From 58a0ad3e30bd61cb0c2e6bb62dec600305ea2368 Mon Sep 17 00:00:00 2001 From: Joshua Hill Date: Sat, 22 May 2010 01:39:16 -0400 Subject: Finished implemented TSS request and TSS response Removed base64.c/h since it's not needed with libplist --- src/Makefile.am | 2 +- src/Makefile.in | 20 +-- src/base64.c | 425 --------------------------------------------------- src/base64.h | 45 ------ src/idevicerestore.c | 42 +++-- src/idevicerestore.h | 31 ++++ src/tss.c | 195 +++++++++++++++++++---- src/tss.h | 8 +- 8 files changed, 236 insertions(+), 532 deletions(-) delete mode 100644 src/base64.c delete mode 100644 src/base64.h create mode 100644 src/idevicerestore.h (limited to 'src') diff --git a/src/Makefile.am b/src/Makefile.am index b876ecc..c295eb0 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -18,6 +18,6 @@ AM_LDFLAGS =\ bin_PROGRAMS = idevicerestore -idevicerestore_SOURCES = idevicerestore.c ipsw.c tss.c base64.c +idevicerestore_SOURCES = idevicerestore.c ipsw.c tss.c idevicerestore_CFLAGS = $(AM_CFLAGS) idevicerestore_LDFLAGS = $(AM_LDFLAGS) \ No newline at end of file diff --git a/src/Makefile.in b/src/Makefile.in index 2dc4e8a..713e1a2 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -48,8 +48,7 @@ CONFIG_CLEAN_VPATH_FILES = am__installdirs = "$(DESTDIR)$(bindir)" PROGRAMS = $(bin_PROGRAMS) am_idevicerestore_OBJECTS = idevicerestore-idevicerestore.$(OBJEXT) \ - idevicerestore-ipsw.$(OBJEXT) idevicerestore-tss.$(OBJEXT) \ - idevicerestore-base64.$(OBJEXT) + idevicerestore-ipsw.$(OBJEXT) idevicerestore-tss.$(OBJEXT) idevicerestore_OBJECTS = $(am_idevicerestore_OBJECTS) idevicerestore_LDADD = $(LDADD) idevicerestore_LINK = $(CCLD) $(idevicerestore_CFLAGS) $(CFLAGS) \ @@ -188,7 +187,7 @@ AM_LDFLAGS = \ $(libcurl_LIBS) \ $(libirecovery_LIBS) -idevicerestore_SOURCES = idevicerestore.c ipsw.c tss.c base64.c +idevicerestore_SOURCES = idevicerestore.c ipsw.c tss.c idevicerestore_CFLAGS = $(AM_CFLAGS) idevicerestore_LDFLAGS = $(AM_LDFLAGS) all: all-am @@ -272,7 +271,6 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/idevicerestore-base64.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/idevicerestore-idevicerestore.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/idevicerestore-ipsw.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/idevicerestore-tss.Po@am__quote@ @@ -333,20 +331,6 @@ idevicerestore-tss.obj: tss.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(idevicerestore_CFLAGS) $(CFLAGS) -c -o idevicerestore-tss.obj `if test -f 'tss.c'; then $(CYGPATH_W) 'tss.c'; else $(CYGPATH_W) '$(srcdir)/tss.c'; fi` -idevicerestore-base64.o: base64.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(idevicerestore_CFLAGS) $(CFLAGS) -MT idevicerestore-base64.o -MD -MP -MF $(DEPDIR)/idevicerestore-base64.Tpo -c -o idevicerestore-base64.o `test -f 'base64.c' || echo '$(srcdir)/'`base64.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/idevicerestore-base64.Tpo $(DEPDIR)/idevicerestore-base64.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='base64.c' object='idevicerestore-base64.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(idevicerestore_CFLAGS) $(CFLAGS) -c -o idevicerestore-base64.o `test -f 'base64.c' || echo '$(srcdir)/'`base64.c - -idevicerestore-base64.obj: base64.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(idevicerestore_CFLAGS) $(CFLAGS) -MT idevicerestore-base64.obj -MD -MP -MF $(DEPDIR)/idevicerestore-base64.Tpo -c -o idevicerestore-base64.obj `if test -f 'base64.c'; then $(CYGPATH_W) 'base64.c'; else $(CYGPATH_W) '$(srcdir)/base64.