diff options
Diffstat (limited to 'src/lockdown.c')
| -rw-r--r-- | src/lockdown.c | 70 |
1 files changed, 42 insertions, 28 deletions
diff --git a/src/lockdown.c b/src/lockdown.c index 28670de..ae408be 100644 --- a/src/lockdown.c +++ b/src/lockdown.c | |||
| @@ -26,6 +26,7 @@ | |||
| 26 | #include <arpa/inet.h> | 26 | #include <arpa/inet.h> |
| 27 | #include <errno.h> | 27 | #include <errno.h> |
| 28 | #include <string.h> | 28 | #include <string.h> |
| 29 | #include <stdlib.h> | ||
| 29 | #include <glib.h> | 30 | #include <glib.h> |
| 30 | #include <libtasn1.h> | 31 | #include <libtasn1.h> |
| 31 | #include <gnutls/x509.h> | 32 | #include <gnutls/x509.h> |
| @@ -200,9 +201,14 @@ iphone_error_t iphone_lckd_recv(iphone_lckd_client_t client, plist_t * plist) | |||
| 200 | if (!client->in_SSL) | 201 | if (!client->in_SSL) |
| 201 | ret = usbmuxd_recv(client->sfd, (char *) &datalen, sizeof(datalen), &bytes); | 202 | ret = usbmuxd_recv(client->sfd, (char *) &datalen, sizeof(datalen), &bytes); |
| 202 | else { | 203 | else { |
| 203 | bytes = gnutls_record_recv(*client->ssl_session, &datalen, sizeof(datalen)); | 204 | ssize_t res = gnutls_record_recv(*client->ssl_session, &datalen, sizeof(datalen)); |
| 204 | if (bytes > 0) | 205 | if (res < 0) { |
| 206 | log_dbg_msg(DBGMASK_LOCKDOWND, "gnutls_record_recv: Error occured: %s\n", gnutls_strerror(res)); | ||
| 207 | return IPHONE_E_SSL_ERROR; | ||
| 208 | } else { | ||
| 209 | bytes = res; | ||
| 205 | ret = IPHONE_E_SUCCESS; | 210 | ret = IPHONE_E_SUCCESS; |
| 211 | } | ||
| 206 | } | 212 | } |
| 207 | datalen = ntohl(datalen); | 213 | datalen = ntohl(datalen); |
| 208 | 214 | ||
| @@ -211,13 +217,18 @@ iphone_error_t iphone_lckd_recv(iphone_lckd_client_t client, plist_t * plist) | |||
| 211 | if (!client->in_SSL) { | 217 | if (!client->in_SSL) { |
| 212 | /* fill buffer and request more packets if needed */ | 218 | /* fill buffer and request more packets if needed */ |
| 213 | while ((received_bytes < datalen) && (ret == IPHONE_E_SUCCESS)) { | 219 | while ((received_bytes < datalen) && (ret == IPHONE_E_SUCCESS)) { |
| 214 | ret = usbmuxd_recv(client->sfd, receive + received_bytes, datalen - received_bytes, &bytes); //iphone_mux_recv(client->connection, receive + received_bytes, datalen - received_bytes, &bytes); | 220 | ret = usbmuxd_recv(client->sfd, receive + received_bytes, datalen - received_bytes, &bytes); |
| 215 | received_bytes += bytes; | 221 | received_bytes += bytes; |
| 216 | } | 222 | } |
| 217 | } else { | 223 | } else { |
| 218 | received_bytes = gnutls_record_recv(*client->ssl_session, receive, datalen); | 224 | ssize_t res = gnutls_record_recv(*client->ssl_session, receive, datalen); |
| 219 | if (received_bytes > 0) | 225 | if (res < 0) { |
| 226 | log_dbg_msg(DBGMASK_LOCKDOWND, "gnutls_record_recv: Error occured: %s\n", gnutls_strerror(res)); | ||
| 227 | ret = IPHONE_E_SSL_ERROR; | ||
| 228 | } else { | ||
| 229 | received_bytes = res; | ||
| 220 | ret = IPHONE_E_SUCCESS; | 230 | ret = IPHONE_E_SUCCESS; |
| 231 | } | ||
| 221 | } | 232 | } |
