int main(int argc, char* argv[]) { if (argc > 1 && (!strcmp(argv[1],"--help") || !strcmp(argv[1],"-h"))) { printf("injectpois0n\n\t-t Teather Boot\n\t-r Boot ramdisk\n\t-s Only execute iBSS payload\n\t-o Only execute iBSS payload and boot iBoot\n\nUsage: %s [-r|-s|-o]\n", argv[0]); return 0; } pois0n_init(); pois0n_set_callback(&print_progress, NULL); info("Waiting for device to enter DFU mode\n"); while(pois0n_is_ready()) { sleep(1); } info("Found device in DFU mode\n"); if(!pois0n_is_compatible()) { if (argc > 1) { if (!strcmp(argv[1],"-t")) pois0n_inject("1"); else if (!strcmp(argv[1],"-r")) pois0n_inject("0"); else if (!strcmp(argv[1],"-s")) pois0n_inject("2"); else if (!strcmp(argv[1],"-o")) pois0n_inject("3"); } else { pois0n_inject(NULL); } } pois0n_exit(); return 0; }
int main(int argc, char* argv[]) { if (argc > 1) { if (!strcmp(argv[1],"-go")){ pois0n_init(); pois0n_set_callback(&print_progress, NULL); info("Waiting for device to enter DFU mode\n"); pois0n_is_ready(); info("Found device in DFU mode\n"); if(!pois0n_is_compatible()){ pois0n_inject("2"); } pois0n_exit(); }if (!strcmp(argv[1],"-irecovery")) { system("build/irecovery -v -s"); } }else { help(); } return 0; }
void execPayload(const char* payload_to_be_executed, int times) { int state = 0; libkrypton1te_init(); pois0n_init(); do { iboot_command_(payload_to_be_executed); ++state; } while (state != times); }
int main(int argc, char* argv[]) { int result = 0; if (argc != 3) { usage(); } const char* ibssFile = argv[1]; const char* kernelcacheFile = argv[2]; pois0n_init(); pois0n_set_callback(&print_progress, NULL); info("Waiting for device to enter DFU mode\n"); while(pois0n_is_ready()) { sleep(1); } info("Found device in DFU mode\n"); result = pois0n_is_compatible(); if (result < 0) { error("Your device in incompatible with this exploit!\n"); return result; } result = pois0n_injectonly(); if (result < 0) { error("Exploit injection failed!\n"); return result; } debug("Uploading %s to device\n", ibssFile); irecv_error_t error = irecv_send_file(client, ibssFile, 1); if(error != IRECV_E_SUCCESS) { error("Unable to upload iBSS\n"); debug("%s\n", irecv_strerror(error)); return -1; } client = irecv_reconnect(client, 10); debug("Uploading %s to device\n", kernelcacheFile); error = irecv_send_file(client, kernelcacheFile, 1); if(error != IRECV_E_SUCCESS) { error("Unable to upload kernelcache\n"); debug("%s\n", irecv_strerror(error)); return -1; } error = irecv_send_command(client, "bootx"); if(error != IRECV_E_SUCCESS) { error("Unable send the bootx command\n"); return -1; } pois0n_exit(); return 0; }
/* * Class: Jsyringe * Method: exploit * Signature: ()I */ JNIEXPORT jint JNICALL Java_Jsyringe_exploit (JNIEnv * env, jclass jClass) { int result = 0; irecv_error_t ir_error = IRECV_E_SUCCESS; irecv_client_t client = g_syringe_client; libpois0n_debug = 1; pois0n_init(); info("Waiting for device to enter DFU mode\n"); while(pois0n_is_ready()) { sleep(1); } info("Found device in DFU mode\n"); result = pois0n_is_compatible(); if (result < 0) { error("Your device in incompatible with this exploit!\n"); goto cleanup; } result = pois0n_injectonly(); if (result < 0) { error("Exploit injection failed!\n"); goto cleanup; } result = 0; cleanup: fflush(stderr); if (g_syringe_client) { irecv_close(&g_syringe_client); g_syringe_client = NULL; } //pois0n_exit(); return result; }
