summaryrefslogtreecommitdiffstats
path: root/src/lockdown.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lockdown.c')
-rw-r--r--src/lockdown.c151
1 files changed, 52 insertions, 99 deletions
diff --git a/src/lockdown.c b/src/lockdown.c
index ffabd88..65cbf90 100644
--- a/src/lockdown.c
+++ b/src/lockdown.c
@@ -30,8 +30,6 @@
30#include <libtasn1.h> 30#include <libtasn1.h>
31#include <gnutls/x509.h> 31#include <gnutls/x509.h>
32 32
33extern int debug;
34
35const ASN1_ARRAY_TYPE pkcs1_asn1_tab[] = { 33const ASN1_ARRAY_TYPE pkcs1_asn1_tab[] = {
36 {"PKCS1", 536872976, 0}, 34 {"PKCS1", 536872976, 0},
37 {0, 1073741836, 0}, 35 {0, 1073741836, 0},
@@ -176,13 +174,8 @@ iphone_error_t iphone_lckd_send(iphone_lckd_client_t client, char *raw_data, uin
176 length = htonl(length); 174 length = htonl(length);
177 memcpy(real_query, &length, sizeof(length)); 175 memcpy(real_query, &length, sizeof(length));
178 memcpy(real_query + 4, raw_data, ntohl(length)); 176 memcpy(real_query + 4, raw_data, ntohl(length));
179 if (debug) { 177 log_debug_msg("lockdownd_send(): made the query, sending it along\n");
180 printf("lockdownd_send(): made the query, sending it along\n"); 178 dump_debug_buffer("grpkt", real_query, ntohl(length) + 4);
181 FILE *packet = fopen("grpkt", "w");
182 fwrite(real_query, 1, ntohl(length) + 4, packet);
183 fclose(packet);
184 packet = NULL;
185 }
186 179
187 if (!client->in_SSL) 180 if (!client->in_SSL)
188 ret = iphone_mux_send(client->connection, real_query, ntohl(length) + sizeof(length), &bytes); 181 ret = iphone_mux_send(client->connection, real_query, ntohl(length) + sizeof(length), &bytes);
@@ -190,8 +183,7 @@ iphone_error_t iphone_lckd_send(iphone_lckd_client_t client, char *raw_data, uin
190 gnutls_record_send(*client->ssl_session, real_query, ntohl(length) + sizeof(length)); 183 gnutls_record_send(*client->ssl_session, real_query, ntohl(length) + sizeof(length));
191 ret = IPHONE_E_SUCCESS; 184 ret = IPHONE_E_SUCCESS;
192 } 185 }
193 if (debug) 186 log_debug_msg("lockdownd_send(): sent it!\n");
194 printf("lockdownd_send(): sent it!\n");
195 free(real_query); 187 free(real_query);
196 *sent_bytes = bytes; 188 *sent_bytes = bytes;
197 return ret; 189 return ret;
@@ -215,8 +207,7 @@ iphone_error_t lockdownd_hello(iphone_lckd_client_t control)
215 int bytes = 0, i = 0; 207 int bytes = 0, i = 0;
216 iphone_error_t ret = IPHONE_E_UNKNOWN_ERROR; 208 iphone_error_t ret = IPHONE_E_UNKNOWN_ERROR;
217 209
218 if (debug) 210 log_debug_msg("lockdownd_hello() called\n");
219 printf("lockdownd_hello() called\n");
220 dict = add_child_to_plist(plist, "dict", "\n", NULL, 0); 211 dict = add_child_to_plist(plist, "dict", "\n", NULL, 0);
221 key = add_key_str_dict_element(plist, dict, "Request", "QueryType", 1); 212 key = add_key_str_dict_element(plist, dict, "Request", "QueryType", 1);
222 char *XML_content; 213 char *XML_content;
@@ -246,8 +237,7 @@ iphone_error_t lockdownd_hello(iphone_lckd_client_t control)
246 237
247 for (i = 0; dictionary[i]; i += 2) { 238 for (i = 0; dictionary[i]; i += 2) {
248 if (!strcmp(dictionary[i], "Result") && !strcmp(dictionary[i + 1], "Success")) { 239 if (!strcmp(dictionary[i], "Result") && !strcmp(dictionary[i + 1], "Success")) {
249 if (debug) 240 log_debug_msg("lockdownd_hello(): success\n");
250 printf("lockdownd_hello(): success\n");
251 ret = IPHONE_E_SUCCESS; 241 ret = IPHONE_E_SUCCESS;
252 break; 242 break;
