From 38c59168104acef7c1a2e03c82e1e67b9d90bdb5 Mon Sep 17 00:00:00 2001
From: blacktop <blacktop@users.noreply.github.com>
Date: Thu, 27 Jun 2024 12:11:13 -0600
Subject: [PATCH] fix: macOS 15.0 beta2 fcs-key

---
 cmd/ipsw/cmd/fw/aea.go               |   2 +-
 internal/commands/extract/extract.go |   2 +-
 pkg/aea/aea.go                       |  31 +++++++++++++++++----------
 pkg/aea/data/fcs-keys.gz             | Bin 933 -> 830 bytes
 pkg/aea/data/fcs-keys.json           |   2 +-
 5 files changed, 23 insertions(+), 14 deletions(-)

diff --git a/cmd/ipsw/cmd/fw/aea.go b/cmd/ipsw/cmd/fw/aea.go
index 683e8fdfb..3ed3522a4 100644
--- a/cmd/ipsw/cmd/fw/aea.go
+++ b/cmd/ipsw/cmd/fw/aea.go
@@ -115,7 +115,7 @@ var aeaCmd = &cobra.Command{
 			if err != nil {
 				return fmt.Errorf("failed to parse AEA: %v", err)
 			}
-			pkmap, err := metadata.GetPrivateKey(nil)
+			pkmap, err := metadata.GetPrivateKey(nil, false)
 			if err != nil {
 				return fmt.Errorf("failed to get private key: %v", err)
 			}
diff --git a/internal/commands/extract/extract.go b/internal/commands/extract/extract.go
index 216c7e104..df5f0d29b 100644
--- a/internal/commands/extract/extract.go
+++ b/internal/commands/extract/extract.go
@@ -571,7 +571,7 @@ func FcsKeys(c *Config) ([]string, error) {
 			if err != nil {
 				return nil, fmt.Errorf("failed to parse AEA1 metadata: %v", err)
 			}
-			pkmap, err := metadata.GetPrivateKey(nil)
+			pkmap, err := metadata.GetPrivateKey(nil, true)
 			if err != nil {
 				return nil, err
 			}
diff --git a/pkg/aea/aea.go b/pkg/aea/aea.go
index 53a842824..8376e0c57 100644
--- a/pkg/aea/aea.go
+++ b/pkg/aea/aea.go
@@ -59,6 +59,9 @@ type PrivateKey []byte
 
 func (k PrivateKey) UnmarshalBinaryPrivateKey() ([]byte, error) {
 	block, _ := pem.Decode(k)
+	if block == nil {
+		return nil, fmt.Errorf("failed to decode p8 key")
+	}
 	parsedKey, err := x509.ParsePKCS8PrivateKey(block.Bytes)
 	if err != nil {
 		return nil, fmt.Errorf("failed to parse p8 key: %v", err)
@@ -72,7 +75,7 @@ func (k PrivateKey) UnmarshalBinaryPrivateKey() ([]byte, error) {
 
 type Metadata map[string][]byte
 
-func (md Metadata) GetPrivateKey(data []byte) (map[string]PrivateKey, error) {
+func (md Metadata) GetPrivateKey(data []byte, skipEmbedded bool) (map[string]PrivateKey, error) {
 	out := make(map[string]PrivateKey)
 
 	if len(data) > 0 {
@@ -86,15 +89,17 @@ func (md Metadata) GetPrivateKey(data []byte) (map[string]PrivateKey, error) {
 	}
 
 	// check if keys are already loaded
-	if keys, err := getKeys(); err == nil {
-		u, err := url.Parse(string(privKeyURL))
-		if err != nil {
-			return nil, err
-		}
-		for k, v := range keys {
-			if strings.EqualFold(k, path.Base(u.Path)) {
-				out[k] = PrivateKey(v)
-				return out, nil
+	if !skipEmbedded {
+		if keys, err := getKeys(); err == nil {
+			u, err := url.Parse(string(privKeyURL))
+			if err != nil {
+				return nil, err
+			}
+			for k, v := range keys {
+				if strings.EqualFold(k, path.Base(u.Path)) {
+					out[k] = PrivateKey(v)
+					return out, nil
+				}
 			}
 		}
 	}
@@ -105,6 +110,10 @@ func (md Metadata) GetPrivateKey(data []byte) (map[string]PrivateKey, error) {
 	}
 	defer resp.Body.Close()
 
+	if resp.StatusCode != 200 {
+		return nil, fmt.Errorf("failed to connect to fcs-key URL: %s", resp.Status)
+	}
+
 	privKey, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
@@ -137,7 +146,7 @@ func (md Metadata) DecryptFCS(pemData []byte) ([]byte, error) {
 		return nil, err
 	}
 
-	pkmap, err := md.GetPrivateKey(pemData)
+	pkmap, err := md.GetPrivateKey(pemData, false)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/aea/data/fcs-keys.gz b/pkg/aea/data/fcs-keys.gz
index c95929f0904ebbbf816dca7b7df81c555b3d980f..ee0bc962770acc136316a8063822f4f0b5638323 100644
GIT binary patch
literal 830
zcmV-E1Ht?siwFP!000001HIHuZ>u;I2H^etjIO5=hR~ag)J6F)iNQ{7V;k61Bu+zu
zNhqb|<7)o<M0YWFHY0V_<<XJOdC#*rKkxh>58Lp1%G~62Z(SJeFJPb4+i(baf4Pn}
z_yxa!4jt+0_;~l%UBazC;lO7?qx9raQ5!`igPX92>Q~R|{Td)<RbF99FBOO|3%Prt
z(=??nRT?sj1pn5VhCD=Tyw;Vrj87$Gg$>?R;0<{rY^A~u2S^<1MVwovRO{j)0dk{(
z!33Z|NLZH^pc1rAYKyLf$V+SD-7?Jw@jezIngv9%5WwBpmBO|}B61Ol2Aj{-Sv<As
z5ET*2yii*p&>1nQke#%|EUn>|Z~vL5cw)7imbS?YL0Xz!N1S<EEs#`^Y|<J&^UTzo
zUVq)62)Skc|JWQKAMgIWJ2c!b7E9$;r}*K1HTWN=>Sb{?iE3?<6i)maFX!j=6aU2D
zrfxwjEq7fSn1~S8`K-A}k8x>9a)9ks+QyJe^}e^YC`2*I6lE+UPPt~)Z*@cuX493C
z`?(7c-!&xCP1~q?vDjru5C<;Ovu1p_e&+T{l`|T7K)@bC=MavuO1(0jtG)=N&1S}F
zCIb;ICvlrqigCQnaAII&;+RrM8I%pM%BL@@*DsRxPY)l&f7!g_ns)QObN-kba*26;
zRuFgK(7yVmT#N5hA2C1mBEQff2FH<IHl18w<J``NUBqa~`wI(-Z4ni@occ4f4Z>NK
z=w>wkQFlvGSh!*DGU~ltfSS#D$AiM%2ilisVz%(==%H;A3o_vtMW&@w%JwX?C!2`A
zyLl64P(u`)6f|8K8p@3T%t1Xn%iAuE_JQ2o)Ky*=m)-Hp>Yr~ZCFe2TvZe12i+j%B
zI^;L<<Hrc*x+i*@T}ktUZ8G|O>ivlsug5c-w_-8VhEN@eSU9XwjdAo02g&;qhu~R;
zgN>(E$ixD~4s3s`lb~>5hlRT(sifF4Z@Q^`-AKmmJ>WoZuxY!Twu?iQ&sf4qIG!h!
z+i#;5@w$Cxc7M@n5vBoli@ESIFy*cR0kKx(pa7SWRLQh@CyG#}!ijwK!~FfnKUrk*
I{@Miq0OA{=GXMYp

