Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fork Sync #3

Open
wants to merge 117 commits into
base: master
Choose a base branch
from
Open

Fork Sync #3

Changes from 2 commits
Commits
Show all changes
117 commits
Select commit Hold shift + click to select a range
65f1709
restore: use an appropriate ticket for Cryptex1 global manifest
kamatam9 Jul 17, 2022
d0921e4
restore: Add support for Cryptex1LocalPolicy firmware updater
nikias Aug 29, 2022
d97f560
Fix Cryptex1 and Cryptex1LocalPolicy TSS request handling
nikias Sep 16, 2022
403d295
tss: Don't add @BBTicket in tss_request_new()
nikias Sep 16, 2022
e9c8007
ipsw: Add some NULL checks to ipsw_extract_to_file_with_progress()
nikias Sep 20, 2022
6672bad
tss: Add NeRDEpoch to TSS requests for newer devices (iPhone 13 and up)
nikias Sep 21, 2022
96f68e6
img4: Add some more component tags
nikias Sep 21, 2022
88aeb4c
tss: Make sure vinyl tags include eUICC,Gold and eUICC,Main digests
nikias Sep 25, 2022
bb7f206
tss: Add preliminary code to set UID_MODE
nikias Sep 25, 2022
aa98e76
Reduce memory usage for SourceBootObjectV4 images
nikias Oct 2, 2022
a4f5a0c
img4: Add support for stitching with additional TBM data
nikias Oct 4, 2022
c45f74c
recovery: set bRequest to 1 when sending bootx command
kamatam9 Oct 5, 2022
4e46f12
[github-actions] Fix MinGW build
nikias Oct 7, 2022
9610770
recovery: Send bootx with bRequest set to 1 for all platforms
nikias Oct 8, 2022
f6950c2
recovery: Also send "go" and "reset" commands with bRequest set to 1
nikias Oct 11, 2022
f8a9258
Check if device is limera1n-vulnerable for --pwn option
alfiecg24 Oct 11, 2022
d20eb21
Use limera1n_is_supported instead of compatibility check added with p…
nikias Oct 17, 2022
2a907b0
restore: Only print boot object v3/v4 plist in debug mode
nikias Oct 19, 2022
7b89019
restore: Fix compilation error due to wrong variable name
nikias Oct 19, 2022
bc61771
img4: Remove unused debug code
nikias Apr 12, 2023
d291eb1
Allow setting custom TSS request URL through command line switch
nikias Apr 14, 2023
1ec7bb4
docs: Updated man page
nikias Apr 14, 2023
7321192
Updated to use latest libplist API
nikias Apr 21, 2023
a851716
git-version-gen: Prevent multiple lines of output
nikias Apr 30, 2023
163a164
Make sure git-version-gen and .tarball-version are included in dist t…
nikias Apr 30, 2023
609f7f0
Use DeviceGeneratedRequest plist for SE TSS requests
Mar 1, 2023
73438a6
Add support for incoherent iBoot parameters
Jul 25, 2023
da22dd4
Display iBoot boot stage
Jul 25, 2023
a351513
Add SE,ChipID 0x2C
Jul 25, 2023
ed5463a
Add generic TSS request generator
Jul 25, 2023
9b9bba7
tss: Bump auth client version to match iOS 16.5
DanTheMann15 Sep 6, 2023
c8b9f3e
fdr: Fix a debug log message
nikias Sep 6, 2023
4191036
restore: Remove plist debug print for non-existent UniqueBuildID
nikias Sep 13, 2023
7943b63
normal: Don't do unpair before entering recovery mode, remove pairing…
nikias Sep 13, 2023
5a00bbd
tss: Make missing ApNonce non-fatal for IMG3
nikias Sep 13, 2023
9546654
[github-actions] Updated to use checkout@v3
nikias Sep 13, 2023
cc9c68e
autoconf: Link against libusbmuxd too
nikias Sep 13, 2023
17969ef
[github-actions] Updated to use upload-artifact@v3