253 } 243 }
@@ -479,11 +469,9 @@ iphone_error_t lockdownd_pair_device(iphone_lckd_client_t control, char *uid, ch
479 if (ret != IPHONE_E_SUCCESS) 469 if (ret != IPHONE_E_SUCCESS)
480 return ret; 470 return ret;
481 471
482 if (debug) { 472 log_debug_msg("lockdown_pair_device: iPhone's response to our pair request:\n");
483 printf("lockdown_pair_device: iPhone's response to our pair request:\n"); 473 log_debug_msg(XML_content);
484 fwrite(XML_content, 1, bytes, stdout); 474 log_debug_msg("\n\n");
485 printf("\n\n");
486 }
487 475
488 plist = xmlReadMemory(XML_content, bytes, NULL, NULL, 0); 476 plist = xmlReadMemory(XML_content, bytes, NULL, NULL, 0);
489 if (!plist) { 477 if (!plist) {
@@ -519,13 +507,11 @@ iphone_error_t lockdownd_pair_device(iphone_lckd_client_t control, char *uid, ch
519 507
520 /* store public key in config if pairing succeeded */ 508 /* store public key in config if pairing succeeded */
521 if (success) { 509 if (success) {
522 if (debug) 510 log_debug_msg("lockdownd_pair_device: pair success\n");
523 printf("lockdownd_pair_device: pair success\n");
524 store_device_public_key(uid, public_key_b64); 511 store_device_public_key(uid, public_key_b64);
525 ret = IPHONE_E_SUCCESS; 512 ret = IPHONE_E_SUCCESS;
526 } else { 513 } else {
527 if (debug) 514 log_debug_msg("lockdownd_pair_device: pair failure\n");
528 printf("lockdownd_pair_device: pair failure\n");
529 ret = IPHONE_E_PAIRING_FAILED; 515 ret = IPHONE_E_PAIRING_FAILED;
530 } 516 }
531 free(public_key_b64); 517 free(public_key_b64);
@@ -678,15 +664,13 @@ iphone_error_t lockdownd_start_SSL_session(iphone_lckd_client_t control, const c
678 664
679 key = add_key_str_dict_element(plist, dict, "HostID", HostID, 1); 665 key = add_key_str_dict_element(plist, dict, "HostID", HostID, 1);
680 if (!key) { 666 if (!key) {
681 if (debug) 667 log_debug_msg("Couldn't add a key.\n");
682 printf("Couldn't add a key.\n");
683 xmlFreeDoc(plist); 668 xmlFreeDoc(plist);
684 return IPHONE_E_DICT_ERROR; 669 return IPHONE_E_DICT_ERROR;
685 } 670 }
686 key = add_key_str_dict_element(plist, dict, "Request", "StartSession", 1); 671 key = add_key_str_dict_element(plist, dict, "Request", "StartSession", 1);
687 if (!key) { 672 if (!key) {
688 if (debug) 673 log_debug_msg("Couldn't add a key.\n");
689 printf("Couldn't add a key.\n");
690 xmlFreeDoc(plist); 674 xmlFreeDoc(plist);
691 return IPHONE_E_DICT_ERROR; 675 return IPHONE_E_DICT_ERROR;
692 } 676 }
@@ -719,8 +703,7 @@ iphone_error_t lockdownd_start_SSL_session(iphone_lckd_client_t control, const c
719 //gnutls_anon_client_credentials_t anoncred; 703 //gnutls_anon_client_credentials_t anoncred;
720 gnutls_certificate_credentials_t xcred; 704 gnutls_certificate_credentials_t xcred;
721 705
722 if (debug) 706 log_debug_msg("We started the session OK, now trying GnuTLS\n");
723 printf("We started the session OK, now trying GnuTLS\n");
724 errno = 0; 707 errno = 0;
725 gnutls_global_init(); 708 gnutls_global_init();
726 //gnutls_anon_allocate_client_credentials(&anoncred); 709 //gnutls_anon_allocate_client_credentials(&anoncred);
@@ -743,32 +726,25 @@ iphone_error_t lockdownd_start_SSL_session(iphone_lckd_client_t control, const c
743 } 726 }
744 gnutls_credentials_set(*control->ssl_session, GNUTLS_CRD_CERTIFICATE, xcred); // this part is killing me. 727 gnutls_credentials_set(*control->ssl_session, GNUTLS_CRD_CERTIFICATE, xcred); // this part is killing me.
