int absFileWrite(io_func* io, off_t location, size_t size, void *buffer) {
AbstractFile* file;
file = (AbstractFile*) io->data;
file->seek(file, location);
if(file->write(file, buffer, size) == size) {
return TRUE;
} else {
return FALSE;
}
}
int main(int argc, char* argv[]) {
init_libxpwn();
if(argc < 4) {
print_usage();
return 0;
}
AbstractFile* png;
AbstractFile* img;
AbstractFile* dst;
void* imageBuffer;
size_t imageSize;
unsigned int key[16];
unsigned int iv[16];
unsigned int* pKey = NULL;
unsigned int* pIV = NULL;
if(strcmp(argv[1], "e") == 0) {
img = createAbstractFileFromFile(fopen(argv[2], "rb"));
if(argc >= 6) {
sscanf(argv[4], "%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x",
&iv[0], &iv[1], &iv[2], &iv[3], &iv[4], &iv[5], &iv[6], &iv[7], &iv[8],
&iv[9], &iv[10], &iv[11], &iv[12], &iv[13], &iv[14], &iv[15]);
sscanf(argv[5], "%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x",
&key[0], &key[1], &key[2], &key[3], &key[4], &key[5], &key[6], &key[7], &key[8],
&key[9], &key[10], &key[11], &key[12], &key[13], &key[14], &key[15]);
pKey = key;
pIV = iv;
}
AbstractFile2* img3 = (AbstractFile2*) createAbstractFileFromImg3(img);
img3->setKey(img3, key, iv);
AbstractFile * out = createAbstractFileFromFile(fopen(argv[3], "wb"));
size_t inDataSize = (size_t) ((AbstractFile *)img3)->getLength((AbstractFile *)img3);
char *inData = (char*) malloc(inDataSize);
((AbstractFile *)img3)->read((AbstractFile *)img3, inData, inDataSize);
out->write(out, inData, inDataSize);
}
return 0;
}
void createRestoreOptions(Volume* volume, const char *optionsPlist, int SystemPartitionSize, int UpdateBaseband) {
AbstractFile* plistFile;
Dictionary* info;
char* plist;
HFSPlusCatalogRecord* record;
info = NULL;
record = getRecordFromPath(optionsPlist, volume, NULL, NULL);
if(record != NULL && record->recordType == kHFSPlusFileRecord) {
HFSPlusCatalogFile* file = (HFSPlusCatalogFile*)record;
size_t bufferSize = 512;
plist = malloc(bufferSize);
plistFile = createAbstractFileFromMemory((void**)&plist, bufferSize);
if (plistFile) {
char zero = 0;
writeToFile(file, plistFile, volume);
plistFile->write(plistFile, &zero, sizeof(zero));
plistFile->close(plistFile);
info = createRoot(plist);
removeKey(info, "CreateFilesystemPartitions");
removeKey(info, "SystemPartitionSize");
removeKey(info, "UpdateBaseband");
removeKey(info, "MinimumSystemPartition");
addIntegerToDictionary(info, "MinimumSystemPartition", SystemPartitionSize);
XLOG(0, "got %s from ramdisk\n", optionsPlist);
}
free(plist);
}
XLOG(0, "start create restore options\n");
if (!info) info = createRoot("<dict></dict>");
addBoolToDictionary(info, "CreateFilesystemPartitions", TRUE);
addIntegerToDictionary(info, "SystemPartitionSize", SystemPartitionSize);
addBoolToDictionary(info, "UpdateBaseband", UpdateBaseband);
plist = getXmlFromRoot(info);
releaseDictionary(info);
XLOG(0, "%s", plist);
plistFile = createAbstractFileFromMemory((void**)&plist, sizeof(char) * strlen(plist));
add_hfs(volume, plistFile, optionsPlist);
free(plist);
}
int xpwntool_enc_dec(char* srcName, char* destName, char* templateFileName, char* ivStr, char* keyStr)
{
char* inData;
size_t inDataSize;
AbstractFile* templateFile = NULL;
