feat: thread the 🆕 AEA1 decryption transparently through all relevant…

… `ipsw` cmds
blacktop · Jun 11, 2024 · b92ac6c · b92ac6c
1 parent e6cda25
commit b92ac6c
Show file tree

Hide file tree

Showing 10 changed files with 91 additions and 14 deletions.
diff --git a/api/server/routes/ipsw/ipsw.go b/api/server/routes/ipsw/ipsw.go
@@ -18,6 +18,7 @@ import (
 	"github.com/blacktop/ipsw/internal/commands/ent"
 	"github.com/blacktop/ipsw/internal/commands/extract"
 	"github.com/blacktop/ipsw/internal/utils"
+	"github.com/blacktop/ipsw/pkg/aea"
 	"github.com/blacktop/ipsw/pkg/info"
 	"github.com/gin-gonic/gin"
 )
@@ -69,6 +70,13 @@ func getFsFiles(c *gin.Context) {
 		utils.Indent(log.Debug, 2)(fmt.Sprintf("Found extracted %s", dmgPath))
 	}
 
+	if filepath.Ext(dmgPath) == ".aea" {
+		dmgPath, err = aea.Parse(dmgPath, filepath.Dir(dmgPath), nil)
+		if err != nil {
+			c.AbortWithStatusJSON(http.StatusInternalServerError, types.GenericError{Error: fmt.Sprintf("failed to parse AEA encrypted DMG: %v", err)})
+		}
+	}
+
 	// mount filesystem DMG
 	utils.Indent(log.Info, 2)(fmt.Sprintf("Mounting %s", dmgPath))
 	mountPoint, alreadyMounted, err := utils.MountDMG(dmgPath)

diff --git a/cmd/ipsw/cmd/mdevs.go b/cmd/ipsw/cmd/mdevs.go
@@ -34,6 +34,7 @@ import (
 	"github.com/apex/log"
 	"github.com/blacktop/go-plist"
 	"github.com/blacktop/ipsw/internal/utils"
+	"github.com/blacktop/ipsw/pkg/aea"
 	"github.com/blacktop/ipsw/pkg/info"
 	"github.com/spf13/cobra"
 )
@@ -98,6 +99,13 @@ var mdevsCmd = &cobra.Command{
 		} else {
 			log.Debugf("Found extracted %s", dmgPath)
 		}
+		if filepath.Ext(dmgPath) == ".aea" {
+			dmgPath, err = aea.Parse(dmgPath, filepath.Dir(dmgPath), nil)
+			if err != nil {
+				return fmt.Errorf("failed to parse AEA encrypted DMG: %v", err)
+			}
+			defer os.Remove(dmgPath)
+		}
 		// mount filesystem DMG
 		log.Debugf("Mounting %s", dmgPath)
 		mountPoint, alreadyMounted, err := utils.MountDMG(dmgPath)

diff --git a/cmd/ipsw/cmd/sb/sb_diff.go b/cmd/ipsw/cmd/sb/sb_diff.go
@@ -35,6 +35,7 @@ import (
 	"github.com/alecthomas/chroma/v2/quick"
 	"github.com/apex/log"
 	"github.com/blacktop/ipsw/internal/utils"
+	"github.com/blacktop/ipsw/pkg/aea"
 	"github.com/blacktop/ipsw/pkg/info"
 	"github.com/fatih/color"
 	"github.com/spf13/cobra"
@@ -113,6 +114,14 @@ var sbDiffCmd = &cobra.Command{
 					utils.Indent(log.Debug, 2)(fmt.Sprintf("Found extracted %s", dmgPath))
 				}
 
+				if filepath.Ext(dmgPath) == ".aea" {
+					dmgPath, err = aea.Parse(dmgPath, filepath.Dir(dmgPath), nil)
+					if err != nil {
+						return fmt.Errorf("failed to parse AEA encrypted DMG: %v", err)
+					}
+					defer os.Remove(dmgPath)
+				}
+
 				utils.Indent(log.Debug, 2)(fmt.Sprintf("Mounting FS %s", dmgPath))
 				mountPoint, alreadyMounted, err := utils.MountDMG(dmgPath)
 				if err != nil {

diff --git a/internal/commands/ent/ent.go b/internal/commands/ent/ent.go
@@ -18,6 +18,7 @@ import (
 	"github.com/apex/log"
 	"github.com/blacktop/go-macho"
 	"github.com/blacktop/ipsw/internal/utils"
+	"github.com/blacktop/ipsw/pkg/aea"
 	"github.com/blacktop/ipsw/pkg/info"
 	"github.com/fatih/color"
 )
@@ -269,6 +270,15 @@ func scanEnts(ipswPath, dmgPath, dmgType string) (map[string]string, error) {
 		utils.Indent(log.Debug, 2)(fmt.Sprintf("Found extracted %s", dmgPath))
 	}
 