int tethered_boot(const char *ibssFile, const char *ibecFile, const char *kernelcacheFile, const char *ramdiskFile, const char *devicetreeFile) { int result = 0; irecv_error_t ir_error = IRECV_E_SUCCESS; irecv_client_t client = g_syringe_client; libpois0n_debug = 1; pois0n_init(); info("Waiting for device to enter DFU mode\n"); while(pois0n_is_ready()) { sleep(1); } info("Found device in DFU mode\n"); result = pois0n_is_compatible(); if (result < 0) { error("Your device in incompatible with this exploit!\n"); goto cleanup; } result = pois0n_injectonly(); if (result < 0) { error("Exploit injection failed!\n"); goto cleanup; } client = g_syringe_client; if (ibssFile != NULL) { debug("Uploading %s to device, mode: 0x%x\n", ibssFile, client->mode); ir_error = irecv_send_file(client, ibssFile, 1); if(ir_error != IRECV_E_SUCCESS) { error("Unable to upload iBSS\n"); debug("%s\n", irecv_strerror(ir_error)); result = -1; goto cleanup; } sleep(10); } else { error("ibss can't be null\n"); result = -1; goto cleanup; } if (ibecFile != NULL) { client = g_syringe_client = irecv_reconnect(client, 10); debug("Uploading iBEC %s to device, mode: 0x%x\n", ibecFile, client->mode); ir_error = irecv_send_file(client, ibecFile, 1); if(ir_error != IRECV_E_SUCCESS) { error("Unable to upload iBEC\n"); debug("%s\n", irecv_strerror(ir_error)); result = -1; goto cleanup; } sleep(5); } client = g_syringe_client = irecv_reconnect(client, 10); if (ramdiskFile != NULL) { debug("Uploading ramdisk %s to device\n", ramdiskFile); ir_error = irecv_send_file(client, ramdiskFile, 1); if(ir_error != IRECV_E_SUCCESS) { error("Unable to upload ramdisk\n"); debug("%s\n", irecv_strerror(ir_error)); result = -1; goto cleanup; } sleep(5); ir_error = irecv_send_command(client, "ramdisk"); if(ir_error != IRECV_E_SUCCESS) { error("Unable send the ramdisk command\n"); result = -1; goto cleanup; } } if (devicetreeFile != NULL) { debug("Uploading device tree %s to device\n", devicetreeFile); ir_error = irecv_send_file(client, devicetreeFile, 1); if(ir_error != IRECV_E_SUCCESS) { error("Unable to upload device tree\n"); debug("%s\n", irecv_strerror(ir_error)); result = -1; goto cleanup; } ir_error = irecv_send_command(client, "devicetree"); if(ir_error != IRECV_E_SUCCESS) { error("Unable to send the devicetree command\n"); result = -1; goto cleanup; } } if (kernelcacheFile != NULL) { debug("Uploading kernel %s to device, mode: 0x%x\n", kernelcacheFile, client->mode); ir_error = irecv_send_file(client, kernelcacheFile, 1); if(ir_error != IRECV_E_SUCCESS) { error("Unable to upload kernelcache\n"); debug("%s\n", irecv_strerror(ir_error)); result = -1; goto cleanup; } ir_error = irecv_send_command(client, "bootx"); if(ir_error != IRECV_E_SUCCESS) { error("Unable send the bootx command\n"); result = -1; goto cleanup; } } else { error("kernelcache can't be null\n"); result = -1; goto cleanup; } result = 0; cleanup: fflush(stderr); if (g_syringe_client) { irecv_close(&g_syringe_client); g_syringe_client = NULL; } //pois0n_exit(); return result; }
int main(int argc, char* argv[]) { int result = 0; irecv_error_t ir_error = IRECV_E_SUCCESS; //int index; const char *ibssFile = NULL, *ibecFile = NULL, *kernelcacheFile = NULL, *ramdiskFile = NULL, *bgcolor = NULL, *bootlogo = NULL; int c; opterr = 0; while ((c = getopt (argc, argv, "vhi:b:k:r:l:c:")) != -1) switch (c) { case 'v': g_verbose = true; break; case 'h': usage(); break; case 'i': if (!file_exists(optarg)) { error("Cannot open iBSS file '%s'\n", optarg); return -1; } ibssFile = optarg; break; case 'b': if (!file_exists(optarg)) { error("Cannot open iBEC file '%s'\n", optarg); return -1; } ibecFile = optarg; break; case 'k': if (!file_exists(optarg)) { error("Cannot open kernelcache file '%s'\n", optarg); return -1; } kernelcacheFile = optarg; break; case 'r': if (!file_exists(optarg)) { error("Cannot open ramdisk file '%s'\n", optarg); return -1; } ramdiskFile = optarg; break; case 'l': if (!file_exists(optarg)) { error("Cannot open bootlogo file '%s'\n", optarg); return -1; } bootlogo = optarg; break; case 'c': bgcolor = optarg; break; default: usage(); } pois0n_init(); pois0n_set_callback(&print_progress, NULL); info("Waiting for device to enter DFU mode\n"); while(pois0n_is_ready()) { sleep(1); } info("Found device in DFU mode\n"); result = pois0n_is_compatible(); if (result < 0) { error("Your device in incompatible with this exploit!\n"); return result; } result = pois0n_injectonly(); if (result < 0) { error("Exploit injection failed!\n"); return result; } if (ibssFile != NULL) { debug("Uploading %s to device\n", ibssFile); ir_error = irecv_send_file(g_syringe_client, ibssFile, 1); if(ir_error != IRECV_E_SUCCESS) { error("Unable to upload iBSS\n"); debug("%s\n", irecv_strerror(ir_error)); return -1; } sleep(10); } else { return 0; } if (ibecFile != NULL) { g_syringe_client = irecv_reconnect(g_syringe_client, 10); debug("Uploading iBEC %s to device\n", ibecFile); ir_error = irecv_send_file(g_syringe_client, ibecFile, 1); if(ir_error != IRECV_E_SUCCESS) { error("Unable to upload iBEC\n"); debug("%s\n", irecv_strerror(ir_error)); return -1; } sleep(5); } g_syringe_client = irecv_reconnect(g_syringe_client, 10); if (ramdiskFile != NULL) { debug("Uploading ramdisk %s to device\n", ramdiskFile); ir_error = irecv_send_file(g_syringe_client, ramdiskFile, 1); if(ir_error != IRECV_E_SUCCESS) { error("Unable to upload ramdisk\n"); debug("%s\n", irecv_strerror(ir_error)); return -1; } sleep(5); ir_error = irecv_send_command(g_syringe_client, "ramdisk"); if(ir_error != IRECV_E_SUCCESS) { error("Unable send the ramdisk command\n"); return -1; } } if (bootlogo != NULL) { debug("Uploading boot logo %s to device\n", bootlogo); ir_error = irecv_send_file(g_syringe_client, bootlogo, 