unsigned int* key = NULL;
unsigned int* iv = NULL;
int hasKey = TRUE;
int hasIV = TRUE;
if (templateFileName != NULL && strlen(templateFileName) != 0) {
templateFile = createAbstractFileFromFile(fopen(templateFileName, "rb"));
if(!templateFile) {
fprintf(stderr, "error: cannot open template\n");
return 1;
}
}
size_t bytes;
hexToInts(keyStr, &key, &bytes);
if (bytes == 0) {
free(key);
key = NULL;
} else {
hexToInts(ivStr, &iv, &bytes);
}
AbstractFile* inFile;
inFile = openAbstractFile2(createAbstractFileFromFile(fopen(srcName, "rb")), key, iv);
if(!inFile) {
fprintf(stderr, "error: cannot open infile\n");
return 2;
}
AbstractFile* outFile = createAbstractFileFromFile(fopen(destName, "wb"));
if(!outFile) {
fprintf(stderr, "error: cannot open outfile\n");
return 3;
}
AbstractFile* newFile;
if(templateFile) {
newFile = duplicateAbstractFile2(templateFile, outFile, key, iv, NULL);
if(!newFile) {
fprintf(stderr, "error: cannot duplicate file from provided template\n");
return 4;
}
} else {
newFile = outFile;
}
if(newFile->type == AbstractFileTypeImg3) {
AbstractFile2* abstractFile2 = (AbstractFile2*) newFile;
if (key != NULL) {
abstractFile2->setKey(abstractFile2, key, iv);
}
}
inDataSize = (size_t) inFile->getLength(inFile);
inData = (char*) malloc(inDataSize);
inFile->read(inFile, inData, inDataSize);
inFile->close(inFile);
newFile->write(newFile, inData, inDataSize);
newFile->close(newFile);
free(inData);
if(key)
free(key);
if(iv)
free(iv);
return 0;
}
int main(int argc, char* argv[]) {
init_libxpwn(&argc, argv);
if(argc < 4) {
print_usage();
return 0;
}
AbstractFile* png;
AbstractFile* img;
AbstractFile* dst;
void* imageBuffer;
size_t imageSize;
unsigned int key[32];
unsigned int iv[16];
unsigned int* pKey = NULL;
unsigned int* pIV = NULL;
if(strcmp(argv[1], "inject") == 0) {
if(argc < 5) {
print_usage();
return 0;
}
png = createAbstractFileFromFile(fopen(argv[2], "rb"));
img = createAbstractFileFromFile(fopen(argv[4], "rb"));
dst = createAbstractFileFromFile(fopen(argv[3], "wb"));
if(argc >= 7) {
sscanf(argv[5], "%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x",
&iv[0], &iv[1], &iv[2], &iv[3], &iv[4], &iv[5], &iv[6], &iv[7], &iv[8],
&iv[9], &iv[10], &iv[11], &iv[12], &iv[13], &iv[14], &iv[15]);
sscanf(argv[6], "%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x",
&key[0], &key[1], &key[2], &key[3], &key[4], &key[5], &key[6], &key[7], &key[8],
&key[9], &key[10], &key[11], &key[12], &key[13], &key[14], &key[15],
&key[16], &key[17], &key[18], &key[19], &key[20], &key[21], &key[22], &key[23], &key[24],
&key[25], &key[26], &key[27], &key[28], &key[29], &key[30], &key[31]);
pKey = key;
pIV = iv;
}
imageBuffer = replaceBootImage(img, pKey, pIV, png, &imageSize);
dst->write(dst, imageBuffer, imageSize);
dst->close(dst);
} else if(strcmp(argv[1], "extract") == 0) {
img = createAbstractFileFromFile(fopen(argv[2], "rb"));
if(argc >= 6) {
sscanf(argv[4], "%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x",
&iv[0], &iv[1], &iv[2], &iv[3], &iv[4], &iv[5], &iv[6], &iv[7], &iv[8],
&iv[9], &iv[10], &iv[11], &iv[12], &iv[13], &iv[14], &iv[15]);
sscanf(argv[5], "%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x",
