Beispiel #1
0
BOOL DeviceInDFU() {
#ifdef USE_POIS0N
    return pois0n_is_ready() == 0 && pois0n_is_compatible() == 0;
#else
    return FALSE;
#endif
}
Beispiel #2
0
int main(int argc, char* argv[]) {
	if (argc > 1 && (!strcmp(argv[1],"--help") || !strcmp(argv[1],"-h"))) {
		printf("injectpois0n\n\t-t  Teather Boot\n\t-r  Boot ramdisk\n\t-s  Only execute iBSS payload\n\t-o  Only execute iBSS payload and boot iBoot\n\nUsage: %s [-r|-s|-o]\n", argv[0]);
		return 0;
	}
	pois0n_init();
	pois0n_set_callback(&print_progress, NULL);

	info("Waiting for device to enter DFU mode\n");
	while(pois0n_is_ready()) {
		sleep(1);
	}

	info("Found device in DFU mode\n");
	if(!pois0n_is_compatible()) {
		if (argc > 1) {
			if (!strcmp(argv[1],"-t"))
				pois0n_inject("1");
			else if (!strcmp(argv[1],"-r"))
				pois0n_inject("0");
			else if (!strcmp(argv[1],"-s"))
				pois0n_inject("2");
			else if (!strcmp(argv[1],"-o"))
				pois0n_inject("3");
		} else {
			pois0n_inject(NULL);
		}
	}

	pois0n_exit();
	return 0;
}
Beispiel #3
0
int main(int argc, char* argv[]) {
	
    if (argc > 1) {
        if (!strcmp(argv[1],"-go")){
            pois0n_init();
            pois0n_set_callback(&print_progress, NULL);
            
            info("Waiting for device to enter DFU mode\n");
            pois0n_is_ready();
            
            info("Found device in DFU mode\n");
            if(!pois0n_is_compatible()){
            pois0n_inject("2");
        }
            pois0n_exit();
        }if (!strcmp(argv[1],"-irecovery")) {
            system("build/irecovery -v -s");
        }
        
    }else {
        help();
    }
    


	return 0;
}
Beispiel #4
0
int main(int argc, char* argv[]) {
	int result = 0;
	if (argc != 3) {
		usage();
	}
	const char* ibssFile = argv[1];
	const char* kernelcacheFile = argv[2];
	
	pois0n_init();
	pois0n_set_callback(&print_progress, NULL);

	info("Waiting for device to enter DFU mode\n");
	while(pois0n_is_ready()) {
		sleep(1);
	}

	info("Found device in DFU mode\n");
	result = pois0n_is_compatible();
	if (result < 0) {
		error("Your device in incompatible with this exploit!\n");
		return result;
	}
	
	result = pois0n_injectonly();
	if (result < 0) {
		error("Exploit injection failed!\n");
		return result;
	}
	
	debug("Uploading %s to device\n", ibssFile);
	irecv_error_t error = irecv_send_file(client, ibssFile, 1);
	if(error != IRECV_E_SUCCESS) {
		error("Unable to upload iBSS\n");
		debug("%s\n", irecv_strerror(error));
		return -1;
	}
	
	client = irecv_reconnect(client, 10);
	
	debug("Uploading %s to device\n", kernelcacheFile);
	error = irecv_send_file(client, kernelcacheFile, 1);
	if(error != IRECV_E_SUCCESS) {
		error("Unable to upload kernelcache\n");
		debug("%s\n", irecv_strerror(error));
		return -1;
	}
	
	error = irecv_send_command(client, "bootx");
	if(error != IRECV_E_SUCCESS) {
		error("Unable send the bootx command\n");
		return -1;
	}
	
	pois0n_exit();
	return 0;
}
Beispiel #5
0
int main(int argc, char* argv[]) {
	pois0n_init();
	pois0n_set_callback(&print_progress, NULL);

	info("Waiting for device to enter DFU mode\n");
	while(pois0n_is_ready()) {
		sleep(1);
	}

	info("Found device in DFU mode\n");
	if(!pois0n_is_compatible()) {
		pois0n_inject();
	}

	pois0n_exit();
	return 0;
}
Beispiel #6
0
/*
 * Class:     Jsyringe
 * Method:    exploit
 * Signature: ()I
 */
JNIEXPORT jint JNICALL Java_Jsyringe_exploit
  (JNIEnv * env, jclass jClass)
{
	int result = 0;
	irecv_error_t ir_error = IRECV_E_SUCCESS;
	irecv_client_t client = g_syringe_client;

