void init_shell(irecv_client_t client) {
irecv_error_t error = 0;
load_command_history();
irecv_event_subscribe(client, IRECV_PROGRESS, &progress_cb, NULL);
irecv_event_subscribe(client, IRECV_RECEIVED, &received_cb, NULL);
irecv_event_subscribe(client, IRECV_PRECOMMAND, &precommand_cb, NULL);
irecv_event_subscribe(client, IRECV_POSTCOMMAND, &postcommand_cb, NULL);
while (!quit) {
error = irecv_receive(client);
if (error != IRECV_E_SUCCESS) {
debug("%s\n", irecv_strerror(error));
break;
}
char* cmd = readline("> ");
if (cmd && *cmd) {
error = irecv_send_command(client, cmd);
if (error != IRECV_E_SUCCESS) {
quit = 1;
}
append_command_to_history(cmd);
free(cmd);
}
}
}
int pois0n_is_ready() {
irecv_error_t error = IRECV_E_SUCCESS;
//////////////////////////////////////
// Begin
// debug("Connecting to device\n");
error = irecv_open_with_ecid(&client, 0);
if (error != IRECV_E_SUCCESS) {
debug("Device must be in DFU mode to continue\n");
return -1;
}
irecv_event_subscribe(client, IRECV_PROGRESS, &recovery_callback, NULL);
//////////////////////////////////////
// Check device
// debug("Checking the device mode\n");
int mode;
if (irecv_get_mode(client, &mode) != IRECV_E_SUCCESS) {
error("Unable to get current mode\n");
return -1;
}
if (mode != IRECV_K_DFU_MODE) {
error("Device must be in DFU mode to continue\n");
irecv_close(client);
return -1;
}
return 0;
}
int dfu_client_new(struct idevicerestore_client_t* client) {
int i = 0;
int attempts = 10;
irecv_client_t dfu = NULL;
irecv_error_t dfu_error = IRECV_E_UNKNOWN_ERROR;
if (client->dfu == NULL) {
client->dfu = (struct dfu_client_t*)malloc(sizeof(struct dfu_client_t));
memset(client->dfu, 0, sizeof(struct dfu_client_t));
if (client->dfu == NULL) {
error("ERROR: Out of memory\n");
return -1;
}
}
for (i = 1; i <= attempts; i++) {
dfu_error = irecv_open(&dfu, client->ecid);
if (dfu_error == IRECV_E_SUCCESS) {
break;
}
if (i >= attempts) {
error("ERROR: Unable to connect to device in DFU mode\n");
return -1;
}
sleep(1);
debug("Retrying connection...\n");
}
irecv_event_subscribe(dfu, IRECV_PROGRESS, &dfu_progress_callback, NULL);
client->dfu->client = dfu;
return 0;
}
int recovery_open_with_timeout(irecv_client_t* client) {
int i = 0;
int attempts = 10;
irecv_client_t recovery = NULL;
irecv_error_t recovery_error = IRECV_E_UNKNOWN_ERROR;
for (i = 1; i <= attempts; i++) {
recovery_error = irecv_open(&recovery);
if (recovery_error == IRECV_E_SUCCESS) {
break;
}
if (i >= attempts) {
error("ERROR: Unable to connect to device in recovery mode\n");
return -1;
}
sleep(2);
debug("Retrying connection...\n");
}
irecv_event_subscribe(recovery, IRECV_PROGRESS, &recovery_progress_callback, NULL);
*client = recovery;
return 0;
}
int recovery_client_new(struct idevicerestore_client_t* client) {
int i = 0;
int attempts = 10;
irecv_client_t recovery = NULL;
irecv_error_t recovery_error = IRECV_E_UNKNOWN_ERROR;
if(client->recovery == NULL) {
client->recovery = (struct recovery_client_t*)malloc(sizeof(struct recovery_client_t));
if (client->recovery == NULL) {
error("ERROR: Out of memory\n");
return -1;
}
memset(client->recovery, 0, sizeof(struct recovery_client_t));
}
for (i = 1; i <= attempts; i++) {
recovery_error = irecv_open(&recovery, client->ecid);
if (recovery_error == IRECV_E_SUCCESS) {
break;
}
if (i >= attempts) {
error("ERROR: Unable to connect to device in recovery mode\n");
return -1;
}
sleep(4);
debug("Retrying connection...\n");
}
if (client->srnm == NULL) {
char snbuf[256];
snbuf[0] = '\0';
irecv_get_srnm(recovery, snbuf);
if (snbuf[0] != '\0') {
client->srnm = strdup(snbuf);
info("INFO: device serial number is %s\n", client->srnm);
}
}
irecv_event_subscribe(recovery, IRECV_PROGRESS, &recovery_progress_callback, NULL);
client->recovery->client = recovery;
return 0;
}
int pois0n_is_ready() {
irecv_error_t error = IRECV_E_SUCCESS;
//////////////////////////////////////
// Begin
// debug("Connecting to device\n");
