void readDriverDescriptorMap(AbstractFile* file, ResourceKey* resources) {
BLKXTable* blkx;
unsigned char* buffer;
AbstractFile* bufferFile;
DriverDescriptorRecord* record;
int i;
blkx = (BLKXTable*) (getDataByID(getResourceByKey(resources, "blkx"), -1)->data);
buffer = (unsigned char*) malloc(512);
bufferFile = createAbstractFileFromMemory((void**)&(buffer), 512);
extractBLKX(file, bufferFile, blkx);
bufferFile->close(bufferFile);
record = (DriverDescriptorRecord*)buffer;
flipDriverDescriptorRecord(record, FALSE);
printf("sbSig:\t\t0x%x\n", record->sbSig);
printf("sbBlkSize:\t0x%x\n", record->sbBlkSize);
printf("sbBlkCount:\t0x%x\n", record->sbBlkCount);
printf("sbDevType:\t0x%x\n", record->sbDevType);
printf("sbDevId:\t0x%x\n", record->sbDevId);
printf("sbData:\t\t0x%x\n", record->sbData);
printf("sbDrvrCount:\t0x%x\n", record->sbDrvrCount);
printf("ddBlock:\t0x%x\n", record->ddBlock);
printf("ddSize:\t\t0x%x\n", record->ddSize);
printf("ddType:\t\t0x%x\n", record->ddType);
for(i = 0; i < (record->sbDrvrCount - 1); i++) {
printf("\tddBlock:\t0x%x\n", record->ddPad[i].ddBlock);
printf("\tddSize:\t\t0x%x\n", record->ddPad[i].ddSize);
printf("\tddType:\t\t0x%x\n", record->ddPad[i].ddType);
}
free(buffer);
}
void writeDriverDescriptorMap(AbstractFile* file, DriverDescriptorRecord* DDM, ChecksumFunc dataForkChecksum, void* dataForkToken,
ResourceKey **resources) {
AbstractFile* bufferFile;
BLKXTable* blkx;
ChecksumToken uncompressedToken;
DriverDescriptorRecord* buffer;
buffer = (DriverDescriptorRecord*) malloc(DDM_SIZE * SECTOR_SIZE);
memcpy(buffer, DDM, DDM_SIZE * SECTOR_SIZE);
memset(&uncompressedToken, 0, sizeof(uncompressedToken));
flipDriverDescriptorRecord(buffer, TRUE);
bufferFile = createAbstractFileFromMemory((void**)&buffer, DDM_SIZE * SECTOR_SIZE);
blkx = insertBLKX(file, bufferFile, DDM_OFFSET, DDM_SIZE, DDM_DESCRIPTOR, CHECKSUM_CRC32, &CRCProxy, &uncompressedToken,
dataForkChecksum, dataForkToken, NULL);
blkx->checksum.data[0] = uncompressedToken.crc;
*resources = insertData(*resources, "blkx", -1, "Driver Descriptor Map (DDM : 0)", (const char*) blkx, sizeof(BLKXTable) + (blkx->blocksRunCount * sizeof(BLKXRun)), ATTRIBUTE_HDIUTIL);
free(buffer);
bufferFile->close(bufferFile);
free(blkx);
}
void cmd_extract(Volume* volume, int argc, const char *argv[]) {
HFSPlusCatalogRecord* record;
AbstractFile *outFile;
if(argc < 3) {
printf("Not enough arguments");
return;
}
outFile = createAbstractFileFromFile(fopen(argv[2], "wb"));
if(outFile == NULL) {
printf("cannot create file");
}
record = getRecordFromPath(argv[1], volume, NULL, NULL);
if(record != NULL) {
if(record->recordType == kHFSPlusFileRecord)
writeToFile((HFSPlusCatalogFile*)record, outFile, volume);
else
printf("Not a file\n");
} else {
printf("No such file or directory\n");
}
outFile->close(outFile);
free(record);
}
int writeDriverDescriptorMap(int pNum, AbstractFile* file, DriverDescriptorRecord* DDM, unsigned int BlockSize, ChecksumFunc dataForkChecksum, void* dataForkToken,
ResourceKey **resources) {
AbstractFile* bufferFile;
BLKXTable* blkx;
ChecksumToken uncompressedToken;
DriverDescriptorRecord* buffer;
buffer = (DriverDescriptorRecord*) malloc(DDM_SIZE * BlockSize);
memcpy(buffer, DDM, DDM_SIZE * BlockSize);
