9e9cee2190b1981.tar.bz2
Fix Savage firmware updating for FaceID (iPhone X)
While the restore was succeeding, FaceID wasn't available on the device. It turned out that the Savage Firmware data sent to the device requires a simple header that we didn't send along.
Diffstat (limited to 'src')
-rw-r--r--src/restore.c13
1 files changed, 13 insertions, 0 deletions
diff --git a/src/restore.c b/src/restore.c
index 85e34f4..83eef83 100644
--- a/src/restore.c
+++ b/src/restore.c
@@ -38,6 +38,7 @@
#include "ipsw.h"
#include "restore.h"
#include "common.h"
+#include "endianness.h"
#define CREATE_PARTITION_MAP 11
#define CREATE_FILESYSTEM 12
@@ -1865,6 +1866,7 @@ plist_t restore_get_savage_firmware_data(restored_client_t restore, struct idevi
char *comp_path = NULL;
unsigned char* component_data = NULL;
unsigned int component_size = 0;
+ unsigned char* component_data_tmp = NULL;
plist_t fwdict = NULL;
plist_t parameters = NULL;
plist_t request = NULL;
@@ -1933,6 +1935,17 @@ plist_t restore_get_savage_firmware_data(restored_client_t restore, struct idevi
error("ERROR: No 'Savage,Ticket' in TSS response, this might not work\n");
}
+ component_data_tmp = realloc(component_data, (size_t)component_size+16);
+ if (!component_data_tmp) {
+ free(component_data);
+ return NULL;
+ }
+ component_data = component_data_tmp;
+ memmove(component_data + 16, component_data, (size_t)component_size);
+ memset(component_data, '\0', 16);
+ *(uint32_t*)(component_data + 4) = htole32((uint32_t)component_size);
+ component_size += 16;
+
plist_dict_set_item(response, "FirmwareData", plist_new_data((char*)component_data, (uint64_t) component_size));
free(component_data);
component_data = NULL;