	libpois0n_debug = 1;

	pois0n_init();

	info("Waiting for device to enter DFU mode\n");
	while(pois0n_is_ready()) {
		sleep(1);
	}

	info("Found device in DFU mode\n");
	result = pois0n_is_compatible();
	if (result < 0) {
		error("Your device in incompatible with this exploit!\n");
		goto cleanup;
	}

	result = pois0n_injectonly();
	if (result < 0) {
		error("Exploit injection failed!\n");
		goto cleanup;
	}
	result = 0;

cleanup:
	fflush(stderr);
	if (g_syringe_client) {
		irecv_close(&g_syringe_client);
		g_syringe_client = NULL;
	}
	
	//pois0n_exit();
	return result;
}
Beispiel #7
0
int tethered_boot(const char *ibssFile, const char *ibecFile, const char *kernelcacheFile, const char *ramdiskFile, const char *devicetreeFile)
{
	int result = 0;
	irecv_error_t ir_error = IRECV_E_SUCCESS;
	irecv_client_t client = g_syringe_client;

	libpois0n_debug = 1;

	pois0n_init();

	info("Waiting for device to enter DFU mode\n");
	while(pois0n_is_ready()) {
		sleep(1);
	}

	info("Found device in DFU mode\n");
	result = pois0n_is_compatible();
	if (result < 0) {
		error("Your device in incompatible with this exploit!\n");
		goto cleanup;
	}

	result = pois0n_injectonly();
	if (result < 0) {
		error("Exploit injection failed!\n");
		goto cleanup;
	}
	client = g_syringe_client;

	if (ibssFile != NULL) {
		debug("Uploading %s to device, mode: 0x%x\n", ibssFile, client->mode);
		ir_error = irecv_send_file(client, ibssFile, 1);
		if(ir_error != IRECV_E_SUCCESS) {
			error("Unable to upload iBSS\n");
			debug("%s\n", irecv_strerror(ir_error));
			result = -1;
			goto cleanup;
		}
		
		sleep(10);

	} else {
		error("ibss can't be null\n");
		result = -1;
		goto cleanup;
	}

	if (ibecFile != NULL) {
		client = g_syringe_client = irecv_reconnect(client, 10);

		debug("Uploading iBEC %s to device, mode: 0x%x\n", ibecFile, client->mode);
		ir_error = irecv_send_file(client, ibecFile, 1);
		if(ir_error != IRECV_E_SUCCESS) {
			error("Unable to upload iBEC\n");
			debug("%s\n", irecv_strerror(ir_error));
			result = -1;
			goto cleanup;
		}

		sleep(5);
	}

	client = g_syringe_client = irecv_reconnect(client, 10);

	if (ramdiskFile != NULL) {
		debug("Uploading ramdisk %s to device\n", ramdiskFile);
		ir_error = irecv_send_file(client, ramdiskFile, 1);
		if(ir_error != IRECV_E_SUCCESS) {
			error("Unable to upload ramdisk\n");
			debug("%s\n", irecv_strerror(ir_error));
			result = -1;
			goto cleanup;
		}

		sleep(5);

		ir_error = irecv_send_command(client, "ramdisk");
		if(ir_error != IRECV_E_SUCCESS) {
			error("Unable send the ramdisk command\n");
			result = -1;
			goto cleanup;
		}	
	}

	if (devicetreeFile != NULL) {
	        debug("Uploading device tree %s to device\n", devicetreeFile);
		ir_error = irecv_send_file(client, devicetreeFile, 1);
		if(ir_error != IRECV_E_SUCCESS) {
			error("Unable to upload device tree\n");
			debug("%s\n", irecv_strerror(ir_error));
			result = -1;
			goto cleanup;
		}

		ir_error = irecv_send_command(client, "devicetree");
		if(ir_error != IRECV_E_SUCCESS) {
			error("Unable to send the devicetree command\n");
			result = -1;
			goto cleanup;
		}
	}
	
	if (kernelcacheFile != NULL) {
		debug("Uploading kernel %s to device, mode: 0x%x\n", kernelcacheFile, client->mode);
		ir_error = irecv_send_file(client, kernelcacheFile, 1);
		if(ir_error != IRECV_E_SUCCESS) {
			error("Unable to upload kernelcache\n");
			debug("%s\n", irecv_strerror(ir_error));
			result = -1;
			goto cleanup;
		}

		ir_error = irecv_send_command(client, "bootx");
		if(ir_error != IRECV_E_SUCCESS) {
			error("Unable send the bootx command\n");
			result = -1;
			goto cleanup;
		}
	} else {
		error("kernelcache can't be null\n");
		result = -1;
		goto cleanup;
	}

	result = 0;

cleanup:
	fflush(stderr);
	if (g_syringe_client) {
		irecv_close(&g_syringe_client);
		g_syringe_client = NULL;
	}
	
	//pois0n_exit();
	return result;
}
Beispiel #8
0
int main(int argc, char* argv[]) {
	int result = 0;
	irecv_error_t ir_error = IRECV_E_SUCCESS;

	//int index;
	const char 
		*ibssFile = NULL,
		*ibecFile = NULL,
		*kernelcacheFile = NULL,
		*ramdiskFile = NULL,
		*bgcolor = NULL,
		*bootlogo = NULL;
	int c;

	opterr = 0;

	while ((c = getopt (argc, argv, "vhi:b:k:r:l:c:")) != -1)
		switch (c)
	{
		case 'v':
			g_verbose = true;
			break;
		case 'h':
			usage();
			break;
		case 'i':
			if (!file_exists(optarg)) {
				error("Cannot open iBSS file '%s'\n", optarg);
				return -1;
			}
			ibssFile = optarg;
			break;
		case 'b':
			if (!file_exists(optarg)) {
				error("Cannot open iBEC file '%s'\n", optarg);
				return -1;
			}
			ibecFile = optarg;
			break;
		case 'k':
			if (!file_exists(optarg)) {
				error("Cannot open kernelcache file '%s'\n", optarg);
				return -1;
			}
			kernelcacheFile = optarg;
			break;
		case 'r':
			if (!file_exists(optarg)) {
				error("Cannot open ramdisk file '%s'\n", optarg);
				return -1;
			}
			ramdiskFile = optarg;
			break;
		case 'l':
			if (!file_exists(optarg)) {
				error("Cannot open bootlogo file '%s'\n", optarg);
				return -1;
			}
			bootlogo = optarg;
			break;
		case 'c':
			bgcolor = optarg;
			break;
		default:
			usage();
	}

	pois0n_init();
	pois0n_set_callback(&print_progress, NULL);

	info("Waiting for device to enter DFU mode\n");
	while(pois0n_is_ready()) {
		sleep(1);
	}

	info("Found device in DFU mode\n");
	result = pois0n_is_compatible();
	if (result < 0) {
		error("Your device in incompatible with this exploit!\n");
		return result;
	}

	result = pois0n_injectonly();
	if (result < 0) {
		error("Exploit injection failed!\n");
		return result;
	}

	if (ibssFile != NULL) {
		debug("Uploading %s to device\n", ibssFile);
		ir_error = irecv_send_file(g_syringe_client, ibssFile, 1);
		if(ir_error != IRECV_E_SUCCESS) {
			error("Unable to upload iBSS\n");
			debug("%s\n", irecv_strerror(ir_error));
			return -1;
		}
		
		sleep(10);

	} else {
		return 0;
	}

	if (ibecFile != NULL) {
		g_syringe_client = irecv_reconnect(g_syringe_client, 10);

		debug("Uploading iBEC %s to device\n", ibecFile);
		ir_error = irecv_send_file(g_syringe_client, ibecFile, 1);
		if(ir_error != IRECV_E_SUCCESS) {
			error("Unable to upload iBEC\n");
			debug("%s\n", irecv_strerror(ir_error));
			return -1;
		}

		sleep(5);

	}

	g_syringe_client = irecv_reconnect(g_syringe_client, 10);

	if (ramdiskFile != NULL) {
		debug("Uploading ramdisk %s to device\n", ramdiskFile);
		ir_error = irecv_send_file(g_syringe_client, ramdiskFile, 1);
		if(ir_error != IRECV_E_SUCCESS) {
			error("Unable to upload ramdisk\n");
			debug("%s\n", irecv_strerror(ir_error));
			return -1;
		}

		sleep(5);

		ir_error = irecv_send_command(g_syringe_client, "ramdisk");
		if(ir_error != IRECV_E_SUCCESS) {
			error("Unable send the ramdisk command\n");
			return -1;
		}	
	}

	if (bootlogo != NULL) {
	        debug("Uploading boot logo %s to device\n", bootlogo);
		ir_error = irecv_send_file(g_syringe_client, bootlogo, 1);
		if(ir_error != IRECV_E_SUCCESS) {
			error("Unable to upload bootlogo\n");
			debug("%s\n", irecv_strerror(ir_error));
			return -1;
		}

		ir_error = irecv_send_command(g_syringe_client, "setpicture 1");
		if(ir_error != IRECV_E_SUCCESS) {
			error("Unable to set picture\n");
			return -1;
		}

                ir_error = irecv_send_command(g_syringe_client, "bgcolor 0 0 0");
		if(ir_error != IRECV_E_SUCCESS) {
			error("Unable to set picture\n");
                        return -1;
                }
	}

	if (bgcolor != NULL) {
		char finalbgcolor[255];
		sprintf(finalbgcolor, "bgcolor %s", bgcolor);
		ir_error = irecv_send_command(g_syringe_client, finalbgcolor);
		if(ir_error != IRECV_E_SUCCESS) {
			error("Unable set bgcolor\n");
			return -1;
		}
	}
	
	if (kernelcacheFile != NULL) {
		debug("Uploading %s to device\n", kernelcacheFile);
		ir_error = irecv_send_file(g_syringe_client, kernelcacheFile, 1);
		if(ir_error != IRECV_E_SUCCESS) {
			error("Unable to upload kernelcache\n");
			debug("%s\n", irecv_strerror(ir_error));
			return -1;
		}

		ir_error = irecv_send_command(g_syringe_client, "bootx");
		if(ir_error != IRECV_E_SUCCESS) {
			error("Unable send the bootx command\n");
			return -1;
		}
	}

	pois0n_exit();
	return 0;
}
Beispiel #9
0
int main(int argc, char* argv[]) 
{
	irecv_error_t error;
	unsigned int cpid;
	int can_ra1n = 0;

	printf("Loadibec " LOADIBEC_VERSION COMMIT_STRING ".\n");

	if(argc != 2)
	{
		printf("Usage: %s <file>\n"
			"\tLoads a file to an iDevice in recovery mode and jumps to it.\n", argv[0]);
		return 0;
	}


	irecv_init();

	printf("Connecting to iDevice...\n");

	error = irecv_open_attempts(&g_syringe_client, 10);
	if(error != IRECV_E_SUCCESS)
	{
		fprintf(stderr, "Failed to connect to iBoot, error %d.\n", error);
		return -error;
	}
	
	if(irecv_get_cpid(g_syringe_client, &cpid) == IRECV_E_SUCCESS)
	{
		if(cpid > 8900)
			can_ra1n = 1;
	}

	if(g_syringe_client->mode == kDfuMode && can_ra1n)
	{
		int ret;
		printf("linera1n compatible device detected, injecting limera1n.\n");
		irecv_close(&g_syringe_client);
		irecv_exit();

		pois0n_init();

		ret = pois0n_is_ready();
		if(ret < 0)
			return ret;

		ret = pois0n_is_compatible();
		if(ret < 0)
			return ret;

		pois0n_inject();

		irecv_close(&g_syringe_client);
		g_syringe_client = NULL;

		printf("limera1ned, reconnecting...\n");

		g_syringe_client = irecv_reconnect(g_syringe_client, 10);
		if(!g_syringe_client)
		{
			fprintf(stderr, "Failed to reconnect.\n");
			return 4;
		}
	}
	else
		can_ra1n = 0;

	printf("Starting transfer of '%s'.\n", argv[1]);

	irecv_event_subscribe(g_syringe_client, IRECV_PROGRESS, &progress_cb, NULL);
	
	error = irecv_send_file(g_syringe_client, argv[1], 0);
	if(error != IRECV_E_SUCCESS)
	{
		fprintf(stderr, "Failed to upload '%s', error %d.\n", argv[1], error);
		return 2;
	}

	error = irecv_send_command(g_syringe_client, "go");
	if(error != IRECV_E_SUCCESS)
	{
		fprintf(stderr, "Failed to jump to uploaded file, error %d.\n", error);
		return 3;
	}
	
	irecv_send_command(g_syringe_client, "go jump 0x41000000");

	printf("Uploaded Successfully.\n");

	irecv_exit();

	return 0;
}