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/idevicerestore-base64.Tpo $(DEPDIR)/idevicerestore-base64.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='base64.c' object='idevicerestore-base64.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(idevicerestore_CFLAGS) $(CFLAGS) -c -o idevicerestore-base64.obj `if test -f 'base64.c'; then $(CYGPATH_W) 'base64.c'; else $(CYGPATH_W) '$(srcdir)/base64.c'; fi` - ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ diff --git a/src/base64.c b/src/base64.c deleted file mode 100644 index 217b8c6..0000000 --- a/src/base64.c +++ /dev/null @@ -1,425 +0,0 @@ -/* base64.c -- Encode binary data using printable characters. - Copyright (C) 1999, 2000, 2001, 2004, 2005, 2006 Free Software - Foundation, Inc. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2, or (at your option) - any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software Foundation, - Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ - -/* Written by Simon Josefsson. Partially adapted from GNU MailUtils - * (mailbox/filter_trans.c, as of 2004-11-28). Improved by review - * from Paul Eggert, Bruno Haible, and Stepan Kasal. - * - * See also RFC 3548 . - * - * Be careful with error checking. Here is how you would typically - * use these functions: - * - * bool ok = base64_decode_alloc (in, inlen, &out, &outlen); - * if (!ok) - * FAIL: input was not valid base64 - * if (out == NULL) - * FAIL: memory allocation error - * OK: data in OUT/OUTLEN - * - * size_t outlen = base64_encode_alloc (in, inlen, &out); - * if (out == NULL && outlen == 0 && inlen != 0) - * FAIL: input too long - * if (out == NULL) - * FAIL: memory allocation error - * OK: data in OUT/OUTLEN. - * - */ - -//#include - -/* Get prototype. */ -#include "base64.h" - -/* Get malloc. */ -#include - -/* Get UCHAR_MAX. */ -#include - -/* C89 compliant way to cast 'char' to 'unsigned char'. */ -static inline unsigned char -to_uchar (char ch) -{ - return ch; -} - -/* Base64 encode IN array of size INLEN into OUT array of size OUTLEN. - If OUTLEN is less than BASE64_LENGTH(INLEN), write as many bytes as - possible. If OUTLEN is larger than BASE64_LENGTH(INLEN), also zero - terminate the output buffer. */ -void -base64_encode (const char *in, size_t inlen, - char *out, size_t outlen) -{ - static const char b64str[64] = - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; - - while (inlen && outlen) - { - *out++ = b64str[(to_uchar (in[0]) >> 2) & 0x3f]; - if (!--outlen) - break; - *out++ = b64str[((to_uchar (in[0]) << 4) - + (--inlen ? to_uchar (in[1]) >> 4 : 0)) - & 0x3f]; - if (!--outlen) - break; - *out++ = - (inlen - ? b64str[((to_uchar (in[1]) << 2) - + (--inlen ? to_uchar (in[2]) >> 6 : 0)) - & 0x3f] - : '='); - if (!--outlen) - break; - *out++ = inlen ? b64str[to_uchar (in[2]) & 0x3f] : '='; - if (!--outlen) - break; - if (inlen) - inlen--; - if (inlen) - in += 3; - } - - if (outlen) - *out = '\0'; -} - -/* Allocate a buffer and store zero terminated base64 encoded data - from array IN of size INLEN, returning BASE64_LENGTH(INLEN), i.e., - the length of the encoded data, excluding the terminating zero. On - return, the OUT variable will hold a pointer to newly allocated - memory that must be deallocated by the caller. If output string - length would overflow, 0 is returned and OUT is set to NULL. If - memory allocation failed, OUT is set to NULL, and the return value - indicates length of the requested memory block, i.e., - BASE64_LENGTH(inlen) + 1. */ -size_t -base64_encode_alloc (const char *in, size_t inlen, char **out) -{ - size_t outlen = 