+	if filepath.Ext(dmgPath) == ".aea" {
+		var err error
+		dmgPath, err = aea.Parse(dmgPath, filepath.Dir(dmgPath), nil)
+		if err != nil {
+			return nil, fmt.Errorf("failed to parse AEA encrypted DMG: %v", err)
+		}
+		defer os.Remove(dmgPath)
+	}
+
 	utils.Indent(log.Debug, 2)(fmt.Sprintf("Mounting %s %s", dmgType, dmgPath))
 	mountPoint, alreadyMounted, err := utils.MountDMG(dmgPath)
 	if err != nil {

diff --git a/internal/commands/mount/mount.go b/internal/commands/mount/mount.go
@@ -12,6 +12,7 @@ import (
 
 	"github.com/apex/log"
 	"github.com/blacktop/ipsw/internal/utils"
+	"github.com/blacktop/ipsw/pkg/aea"
 	"github.com/blacktop/ipsw/pkg/info"
 )
 
@@ -98,6 +99,13 @@ func DmgInIPSW(path, typ string) (*Context, error) {
 		}
 	}
 
+	if filepath.Ext(extractedDMG) == ".aea" {
+		extractedDMG, err = aea.Parse(extractedDMG, filepath.Dir(extractedDMG), nil)
+		if err != nil {
+			return nil, fmt.Errorf("failed to parse AEA encrypted DMG: %v", err)
+		}
+	}
+
 	mp, am, err := utils.MountDMG(extractedDMG)
 	if err != nil {
 		return nil, fmt.Errorf("failed to mount %s: %v", extractedDMG, err)

diff --git a/internal/diff/diff.go b/internal/diff/diff.go
@@ -20,6 +20,7 @@ import (
 	kcmd "github.com/blacktop/ipsw/internal/commands/kernel"
 	mcmd "github.com/blacktop/ipsw/internal/commands/macho"
 	"github.com/blacktop/ipsw/internal/utils"
+	"github.com/blacktop/ipsw/pkg/aea"
 	"github.com/blacktop/ipsw/pkg/dyld"
 	"github.com/blacktop/ipsw/pkg/info"
 	"github.com/blacktop/ipsw/pkg/kernelcache"
@@ -259,6 +260,12 @@ func mountDMG(ctx *Context) (err error) {
 	} else {
 		utils.Indent(log.Debug, 2)(fmt.Sprintf("Found extracted %s", ctx.SystemOsDmgPath))
 	}
+	if filepath.Ext(ctx.SystemOsDmgPath) == ".aea" {
+		ctx.SystemOsDmgPath, err = aea.Parse(ctx.SystemOsDmgPath, filepath.Dir(ctx.SystemOsDmgPath), nil)
+		if err != nil {
+			return fmt.Errorf("failed to parse AEA encrypted DMG: %v", err)
+		}
+	}
 	utils.Indent(log.Info, 2)(fmt.Sprintf("Mounting %s", ctx.SystemOsDmgPath))
 	ctx.MountPath, ctx.IsMounted, err = utils.MountDMG(ctx.SystemOsDmgPath)
 	if err != nil {

diff --git a/internal/search/search.go b/internal/search/search.go
@@ -16,6 +16,7 @@ import (
 	icmd "github.com/blacktop/ipsw/internal/commands/img4"
 	"github.com/blacktop/ipsw/internal/magic"
 	"github.com/blacktop/ipsw/internal/utils"
+	"github.com/blacktop/ipsw/pkg/aea"
 	"github.com/blacktop/ipsw/pkg/info"
 )
 
@@ -35,6 +36,13 @@ func scanDmg(ipswPath, dmgPath, dmgType string, handler func(string, *macho.File
 	} else {
 		utils.Indent(log.Debug, 2)(fmt.Sprintf("Found extracted %s", dmgPath))
 	}
+	if filepath.Ext(dmgPath) == ".aea" {
+		var err error
+		dmgPath, err = aea.Parse(dmgPath, filepath.Dir(dmgPath), nil)
+		if err != nil {
+			return fmt.Errorf("failed to parse AEA encrypted DMG: %v", err)
+		}
+	}
 	utils.Indent(log.Debug, 2)(fmt.Sprintf("Mounting %s %s", dmgType, dmgPath))
 	mountPoint, alreadyMounted, err := utils.MountDMG(dmgPath)
 	if err != nil {

diff --git a/internal/utils/macos.go b/internal/utils/macos.go
@@ -18,6 +18,7 @@ import (
 	"github.com/apex/log"
 	"github.com/blacktop/go-plist"
 	"github.com/blacktop/ipsw/internal/utils/lsof"
+	"github.com/blacktop/ipsw/pkg/aea"
 	semver "github.com/hashicorp/go-version"
 )
 
