From 8482031ce77cb4914b5a04ba4704484cc6548dcd Mon Sep 17 00:00:00 2001 From: Joshua Hill Date: Mon, 24 May 2010 16:28:06 -0400 Subject: Added irecv_send_exploit function to libirecovery.c and added -k flag in irecovery.c to trigger it. --- include/libirecovery.h | 1 + src/irecovery.c | 23 ++++++++++++++++++++--- src/libirecovery.c | 15 +++++++++++++++ 3 files changed, 36 insertions(+), 3 deletions(-) diff --git a/include/libirecovery.h b/include/libirecovery.h index a636813..fdc418b 100644 --- a/include/libirecovery.h +++ b/include/libirecovery.h @@ -65,6 +65,7 @@ irecv_error_t irecv_open(irecv_client_t* client); irecv_error_t irecv_reset(irecv_client_t client); irecv_error_t irecv_close(irecv_client_t client); irecv_error_t irecv_receive(irecv_client_t client); +irecv_error_t irecv_send_exploit(irecv_client_t client); irecv_error_t irecv_set_debug(irecv_client_t client, int level); irecv_error_t irecv_getenv(irecv_client_t client, unsigned char** var); irecv_error_t irecv_get_ecid(irecv_client_t client, unsigned long long* pecid); diff --git a/src/irecovery.c b/src/irecovery.c index 7150f90..98b1e90 100644 --- a/src/irecovery.c +++ b/src/irecovery.c @@ -27,7 +27,7 @@ #define debug(...) if(verbose) fprintf(stderr, __VA_ARGS__) enum { - kResetDevice, kStartShell, kSendCommand, kSendFile + kResetDevice, kStartShell, kSendCommand, kSendFile, kSendExploit }; static unsigned int quit = 0; @@ -146,9 +146,9 @@ void print_usage() { printf("iRecovery - iDevice Recovery Utility\n"); printf("Usage: ./irecovery [args]\n"); printf("\t-v\t\tStart irecovery in verbose mode.\n"); - printf("\t-u \ttarget specific client by its 40-digit client UUID\n"); printf("\t-c \tSend command to client.\n"); printf("\t-f \tSend file to client.\n"); + printf("\t-k [exploit]\tSend usb exploit to client.\n"); printf("\t-h\t\tShow this help.\n"); printf("\t-r\t\tReset client.\n"); printf("\t-s\t\tStart interactive shell.\n"); @@ -162,7 +162,7 @@ int main(int argc, char** argv) { char* argument = NULL; irecv_error_t error = 0; if(argc == 1) print_usage(); - while ((opt = getopt(argc, argv, "vhrsc:f:")) > 0) { + while ((opt = getopt(argc, argv, "vhrsc:f:k::")) > 0) { switch (opt) { case 'v': verbose += 1; @@ -190,6 +190,11 @@ int main(int argc, char** argv) { argument = optarg; break; + case 'k': + action = kSendExploit; + argument = optarg; + break; + default: fprintf(stderr, "Unknown argument\n"); return -1; @@ -225,6 +230,18 @@ int main(int argc, char** argv) { debug("%s\n", irecv_strerror(error)); break; + case kSendExploit: + if(argument != NULL) { + error = irecv_send_file(client, argument); + if(error != IRECV_E_SUCCESS) { + debug("%s\n", irecv_strerror(error)); + break; + } + } + error = irecv_send_exploit(client); + debug("%s\n", irecv_strerror(error)); + break; + case kStartShell: init_shell(client); break; diff --git a/src/libirecovery.c b/src/libirecovery.c index 78745b1..6587fe0 100644 --- a/src/libirecovery.c +++ b/src/libirecovery.c @@ -428,6 +428,21 @@ irecv_error_t irecv_get_ecid(irecv_client_t client, unsigned long long* ecid) { return IRECV_E_SUCCESS; } + +irecv_error_t irecv_send_exploit(irecv_client_t client) { + if(client == NULL || client->handle == NULL) { + return IRECV_E_NO_DEVICE; + } + + irecv_error_t error = irecv_set_interface(client, 1, 1); + if(error != IRECV_E_SUCCESS) { + return error; + } + + libusb_control_transfer(client->handle, 0x21, 2, 0, 0, NULL, 0, 100); + return IRECV_E_SUCCESS; +} + const char* irecv_strerror(irecv_error_t error) { switch(error) { case IRECV_E_SUCCESS: -- cgit v1.1-32-gdbae