| 222 | 233 | ||
| 223 | if (ret != IPHONE_E_SUCCESS) { | 234 | if (ret != IPHONE_E_SUCCESS) { |
| @@ -225,7 +236,7 @@ iphone_error_t iphone_lckd_recv(iphone_lckd_client_t client, plist_t * plist) | |||
| 225 | return ret; | 236 | return ret; |
| 226 | } | 237 | } |
| 227 | 238 | ||
| 228 | if (received_bytes <= 0) { | 239 | if ((ssize_t)received_bytes <= 0) { |
| 229 | free(receive); | 240 | free(receive); |
| 230 | return IPHONE_E_NOT_ENOUGH_DATA; | 241 | return IPHONE_E_NOT_ENOUGH_DATA; |
| 231 | } | 242 | } |
| @@ -272,12 +283,22 @@ iphone_error_t iphone_lckd_send(iphone_lckd_client_t client, plist_t plist) | |||
| 272 | log_dbg_msg(DBGMASK_LOCKDOWND, "lockdownd_send(): made the query, sending it along\n"); | 283 | log_dbg_msg(DBGMASK_LOCKDOWND, "lockdownd_send(): made the query, sending it along\n"); |
| 273 | 284 | ||
| 274 | if (!client->in_SSL) | 285 | if (!client->in_SSL) |
| 275 | ret = usbmuxd_send(client->sfd, real_query, ntohl(length) + sizeof(length), (uint32_t*)&bytes); //iphone_mux_send(client->connection, real_query, ntohl(length) + sizeof(length), &bytes); | 286 | ret = usbmuxd_send(client->sfd, real_query, ntohl(length) + sizeof(length), (uint32_t*)&bytes); |
| 276 | else { | 287 | else { |
| 277 | gnutls_record_send(*client->ssl_session, real_query, ntohl(length) + sizeof(length)); | 288 | ssize_t res = gnutls_record_send(*client->ssl_session, real_query, ntohl(length) + sizeof(length)); |
| 278 | ret = IPHONE_E_SUCCESS; | 289 | if (res < 0) { |
| 290 | log_dbg_msg(DBGMASK_LOCKDOWND, "gnutls_record_send: Error occured: %s\n", gnutls_strerror(res)); | ||
| 291 | ret = IPHONE_E_SSL_ERROR; | ||
| 292 | } else { | ||
| 293 | bytes = res; | ||
| 294 | ret = IPHONE_E_SUCCESS; | ||
| 295 | } | ||
| 296 | } | ||
| 297 | if (ret == IPHONE_E_SUCCESS) { | ||
| 298 | log_dbg_msg(DBGMASK_LOCKDOWND, "lockdownd_send(): sent it!\n"); | ||
| 299 | } else { | ||
| 300 | log_dbg_msg(DBGMASK_LOCKDOWND, "lockdownd_send(): sending failed!\n"); | ||
| 279 | } | 301 | } |
| 280 | log_dbg_msg(DBGMASK_LOCKDOWND, "lockdownd_send(): sent it!\n"); | ||
| 281 | free(real_query); | 302 | free(real_query); |
| 282 | 303 | ||
| 283 | return ret; | 304 | return ret; |
| @@ -426,7 +447,7 @@ iphone_error_t lockdownd_generic_get_value(iphone_lckd_client_t control, const c | |||
| 426 | char *value_value = NULL; | 447 | char *value_value = NULL; |
| 427 | plist_get_string_val(value_value_node, &value_value); | 448 | plist_get_string_val(value_value_node, &value_value); |
| 428 | 449 | ||
| 429 | value->data = value_value; | 450 | value->data = (unsigned char*)value_value; |
| 430 | value->size = strlen(value_value); | 451 | value->size = strlen(value_value); |
| 431 | ret = IPHONE_E_SUCCESS; | 452 | ret = IPHONE_E_SUCCESS; |
| 432 | } | 453 | } |
| @@ -436,7 +457,7 @@ iphone_error_t lockdownd_generic_get_value(iphone_lckd_client_t control, const c | |||
| 436 | uint64_t size = 0; | 457 | uint64_t size = 0; |
| 437 | plist_get_data_val(value_value_node, &value_value, &size); | 458 | plist_get_data_val(value_value_node, &value_value, &size); |