@@ -601,6 +602,15 @@ func ExtractFromDMG(ipswPath, dmgPath, destPath string, pattern *regexp.Regexp)
 		defer os.Remove(filepath.Clean(dmgs[0]))
 	}
 
+	if filepath.Ext(dmgPath) == ".aea" {
+		var err error
+		dmgPath, err = aea.Parse(dmgPath, filepath.Dir(dmgPath), nil)
+		if err != nil {
+			return nil, fmt.Errorf("failed to parse AEA encrypted DMG: %v", err)
+		}
+		defer os.Remove(dmgPath)
+	}
+
 	Indent(log.Info, 2)(fmt.Sprintf("Mounting DMG %s", dmgPath))
 	mountPoint, alreadyMounted, err := MountDMG(dmgPath)
 	if err != nil {
@@ -663,18 +673,6 @@ func PkgUtilExpand(src, dst string) (string, error) {
 	return "", fmt.Errorf("only supported on macOS")
 }
 
-func Aea(in, out, key string) (string, error) {
-	if runtime.GOOS == "darwin" {
-		cmd := exec.Command("aea", "decrypt", "-i", in, "-o", out, "-key-value", fmt.Sprintf("base64:%s", key))
-		cout, err := cmd.CombinedOutput()
-		if err != nil {
-			return "", fmt.Errorf("%v: %s", err, cout)
-		}
-		return out, nil
-	}
-	return "", fmt.Errorf("only supported on macOS")
-}
-
 func InstallXCodeSimRuntime(path string) error {
 	if runtime.GOOS == "darwin" {
 		cmd := exec.Command("xcrun", "simctl", "runtime", "add", path)

diff --git a/pkg/aea/aea.go b/pkg/aea/aea.go
@@ -12,10 +12,11 @@ import (
 	"io"
 	"net/http"
 	"os"
+	"os/exec"
 	"path/filepath"
+	"runtime"
 	"strings"
 
-	"github.com/blacktop/ipsw/internal/utils"
 	"github.com/cloudflare/circl/hpke"
 )
 
@@ -30,6 +31,18 @@ type fcsResponse struct {
 	WrappedKey string `json:"wrapped-key,omitempty"`
 }
 
+func aea(in, out, key string) (string, error) {
+	if runtime.GOOS == "darwin" {
+		cmd := exec.Command("aea", "decrypt", "-i", in, "-o", out, "-key-value", fmt.Sprintf("base64:%s", key))
+		cout, err := cmd.CombinedOutput()
+		if err != nil {
+			return "", fmt.Errorf("%v: %s", err, cout)
+		}
+		return out, nil
+	}
+	return "", fmt.Errorf("only supported on macOS")
+}
+
 func Parse(in, out string, privKey []byte) (string, error) {
 	metadata := make(map[string][]byte)
 
@@ -135,5 +148,5 @@ func Parse(in, out string, privKey []byte) (string, error) {
 		return "", err
 	}
 
-	return utils.Aea(in, filepath.Join(out, filepath.Base(strings.TrimSuffix(in, filepath.Ext(in)))), base64.StdEncoding.EncodeToString(wkey))
+	return aea(in, filepath.Join(out, filepath.Base(strings.TrimSuffix(in, filepath.Ext(in)))), base64.StdEncoding.EncodeToString(wkey))
 }
diff --git a/pkg/dyld/extract.go b/pkg/dyld/extract.go
@@ -16,6 +16,7 @@ import (
 	"github.com/AlecAivazis/survey/v2/terminal"
 	"github.com/apex/log"
 	"github.com/blacktop/ipsw/internal/utils"
+	"github.com/blacktop/ipsw/pkg/aea"
 	"github.com/blacktop/ipsw/pkg/info"
 	"github.com/blacktop/ipsw/pkg/ota/ridiff"
 	"github.com/pkg/errors"
@@ -184,6 +185,13 @@ func Extract(ipsw, destPath string, arches []string, driverkit bool) ([]string,
 		defer os.Remove(dmgs[0])
 	}
 
+	if filepath.Ext(dmgPath) == ".aea" {
+		dmgPath, err = aea.Parse(dmgPath, filepath.Dir(dmgPath), nil)
+		if err != nil {
+			return nil, fmt.Errorf("failed to parse AEA encrypted DMG: %v", err)
+		}
+	}
+
 	return ExtractFromDMG(i, dmgPath, destPath, arches, driverkit)
 }