1 + BASE64_LENGTH (inlen); - - /* Check for overflow in outlen computation. - * - * If there is no overflow, outlen >= inlen. - * - * If the operation (inlen + 2) overflows then it yields at most +1, so - * outlen is 0. - * - * If the multiplication overflows, we lose at least half of the - * correct value, so the result is < ((inlen + 2) / 3) * 2, which is - * less than (inlen + 2) * 0.66667, which is less than inlen as soon as - * (inlen > 4). - */ - if (inlen > outlen) - { - *out = NULL; - return 0; - } - - *out = malloc (outlen); - if (!*out) - return outlen; - - base64_encode (in, inlen, *out, outlen); - - return outlen - 1; -} - -/* With this approach this file works independent of the charset used - (think EBCDIC). However, it does assume that the characters in the - Base64 alphabet (A-Za-z0-9+/) are encoded in 0..255. POSIX - 1003.1-2001 require that char and unsigned char are 8-bit - quantities, though, taking care of that problem. But this may be a - potential problem on non-POSIX C99 platforms. - - IBM C V6 for AIX mishandles "#define B64(x) ...'x'...", so use "_" - as the formal parameter rather than "x". */ -#define B64(_) \ - ((_) == 'A' ? 0 \ - : (_) == 'B' ? 1 \ - : (_) == 'C' ? 2 \ - : (_) == 'D' ? 3 \ - : (_) == 'E' ? 4 \ - : (_) == 'F' ? 5 \ - : (_) == 'G' ? 6 \ - : (_) == 'H' ? 7 \ - : (_) == 'I' ? 8 \ - : (_) == 'J' ? 9 \ - : (_) == 'K' ? 10 \ - : (_) == 'L' ? 11 \ - : (_) == 'M' ? 12 \ - : (_) == 'N' ? 13 \ - : (_) == 'O' ? 14 \ - : (_) == 'P' ? 15 \ - : (_) == 'Q' ? 16 \ - : (_) == 'R' ? 17 \ - : (_) == 'S' ? 18 \ - : (_) == 'T' ? 19 \ - : (_) == 'U' ? 20 \ - : (_) == 'V' ? 21 \ - : (_) == 'W' ? 22 \ - : (_) == 'X' ? 23 \ - : (_) == 'Y' ? 24 \ - : (_) == 'Z' ? 25 \ - : (_) == 'a' ? 26 \ - : (_) == 'b' ? 27 \ - : (_) == 'c' ? 28 \ - : (_) == 'd' ? 29 \ - : (_) == 'e' ? 30 \ - : (_) == 'f' ? 31 \ - : (_) == 'g' ? 32 \ - : (_) == 'h' ? 33 \ - : (_) == 'i' ? 34 \ - : (_) == 'j' ? 35 \ - : (_) == 'k' ? 36 \ - : (_) == 'l' ? 37 \ - : (_) == 'm' ? 38 \ - : (_) == 'n' ? 39 \ - : (_) == 'o' ? 40 \ - : (_) == 'p' ? 41 \ - : (_) == 'q' ? 42 \ - : (_) == 'r' ? 43 \ - : (_) == 's' ? 44 \ - : (_) == 't' ? 45 \ - : (_) == 'u' ? 46 \ - : (_) == 'v' ? 47 \ - : (_) == 'w' ? 48 \ - : (_) == 'x' ? 49 \ - : (_) == 'y' ? 50 \ - : (_) == 'z' ? 51 \ - : (_) == '0' ? 52 \ - : (_) == '1' ? 53 \ - : (_) == '2' ? 54 \ - : (_) == '3' ? 55 \ - : (_) == '4' ? 56 \ - : (_) == '5' ? 57 \ - : (_) == '6' ? 58 \ - : (_) == '7' ? 59 \ - : (_) == '8' ? 60 \ - : (_) == '9' ? 61 \ - : (_) == '+' ? 62 \ - : (_) == '/' ? 63 \ - : -1) - -static const signed char b64[0x100] = { - B64 (0), B64 (1), B64 (2), B64 (3), - B64 (4), B64 (5), B64 (6), B64 (7), - B64 (8), B64 (9), B64 (10), B64 (11), - B64 (12), B64 (13), B64 (14), B64 (15), - B64 (16), B64 (17), B64 (18), B64 (19), - B64 (20), B64 (21), B64 (22), B64 (23), - B64 (24), B64 (25), B64 (26), B64 (27), - B64 (28), B64 (29), B64 (30), B64 (31), - B64 (32), B64 (33), B64 (34), B64 (35), - B64 (36), B64 (37), B64 (38), B64 (39), - B64 (40), B64 (41), B64 (42), B64 (43), - B64 (44), B64 (45), B64 (46), B64 (47), - B64 (48), B64 (49), B64 (50), B64 (51), - B64 (52), B64 (53), B64 (54), B64 (55), - B64 (56), B64 (57), B64 (58), B64 (59), - B64 (60), B64 (61), B64 (62), B64 (63), - B64 (64), B64 (65), B64 (66), B64 (67), - B64 (68), B64 (69), B64 (70), B64 (71), - B64 (72), B64 (73), B64 (74), B64 (75), - B64 (76), B64 (77), B64 (78), B64 (79), - B64 (80), B64 (81), B64 (82), B64 (83), - B64 (84), B64 (85), B64 (86), B64 (87), - B64 (88), B64 (89), B64 (90), B64 (91), - B64 (92), B64 (93), B64 (94), B64 (95), - B64 (96), B64 (97), B64 (98), B64 (99), - B64 (100), B64 (101), B64 (102), B64 (103), - B64 (104), B64 (105), B64 (106), B64 (107), - B64 (108), B64 (109), B64 (110), B64 (111), - B64 (112), B64 (113), B64 (114), B64 (115), - B64 (116), B64 (117), B64 (118), B64 (119), - B64 (120), B64 (121), B64 (122), B64 (123), - B64 (124), B64 (125), B64 (126), B64 (127), - B64 (128), B64 (129), B64 (130), B64 (131), - B64 (132), B64 (133), B64 (134), B64 (135), - B64 (136), B64 (137), B64 (138), B64 (139), - B64 (140), B64 (141), B64 (142), B64 (143), - B64 (144), B64 (145), B64 (146), B64 (147), - B64 (148), B64 (149), B64 (150), B64 (151), - B64 (152), B64 (153), B64 (154), B64 (155), - B64 (156), B64 (157), B64 (158), B64 (159), - B64 (160), B64 (161), B64 (162), B64 (163), - B64 (164), B64 (165), B64 (166), B64 (167), - B64 (168), B64 (169), B64 (170), B64 (171), - B64 (172), B64 (173), B64 (174), B64 (175), - B64 (176), B64 (177), B64 (178), B64 (179), - B64 (180), B64 (181), B64 (182), B64 (183), - B64 (184), B64 (185), B64 (186), B64 (187), - B64 (188), B64 (189), B64 (190), B64 (191), - B64 (192), B64 (193), B64 (194), B64 (195), - B64 (196), B64 (197), B64 (198), B64 (199), - B64 (200), B64 (201), B64 (202), B64 (203), - B64 (204), B64 (205), B64 (206), B64 (207), - B64 (208), B64 (209), B64 (210), B64 (211), - B64 (212), B64 (213), B64 (214), B64 (215), - B64 (216), B64 (217), B64 (218), B64 (219), - B64 (220), B64 (221), B64 (222), B64 (223), - B64 (224), B64 (225), B64 (226), B64 (227), - B64 (228), B64 (229), B64 (230), B64 (231), - B64 (232), B64 (233), B64 (234), B64 (235), - B64 (236), B64 (237), B64 (238), B64 (239), - B64 (240), B64 (241), B64 (242), B64 (243), - B64 (244), B64 (245), B64 (246), B64 (247), - B64 (248), B64 (249), B64 (250), B64 (251), - B64 (252), B64 (253), B64 (254), B64 (255) -}; - -#if UCHAR_MAX == 255 -# define uchar_in_range(c) true -#else -# define uchar_in_range(c) ((c) <= 255) -#endif - -/* Return true if CH is a character from the Base64 alphabet, and - false otherwise. Note that '=' is padding and not considered to be - part of the alphabet. */ -bool -isbase64 (char ch) -{ - return uchar_in_range (to_uchar (ch)) && 0 <= b64[to_uchar (ch)]; -} - -/* Decode base64 encoded input array IN of length INLEN to output - array OUT that can hold *OUTLEN bytes. Return true if decoding was - successful, i.e. if the input was valid base64 data, false - otherwise. If *OUTLEN is too small, as many bytes as possible will - be written to OUT. On return, *OUTLEN holds the length of decoded - bytes in OUT. Note that as soon as any non-alphabet characters are - encountered, decoding is stopped and false is returned. This means - that, when applicable, you must remove any line terminators that is - part of the data stream before calling this function. */ -bool -base64_decode (const char *in, size_t inlen, - char *out, size_t *outlen) -{ - size_t outleft = *outlen; - - while (inlen >= 2) - { - if (!isbase64 (in[0]) || !isbase64 (in[1])) - break; - - if (outleft) - { - *out++ = ((b64[to_uchar (in[0])] << 2) - | (b64[to_uchar (in[1])] >> 4)); - outleft--; - } - - if (inlen == 2) - break; - - if (in[2] == '=') - { - if (inlen != 4) - break; - - if (in[3] != '=') - break; - - } - else - { - if (!isbase64 (in[2])) - break; - - if (outleft) - { - *out++ = (((b64[to_uchar (in[1])] << 4) & 0xf0) - | (b64[to_uchar (in[2])] >> 2)); - outleft--; - } - - if (inlen == 3) - break; - - if (in[3] == '=') - { - if (inlen != 4) - break; - } - else - { - if (!isbase64 (in[3])) - break; - - if (outleft) - { - *out++ = (((b64[to_uchar (in[2])] << 6) & 0xc0) - | b64[to_uchar (in[3])]); - outleft--; - } - } - } - - in += 4; - inlen -= 4; - } - - *outlen -= outleft; - - if (inlen != 0) - return false; - - return true; -} - -/* Allocate an output buffer in *OUT, and decode the base64 encoded - data stored in IN of size INLEN to the *OUT buffer. On return, the - size of the decoded data is stored in *OUTLEN. OUTLEN may be NULL, - if the caller is not interested in the decoded length. *OUT may be - NULL to indicate an out of memory error, in which case *OUTLEN - contains the size of the memory block needed. The function returns - true on successful decoding and memory allocation errors. (Use the - *OUT and *OUTLEN parameters to differentiate between successful - decoding and memory error.) The function returns false if the - input was invalid, in which case *OUT is NULL and *OUTLEN is - undefined. */ -bool -base64_decode_alloc (const char *in, size_t inlen, char **out, - size_t *outlen) -{ - /* This may allocate a few bytes too much, depending on input, - but it's not worth the extra CPU time to compute the exact amount. - The exact amount is 3 * inlen / 4, minus 1 if the input ends - with "=" and minus another 1 if the input ends with "==". - Dividing before multiplying avoids the possibility of overflow. */ - size_t needlen = 3 * (inlen / 4) + 2; - - *out = malloc (needlen); - if (!*out) - return true; - - if (!base64_decode (in, inlen, *out, &needlen)) - { - free (*out); - *out = NULL; - return false; - } - - if (outlen) - *outlen = needlen; - - return true; -} diff --git a/src/base64.h b/src/base64.h deleted file mode 100644 index 0e1f5c5..0000000 --- a/src/base64.h +++ /dev/null @@ -1,45 +0,0 @@ -/* base64.h -- Encode binary data using printable characters. - Copyright (C) 2004, 2005, 2006 Free Software Foundation, Inc. - Written by Simon Josefsson. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2, or (at your option) - any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software Foundation, - Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ - -#ifndef BASE64_H -# define BASE64_H - -/* Get size_t. */ -# include - -/* Get bool. */ -# include - -/* This uses that the expression (n+(k-1))/k means the smallest - integer >= n/k, i.e., the ceiling of n/k. */ -# define BASE64_LENGTH(inlen) ((((inlen) + 2) / 3) * 4) - -extern bool isbase64 (char ch); - -extern void base64_encode (const char *in, size_t inlen, - char *out, size_t outlen); - -extern size_t base64_encode_alloc (const char *in, size_t inlen, char **out); - -extern bool base64_decode (const char *in, size_t inlen, - char *out, size_t *outlen); - -extern bool base64_decode_alloc (const char *in, size_t inlen, - char **out, size_t *outlen); - -#endif /* BASE64_H */ diff --git a/src/idevicerestore.c b/src/idevicerestore.c index a1cc23a..121ce22 100644 --- a/src/idevicerestore.c +++ b/src/idevicerestore.c @@ -28,17 +28,15 @@ #include #include +#include "tss.h" #include "ipsw.h" - -#define error(...) fprintf(stderr, __VA_ARGS__) -#define info(...) if(verbose >= 1) fprintf(stderr, __VA_ARGS__) -#define debug(...) if(verbose >= 2) fprintf(stderr, __VA_ARGS__) +#include "idevicerestore.h" #define UNKNOWN_MODE 0 #define RECOVERY_MODE 1 #define NORMAL_MODE 2 -static int verbose = 0; +int idevicerestore_debug = 0; void usage(int argc, char* argv[]); @@ -47,7 +45,7 @@ int main(int argc, char* argv[]) { int mode = 0; char* ipsw = NULL; char* uuid = NULL; - uint64_t ecid = NULL; + uint64_t ecid = 0; while ((opt = getopt(argc, argv, "vdhi:u:")) > 