1); if(ir_error != IRECV_E_SUCCESS) { error("Unable to upload bootlogo\n"); debug("%s\n", irecv_strerror(ir_error)); return -1; } ir_error = irecv_send_command(g_syringe_client, "setpicture 1"); if(ir_error != IRECV_E_SUCCESS) { error("Unable to set picture\n"); return -1; } ir_error = irecv_send_command(g_syringe_client, "bgcolor 0 0 0"); if(ir_error != IRECV_E_SUCCESS) { error("Unable to set picture\n"); return -1; } } if (bgcolor != NULL) { char finalbgcolor[255]; sprintf(finalbgcolor, "bgcolor %s", bgcolor); ir_error = irecv_send_command(g_syringe_client, finalbgcolor); if(ir_error != IRECV_E_SUCCESS) { error("Unable set bgcolor\n"); return -1; } } if (kernelcacheFile != NULL) { debug("Uploading %s to device\n", kernelcacheFile); ir_error = irecv_send_file(g_syringe_client, kernelcacheFile, 1); if(ir_error != IRECV_E_SUCCESS) { error("Unable to upload kernelcache\n"); debug("%s\n", irecv_strerror(ir_error)); return -1; } ir_error = irecv_send_command(g_syringe_client, "bootx"); if(ir_error != IRECV_E_SUCCESS) { error("Unable send the bootx command\n"); return -1; } } pois0n_exit(); return 0; }
int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpszArgument, int nFunsterStil) { // Register window class WNDCLASSEX wc; wc.cbSize = sizeof(WNDCLASSEX); wc.style = 0; wc.lpfnWndProc = WindowProcedure; wc.cbClsExtra = 0; wc.cbWndExtra = 0; wc.hInstance = hInstance; wc.hIcon = LoadIcon(GetModuleHandle(NULL), TEXT("ID")); wc.hCursor = LoadCursor(NULL, IDC_ARROW); wc.hbrBackground = (HBRUSH) (COLOR_BTNFACE + 1); wc.lpszMenuName = NULL; wc.lpszClassName = szClassName; wc.hIconSm = (HICON)LoadImage(GetModuleHandle(NULL), TEXT("ID"), IMAGE_ICON, 16, 16, 0); if(!RegisterClassEx(&wc)) return 0; #ifdef USE_POIS0N pois0n_init(); pois0n_set_callback(&ProgressCallback, NULL); #endif INITCOMMONCONTROLSEX icex; icex.dwSize = sizeof(INITCOMMONCONTROLSEX); icex.dwICC = ICC_PROGRESS_CLASS; InitCommonControlsEx(&icex); // Main window window = CreateWindowEx(0, szClassName, TEXT("greenpois0n"), WS_OVERLAPPED | WS_SYSMENU | SS_OWNERDRAW, CW_USEDEFAULT, CW_USEDEFAULT, 520 + GetSystemMetrics(SM_CXFIXEDFRAME), 260 + GetSystemMetrics(SM_CYFIXEDFRAME) + GetSystemMetrics(SM_CYCAPTION), HWND_DESKTOP, NULL, hInstance, NULL); // Jailbreak button nButton = CreateWindowEx(0, TEXT("BUTTON"), TEXT("Jailbreak"), BS_PUSHBUTTON | WS_VISIBLE | WS_CHILD, 20, 205, 138, 25, window, (HMENU) 1, NULL, NULL); SendMessage(nButton, WM_SETFONT, (WPARAM)GetStockObject(DEFAULT_GUI_FONT), FALSE); // Progress bar progress = CreateWindowEx(0, PROGRESS_CLASS, NULL, WS_CHILD | WS_VISIBLE | PBS_SMOOTH, 165, 206, 335, 23, window, NULL, NULL, NULL); SendMessage(progress, PBM_SETPOS, 0, 0); EnableWindow(progress, FALSE); // Title title = CreateWindowEx(0, TEXT("STATIC"), TEXT("greenpois0n"), WS_VISIBLE | WS_CHILD | SS_CENTER, 141, 2, 257, 44, window, NULL, NULL, NULL); SendMessage(title, WM_SETFONT, (WPARAM) CreateFont(/*the*/42/*answer*/, 0, 0, 0, FW_EXTRALIGHT, FALSE, FALSE, FALSE, ANSI_CHARSET, OUT_TT_PRECIS, CLIP_DEFAULT_PRECIS, DEFAULT_QUALITY, DEFAULT_PITCH | FF_DONTCARE, TEXT("Tahoma")), TRUE); // Subtitle subtitle = CreateWindowEx(0, TEXT("STATIC"), TEXT("Please power off your device and connect it to begin."), WS_VISIBLE | WS_CHILD | SS_CENTER, 20, 52, 480, 17, window, NULL, NULL, NULL); SendMessage(subtitle, WM_SETFONT, (WPARAM) CreateFont(14, 0, 0, 0, FW_DONTCARE, FALSE, FALSE, FALSE, ANSI_CHARSET, OUT_TT_PRECIS, CLIP_DEFAULT_PRECIS, DEFAULT_QUALITY, DEFAULT_PITCH | FF_DONTCARE, TEXT("Tahoma")), TRUE); // Copyright warning copyright = CreateWindowEx(0, TEXT("STATIC"), TEXT("(c) 2009-2010 chronic-dev team (http://chronic-dev.org/blog/). Beware the copyright monster!"), WS_VISIBLE | WS_CHILD | SS_NOTIFY | SS_CENTER, 20, 236, 480, 13, window, (HMENU) 4, NULL, NULL); SendMessage(copyright, WM_SETFONT, (WPARAM) CreateFont(12, 0, 0, 0, FW_DONTCARE, FALSE, TRUE, FALSE, ANSI_CHARSET, OUT_TT_PRECIS, CLIP_DEFAULT_PRECIS, DEFAULT_QUALITY, DEFAULT_PITCH | FF_DONTCARE, TEXT("Tahoma")), TRUE); // DFU group box group = CreateWindowEx(0, TEXT("BUTTON"), TEXT(""), BS_GROUPBOX | WS_VISIBLE | WS_CHILD, 20, 70, 480, 125, window, NULL, NULL, NULL); // Label #1 first = CreateWindowEx(0, TEXT("STATIC"), dfutext[0], WS_VISIBLE | WS_CHILD | SS_CENTER, 5, 20, 370, 17, group, NULL, NULL, NULL); SendMessage(first, WM_SETFONT, (WPARAM) CreateFont(14, 0, 0, 0, FW_DONTCARE, FALSE, FALSE, FALSE, ANSI_CHARSET, OUT_TT_PRECIS, CLIP_DEFAULT_PRECIS, DEFAULT_QUALITY, DEFAULT_PITCH | FF_DONTCARE, TEXT("Tahoma")), TRUE); // Label #2 second = CreateWindowEx(0, TEXT("STATIC"), dfutext[1], WS_VISIBLE | WS_CHILD | SS_CENTER, 5, 45, 370, 17, group, NULL, NULL, NULL); SendMessage(second, WM_SETFONT, (WPARAM) CreateFont(14, 0, 0, 0, FW_DONTCARE, FALSE, FALSE, FALSE, ANSI_CHARSET, OUT_TT_PRECIS, CLIP_DEFAULT_PRECIS, DEFAULT_QUALITY, DEFAULT_PITCH | FF_DONTCARE, TEXT("Tahoma")), TRUE); // Label #3 third = CreateWindowEx(0, TEXT("STATIC"), dfutext[2], WS_VISIBLE | WS_CHILD | SS_CENTER, 5, 70, 370, 17, group, NULL, NULL, NULL); SendMessage(third, WM_SETFONT, (WPARAM) CreateFont(14, 0, 0, 0, FW_DONTCARE, FALSE, FALSE, FALSE, ANSI_CHARSET, OUT_TT_PRECIS, CLIP_DEFAULT_PRECIS, DEFAULT_QUALITY, DEFAULT_PITCH | FF_DONTCARE, TEXT("Tahoma")), TRUE); // Label #4 fourth = CreateWindowEx(0, TEXT("STATIC"), dfutext[3], WS_VISIBLE | WS_CHILD | SS_CENTER, 5, 95, 370, 17, group, NULL, NULL, NULL); SendMessage(fourth, WM_SETFONT, (WPARAM) CreateFont(14, 0, 0, 0, FW_DONTCARE, FALSE, FALSE, FALSE, ANSI_CHARSET, OUT_TT_PRECIS, CLIP_DEFAULT_PRECIS, DEFAULT_QUALITY, DEFAULT_PITCH | FF_DONTCARE, TEXT("Tahoma")), TRUE); // Countdown timer counter = CreateWindowEx(0, TEXT("STATIC"), TEXT(""), WS_VISIBLE | WS_CHILD | SS_CENTER, 390, 15, 60, 60, group, NULL, NULL, NULL); SendMessage(counter, WM_SETFONT, (WPARAM) CreateFont(64, 0, 0, 0, FW_EXTRALIGHT, FALSE, FALSE, FALSE, ANSI_CHARSET, OUT_TT_PRECIS, CLIP_DEFAULT_PRECIS, DEFAULT_QUALITY, DEFAULT_PITCH | FF_DONTCARE, TEXT("Tahoma")), TRUE); // Seconds label seconds = CreateWindowEx(0, TEXT("STATIC"), TEXT("Seconds"), WS_VISIBLE | WS_CHILD | SS_CENTER, 