745 728
746 if (debug) 729 log_debug_msg("GnuTLS step 1...\n");
747 printf("GnuTLS step 1...\n");
748 gnutls_transport_set_ptr(*control->ssl_session, (gnutls_transport_ptr_t) control); 730 gnutls_transport_set_ptr(*control->ssl_session, (gnutls_transport_ptr_t) control);
749 if (debug) 731 log_debug_msg("GnuTLS step 2...\n");
750 printf("GnuTLS step 2...\n");
751 gnutls_transport_set_push_function(*control->ssl_session, (gnutls_push_func) & lockdownd_secuwrite); 732 gnutls_transport_set_push_function(*control->ssl_session, (gnutls_push_func) & lockdownd_secuwrite);
752 if (debug) 733 log_debug_msg("GnuTLS step 3...\n");
753 printf("GnuTLS step 3...\n");
754 gnutls_transport_set_pull_function(*control->ssl_session, (gnutls_pull_func) & lockdownd_securead); 734 gnutls_transport_set_pull_function(*control->ssl_session, (gnutls_pull_func) & lockdownd_securead);
755 if (debug) 735 log_debug_msg("GnuTLS step 4 -- now handshaking...\n");
756 printf("GnuTLS step 4 -- now handshaking...\n");
757 736
758 if (errno && debug) 737 if (errno)
759 printf("WARN: errno says %s before handshake!\n", strerror(errno)); 738 log_debug_msg("WARN: errno says %s before handshake!\n", strerror(errno));
760 return_me = gnutls_handshake(*control->ssl_session); 739 return_me = gnutls_handshake(*control->ssl_session);
761 if (debug) 740 log_debug_msg("GnuTLS handshake done...\n");
762 printf("GnuTLS handshake done...\n");
763 741
764 free_dictionary(dictionary); 742 free_dictionary(dictionary);
765 743
766 if (return_me != GNUTLS_E_SUCCESS) { 744 if (return_me != GNUTLS_E_SUCCESS) {
767 if (debug) 745 log_debug_msg("GnuTLS reported something wrong.\n");
768 printf("GnuTLS reported something wrong.\n");
769 gnutls_perror(return_me); 746 gnutls_perror(return_me);
770 if (debug) 747 log_debug_msg("oh.. errno says %s\n", strerror(errno));
771 printf("oh.. errno says %s\n", strerror(errno));
772 return IPHONE_E_SSL_ERROR; 748 return IPHONE_E_SSL_ERROR;
773 } else { 749 } else {
774 control->in_SSL = 1; 750 control->in_SSL = 1;
@@ -777,19 +753,17 @@ iphone_error_t lockdownd_start_SSL_session(iphone_lckd_client_t control, const c
777 } 753 }
778 } 754 }
779 755
780 if (debug) { 756 log_debug_msg("Apparently failed negotiating with lockdownd.\n");
781 printf("Apparently failed negotiating with lockdownd.\n"); 757 log_debug_msg("Responding dictionary: \n");
782 printf("Responding dictionary: \n"); 758 for (i = 0; dictionary[i]; i += 2) {
783 for (i = 0; dictionary[i]; i += 2) { 759 log_debug_msg("\t%s: %s\n", dictionary[i], dictionary[i + 1]);
784 printf("\t%s: %s\n", dictionary[i], dictionary[i + 1]);
785 }
786 } 760 }
787 761
762
788 free_dictionary(dictionary); 763 free_dictionary(dictionary);
789 return IPHONE_E_SSL_ERROR; 764 return IPHONE_E_SSL_ERROR;
790 } else { 765 } else {
791 if (debug) 766 log_debug_msg("Didn't get enough bytes.\n");
792 printf("Didn't get enough bytes.\n");
793 return IPHONE_E_NOT_ENOUGH_DATA; 767 return IPHONE_E_NOT_ENOUGH_DATA;
794 } 768 }
795} 769}