error = irecv_open(&client, device->chip_id);
if (error != IRECV_E_SUCCESS) {
debug("Device must be in DFU mode to continue\n");
return -1;
}
irecv_event_subscribe(client, IRECV_PROGRESS, &recovery_callback, NULL);
//////////////////////////////////////
// Check device
// debug("Checking the device mode\n");
if (client->mode != kDfuMode) {
error("Device must be in DFU mode to continue\n");
irecv_close(client);
return -1;
}
return 0;
}
int dfu_open_with_timeout(struct idevicerestore_client_t* client, uint32_t timeout) {
int i = 0;
irecv_client_t recovery = NULL;
irecv_error_t recovery_error = IRECV_E_UNKNOWN_ERROR;
for (i = 1; i <= timeout; i++) {
recovery_error = irecv_open(&recovery);
if (recovery_error == IRECV_E_SUCCESS) {
break;
}
if (i == timeout) {
error("ERROR: Unable to connect to device in DFU mode\n");
return -1;
}
sleep(1);
debug("Retrying connection...\n");
}
irecv_event_subscribe(recovery, IRECV_PROGRESS, &dfu_progress_callback, NULL);
client->dfu->client = recovery;
return 0;
}
int main(int argc, char* argv[]) {
int i = 0;
int opt = 0;
int action = 0;
char* argument = NULL;
irecv_error_t error = 0;
if (argc == 1) print_usage();
while ((opt = getopt(argc, argv, "vhrsc:f:e:k::")) > 0) {
switch (opt) {
case 'v':
verbose += 1;
break;
case 'h':
print_usage();
break;
case 'r':
action = kResetDevice;
break;
case 's':
action = kStartShell;
break;
case 'f':
action = kSendFile;
argument = optarg;
break;
case 'c':
action = kSendCommand;
argument = optarg;
break;
case 'k':
action = kSendExploit;
argument = optarg;
break;
case 'e':
action = kSendScript;
argument = optarg;
break;
default:
fprintf(stderr, "Unknown argument\n");
return -1;
}
}
if (verbose) irecv_set_debug_level(verbose);
irecv_init();
irecv_client_t client = NULL;
for (i = 0; i <= 5; i++) {
debug("Attempting to connect... \n");
if (irecv_open(&client) != IRECV_E_SUCCESS)
sleep(1);
else
break;
if (i == 5) {
return -1;
}
}
switch (action) {
case kResetDevice:
irecv_reset(client);
break;
case kSendFile:
irecv_event_subscribe(client, IRECV_PROGRESS, &progress_cb, NULL);
error = irecv_send_file(client, argument, 1);
debug("%s\n", irecv_strerror(error));
break;
case kSendCommand:
error = irecv_send_command(client, argument);
debug("%s\n", irecv_strerror(error));
break;
case kSendExploit:
if (argument != NULL) {
irecv_event_subscribe(client, IRECV_PROGRESS, &progress_cb, NULL);
error = irecv_send_file(client, argument, 0);
if (error != IRECV_E_SUCCESS) {
debug("%s\n", irecv_strerror(error));
break;
}
}
error = irecv_send_exploit(client);
debug("%s\n", irecv_strerror(error));
break;
case kStartShell:
init_shell(client);
break;
case kSendScript:
error = irecv_execute_script(client, argument);
if(error != IRECV_E_SUCCESS) {
debug("%s\n", irecv_strerror(error));
}
break;
default:
fprintf(stderr, "Unknown action\n");
break;
}
irecv_close(client);
return 0;
}
int main(int argc, char* argv[]) {
int i = 0;
int opt = 0;
int action = 0;
unsigned long long ecid = 0;
int mode = -1;
char* argument = NULL;
irecv_error_t error = 0;
char* buffer = NULL;
uint64_t buffer_length = 0;
if (argc == 1) {
print_usage(argc, argv);
return 0;
}
while ((opt = getopt(argc, argv, "i:vhrsmnc:f:e:k::")) > 0) {
switch (opt) {
case 'i':
if (optarg) {
char* tail = NULL;
ecid = strtoull(optarg, &tail, 16);
if (tail && (tail[0] != '\0')) {
ecid = 0;
}
if (ecid == 0) {
fprintf(stderr, "ERROR: Could not parse ECID from argument '%s'\n", optarg);
return -1;
}
}
break;
case 'v':
verbose += 1;
break;
case 'h':
print_usage(argc, argv);
return 0;
case 'm':
action = kShowMode;
break;
case 'n':
action = kRebootToNormalMode;
break;
case 'r':
action = kResetDevice;
break;
case 's':
action = kStartShell;
break;
case 'f':
action = kSendFile;
argument = optarg;
break;
case 'c':
action = kSendCommand;
argument = optarg;
break;
case 'k':
action = kSendExploit;
argument = optarg;
break;
case 'e':
action = kSendScript;
argument = optarg;
break;
default:
fprintf(stderr, "Unknown argument\n");