390, 75, 60, 15, group, NULL, NULL, NULL); SendMessage(seconds, WM_SETFONT, (WPARAM) CreateFont(12, 0, 0, 0, FW_DONTCARE, FALSE, FALSE, FALSE, ANSI_CHARSET, OUT_TT_PRECIS, CLIP_DEFAULT_PRECIS, DEFAULT_QUALITY, DEFAULT_PITCH | FF_DONTCARE, TEXT("Tahoma")), TRUE); // Reset button reset = CreateWindowEx(0, TEXT("BUTTON"), TEXT("Reset"), BS_PUSHBUTTON | WS_VISIBLE | WS_CHILD, 20 + 390, 70 + 95, 60, 20, window, (HMENU) 2, NULL, NULL); SendMessage(reset, WM_SETFONT, (WPARAM)GetStockObject(DEFAULT_GUI_FONT), FALSE); // Enter button enter = CreateWindowEx(0, TEXT("BUTTON"), TEXT("Prepare to Jailbreak (DFU)"), BS_PUSHBUTTON | WS_VISIBLE | WS_CHILD, 20 + 176, 70 + 50, 160, 25, window, (HMENU) 3, NULL, NULL); SendMessage(enter, WM_SETFONT, (WPARAM)GetStockObject(DEFAULT_GUI_FONT), FALSE); // donate button hImage = (HBITMAP)LoadImage(GetModuleHandle(NULL), TEXT("donate"), IMAGE_BITMAP, 0, 0, 0); // Show the window CenterWindow(window); ShowWindow(window, nFunsterStil); UpdateJailbreakStatus(); ToggleDFUTimers(FALSE); // Run the main runloop. while(MessageLoop(TRUE)); #ifdef USE_POIS0N pois0n_exit(); #endif return 0; }
int libkrypton1te_init() { int s_ret = 0; /*Value to be returned */ irecv_open_attempts(&client, 10); /* Open attempts and load client */ pois0n_init(); return s_ret; }
int main(int argc, char* argv[]) { irecv_error_t error; unsigned int cpid; int can_ra1n = 0; printf("Loadibec " LOADIBEC_VERSION COMMIT_STRING ".\n"); if(argc != 2) { printf("Usage: %s <file>\n" "\tLoads a file to an iDevice in recovery mode and jumps to it.\n", argv[0]); return 0; } irecv_init(); printf("Connecting to iDevice...\n"); error = irecv_open_attempts(&g_syringe_client, 10); if(error != IRECV_E_SUCCESS) { fprintf(stderr, "Failed to connect to iBoot, error %d.\n", error); return -error; } if(irecv_get_cpid(g_syringe_client, &cpid) == IRECV_E_SUCCESS) { if(cpid > 8900) can_ra1n = 1; } if(g_syringe_client->mode == kDfuMode && can_ra1n) { int ret; printf("linera1n compatible device detected, injecting limera1n.\n"); irecv_close(&g_syringe_client); irecv_exit(); pois0n_init(); ret = pois0n_is_ready(); if(ret < 0) return ret; ret = pois0n_is_compatible(); if(ret < 0) return ret; pois0n_inject(); irecv_close(&g_syringe_client); g_syringe_client = NULL; printf("limera1ned, reconnecting...\n"); g_syringe_client = irecv_reconnect(g_syringe_client, 10); if(!g_syringe_client) { fprintf(stderr, "Failed to reconnect.\n"); return 4; } } else can_ra1n = 0; printf("Starting transfer of '%s'.\n", argv[1]); irecv_event_subscribe(g_syringe_client, IRECV_PROGRESS, &progress_cb, NULL); error = irecv_send_file(g_syringe_client, argv[1], 0); if(error != IRECV_E_SUCCESS) { fprintf(stderr, "Failed to upload '%s', error %d.\n", argv[1], error); return 2; } error = irecv_send_command(g_syringe_client, "go"); if(error != IRECV_E_SUCCESS) { fprintf(stderr, "Failed to jump to uploaded file, error %d.\n", error); return 3; } irecv_send_command(g_syringe_client, "go jump 0x41000000"); printf("Uploaded Successfully.\n"); irecv_exit(); return 0; }