@@ -807,21 +781,12 @@ ssize_t lockdownd_secuwrite(gnutls_transport_ptr_t transport, char *buffer, size
807 int bytes = 0; 781 int bytes = 0;
808 iphone_lckd_client_t control; 782 iphone_lckd_client_t control;
809 control = (iphone_lckd_client_t) transport; 783 control = (iphone_lckd_client_t) transport;
810 if (debug) 784 log_debug_msg("lockdownd_secuwrite() called\n");
811 printf("lockdownd_secuwrite() called\n"); 785 log_debug_msg("pre-send\nlength = %zi\n", length);
812 if (debug)
813 printf("pre-send\nlength = %zi\n", length);
814 iphone_mux_send(control->connection, buffer, length, &bytes); 786 iphone_mux_send(control->connection, buffer, length, &bytes);
815 if (debug) 787 log_debug_msg("post-send\nsent %i bytes\n", bytes);
816 printf("post-send\nsent %i bytes\n", bytes);
817 if (debug) {
818 FILE *my_ssl_packet = fopen("sslpacketwrite.out", "w+");
819 fwrite(buffer, 1, length, my_ssl_packet);
820 fflush(my_ssl_packet);
821 printf("Wrote SSL packet to drive, too.\n");
822 fclose(my_ssl_packet);
823 }
824 788
789 dump_debug_buffer("sslpacketwrite.out", buffer, length);
825 return bytes; 790 return bytes;
826} 791}
827 792
@@ -839,8 +804,7 @@ ssize_t lockdownd_securead(gnutls_transport_ptr_t transport, char *buffer, size_
839 char *hackhackhack = NULL; 804 char *hackhackhack = NULL;
840 iphone_lckd_client_t control; 805 iphone_lckd_client_t control;
841 control = (iphone_lckd_client_t) transport; 806 control = (iphone_lckd_client_t) transport;
842 if (debug) 807 log_debug_msg("lockdownd_securead() called\nlength = %zi\n", length);
843 printf("lockdownd_securead() called\nlength = %zi\n", length);
844 // Buffering hack! Throw what we've got in our "buffer" into the stream first, then get more. 808 // Buffering hack! Throw what we've got in our "buffer" into the stream first, then get more.
845 if (control->gtls_buffer_hack_len > 0) { 809 if (control->gtls_buffer_hack_len > 0) {
846 if (length > control->gtls_buffer_hack_len) { // If it's asking for more than we got 810 if (length > control->gtls_buffer_hack_len) { // If it's asking for more than we got
@@ -849,8 +813,7 @@ ssize_t lockdownd_securead(gnutls_transport_ptr_t transport, char *buffer, size_
849 memcpy(buffer, control->gtls_buffer_hack, control->gtls_buffer_hack_len); // Fill their buffer partially 813 memcpy(buffer, control->gtls_buffer_hack, control->gtls_buffer_hack_len); // Fill their buffer partially
850 free(control->gtls_buffer_hack); // free our memory, it's not chained anymore 814 free(control->gtls_buffer_hack); // free our memory, it's not chained anymore
851 control->gtls_buffer_hack_len = 0; // we don't have a hack buffer anymore 815 control->gtls_buffer_hack_len = 0; // we don't have a hack buffer anymore
852 if (debug) 816 log_debug_msg("Did a partial fill to help quench thirst for data\n");
853 printf("Did a partial fill to help quench thirst for data\n");
854 } else if (length < control->gtls_buffer_hack_len) { // If it's asking for less... 817 } else if (length < control->gtls_buffer_hack_len) { // If it's asking for less...