| 438 | 459 | ||
| 439 | value->data = value_value; | 460 | value->data = (unsigned char*)value_value; |
| 440 | value->size = size; | 461 | value->size = size; |
| 441 | ret = IPHONE_E_SUCCESS; | 462 | ret = IPHONE_E_SUCCESS; |
| 442 | } | 463 | } |
| @@ -458,7 +479,7 @@ iphone_error_t lockdownd_get_device_uid(iphone_lckd_client_t control, char **uid | |||
| 458 | { | 479 | { |
| 459 | gnutls_datum_t temp = { NULL, 0 }; | 480 | gnutls_datum_t temp = { NULL, 0 }; |
| 460 | iphone_error_t ret = lockdownd_generic_get_value(control, "Key", "UniqueDeviceID", &temp); | 481 | iphone_error_t ret = lockdownd_generic_get_value(control, "Key", "UniqueDeviceID", &temp); |
| 461 | *uid = temp.data; | 482 | *uid = (char*)temp.data; |
| 462 | return ret; | 483 | return ret; |
| 463 | } | 484 | } |
| 464 | 485 | ||
| @@ -734,14 +755,14 @@ iphone_error_t lockdownd_gen_pair_cert(gnutls_datum_t public_key, gnutls_datum_t | |||
| 734 | if (ASN1_SUCCESS == asn1_der_decoding(&asn1_pub_key, der_pub_key.data, der_pub_key.size, NULL)) { | 755 | if (ASN1_SUCCESS == asn1_der_decoding(&asn1_pub_key, der_pub_key.data, der_pub_key.size, NULL)) { |
| 735 | 756 | ||
| 736 | /* get size to read */ | 757 | /* get size to read */ |
| 737 | int ret1 = asn1_read_value(asn1_pub_key, "modulus", NULL, &modulus.size); | 758 | int ret1 = asn1_read_value(asn1_pub_key, "modulus", NULL, (int*)&modulus.size); |
| 738 | int ret2 = asn1_read_value(asn1_pub_key, "publicExponent", NULL, &exponent.size); | 759 | int ret2 = asn1_read_value(asn1_pub_key, "publicExponent", NULL, (int*)&exponent.size); |
| 739 | 760 | ||
| 740 | modulus.data = gnutls_malloc(modulus.size); | 761 | modulus.data = gnutls_malloc(modulus.size); |
| 741 | exponent.data = gnutls_malloc(exponent.size); | 762 | exponent.data = gnutls_malloc(exponent.size); |
| 742 | 763 | ||
| 743 | ret1 = asn1_read_value(asn1_pub_key, "modulus", modulus.data, &modulus.size); | 764 | ret1 = asn1_read_value(asn1_pub_key, "modulus", modulus.data, (int*)&modulus.size); |
| 744 | ret2 = asn1_read_value(asn1_pub_key, "publicExponent", exponent.data, &exponent.size); | 765 | ret2 = asn1_read_value(asn1_pub_key, "publicExponent", exponent.data, (int*)&exponent.size); |
| 745 | if (ASN1_SUCCESS == ret1 && ASN1_SUCCESS == ret2) | 766 | if (ASN1_SUCCESS == ret1 && ASN1_SUCCESS == ret2) |
| 746 | ret = IPHONE_E_SUCCESS; | 767 | ret = IPHONE_E_SUCCESS; |
| 747 | } | 768 | } |
| @@ -756,7 +777,7 @@ iphone_error_t lockdownd_gen_pair_cert(gnutls_datum_t public_key, gnutls_datum_t | |||
| 756 | if (IPHONE_E_SUCCESS == ret && 0 != modulus.size && 0 != exponent.size) { | 777 | if (IPHONE_E_SUCCESS == ret && 0 != modulus.size && 0 != exponent.size) { |
| 757 | 778 | ||
| 758 | gnutls_global_init(); | 779 | gnutls_global_init(); |
| 759 | gnutls_datum_t essentially_null = { strdup("abababababababab"), strlen("abababababababab") }; | 780 | gnutls_datum_t essentially_null = { (unsigned char*)strdup("abababababababab"), strlen("abababababababab") }; |
| 760 | 781 | ||
