From 08d610d5811ed0aa3fecf48ff9e9cee2190b1981 Mon Sep 17 00:00:00 2001
From: Nikias Bassen
Date: Tue, 14 Nov 2017 04:22:28 +0800
Subject: Fix Savage firmware updating for FaceID (iPhone X)

While the restore was succeeding, FaceID wasn't available on the device.
It turned out that the Savage Firmware data sent to the device requires
a simple header that we didn't send along.
---
 src/restore.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/src/restore.c b/src/restore.c
index 85e34f4..83eef83 100644
--- a/src/restore.c
+++ b/src/restore.c
@@ -38,6 +38,7 @@
 #include "ipsw.h"
 #include "restore.h"
 #include "common.h"
+#include "endianness.h"
 
 #define CREATE_PARTITION_MAP          11
 #define CREATE_FILESYSTEM             12
@@ -1865,6 +1866,7 @@ plist_t restore_get_savage_firmware_data(restored_client_t restore, struct idevi
 	char *comp_path = NULL;
 	unsigned char* component_data = NULL;
 	unsigned int component_size = 0;
+	unsigned char* component_data_tmp = NULL;
 	plist_t fwdict = NULL;
 	plist_t parameters = NULL;
 	plist_t request = NULL;
@@ -1933,6 +1935,17 @@ plist_t restore_get_savage_firmware_data(restored_client_t restore, struct idevi
 		error("ERROR: No 'Savage,Ticket' in TSS response, this might not work\n");
 	}
 
+	component_data_tmp = realloc(component_data, (size_t)component_size+16);
+	if (!component_data_tmp) {
+		free(component_data);
+		return NULL;
+	}
+	component_data = component_data_tmp;
+	memmove(component_data + 16, component_data, (size_t)component_size);
+	memset(component_data, '\0', 16);
+	*(uint32_t*)(component_data + 4) = htole32((uint32_t)component_size);
+	component_size += 16;
+
 	plist_dict_set_item(response, "FirmwareData", plist_new_data((char*)component_data, (uint64_t) component_size));
 	free(component_data);
 	component_data = NULL;
-- 
cgit v1.1-32-gdbae