nikias Sep 13, 2023
dbe7313
Refactor ipsw code to transparently stream images directly from ZIP o…
nikias Sep 14, 2023
cf22a1c
tss: Add Ap,SikaFuse to TSS request as seen for iPhone 14/15 devices
nikias Sep 29, 2023
c96f60b
restore: Handle SepStage1 (SEPPatchImageData) in NORImageData
nikias Oct 2, 2023
ca76f44
restore: Attributed status code 50 with SEP load failure
nikias Oct 2, 2023
064daea
restore: Add new SE,ChipID 0x36 to list of known values
nikias Oct 2, 2023
e4e5512
restore/tss: Prefer DeviceGeneratedRequest for Rose TSS request, and …
nikias Oct 4, 2023
1405a9f
restore: Refine checkpoint log output
nikias Oct 4, 2023
7e5860d
restore: Improve checkpoint log output again, make sure to always che…
nikias Oct 4, 2023
523e567
restore: Skip adding FirmwareData to FirmwareResponseData for Rose
nikias Oct 6, 2023
f17f520
restore: Add Ace3 as known updater name to suppress error message
nikias Oct 6, 2023
6806495
restore: Also print checkpoint warning messages
nikias Oct 6, 2023
503bdd0
Improve debug output by suppressing libimobiledevice and libirecovery…
nikias Oct 7, 2023
4072cd9
tss: Add USBPortController1,* entries to parameters
nikias Oct 9, 2023
c871c59
Extract OS component when using older ipsw archives
nikias Nov 2, 2023
8664de0
Print device Product and Build Version and IPSW Product and Build Ver…
nikias Nov 7, 2023
f87ab8b
.gitignore: Add src/idevicerestore.exe
nikias Nov 8, 2023
6085ed7
Print progress for large components (e.g. Cryptex)
nikias Nov 9, 2023
10c15d5
Fix update restore by making sure the premanifest is properly generated
nikias Nov 9, 2023
85ea337
asr: Fix sending payload without checksum
tihmstar Nov 14, 2023
83600e9
restore: Fix UaF
tihmstar Nov 14, 2023
acecac3
Change path_get_basename()'s return type to const char*
tihmstar Nov 14, 2023
ecae6c6
Change path_get_basename arg to const too
nikias Nov 15, 2023
c6a9359
Update libzip API usage to use non-deprecated functions
nikias Nov 20, 2023
8a5abb9
restore: Only print progress bar for images larger than 16 MB
nikias Nov 26, 2023
14fc14a
[github-actions] Windows: build with static libcurl
nikias Jan 13, 2024
a2b8443
libcurl build
nikias Jan 14, 2024
cba2d5e
update build
nikias Jan 14, 2024
fdbf383
Make sure to extract the build manifest before doing restore mode checks
nikias Mar 8, 2024
012e0aa
Fix some variable types for more consistency
nikias Mar 22, 2024
babf9ad
tss: Update libauthinstall verison string
nikias Mar 23, 2024
e4a5ac4
Add support for Port DFU device restore
nikias Mar 23, 2024
d50698e
Fix restore mode component personalisation
VisualEhrmanntraut Apr 3, 2024
d8f8cb1
Remove annoying linebreak
nikias Apr 4, 2024
6d40d0a
dfu: A little code optimization
nikias Apr 4, 2024
71ca0f0
[github-actions] Updated actions in build workflow
nikias May 2, 2024
d95b43d
[github-actions] Only allow curl workflow to be triggered manually
nikias May 2, 2024
0548d9f
[github-actions] Fix build for macOS
nikias May 2, 2024
e6d8c0b
Updated to use libplist 2.5.0 API
nikias May 5, 2024
653349a
Require libplist 2.6.0
nikias May 14, 2024
c4c7d23
automake: Prevent `dist` or `distcheck` when uncommitted changes are …
nikias May 18, 2024
56d2c01
Add missing cast to silence compiler warning
nikias May 18, 2024
04a3f49
Link against the new libtatsu and remove tss code
nikias May 23, 2024
df06f4d
[github-actions] Update build workflow to use new libtatsu
nikias May 23, 2024
4ed598b
Small change to align with updated libtatsu
nikias Jun 5, 2024
9a4266a
Add missing linebreak to log message
nikias Jun 12, 2024
4e95bd9
Require libtatsu 1.0.2
nikias Jun 12, 2024
10cd5f7
Remove OpenSSL dependency in favor of libimobiledevice-glue's hash fu…
nikias Jun 16, 2024
4117b89
Require libtatsu-1.0.3
nikias Jun 17, 2024
a4cf7e2
Updated README
nikias Jun 19, 2024
e083987
restore: Remove `build_identity` from the parameters of the functions
nikias Jun 22, 2024
de1d17d
restore: Remove `device` from the parameters of the functions
nikias Jun 22, 2024
28c1dab
Add support for iOS 18 restore process
nikias Jun 24, 2024
63094e7
restore: Always try to use DeviceGeneratedRequest data for TSS reques…
nikias Jun 26, 2024
1d0821a
Remove debug printf
nikias Jun 29, 2024
26613f9
Fix heap buffer overflow in URLAsset handling
nikias Jul 1, 2024
f7e24ce
ipsw: Fix concurrent access to ZIP file
nikias Jul 9, 2024
7df9e9e
restore: Make wait for URLAsset on first chunk optional
nikias Sep 18, 2024
f5d7307
restore: Make sure to error out when async data request handler can't…
nikias Sep 18, 2024
3faf292
restore: Only send FirmwareData when it has been requested
nikias Sep 18, 2024
1c4e53e
restore: Fix incorrect fallback case
tihmstar Sep 17, 2024
90c2cf1
common: Try to improve terminal output with fflush()
nikias Sep 18, 2024
9764c08
Only print libimobiledevice debug info for debug level > 2
nikias Sep 18, 2024
dab6a34
Print libtatsu version alongside idevicerestore version
nikias Sep 18, 2024
17c65b2
restore: Add SupportedAsyncDataTypes for both iOS and macOS
fbrandstetter Sep 18, 2024
ad46e14
Replace sprintf with snprintf
nikias Sep 18, 2024
a31eb2b
Also print libirecovery version
nikias Sep 19, 2024
4145e95
asr: Add support for second Initiate request
fbrandstetter Sep 20, 2024
d2e1c4f
asr: Fix memory corruption due to double free
nikias Sep 21, 2024
48350d6
Initial support for iPhone 16 restore
nikias Sep 21, 2024
be6751c
ace3: Fix Ace3Binary generation for newer devices
nikias Sep 25, 2024
27402ca
Release DFU/Recovery client on disconnect and Increase timeout for po…
nikias Sep 25, 2024
511261e
Be more precise about what is wrong when entering restore mode fails
nikias Sep 28, 2024
f4a18ee
configure: Require newer libtatsu and libirecovery
nikias Oct 11, 2024
151c680
Fix iPhone 16 restore from normal mode and add support for RecoveryOS
nikias Oct 15, 2024
559adb7
Updated README
nikias Oct 22, 2024
61a76ce
[github-actions] Update curl workflow to build 8.10.1 for UCRT64
nikias Nov 3, 2024
5d92c7a
[github-actions] Bump dawidd6/action-download-artifact from 3 to 6
nikias Dec 2, 2024
914fbb3
Fix build
nikias Dec 2, 2024
bb5591d
configure: Fix Linux build with LTO
nikias Dec 3, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
64 changes: 47 additions & 17 deletions src/restore.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2860,10 +2860,22 @@ static plist_t restore_get_cryptex1_firmware_data(restored_client_t restore, str
plist_t request = NULL;
plist_t response = NULL;

