From ddf0da04e26d634eb459a6d4a0d452d34c62e83b Mon Sep 17 00:00:00 2001
From: Nikias Bassen
Date: Wed, 24 Apr 2013 03:37:49 +0200
Subject: limera1n: verify device mode after sending exploit to check for
 failure

---
 src/idevicerestore.c |  4 ++--
 src/limera1n.c       | 12 +++++++++---
 src/limera1n.h       |  2 +-
 3 files changed, 12 insertions(+), 6 deletions(-)

(limited to 'src')

diff --git a/src/idevicerestore.c b/src/idevicerestore.c
index 04207d3..13b7031 100644
--- a/src/idevicerestore.c
+++ b/src/idevicerestore.c
@@ -279,7 +279,7 @@ int idevicerestore_start(struct idevicerestore_client_t* client)
 		}
 		info("exploiting with limera1n...\n");
 		// TODO: check for non-limera1n device and fail
-		if (limera1n_exploit(client->device, client->dfu->client) != 0) {
+		if (limera1n_exploit(client->device, &client->dfu->client) != 0) {
 			error("ERROR: limera1n exploit failed\n");
 			dfu_client_free(client);
 			return -1;
@@ -738,7 +738,7 @@ int idevicerestore_start(struct idevicerestore_client_t* client)
 			}
 			info("exploiting with limera1n\n");
 			// TODO: check for non-limera1n device and fail
-			if (limera1n_exploit(client->device, client->dfu->client) != 0) {
+			if (limera1n_exploit(client->device, &client->dfu->client) != 0) {
 				error("ERROR: limera1n exploit failed\n");
 				dfu_client_free(client);
 				if (delete_fs && filesystem)
diff --git a/src/limera1n.c b/src/limera1n.c
index 0d0edcc..29cb02a 100644
--- a/src/limera1n.c
+++ b/src/limera1n.c
@@ -28,7 +28,7 @@
 #include "limera1n.h"
 #include "limera1n_payload.h"
 
-int limera1n_exploit(struct irecv_device *device, irecv_client_t client)
+int limera1n_exploit(struct irecv_device *device, irecv_client_t *pclient)
 {
 	irecv_error_t err = IRECV_E_SUCCESS;
 	unsigned int i = 0;
@@ -56,6 +56,8 @@ int limera1n_exploit(struct irecv_device *device, irecv_client_t client)
 	shellcode_length = sizeof(limera1n_payload);
 	memcpy(shellcode, limera1n_payload, sizeof(limera1n_payload));
 
+	irecv_client_t client = *pclient;
+
 	debug("Resetting device counters\n");
 	err = irecv_reset_counters(client);
 	if (err != IRECV_E_SUCCESS) {
@@ -96,11 +98,15 @@ int limera1n_exploit(struct irecv_device *device, irecv_client_t client)
 	debug("Exploit sent\n");
 
 	debug("Reconnecting to device\n");
-	client = irecv_reconnect(client, 7);
-	if (client == NULL) {
+	*pclient = irecv_reconnect(client, 7);
+	if (*pclient == NULL) {
 		error("Unable to reconnect\n");
 		return -1;
 	}
+	if ((*pclient)->mode != kDfuMode) {
+		error("Device reconnected in non-DFU mode\n");
+		return -1;
+	}
 
 	return 0;
 }
diff --git a/src/limera1n.h b/src/limera1n.h
index 1c729ed..c96214a 100644
--- a/src/limera1n.h
+++ b/src/limera1n.h
@@ -2,6 +2,6 @@
 #define __LIMERA1N_H
 #include <libirecovery.h>
 
-int limera1n_exploit(struct irecv_device *device, irecv_client_t client);
+int limera1n_exploit(struct irecv_device *device, irecv_client_t *client);
 
 #endif /* __LIMERA1N_H */
-- 
cgit v1.1-32-gdbae