fixed a bug in which old style firmwarebundles failed to work due to no update ramdisk key, changed some img3 stuff to be more generic
This commit is contained in:
planetbeing
Родитель
d81852cd82
Коммит
8cdbc0d5a2
|
|
@ -41,7 +41,7 @@ SET(CPACK_RESOURCE_FILE_README "${PROJECT_SOURCE_DIR}/README.markdown")
|
|||
SET(CPACK_RESOURCE_FILE_LICENSE "${PROJECT_SOURCE_DIR}/LICENSE")
|
||||
SET(CPACK_PACKAGE_VERSION_MAJOR "0")
|
||||
SET(CPACK_PACKAGE_VERSION_MINOR "5")
|
||||
SET(CPACK_PACKAGE_VERSION_PATCH "1")
|
||||
SET(CPACK_PACKAGE_VERSION_PATCH "2")
|
||||
SET(CPACK_PACKAGE_EXECUTABLES "xpwn" "XPwn Pwner")
|
||||
SET(CPACK_PACKAGE_EXECUTABLES "ipsw" "IPSW Tool")
|
||||
SET(CPACK_PACKAGE_EXECUTABLES "hdutil" "Apple disk image utility")
|
||||
|
|
|
|||
|
|
@ -3,6 +3,8 @@
|
|||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <stdint.h>
|
||||
#include <string.h>
|
||||
#include <sys/types.h>
|
||||
|
||||
#ifdef WIN32
|
||||
|
|
@ -59,6 +61,28 @@ static inline void flipEndianLE(unsigned char* x, int length) {
|
|||
}
|
||||
}
|
||||
|
||||
static inline void hexToBytes(const char* hex, uint8_t** buffer, size_t* bytes) {
|
||||
*bytes = strlen(hex) / 2;
|
||||
*buffer = (uint8_t*) malloc(*bytes);
|
||||
size_t i;
|
||||
for(i = 0; i < *bytes; i++) {
|
||||
uint32_t byte;
|
||||
sscanf(hex, "%2x", &byte);
|
||||
(*buffer)[i] = byte;
|
||||
hex += 2;
|
||||
}
|
||||
}
|
||||
|
||||
static inline void hexToInts(const char* hex, unsigned int** buffer, size_t* bytes) {
|
||||
*bytes = strlen(hex) / 2;
|
||||
*buffer = (unsigned int*) malloc((*bytes) * sizeof(int));
|
||||
size_t i;
|
||||
for(i = 0; i < *bytes; i++) {
|
||||
sscanf(hex, "%2x", &((*buffer)[i]));
|
||||
hex += 2;
|
||||
}
|
||||
}
|
||||
|
||||
struct io_func_struct;
|
||||
|
||||
typedef int (*readFunc)(struct io_func_struct* io, off_t location, size_t size, void *buffer);
|
||||
|
|
|
|||
|
|
@ -87,15 +87,19 @@ void setKeyImg3(AbstractFile2* file, const unsigned int* key, const unsigned int
|
|||
Img3Info* info = (Img3Info*) file->super.data;
|
||||
|
||||
int i;
|
||||
uint8_t bKey[16];
|
||||
uint8_t bKey[32];
|
||||
int keyBits = ((AppleImg3KBAGHeader*)info->kbag->data)->key_bits;
|
||||
|
||||
for(i = 0; i < 16; i++) {
|
||||
bKey[i] = key[i] & 0xff;
|
||||
info->iv[i] = iv[i] & 0xff;
|
||||
}
|
||||
|
||||
AES_set_encrypt_key(bKey, 128, &(info->encryptKey));
|
||||
AES_set_decrypt_key(bKey, 128, &(info->decryptKey));
|
||||
for(i = 0; i < (keyBits / 8); i++) {
|
||||
bKey[i] = key[i] & 0xff;
|
||||
}
|
||||
|
||||
AES_set_encrypt_key(bKey, keyBits, &(info->encryptKey));
|
||||
AES_set_decrypt_key(bKey, keyBits, &(info->decryptKey));
|
||||
|
||||
if(!info->encrypted) {
|
||||
uint8_t ivec[16];
|
||||
|
|
@ -281,7 +285,7 @@ AbstractFile* createAbstractFileFromImg3(AbstractFile* file) {
|
|||
if(current->header->magic == IMG3_CERT_MAGIC) {