/* create Timer request */
plist_t p_updater_name = plist_dict_get_item(arguments, "MessageArgUpdaterName");
const char* s_updater_name = plist_get_string_ptr(p_updater_name, NULL);

plist_t device_generated_tags = plist_access_path(arguments, 2, "DeviceGeneratedTags", "ResponseTags");
const char* response_ticket = "Cryptex1,Ticket";
if (PLIST_IS_ARRAY(device_generated_tags)) {
plist_t tag0 = plist_array_get_item(device_generated_tags, 0);
if (tag0) {
response_ticket = plist_get_string_ptr(tag0, NULL);
}
}

/* create Cryptex1 request */
request = tss_request_new(NULL);
if (request == NULL) {
error("ERROR: Unable to create Cryptex1 TSS request\n");
error("ERROR: Unable to create %s TSS request\n", s_updater_name);
return NULL;
}

Expand All @@ -2875,7 +2887,7 @@ static plist_t restore_get_cryptex1_firmware_data(restored_client_t restore, str
plist_dict_set_item(parameters, "ApProductionMode", plist_new_bool(1));
plist_dict_set_item(parameters, "ApSecurityMode", plist_new_bool(1));

/* add Timer,* tags from info dictionary to parameters */
/* add tags from info dictionary to parameters */
plist_t device_generated_request = plist_dict_get_item(arguments, "DeviceGeneratedRequest");
if (!device_generated_request) {
error("ERROR: Could not find DeviceGeneratedRequest in arguments dictionary\n");
Expand All @@ -2894,18 +2906,19 @@ static plist_t restore_get_cryptex1_firmware_data(restored_client_t restore, str

plist_free(parameters);

info("Sending Cryptex1 TSS request...\n");
info("Sending %s TSS request...\n", s_updater_name);
response = tss_request_send(request, client->tss_url);
plist_free(request);
if (response == NULL) {
error("ERROR: Unable to fetch Cryptex1\n");
error("ERROR: Unable to fetch %s ticket\n", s_updater_name);
return NULL;
}

if (plist_dict_get_item(response, "Cryptex1,Ticket")) {
info("Received Cryptex1,Ticket\n");
if (plist_dict_get_item(response, response_ticket)) {
info("Received %s\n", response_ticket);
} else {
error("ERROR: No 'Cryptex1,Ticket' in TSS response, this might not work\n");
error("ERROR: No '%s' in TSS response, this might not work\n", response_ticket);
debug_plist(response);
}

return response;
Expand Down Expand Up @@ -3034,10 +3047,10 @@ static int restore_send_firmware_updater_data(restored_client_t restore, struct
error("ERROR: %s: Couldn't get AppleTypeCRetimer firmware data\n", __func__);
goto error_out;
}
} else if (strcmp(s_updater_name, "Cryptex1") == 0) {
} else if ((strcmp(s_updater_name, "Cryptex1") == 0) || (strcmp(s_updater_name, "Cryptex1LocalPolicy") == 0)) {
fwdict = restore_get_cryptex1_firmware_data(restore, client, build_identity, p_info, arguments);
if (fwdict == NULL) {
error("ERROR: %s: Couldn't get AppleTypeCRetimer firmware data\n", __func__);
error("ERROR: %s: Couldn't get %s firmware data\n", __func__, s_updater_name);
goto error_out;
}
} else {
Expand Down Expand Up @@ -3293,7 +3306,7 @@ int extract_macos_variant(plist_t build_identity, char** output)
return 0;
}

int extract_global_manifest(struct idevicerestore_client_t* client, plist_t build_identity, unsigned char** pbuffer, unsigned int* psize)
int extract_global_manifest(struct idevicerestore_client_t* client, plist_t build_identity, char *variant, unsigned char** pbuffer, unsigned int* psize)
{
plist_t build_info = plist_dict_get_item(build_identity, "Info");
if (!build_info) {
Expand All @@ -3310,10 +3323,15 @@ int extract_global_manifest(struct idevicerestore_client_t* client, plist_t buil
plist_get_string_val(device_class_node, &device_class);

char *macos_variant = NULL;
int ret = extract_macos_variant(build_identity, &macos_variant);
if (ret != 0) {
free(device_class);
return -1;
int ret;
if (variant) {
macos_variant = variant;
} else {
ret = extract_macos_variant(build_identity, &macos_variant);
if (ret != 0) {
free(device_class);
return -1;
}
}

// The path of the global manifest is hardcoded. There's no pointer to in the build manifest.
Expand Down Expand Up @@ -3362,7 +3380,7 @@ int restore_send_personalized_boot_object_v3(restored_client_t restore, struct i
info("About to send %s...\n", component_name);

if (strcmp(image_name, "__GlobalManifest__") == 0) {
int ret = extract_global_manifest(client, build_identity, &data, &size);
int ret = extract_global_manifest(client, build_identity, NULL, &data, &size);
if (ret != 0) {
return -1;
}
Expand Down Expand Up @@ -3488,7 +3506,19 @@ int restore_send_source_boot_object_v4(restored_client_t restore, struct idevice
info("About to send %s...\n", component_name);

if (strcmp(image_name, "__GlobalManifest__") == 0) {
int ret = extract_global_manifest(client, build_identity, &data, &size);
char *variant = NULL;
plist_t node = plist_access_path(msg, 2, "Arguments", "Variant");
if (!node || plist_get_node_type(node) != PLIST_STRING) {
debug("Failed to parse arguments from SourceBootObjectV4 plist\n");
return -1;
}
plist_get_string_val(node, &variant);
if (!variant) {
debug("Failed to parse arguments from SourceBootObjectV4 as string\n");
return -1;
}

int ret = extract_global_manifest(client, build_identity, variant, &data, &size);
if (ret != 0) {
return -1;
}
Expand Down