855 control->gtls_buffer_hack_len -= length; // subtract what they're asking for 818 control->gtls_buffer_hack_len -= length; // subtract what they're asking for
856 memcpy(buffer, control->gtls_buffer_hack, length); // fill their buffer 819 memcpy(buffer, control->gtls_buffer_hack, length); // fill their buffer
@@ -859,37 +822,33 @@ ssize_t lockdownd_securead(gnutls_transport_ptr_t transport, char *buffer, size_
859 free(control->gtls_buffer_hack); // Free the old one 822 free(control->gtls_buffer_hack); // Free the old one
860 control->gtls_buffer_hack = hackhackhack; // And make it the new one. 823 control->gtls_buffer_hack = hackhackhack; // And make it the new one.
861 hackhackhack = NULL; 824 hackhackhack = NULL;
862 if (debug) 825 log_debug_msg("Quenched the thirst for data; new hack length is %i\n", control->gtls_buffer_hack_len);
863 printf("Quenched the thirst for data; new hack length is %i\n", control->gtls_buffer_hack_len);
864 return length; // hand it over. 826 return length; // hand it over.
865 } else { // length == hack length 827 } else { // length == hack length
866 memcpy(buffer, control->gtls_buffer_hack, length); // copy our buffer into theirs 828 memcpy(buffer, control->gtls_buffer_hack, length); // copy our buffer into theirs
867 free(control->gtls_buffer_hack); // free our "obligation" 829 free(control->gtls_buffer_hack); // free our "obligation"
868 control->gtls_buffer_hack_len = 0; // free our "obligation" 830 control->gtls_buffer_hack_len = 0; // free our "obligation"
869 if (debug) 831 log_debug_msg("Satiated the thirst for data; now we have to eventually receive again.\n");
870 printf("Satiated the thirst for data; now we have to eventually receive again.\n");
871 return length; // hand it over 832 return length; // hand it over
872 } 833 }
873 } 834 }
874 // End buffering hack! 835 // End buffering hack!
875 char *recv_buffer = (char *) malloc(sizeof(char) * (length * 1000)); // ensuring nothing stupid happens 836 char *recv_buffer = (char *) malloc(sizeof(char) * (length * 1000)); // ensuring nothing stupid happens
876 837
877 if (debug) 838 log_debug_msg("pre-read\nclient wants %zi bytes\n", length);
878 printf("pre-read\nclient wants %zi bytes\n", length);
879 iphone_mux_recv(control->connection, recv_buffer, (length * 1000), &bytes); 839 iphone_mux_recv(control->connection, recv_buffer, (length * 1000), &bytes);
880 if (debug) 840 log_debug_msg("post-read\nwe got %i bytes\n", bytes);
881 printf("post-read\nwe got %i bytes\n", bytes); 841 if (bytes < 0) {
882 if (debug && bytes < 0) { 842 log_debug_msg("lockdownd_securead(): uh oh\n");
883 printf("lockdownd_securead(): uh oh\n"); 843 log_debug_msg
884 printf("I believe what we have here is a failure to communicate... libusb says %s but strerror says %s\n", 844 ("I believe what we have here is a failure to communicate... libusb says %s but strerror says %s\n",
885 usb_strerror(), strerror(errno)); 845 usb_strerror(), strerror(errno));
886 return bytes + 28; // an errno 846 return bytes + 28; // an errno
887 } 847 }
888 if (bytes >= length) { 848 if (bytes >= length) {
889 if (bytes > length) { 849 if (bytes > length) {
890 if (debug) 850 log_debug_msg
891 printf 851 ("lockdownd_securead: Client deliberately read less data than was there; resorting to GnuTLS buffering hack.\n");
892 ("lockdownd_securead: Client deliberately read less data than was there; resorting to GnuTLS buffering hack.\n");
893 if (!control->gtls_buffer_hack_len) { // if there's no hack buffer yet 852 if (!control->gtls_buffer_hack_len) { // if there's no hack buffer yet
894 //control->gtls_buffer_hack = strndup(recv_buffer+length, bytes-length); // strndup is NOT a good solution! 853 //control->gtls_buffer_hack = strndup(recv_buffer+length, bytes-length); // strndup is NOT a good solution!