| 761 | gnutls_x509_privkey_t fake_privkey, root_privkey, host_privkey; | 782 | gnutls_x509_privkey_t fake_privkey, root_privkey, host_privkey; |
| 762 | gnutls_x509_crt_t dev_cert, root_cert, host_cert; | 783 | gnutls_x509_crt_t dev_cert, root_cert, host_cert; |
| @@ -1022,7 +1043,7 @@ iphone_error_t lockdownd_start_SSL_session(iphone_lckd_client_t control, const c | |||
| 1022 | */ | 1043 | */ |
| 1023 | ssize_t lockdownd_secuwrite(gnutls_transport_ptr_t transport, char *buffer, size_t length) | 1044 | ssize_t lockdownd_secuwrite(gnutls_transport_ptr_t transport, char *buffer, size_t length) |
| 1024 | { | 1045 | { |
| 1025 | int bytes = 0; | 1046 | uint32_t bytes = 0; |
| 1026 | iphone_lckd_client_t control; | 1047 | iphone_lckd_client_t control; |
| 1027 | control = (iphone_lckd_client_t) transport; | 1048 | control = (iphone_lckd_client_t) transport; |
| 1028 | log_dbg_msg(DBGMASK_LOCKDOWND, "lockdownd_secuwrite() called\n"); | 1049 | log_dbg_msg(DBGMASK_LOCKDOWND, "lockdownd_secuwrite() called\n"); |
| @@ -1045,7 +1066,7 @@ ssize_t lockdownd_secuwrite(gnutls_transport_ptr_t transport, char *buffer, size | |||
| 1045 | ssize_t lockdownd_securead(gnutls_transport_ptr_t transport, char *buffer, size_t length) | 1066 | ssize_t lockdownd_securead(gnutls_transport_ptr_t transport, char *buffer, size_t length) |
| 1046 | { | 1067 | { |
| 1047 | int bytes = 0, pos_start_fill = 0; | 1068 | int bytes = 0, pos_start_fill = 0; |
| 1048 | int tbytes = 0; | 1069 | size_t tbytes = 0; |
| 1049 | int this_len = length; | 1070 | int this_len = length; |
| 1050 | iphone_error_t res; | 1071 | iphone_error_t res; |
| 1051 | iphone_lckd_client_t control; | 1072 | iphone_lckd_client_t control; |
| @@ -1060,19 +1081,12 @@ ssize_t lockdownd_securead(gnutls_transport_ptr_t transport, char *buffer, size_ | |||
| 1060 | 1081 | ||
| 1061 | // repeat until we have the full data or an error occurs. | 1082 | // repeat until we have the full data or an error occurs. |
| 1062 | do { | 1083 | do { |
| 1063 | if ((res = usbmuxd_recv(control->sfd, recv_buffer, this_len, &bytes)) != IPHONE_E_SUCCESS) { | 1084 | if ((res = usbmuxd_recv(control->sfd, recv_buffer, this_len, (uint32_t*)&bytes)) != IPHONE_E_SUCCESS) { |
| 1064 | log_debug_msg("%s: ERROR: iphone_mux_recv returned %d\n", __func__, res); | 1085 | log_debug_msg("%s: ERROR: iphone_mux_recv returned %d\n", __func__, res); |
| 1065 | return res; | 1086 | return res; |
| 1066 | } | 1087 | } |
| 1067 | log_debug_msg("post-read\nwe got %i bytes\n", bytes); | 1088 | log_debug_msg("post-read\nwe got %i bytes\n", bytes); |
| 1068 | 1089 | ||
| 1069 | if (bytes < 0) { | ||
| 1070 | log_debug_msg("lockdownd_securead(): uh oh\n"); | ||
| 1071 | log_debug_msg | ||
| 1072 | ("I believe what we have here is a failure to communicate... libusb says %s but strerror says %s\n", | ||
| 1073 | usb_strerror(), strerror(errno)); | ||
| 1074 | return bytes; // + 28; // an errno | ||
| 1075 | } | ||
| 1076 | // increase read count | 1090 | // increase read count |
| 1077 | tbytes += bytes; | 1091 | tbytes += bytes; |
| 1078 | 1092 | ||