0) { switch (opt) { case 'h': @@ -55,11 +53,11 @@ int main(int argc, char* argv[]) { break; case 'v': - verbose += 1; + idevicerestore_debug += 1; break; case 'd': - verbose = 3; + idevicerestore_debug = 3; break; case 'i': @@ -130,17 +128,24 @@ int main(int argc, char* argv[]) { } plist_get_uint_val(unique_chip_node, &ecid); - info("Found ECID %llu\n", ecid); + lockdownd_client_free(lockdown); + idevice_free(device); } - - if(mode == RECOVERY_MODE) { + else if(mode == RECOVERY_MODE) { recovery_error = irecv_get_ecid(recovery, &ecid); if(recovery_error != IRECV_E_SUCCESS) { error("ERROR: Unable to get device ECID\n"); irecv_close(recovery); return -1; } + irecv_close(recovery); + } + + if(ecid != 0) { info("Found ECID %llu\n", ecid); + } else { + error("Unable to find device ECID\n"); + return -1; } info("Extracting BuildManifest.plist from IPSW\n"); @@ -163,14 +168,25 @@ int main(int argc, char* argv[]) { ipsw_close(archive); info("Creating TSS request\n"); - plist_t tss_request = tss_create_request(manifest); + plist_t tss_request = tss_create_request(manifest, ecid); if(tss_request == NULL) { error("ERROR: Unable to create TSS request\n"); plist_free(manifest); return -1; } - plist_free(manifest); + + info("Sending TSS request\n"); + plist_t tss_response = tss_send_request(tss_request); + if(tss_response == NULL) { + error("ERROR: Unable to get response from TSS server\n"); + plist_free(tss_request); + return -1; + } + plist_free(tss_request); + + info("Got TSS response\n"); + plist_free(tss_response); return 0; } diff --git a/src/idevicerestore.h b/src/idevicerestore.h new file mode 100644 index 0000000..3dcf1d5 --- /dev/null +++ b/src/idevicerestore.h @@ -0,0 +1,31 @@ +/* + * idevicerestore.g + * Restore device firmware and filesystem + * + * Copyright (c) 2010 Joshua Hill. All Rights Reserved. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#ifndef IDEVICERESTORE_H +#define IDEVICERESTORE_H + +#define error(...) fprintf(stderr, __VA_ARGS__) +#define info(...) if(idevicerestore_debug >= 1) fprintf(stderr, __VA_ARGS__) +#define debug(...) if(idevicerestore_debug >= 2) fprintf(stderr, __VA_ARGS__) + +extern int idevicerestore_debug; + +#endif diff --git a/src/tss.c b/src/tss.c index 2fe6241..bd098e4 100644 --- a/src/tss.c +++ b/src/tss.c @@ -21,57 +21,194 @@ #include #include +#include +#include #include -plist_t tss_create_request(plist_t buildmanifest, const char* ecid) { +#include "tss.h" +#include "idevicerestore.h" + +#define ECID_STRSIZE 0x20 + +plist_t tss_create_request(plist_t buildmanifest, uint64_t ecid) { + // Fetch build information from BuildManifest plist_t build_identities_array = plist_dict_get_item(buildmanifest, "BuildIdentities"); - if(!build_identities_array || plist_get_node_type(build_identities_array) != PLIST_ARRAY) { + if (!build_identities_array || plist_get_node_type(build_identities_array) != PLIST_ARRAY) { error("ERROR: Unable to find BuildIdentities array\n"); return NULL; } plist_t restore_identity_dict = plist_array_get_item(build_identities_array, 0); - if(!restore_identity_dict || plist_get_node_type(restore_identity_dict) != PLIST_DICT) { + if (!restore_identity_dict || plist_get_node_type(restore_identity_dict) != PLIST_DICT) { error("ERROR: Unable to find restore identity\n"); return NULL; } + uint64_t unique_build_size = 0; + char* unique_build_data = NULL; plist_t unique_build_node = plist_dict_get_item(restore_identity_dict, "UniqueBuildID"); - if(!unique_build_node || plist_get_node_type(unique_build_node) != PLIST_DATA) { + if (!unique_build_node || plist_get_node_type(unique_build_node) != PLIST_DATA) { error("ERROR: Unable to find UniqueBuildID node\n"); return NULL; } + plist_get_data_val(unique_build_node, &unique_build_data, &unique_build_size); int chip_id = 0; char* chip_id_string = NULL; plist_t chip_id_node = plist_dict_get_item(restore_identity_dict, "ApChipID"); - if(!chip_id_node || plist_get_node_type(chip_id_node) != PLIST_STRING) { + if (!chip_id_node || plist_get_node_type(chip_id_node) != PLIST_STRING) { error("ERROR: Unable to find ApChipID node\n"); return NULL; } plist_get_string_val(chip_id_node, &chip_id_string); - sscanf(chip_id_string, "%x", &chip_id); - - int board_id = 0; - char* board_id_string = NULL; - plist_t board_id_node = plist_dict_get_item(restore_identity_dict, "ApBoardID"); - if(!board_id_node || plist_get_node_type(board_id_node) != PLIST_STRING) { - error("ERROR: Unable to find ApBoardID node\n"); - return NULL; - } - plist_get_string_val(board_id_node, &board_id_string); - sscanf(board_id_string, "%x", &board_id); - - int security_domain = 0; - char* security_domain_string = NULL; - plist_t security_domain_node = plist_dict_get_item(restore_identity_dict, "ApSecurityDomain"); - if(!security_domain_node || plist_get_node_type(security_domain_node) != PLIST_STRING) { - error("ERROR: Unable to find ApSecurityDomain node\n"); - return NULL; - } - plist_get_string_val(security_domain_node, &security_domain_string); - sscanf(security_domain_string, "%x", &security_domain); - - - return NULL; + sscanf(chip_id_string, "%x", &chip_id); + + int board_id = 0; + char* board_id_string = NULL; + plist_t board_id_node = plist_dict_get_item(restore_identity_dict, "ApBoardID"); + if (!board_id_node || plist_get_node_type(board_id_node) != PLIST_STRING) { + error("ERROR: Unable to find ApBoardID node\n"); + return NULL; + } + plist_get_string_val(board_id_node, &board_id_string); + sscanf(board_id_string, "%x", &board_id); + + int security_domain = 0; + char* security_domain_string = NULL; + plist_t security_domain_node = plist_dict_get_item(restore_identity_dict, "ApSecurityDomain"); + if (!security_domain_node || plist_get_node_type(security_domain_node) != PLIST_STRING) { + error("ERROR: Unable to find ApSecurityDomain node\n"); + return NULL; + } + plist_get_string_val(security_domain_node, &security_domain_string); + sscanf(security_domain_string, "%x", &security_domain); + + char ecid_string[ECID_STRSIZE]; + memset(ecid_string, '\0', ECID_STRSIZE); + if (ecid == 0) { + error("ERROR: Unable to get ECID\n"); + return NULL; + } + snprintf(ecid_string, ECID_STRSIZE, "%qu", ecid); + + // Add build information to TSS request + plist_t tss_request = plist_new_dict(); + plist_dict_insert_item(tss_request, "@HostIpAddress", plist_new_string("192.168.0.1")); + plist_dict_insert_item(tss_request, "@HostPlatformInfo", plist_new_string("darwin")); + plist_dict_insert_item(tss_request, "@VersionInfo", plist_new_string("3.8")); + plist_dict_insert_item(tss_request, "@Locality", plist_new_string("en_US")); + plist_dict_insert_item(tss_request, "ApProductionMode", plist_new_bool(1)); + plist_dict_insert_item(tss_request, "ApECID", plist_new_string(ecid_string)); + plist_dict_insert_item(tss_request, "ApChipID", plist_new_uint(chip_id)); + plist_dict_insert_item(tss_request, "ApBoardID", plist_new_uint(board_id)); + plist_dict_insert_item(tss_request, "ApSecurityDomain", plist_new_uint(security_domain)); + plist_dict_insert_item(tss_request, "UniqueBuildID", plist_new_data(unique_build_data, unique_build_size)); + + // Add all firmware files to TSS