|
||||
info->cert = current;
|
||||
}
|
||||
if(current->header->magic == IMG3_KBAG_MAGIC) {
|
||||
if(current->header->magic == IMG3_KBAG_MAGIC && ((AppleImg3KBAGHeader*)current->data)->key_modifier == 2) {
|
||||
info->kbag = current;
|
||||
}
|
||||
current = current->next;
|
||||
|
|
@ -307,7 +311,7 @@ AbstractFile* createAbstractFileFromImg3(AbstractFile* file) {
|
|||
if(info->kbag) {
|
||||
uint8_t* keySeed;
|
||||
uint32_t keySeedLen;
|
||||
keySeedLen = 2 * (((AppleImg3KBAGHeader*)info->kbag->data)->key_bits)/8;
|
||||
keySeedLen = 16 + (((AppleImg3KBAGHeader*)info->kbag->data)->key_bits)/8;
|
||||
keySeed = (uint8_t*) malloc(keySeedLen);
|
||||
memcpy(keySeed, (uint8_t*)((AppleImg3KBAGHeader*)info->kbag->data) + sizeof(AppleImg3KBAGHeader), keySeedLen);
|
||||
int i = 0;
|
||||
|
|
|
|||
|
|
@ -470,7 +470,7 @@ int main(int argc, char* argv[]) {
|
|||
closeVolume(ramdiskVolume);
|
||||
CLOSE(ramdiskFS);
|
||||
|
||||
if(updateRamdiskFSPathInIPSW);
|
||||
if(updateRamdiskFSPathInIPSW)
|
||||
removeFileFromOutputState(&outputState, updateRamdiskFSPathInIPSW);
|
||||
|
||||
closeVolume(rootVolume);
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <xpwn/libxpwn.h>
|
||||
#include <xpwn/nor_files.h>
|
||||
#include "xpwn/libxpwn.h"
|
||||
#include "xpwn/nor_files.h"
|
||||
|
||||
#define BUFFERSIZE (1024*1024)
|
||||
|
||||
|
|
@ -17,8 +17,8 @@ int main(int argc, char* argv[]) {
|
|||
|
||||
AbstractFile* template = NULL;
|
||||
AbstractFile* certificate = NULL;
|
||||
unsigned int key[16];
|
||||
unsigned int iv[16];
|
||||
unsigned int* key = NULL;
|
||||
unsigned int* iv = NULL;
|
||||
int hasKey = FALSE;
|
||||
int hasIV = FALSE;
|
||||
|
||||
|
|
@ -41,16 +41,14 @@ int main(int argc, char* argv[]) {
|
|||
}
|
||||
|
||||
if(strcmp(argv[argNo], "-k") == 0 && (argNo + 1) < argc) {
|
||||
sscanf(argv[argNo + 1], "%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x",
|
||||
&key[0], &key[1], &key[2], &key[3], &key[4], &key[5], &key[6], &key[7], &key[8],
|
||||
&key[9], &key[10], &key[11], &key[12], &key[13], &key[14], &key[15]);
|
||||
size_t bytes;
|
||||
hexToInts(argv[argNo + 1], &key, &bytes);
|
||||
hasKey = TRUE;
|
||||
}
|
||||
|
||||
if(strcmp(argv[argNo], "-iv") == 0 && (argNo + 1) < argc) {
|
||||
sscanf(argv[argNo + 1], "%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x",
|
||||
&iv[0], &iv[1], &iv[2], &iv[3], &iv[4], &iv[5], &iv[6], &iv[7], &iv[8],
|
||||
&iv[9], &iv[10], &iv[11], &iv[12], &iv[13], &iv[14], &iv[15]);
|
||||
size_t bytes;
|
||||
hexToInts(argv[argNo + 1], &iv, &bytes);
|
||||
hasIV = TRUE;
|
||||
}
|
||||
|
||||
|
|
@ -108,6 +106,12 @@ int main(int argc, char* argv[]) {
|
|||
|
||||
free(inData);
|
||||
|
||||
if(key)
|
||||
free(key);
|
||||
|
||||
if(iv)
|
||||
free(iv);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче