summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/idevicerestore.c2
-rw-r--r--src/tss.c40
-rw-r--r--src/tss.h2
3 files changed, 33 insertions, 11 deletions
diff --git a/src/idevicerestore.c b/src/idevicerestore.c
index 3026551..b4127a2 100644
--- a/src/idevicerestore.c
+++ b/src/idevicerestore.c
@@ -548,7 +548,7 @@ int get_shsh_blobs(struct idevicerestore_client_t* client, uint64_t ecid, plist_
plist_t response = NULL;
*tss = NULL;
- request = tss_create_request(build_identity, ecid);
+ request = tss_create_request(build_identity, ecid, NULL, 0);
if (request == NULL) {
error("ERROR: Unable to create TSS request\n");
return -1;
diff --git a/src/tss.c b/src/tss.c
index eac3d32..d273f15 100644
--- a/src/tss.c
+++ b/src/tss.c
@@ -27,6 +27,7 @@
#include "tss.h"
#include "img3.h"
+#include "common.h"
#include "idevicerestore.h"
#define ECID_STRSIZE 0x20
@@ -36,7 +37,7 @@ typedef struct {
char* content;
} tss_response;
-plist_t tss_create_request(plist_t build_identity, uint64_t ecid) {
+plist_t tss_create_request(plist_t build_identity, uint64_t ecid, unsigned char* nonce, int nonce_size) {
uint64_t unique_build_size = 0;
char* unique_build_data = NULL;
plist_t unique_build_node = plist_dict_get_item(build_identity, "UniqueBuildID");
@@ -82,18 +83,28 @@ plist_t tss_create_request(plist_t build_identity, uint64_t ecid) {
error("ERROR: Unable to get ECID\n");
return NULL;
}
- snprintf(ecid_string, ECID_STRSIZE, "%qu", ecid);
+ snprintf(ecid_string, ECID_STRSIZE, "%qu", (long long unsigned int)ecid);
// Add build information to TSS request
plist_t tss_request = plist_new_dict();
+ plist_dict_insert_item(tss_request, "@APTicket", plist_new_bool(1));
+ plist_dict_insert_item(tss_request, "@BBTicket", plist_new_bool(1));
plist_dict_insert_item(tss_request, "@HostIpAddress", plist_new_string("192.168.0.1"));
- plist_dict_insert_item(tss_request, "@HostPlatformInfo", plist_new_string("darwin"));
- plist_dict_insert_item(tss_request, "@VersionInfo", plist_new_string("3.8"));
+ plist_dict_insert_item(tss_request, "@HostPlatformInfo", plist_new_string("mac"));
plist_dict_insert_item(tss_request, "@Locality", plist_new_string("en_US"));
- plist_dict_insert_item(tss_request, "ApProductionMode", plist_new_bool(1));
- plist_dict_insert_item(tss_request, "ApECID", plist_new_string(ecid_string));
- plist_dict_insert_item(tss_request, "ApChipID", plist_new_uint(chip_id));
+ char* guid = generate_guid();
+ if (guid) {
+ plist_dict_insert_item(tss_request, "@UUID", plist_new_string(guid));
+ free(guid);
+ }
+ plist_dict_insert_item(tss_request, "@VersionInfo", plist_new_string("libauthinstall-107.3"));
plist_dict_insert_item(tss_request, "ApBoardID", plist_new_uint(board_id));
+ plist_dict_insert_item(tss_request, "ApChipID", plist_new_uint(chip_id));
+ plist_dict_insert_item(tss_request, "ApECID", plist_new_string(ecid_string));
+ if (nonce && (nonce_size > 0)) {
+ plist_dict_insert_item(tss_request, "ApNonce", plist_new_data(nonce, nonce_size));
+ }
+ plist_dict_insert_item(tss_request, "ApProductionMode", plist_new_bool(1));
plist_dict_insert_item(tss_request, "ApSecurityDomain", plist_new_uint(security_domain));
plist_dict_insert_item(tss_request, "UniqueBuildID", plist_new_data(unique_build_data, unique_build_size));
free(unique_build_data);
@@ -120,6 +131,11 @@ plist_t tss_create_request(plist_t build_identity, uint64_t ecid) {
return NULL;
}
+ if (strcmp(key, "BasebandFirmware") == 0) {
+ free(key);
+ continue;
+ }
+
plist_t tss_entry = plist_copy(manifest_entry);
plist_dict_insert_item(tss_request, key, tss_entry);
free(key);
@@ -154,7 +170,9 @@ plist_t tss_send_request(plist_t tss_request) {
CURL* handle = curl_easy_init();
if (handle != NULL) {
struct curl_slist* header = NULL;
- header = curl_slist_append(header, "Content-type: text/xml");
+ header = curl_slist_append(header, "Cache-Control: no-cache");
+ header = curl_slist_append(header, "Content-type: text/xml; charset=\"utf-8\"");
+ header = curl_slist_append(header, "Expect:");
response = malloc(sizeof(tss_response));
if (response == NULL) {
@@ -165,7 +183,7 @@ plist_t tss_send_request(plist_t tss_request) {
response->length = 0;
response->content = malloc(1);
- curl_easy_setopt(handle, CURLOPT_WRITEFUNCTION, &tss_write_callback);
+ curl_easy_setopt(handle, CURLOPT_WRITEFUNCTION, (curl_write_callback)&tss_write_callback);
curl_easy_setopt(handle, CURLOPT_WRITEDATA, response);
curl_easy_setopt(handle, CURLOPT_HTTPHEADER, header);
curl_easy_setopt(handle, CURLOPT_POSTFIELDS, request);
@@ -185,6 +203,10 @@ plist_t tss_send_request(plist_t tss_request) {
curl_global_cleanup();
if (strstr(response->content, "MESSAGE=SUCCESS") == NULL) {
+ error("ERROR: TSS request failed\n");
+ if (response->length > 0) {
+ error("TSS server returned: %s\n", response->content);
+ }
free(response->content);
free(response);
return NULL;
diff --git a/src/tss.h b/src/tss.h
index d45c74c..8fea407 100644
--- a/src/tss.h
+++ b/src/tss.h
@@ -29,7 +29,7 @@ extern "C" {
#include <plist/plist.h>
plist_t tss_send_request(plist_t request);
-plist_t tss_create_request(plist_t build_identity, uint64_t ecid);
+plist_t tss_create_request(plist_t build_identity, uint64_t ecid, unsigned char* nonce, int nonce_size);
int tss_get_entry_path(plist_t tss, const char* entry, char** path);
int tss_get_blob_by_path(plist_t tss, const char* path, char** blob);
int tss_get_blob_by_name(plist_t tss, const char* entry, char** blob);