&key[0], &key[1], &key[2], &key[3], &key[4], &key[5], &key[6], &key[7], &key[8],
&key[9], &key[10], &key[11], &key[12], &key[13], &key[14], &key[15],
&key[16], &key[17], &key[18], &key[19], &key[20], &key[21], &key[22], &key[23], &key[24],
&key[25], &key[26], &key[27], &key[28], &key[29], &key[30], &key[31]);
pKey = key;
pIV = iv;
}
if(convertToPNG(img, pKey, pIV, argv[3]) < 0) {
XLOG(1, "error converting img to png");
}
}
return 0;
}
int doDecrypt(StringValue* decryptValue, StringValue* fileValue, const char* bundlePath, OutputState** state, unsigned int* key, unsigned int* iv, int useMemory) {
size_t bufferSize;
void* buffer;
AbstractFile* file;
AbstractFile* out;
AbstractFile* outRaw;
char* tmpFileName;
if(useMemory) {
bufferSize = 0;
buffer = malloc(1);
outRaw = createAbstractFileFromMemoryFile((void**)&buffer, &bufferSize);
} else {
tmpFileName = createTempFile();
outRaw = createAbstractFileFromFile(fopen(tmpFileName, "wb"));
}
out = duplicateAbstractFile(getFileFromOutputState(state, fileValue->value), outRaw);
file = openAbstractFile3(getFileFromOutputState(state, fileValue->value), key, iv, 0);
if(!file || !out) {
XLOG(0, "file error\n");
exit(0);
}
char *buf = malloc(1024 * 1024);
off_t inDataSize = file->getLength(file);
while (inDataSize > 0) {
off_t avail, chunk = 1024 * 1024;
if (chunk > inDataSize) {
chunk = inDataSize;
}
if (chunk < 0) {
XLOG(0, "decrypt failed\n");
exit(0);
}
avail = file->read(file, buf, chunk);
out->write(out, buf, avail);
if (avail < chunk) {
break;
}
inDataSize -= chunk;
}
out->close(out);
file->close(file);
free(buf);
XLOG(0, "writing... "); fflush(stdout);
if (decryptValue) {
fileValue = decryptValue;
}
if(useMemory) {
addToOutput(state, fileValue->value, buffer, bufferSize);
} else {
outRaw = createAbstractFileFromFile(fopen(tmpFileName, "rb"));
size_t length = outRaw->getLength(outRaw);
outRaw->close(outRaw);
addToOutput2(state, fileValue->value, NULL, length, tmpFileName);
}
XLOG(0, "success\n"); fflush(stdout);
return 0;
}
void* replaceBootImage(AbstractFile* imageWrapper, const unsigned int* key, const unsigned int* iv, AbstractFile* png, size_t *fileSize) {
AbstractFile* imageFile;
unsigned char header[8];
InfoIBootIM* info;
png_uint_32 i;
png_bytepp row_pointers;
uint8_t* imageBuffer;
void* buffer;
png->read(png, header, 8);
if(png_sig_cmp(header, 0, 8) != 0) {
XLOG(0, "error: not a valid png file\n");
return NULL;
}
png->seek(png, 0);
png_structp png_ptr = png_create_read_struct(PNG_LIBPNG_VER_STRING, NULL, pngError, pngWarn);
if (!png_ptr) {
return NULL;
}
png_infop info_ptr = png_create_info_struct(png_ptr);
if (!info_ptr)
{
png_destroy_read_struct(&png_ptr, (png_infopp)NULL, (png_infopp)NULL);
return NULL;
}
png_infop end_info = png_create_info_struct(png_ptr);
if (!end_info)
{
png_destroy_read_struct(&png_ptr, &info_ptr, (png_infopp)NULL);
return NULL;
}
if (setjmp(png_jmpbuf(png_ptr)))
{
XLOG(0, "error reading png\n");
png_destroy_read_struct(&png_ptr, &info_ptr, &end_info);
free(buffer);
return NULL;
}
png_set_read_fn(png_ptr, png, pngRead);
png_read_info(png_ptr, info_ptr);
if(png_get_bit_depth(png_ptr, info_ptr) > 8) {