literal 933
zcmV;W16uqaiwFP!000001HF{XlHxWLhWB|4wv(=sZ{09ey=Y%S*aAtGWNXu9EE=$7
zU}$3-r}FM`CaENwRLyFZ=k}lTe~a_m%zJs>1ea6h#2+O%6WpGSGOjm4@3-E38Lg7{
z<lVTz16~|nXJ2PA1#L_Xk1z$(lZ#oc1?D7N1#Kw4*Ffvl1|;C<O2FNeK|}y_N~Y2@
z#SRuKBmnvU#F+|d0GG*99Tm_X<{^=$@lE({pEt}DBDf_!Wc%7)=Rg-?DW7A5uauz^
zWWb*Bur7dsxp8e$lii9Cx@nEv>85edJ_i}Vk%f>;W;i?ZC=!!H7C8__y-CMo#on%B
zAIXShZlHkSs|@Ls@f!zh<e;DKE4wsJ9;9~C!qmBB=!&z;kYw&gF~~*4o3swMG}AT3
zm+$^##y7<KA2x^A*V(VL`kmwU?fH(p_tj@o<J<UTRrg1O&TCp%B1~?^{`%n+e93+q
zbuc9K)Uy1H`?YZx$a!_+%gZ`9^L`f*T+sGRe7TX4%=x3Oh^b+c9b?rD`d{kMDVPLF
zLq2)bx;ZmyGUhkxOQ-ae$19{a;l)z@wTVGUn56}J%&mf7E1tcXh_yFv5=1m?kO&_l
z)VCtgm}+Ja3$~=<(=G)|pRX9_BCq9nclcrI`-Ym*o(t!AT0cK6dhdQZzS|cai>rxZ
zX{|rj^KrX;qh0dzsD}v$&a%*9%!07aM@3nBSQmh!eR#caQ)_fSewL<UlF0{8VMa1!
z6-#pb4|TlPt6LE{-Oh(}*Puu>*GAN~y~`j&R%oY{BDBABxw#O<2nXsTqYOi99}H`e
zx<xu3Tj@{iM?!JNeHP6hY|<*&FiaZO+R!|<bTLu)i^c%O+YeLkzNHvd!+JyJp4Zz?
zlzzKGui^KX!5HfnsZDl4%?nv&_)qFve_`)Le^3p7l&0=>6*wi-?pG&QPtH0S>AM`k
ziE|Rg>EW~;?e#X8dYi>#TMhosBzjwiRc`XJ1Z0}gTKav5%|$I!d!C9ZZ-!@?I&N+v
zU0TV3MEqU|UT?hxk{KFvq4cChWfmG!45+|grZ0jKvn`@g!2t<4FoI<4JJ#?)O`0mu
z^)$2ES%3AHnpw0WBR->xT57sK6PvJOkus7f6Z*x7J60it7y{DQpLlfpy;$7SAUx&M
zXW0jHLj?|;{0ySOy^PvrnQ>j7%dP;Zr%PCE)4rq8;_uykM>6=>S*tIz-+%c7hZXOZ
H+64drUYOCq