895 control->gtls_buffer_hack_len += bytes - length; 854 control->gtls_buffer_hack_len += bytes - length;
@@ -905,12 +864,10 @@ ssize_t lockdownd_securead(gnutls_transport_ptr_t transport, char *buffer, size_
905 memcpy(buffer + pos_start_fill, recv_buffer, length); 864 memcpy(buffer + pos_start_fill, recv_buffer, length);
906 free(recv_buffer); 865 free(recv_buffer);
907 if (bytes == length) { 866 if (bytes == length) {
908 if (debug) 867 log_debug_msg("Returning how much we received.\n");
909 printf("Returning how much we received.\n");
910 return bytes; 868 return bytes;
911 } else { 869 } else {
912 if (debug) 870 log_debug_msg("Returning what they want to hear.\nHack length: %i\n", control->gtls_buffer_hack_len);
913 printf("Returning what they want to hear.\nHack length: %i\n", control->gtls_buffer_hack_len);
914 return length; 871 return length;
915 } 872 }
916 } 873 }
@@ -988,13 +945,11 @@ iphone_error_t iphone_lckd_start_service(iphone_lckd_client_t client, const char
988 dictionary = read_dict_element_strings(dict); 945 dictionary = read_dict_element_strings(dict);
989 946
990 for (i = 0; dictionary[i]; i += 2) { 947 for (i = 0; dictionary[i]; i += 2) {
991 if (debug) 948 log_debug_msg("lockdownd_start_service() dictionary %s: %s\n", dictionary[i], dictionary[i + 1]);
992 printf("lockdownd_start_service() dictionary %s: %s\n", dictionary[i], dictionary[i + 1]);
993 949
994 if (!xmlStrcmp(dictionary[i], "Port")) { 950 if (!xmlStrcmp(dictionary[i], "Port")) {
995 port_loc = atoi(dictionary[i + 1]); 951 port_loc = atoi(dictionary[i + 1]);
996 if (debug) 952 log_debug_msg("lockdownd_start_service() atoi'd port: %i\n", port);
997 printf("lockdownd_start_service() atoi'd port: %i\n", port);
998 } 953 }
999 954
1000 if (!xmlStrcmp(dictionary[i], "Result")) { 955 if (!xmlStrcmp(dictionary[i], "Result")) {
@@ -1004,11 +959,9 @@ iphone_error_t iphone_lckd_start_service(iphone_lckd_client_t client, const char
1004 } 959 }
1005 } 960 }
1006 961
1007 if (debug) { 962 log_debug_msg("lockdownd_start_service(): DATA RECEIVED:\n\n");
1008 printf("lockdownd_start_service(): DATA RECEIVED:\n\n"); 963 log_debug_msg(XML_query);
1009 fwrite(XML_query, 1, bytes, stdout); 964 log_debug_msg("end data received by lockdownd_start_service()\n");
1010 printf("end data received by lockdownd_start_service()\n");
1011 }
1012 965
1013 free(XML_query); 966 free(XML_query);
1014 xmlFreeDoc(plist); 967 xmlFreeDoc(plist);
© 2009-2020 sukimashita.com - Generated by cgit - Icons from Tango - Uses Google Analytics