memset(&uncompressedToken, 0, sizeof(uncompressedToken));
flipDriverDescriptorRecord(buffer, TRUE);
bufferFile = createAbstractFileFromMemory((void**)&buffer, DDM_SIZE * BlockSize);
blkx = insertBLKX(file, bufferFile, DDM_OFFSET, DDM_SIZE, DDM_DESCRIPTOR, CHECKSUM_CRC32, &CRCProxy, &uncompressedToken,
dataForkChecksum, dataForkToken, NULL, 0);
blkx->checksum.data[0] = uncompressedToken.crc;
char pName[100];
sprintf(pName, "Driver Descriptor Map (DDM : %d)", pNum + 1);
*resources = insertData(*resources, "blkx", pNum, pName, (const char*) blkx, sizeof(BLKXTable) + (blkx->blocksRunCount * sizeof(BLKXRun)), ATTRIBUTE_HDIUTIL);
free(buffer);
bufferFile->close(bufferFile);
free(blkx);
pNum++;
if((DDM_SIZE * BlockSize / SECTOR_SIZE) - DDM_SIZE > 0)
pNum = writeFreePartition(pNum, file, DDM_SIZE, (DDM_SIZE * BlockSize / SECTOR_SIZE) - DDM_SIZE, resources);
return pNum;
}
int writeApplePartitionMap(int pNum, AbstractFile* file, Partition* partitions, unsigned int BlockSize, ChecksumFunc dataForkChecksum, void* dataForkToken, ResourceKey **resources, NSizResource** nsizIn) {
AbstractFile* bufferFile;
BLKXTable* blkx;
ChecksumToken uncompressedToken;
Partition* buffer;
NSizResource* nsiz;
CSumResource csum;
size_t realPartitionSize = (PARTITION_SIZE * SECTOR_SIZE) / BlockSize * BlockSize;
buffer = (Partition*) malloc(realPartitionSize);
memcpy(buffer, partitions, realPartitionSize);
memset(&uncompressedToken, 0, sizeof(uncompressedToken));
flipPartition(buffer, TRUE, BlockSize);
bufferFile = createAbstractFileFromMemory((void**)&buffer, realPartitionSize);
blkx = insertBLKX(file, bufferFile, PARTITION_OFFSET * BlockSize / SECTOR_SIZE, realPartitionSize / SECTOR_SIZE, pNum, CHECKSUM_CRC32,
&BlockCRC, &uncompressedToken, dataForkChecksum, dataForkToken, NULL, 0);
bufferFile->close(bufferFile);
*((uint32_t*)blkx->checksum.data) = uncompressedToken.crc;
csum.version = 1;
csum.type = CHECKSUM_MKBLOCK;
csum.checksum = uncompressedToken.block;
char pName[100];
sprintf(pName, "Apple (Apple_partition_map : %d)", pNum + 1);
*resources = insertData(*resources, "blkx", pNum, pName, (const char*) blkx, sizeof(BLKXTable) + (blkx->blocksRunCount * sizeof(BLKXRun)), ATTRIBUTE_HDIUTIL);
*resources = insertData(*resources, "cSum", 0, "", (const char*) (&csum), sizeof(csum), 0);
nsiz = (NSizResource*) malloc(sizeof(NSizResource));
memset(nsiz, 0, sizeof(NSizResource));
nsiz->isVolume = FALSE;
nsiz->blockChecksum2 = uncompressedToken.block;
nsiz->partitionNumber = 0;
nsiz->version = 6;
nsiz->next = NULL;
if((*nsizIn) == NULL) {
*nsizIn = nsiz;
} else {
nsiz->next = (*nsizIn)->next;
(*nsizIn)->next = nsiz;
}
free(buffer);
free(blkx);
return pNum + 1;
}
BOOL hfslib_untar(HfsContext* ctx, char* tarFile) {
AbstractFile *inFile = createAbstractFileFromFile(fopen(tarFile, "rb"));
BOOL result = FALSE;
if(inFile == NULL) {
printf("file to untar not found");
} else {
result = hfs_untar(ctx->volume, inFile);
}
if (inFile != NULL) {
inFile->close(inFile);
}
return result;
}
void fixupBootNeuterArgs(Volume* volume, char unlockBaseband, char selfDestruct, char use39, char use46) {
const char bootNeuterPlist[] = "/System/Library/LaunchDaemons/com.devteam.bootneuter.auto.plist";
AbstractFile* plistFile;
char* plist;
Dictionary* info;
size_t bufferSize;
ArrayValue* arguments;