diff --git a/pkg/aea/data/fcs-keys.json b/pkg/aea/data/fcs-keys.json
index 465b736fc..f0665409d 100644
--- a/pkg/aea/data/fcs-keys.json
+++ b/pkg/aea/data/fcs-keys.json
@@ -1 +1 @@
-{"C76OEoiX5Lfc0nRQtn1cLkOEwDtC8HGIM_M_1rJgQ9g=":"LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JR0hBZ0VBTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEJHMHdhd0lCQVFRZ21qWDBwYmU2WWErMDJUek4KY0laWHZ6L1VId1lMN1JwUVFka01QV1pmT2UraFJBTkNBQVRzeUsxZEJzUFJVZU15b2hWM2VJUG5JNGw2SzhjUApWeGZGRXBEd01DdXNlTUVrV0UzV0w5QXcvTTMyRk5Ta2lYZUNpQXoxMXBOdUJVWGVmTkFPSXlkSQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==","k_VQtA6uNC_IsMkQrz-3juymNnKSkjWFMr1epfCaVHU=":"LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JR0hBZ0VBTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEJHMHdhd0lCQVFRZ0xMSitUYnQwK1gxRnIrVHoKY2YwbGRQaStnRDZOZGZYVytjR2lJMXhLdmxlaFJBTkNBQVJ5aUZ0MmRsVGtBYU1kRzYrSDZ5cDdCVjNlOFo3dwpmL0FRU3lWNy83aVpjVXA2NUtrV2RNRlJmNWFyWFlraElQSlU1R3JtRjVlaFdJcDVIUVVWYkZnbgotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==","emS2Z48W5hiK6-9wCuih_4olLWp2NLZ3KfK8zPHASvM=":"LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JR0hBZ0VBTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEJHMHdhd0lCQVFRZ0FMV05HalFLUEFkYzdSUTgKa0VNeFpoV2llNnhsc2dUZUZyVTJXRXN3aHRhaFJBTkNBQVJQelIraG5vbDJSbmNGdmpmWk44bXJUN3F4TjdRSwovY29WazJxSDN1cFF3eExKWTBaTzhtZDV2RzRSQXVDUG8yUDJSaUxxbXJ3K1lVL3laUVVDam10aAotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==","vqTQNjxKOR8CCw4-SSqrJCmVu7x1zktNdOXoNm7RIXQ=":"PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPEVycm9yPjxDb2RlPkFjY2Vzc0RlbmllZDwvQ29kZT48TWVzc2FnZT5BY2Nlc3MgRGVuaWVkPC9NZXNzYWdlPjxSZXF1ZXN0SWQ+UFJQNU43RlNaV0REV01EMzwvUmVxdWVzdElkPjxIb3N0SWQ+clU3SjRzQnNodHlSenR4RUhaTURMd2JDazQvUjNNNUN0ZDlsQzBweW9uTEFiYUJVeE81dE5Jb2RxWmQwZGtHcXVlcncva0NwSHJjPTwvSG9zdElkPjwvRXJyb3I+"}
+{"C76OEoiX5Lfc0nRQtn1cLkOEwDtC8HGIM_M_1rJgQ9g=":"LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JR0hBZ0VBTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEJHMHdhd0lCQVFRZ21qWDBwYmU2WWErMDJUek4KY0laWHZ6L1VId1lMN1JwUVFka01QV1pmT2UraFJBTkNBQVRzeUsxZEJzUFJVZU15b2hWM2VJUG5JNGw2SzhjUApWeGZGRXBEd01DdXNlTUVrV0UzV0w5QXcvTTMyRk5Ta2lYZUNpQXoxMXBOdUJVWGVmTkFPSXlkSQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==","emS2Z48W5hiK6-9wCuih_4olLWp2NLZ3KfK8zPHASvM=":"LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JR0hBZ0VBTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEJHMHdhd0lCQVFRZ0FMV05HalFLUEFkYzdSUTgKa0VNeFpoV2llNnhsc2dUZUZyVTJXRXN3aHRhaFJBTkNBQVJQelIraG5vbDJSbmNGdmpmWk44bXJUN3F4TjdRSwovY29WazJxSDN1cFF3eExKWTBaTzhtZDV2RzRSQXVDUG8yUDJSaUxxbXJ3K1lVL3laUVVDam10aAotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==","k_VQtA6uNC_IsMkQrz-3juymNnKSkjWFMr1epfCaVHU=":"LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JR0hBZ0VBTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEJHMHdhd0lCQVFRZ0xMSitUYnQwK1gxRnIrVHoKY2YwbGRQaStnRDZOZGZYVytjR2lJMXhLdmxlaFJBTkNBQVJ5aUZ0MmRsVGtBYU1kRzYrSDZ5cDdCVjNlOFo3dwpmL0FRU3lWNy83aVpjVXA2NUtrV2RNRlJmNWFyWFlraElQSlU1R3JtRjVlaFdJcDVIUVVWYkZnbgotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==","vqTQNjxKOR8CCw4-SSqrJCmVu7x1zktNdOXoNm7RIXQ=":"LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JR0hBZ0VBTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEJHMHdhd0lCQVFRZ0tiRlBtMzFzOU4zQmNQdGUKU3RhWml3dzFwVStaME1PVEw2My9ERU41K3FpaFJBTkNBQVNDZ3FrMU5ONTVQM0lqdmhCdmVRS2c1S1dIMlprYQp4eGYzMVFyU3BBVW5tOGpJSkpPR2tndTZETDM5ZzZCM1labm1DN09NeW1SVVNhLy9sNWNQRWEyNQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg=="}