return -1;
}
}
if (verbose)
irecv_set_debug_level(verbose);
irecv_init();
irecv_client_t client = NULL;
for (i = 0; i <= 5; i++) {
debug("Attempting to connect... \n");
if (irecv_open_with_ecid(&client, ecid) != IRECV_E_SUCCESS)
sleep(1);
else
break;
if (i == 5) {
return -1;
}
}
irecv_device_t device = NULL;
irecv_devices_get_device_by_client(client, &device);
if (device)
debug("Connected to %s, model %s, cpid 0x%04x, bdid 0x%02x\n", device->product_type, device->hardware_model, device->chip_id, device->board_id);
switch (action) {
case kResetDevice:
irecv_reset(client);
break;
case kSendFile:
irecv_event_subscribe(client, IRECV_PROGRESS, &progress_cb, NULL);
error = irecv_send_file(client, argument, 1);
debug("%s\n", irecv_strerror(error));
break;
case kSendCommand:
error = irecv_send_command(client, argument);
debug("%s\n", irecv_strerror(error));
break;
case kSendExploit:
if (argument != NULL) {
irecv_event_subscribe(client, IRECV_PROGRESS, &progress_cb, NULL);
error = irecv_send_file(client, argument, 0);
if (error != IRECV_E_SUCCESS) {
debug("%s\n", irecv_strerror(error));
break;
}
}
error = irecv_trigger_limera1n_exploit(client);
debug("%s\n", irecv_strerror(error));
break;
case kStartShell:
init_shell(client);
break;
case kSendScript:
buffer_read_from_filename(argument, &buffer, &buffer_length);
if (buffer) {
buffer[buffer_length] = '\0';
error = irecv_execute_script(client, buffer);
if(error != IRECV_E_SUCCESS) {
debug("%s\n", irecv_strerror(error));
}
free(buffer);
} else {
fprintf(stderr, "Could not read file '%s'\n", argument);
}
break;
case kShowMode:
irecv_get_mode(client, &mode);
printf("%s Mode\n", mode_to_str(mode));
break;
case kRebootToNormalMode:
error = irecv_setenv(client, "auto-boot", "true");
if (error != IRECV_E_SUCCESS) {
debug("%s\n", irecv_strerror(error));
break;
}
error = irecv_saveenv(client);
if (error != IRECV_E_SUCCESS) {
debug("%s\n", irecv_strerror(error));
break;
}
error = irecv_reboot(client);
if (error != IRECV_E_SUCCESS) {
debug("%s\n", irecv_strerror(error));
} else {
debug("%s\n", irecv_strerror(error));
}
break;
default:
fprintf(stderr, "Unknown action\n");
break;
}
irecv_close(client);
return 0;
}
int main(int argc, char* argv[])
{
irecv_error_t error;
unsigned int cpid;
int can_ra1n = 0;
printf("Loadibec " LOADIBEC_VERSION COMMIT_STRING ".\n");
if(argc != 2)
{
printf("Usage: %s <file>\n"
"\tLoads a file to an iDevice in recovery mode and jumps to it.\n", argv[0]);
return 0;
}
irecv_init();
printf("Connecting to iDevice...\n");
error = irecv_open_attempts(&g_syringe_client, 10);
if(error != IRECV_E_SUCCESS)
{
fprintf(stderr, "Failed to connect to iBoot, error %d.\n", error);
return -error;
}
if(irecv_get_cpid(g_syringe_client, &cpid) == IRECV_E_SUCCESS)
{
if(cpid > 8900)
can_ra1n = 1;
}
if(g_syringe_client->mode == kDfuMode && can_ra1n)
{
int ret;
printf("linera1n compatible device detected, injecting limera1n.\n");
irecv_close(&g_syringe_client);
irecv_exit();
pois0n_init();
ret = pois0n_is_ready();
if(ret < 0)
return ret;
ret = pois0n_is_compatible();
if(ret < 0)
return ret;
pois0n_inject();
irecv_close(&g_syringe_client);
g_syringe_client = NULL;
printf("limera1ned, reconnecting...\n");
g_syringe_client = irecv_reconnect(g_syringe_client, 10);
if(!g_syringe_client)
{
fprintf(stderr, "Failed to reconnect.\n");
return 4;
}
}
else
can_ra1n = 0;
printf("Starting transfer of '%s'.\n", argv[1]);
irecv_event_subscribe(g_syringe_client, IRECV_PROGRESS, &progress_cb, NULL);
error = irecv_send_file(g_syringe_client, argv[1], 0);
if(error != IRECV_E_SUCCESS)
{
fprintf(stderr, "Failed to upload '%s', error %d.\n", argv[1], error);
return 2;
}
error = irecv_send_command(g_syringe_client, "go");
if(error != IRECV_E_SUCCESS)
{
fprintf(stderr, "Failed to jump to uploaded file, error %d.\n", error);
return 3;
}
irecv_send_command(g_syringe_client, "go jump 0x41000000");
printf("Uploaded Successfully.\n");
irecv_exit();
return 0;
}