XLOG(0, "warning: bit depth per channel is greater than 8 (%d). Attempting to strip, but image quality will be degraded.\n", png_get_bit_depth(png_ptr, info_ptr));
}
if(png_get_color_type(png_ptr, info_ptr) == PNG_COLOR_TYPE_GRAY || png_get_color_type(png_ptr, info_ptr) == PNG_COLOR_TYPE_RGB) {
XLOG(0, "notice: attempting to add dummy transparency channel\n");
}
if(png_get_color_type(png_ptr, info_ptr) == PNG_COLOR_TYPE_PALETTE) {
XLOG(0, "notice: attempting to expand palette into full rgb\n");
}
png_set_expand(png_ptr);
png_set_strip_16(png_ptr);
png_set_bgr(png_ptr);
png_set_add_alpha(png_ptr, 0x0, PNG_FILLER_AFTER);
png_set_invert_alpha(png_ptr);
png_read_update_info(png_ptr, info_ptr);
if(png_get_image_width(png_ptr, info_ptr) > 320 || png_get_image_height(png_ptr, info_ptr) > 480) {
XLOG(0, "error: dimensions out of range, must be within 320x480, not %lux%lu\n", png_get_image_width(png_ptr, info_ptr), png_get_image_height(png_ptr, info_ptr));
png_destroy_read_struct(&png_ptr, &info_ptr, &end_info);
return NULL;
}
if(png_get_bit_depth(png_ptr, info_ptr) != 8) {
XLOG(0, "error: bit depth per channel must be 8 not %d!\n", png_get_bit_depth(png_ptr, info_ptr));
png_destroy_read_struct(&png_ptr, &info_ptr, &end_info);
return NULL;
}
if(png_get_color_type(png_ptr, info_ptr) != PNG_COLOR_TYPE_GRAY_ALPHA && png_get_color_type(png_ptr, info_ptr) != PNG_COLOR_TYPE_RGB_ALPHA) {
XLOG(0, "error: incorrect color type, must be greyscale with alpha, or rgb with alpha\n");
if(png_get_color_type(png_ptr, info_ptr) == PNG_COLOR_TYPE_GRAY || png_get_color_type(png_ptr, info_ptr) == PNG_COLOR_TYPE_RGB) {
XLOG(0, "It appears you're missing an alpha channel. Add transparency to your image\n");
}
if(png_get_color_type(png_ptr, info_ptr) == PNG_COLOR_TYPE_PALETTE) {
XLOG(0, "This PNG is saved with the palette color type rather than ARGB.\n");
}
png_destroy_read_struct(&png_ptr, &info_ptr, &end_info);
return NULL;
}
row_pointers = (png_bytepp) malloc(sizeof(png_bytep) * png_get_image_height(png_ptr, info_ptr));
imageBuffer = malloc(png_get_image_height(png_ptr, info_ptr) * png_get_rowbytes(png_ptr, info_ptr));
for(i = 0; i < png_get_image_height(png_ptr, info_ptr); i++) {
row_pointers[i] = imageBuffer + (png_get_rowbytes(png_ptr, info_ptr) * i);
}
png_read_image(png_ptr, row_pointers);
png_read_end(png_ptr, end_info);
buffer = malloc(1);
*fileSize = 0;
if(key != NULL) {
imageFile = duplicateAbstractFile2(imageWrapper, createAbstractFileFromMemoryFile((void**)&buffer, fileSize), key, iv, NULL);
} else {
imageFile = duplicateAbstractFile(imageWrapper, createAbstractFileFromMemoryFile((void**)&buffer, fileSize));
}
info = (InfoIBootIM*) (imageFile->data);
info->header.width = (uint16_t) png_get_image_width(png_ptr, info_ptr);
info->header.height = (uint16_t) png_get_image_height(png_ptr, info_ptr);
if(png_get_color_type(png_ptr, info_ptr) == PNG_COLOR_TYPE_GRAY_ALPHA) {
info->header.format = IBOOTIM_GREY;
} else {
info->header.format = IBOOTIM_ARGB;
}
imageFile->write(imageFile, imageBuffer, png_get_image_height(png_ptr, info_ptr) * png_get_rowbytes(png_ptr, info_ptr));
imageFile->close(imageFile);
png_destroy_read_struct(&png_ptr, &info_ptr, &end_info);
png->close(png);
free(row_pointers);
free(imageBuffer);
return buffer;
}