request + plist_t manifest_node = plist_dict_get_item(restore_identity_dict, "Manifest"); + if (!manifest_node || plist_get_node_type(manifest_node) != PLIST_DICT) { + error("ERROR: Unable to find restore manifest\n"); + plist_free(tss_request); + return NULL; + } + + char* key = NULL; + plist_t manifest_entry = NULL; + plist_dict_iter iter = NULL; + plist_dict_new_iter(manifest_node, &iter); + while (1) { + plist_dict_next_item(manifest_node, iter, &key, &manifest_entry); + if (key == NULL) break; + if (!manifest_entry || plist_get_node_type(manifest_entry) != PLIST_DICT) { + error("ERROR: Unable to fetch BuildManifest entry\n"); + free(tss_request); + return NULL; + } + + plist_t tss_entry = plist_copy(manifest_entry); + plist_dict_insert_item(tss_request, key, tss_entry); + } + /* + int sz = 0; + char* xml = NULL; + plist_to_xml(tss_request, &xml, &sz); + printf("%s", xml); + */ + return tss_request; +} + +size_t tss_write_callback(char* data, size_t size, size_t nmemb, tss_response* response) { + size_t total = size * nmemb; + if (total != 0) { + response->content = realloc(response->content, response->length + total + 1); + memcpy(response->content + response->length, data, total); + response->content[response->length + total] = '\0'; + response->length += total; + } + + return total; +} + +plist_t tss_send_request(plist_t tss_request) { + curl_global_init(CURL_GLOBAL_ALL); + + char* request = NULL; + unsigned int size = 0; + plist_to_xml(tss_request, &request, &size); + tss_response* response = NULL; + CURL* handle = curl_easy_init(); + if (handle != NULL) { + struct curl_slist* header = NULL; + header = curl_slist_append(header, "Content-type: text/xml"); + + response = malloc(sizeof(tss_response)); + if (response == NULL) { + fprintf(stderr, "Unable to allocate sufficent memory\n"); + return NULL; + } + + response->length = 0; + response->content = malloc(1); + + curl_easy_setopt(handle, CURLOPT_WRITEFUNCTION, &tss_write_callback); + curl_easy_setopt(handle, CURLOPT_WRITEDATA, response); + curl_easy_setopt(handle, CURLOPT_HTTPHEADER, header); + curl_easy_setopt(handle, CURLOPT_POSTFIELDS, request); + curl_easy_setopt(handle, CURLOPT_USERAGENT, "InetURL/1.0"); + curl_easy_setopt(handle, CURLOPT_POSTFIELDSIZE, strlen(request)); + curl_easy_setopt(handle, CURLOPT_URL, "http://cydia.saurik.com/TSS/controller?action=2"); + //curl_easy_setopt(handle, CURLOPT_URL, "http://gs.apple.com/TSS/controller?action=2"); + + curl_easy_perform(handle); + curl_slist_free_all(header); + curl_easy_cleanup(handle); + } + curl_global_cleanup(); + + if(strstr(response->content, "MESSAGE=SUCCESS") == NULL) { + error("ERROR: Unable to get signature from this firmware\n"); + free(response->content); + free(response); + return NULL; + } + + char* tss_data = strstr(response->content, "content); + free(response); + return NULL; + } + + uint32_t tss_size = 0; + plist_t tss_response = NULL; + tss_size = response->length - (tss_data - response->content); + plist_from_xml(tss_data, tss_size, &tss_response); +/* + int sz = 0; + char* xml = NULL; + plist_to_xml(tss_response, &xml, &sz); + printf("%s", xml); +*/ + return tss_response; } diff --git a/src/tss.h b/src/tss.h index bfa2114..7c9ddf8 100644 --- a/src/tss.h +++ b/src/tss.h @@ -24,6 +24,12 @@ #include -plist_t tss_create_request(plist_t buildmanifest, const char* ecid); +typedef struct { + int length; + char* content; +} tss_response; + +plist_t tss_create_request(plist_t buildmanifest, uint64_t ecid); +plist_t tss_send_request(plist_t tss_request); #endif -- cgit v1.1-32-gdbae