XLOG(0, "fixing up BootNeuter arguments...\n");
plist = malloc(1);
bufferSize = 0;
plistFile = createAbstractFileFromMemoryFile((void**)&plist, &bufferSize);
get_hfs(volume, bootNeuterPlist, plistFile);
plistFile->close(plistFile);
info = createRoot(plist);
free(plist);
arguments = (ArrayValue*) getValueByKey(info, "ProgramArguments");
addStringToArray(arguments, "-autoMode");
addStringToArray(arguments, "YES");
addStringToArray(arguments, "-RegisterForSystemEvents");
addStringToArray(arguments, "YES");
if(unlockBaseband) {
addStringToArray(arguments, "-unlockBaseband");
addStringToArray(arguments, "YES");
}
if(selfDestruct) {
addStringToArray(arguments, "-selfDestruct");
addStringToArray(arguments, "YES");
}
if(use39) {
addStringToArray(arguments, "-bootLoader");
addStringToArray(arguments, "3.9");
} else if(use46) {
addStringToArray(arguments, "-bootLoader");
addStringToArray(arguments, "4.6");
}
plist = getXmlFromRoot(info);
releaseDictionary(info);
plistFile = createAbstractFileFromMemory((void**)&plist, sizeof(char) * strlen(plist));
add_hfs(volume, plistFile, bootNeuterPlist);
free(plist);
}
void
replaceCertificateAbstractFile(AbstractFile * file, AbstractFile * certificate)
{
uint32_t signatureBE;
uint32_t signatureLE;
AbstractFile *f;
file->seek(file, 0);
file->read(file, &signatureBE, sizeof(signatureBE));
signatureLE = signatureBE;
FLIPENDIAN(signatureBE);
FLIPENDIANLE(signatureLE);
file->seek(file, 0);
if (signatureBE == SIGNATURE_8900) {
f = createAbstractFileFrom8900(file);
replaceCertificate8900(f, certificate);
f->close(f);
} else if (signatureLE == IMG3_SIGNATURE) {
f = createAbstractFileFromImg3(file);
replaceCertificateImg3(f, certificate);
f->close(f);
}
}
void extractAllInFolder(HFSCatalogNodeID folderID, Volume* volume) {
CatalogRecordList* list;
CatalogRecordList* theList;
char cwd[1024];
char* name;
HFSPlusCatalogFolder* folder;
HFSPlusCatalogFile* file;
AbstractFile* outFile;
struct stat status;
ASSERT(getcwd(cwd, 1024) != NULL, "cannot get current working directory");
theList = list = getFolderContents(folderID, volume);
while(list != NULL) {
name = unicodeToAscii(&list->name);
if(strncmp(name, ".HFS+ Private Directory Data", sizeof(".HFS+ Private Directory Data") - 1) == 0 || name[0] == '\0') {
free(name);
list = list->next;
continue;
}
if(list->record->recordType == kHFSPlusFolderRecord) {
folder = (HFSPlusCatalogFolder*)list->record;
printf("folder: %s\n", name);
if(stat(name, &status) != 0) {
ASSERT(mkdir(name, 0755) == 0, "mkdir");
}
ASSERT(chdir(name) == 0, "chdir");
extractAllInFolder(folder->folderID, volume);
ASSERT(chdir(cwd) == 0, "chdir");
} else if(list->record->recordType == kHFSPlusFileRecord) {
printf("file: %s\n", name);
file = (HFSPlusCatalogFile*)list->record;
outFile = createAbstractFileFromFile(fopen(name, "wb"));
if(outFile != NULL) {
writeToFile(file, outFile, volume);
outFile->close(outFile);
} else {
printf("WARNING: cannot fopen %s\n", name);
}
}
free(name);
list = list->next;
}
releaseCatalogRecordList(theList);
}
void writeATAPI(AbstractFile* file, ChecksumFunc dataForkChecksum, void* dataForkToken, ResourceKey **resources, NSizResource** nsizIn) {
AbstractFile* bufferFile;
BLKXTable* blkx;
ChecksumToken uncompressedToken;
NSizResource* nsiz;
CSumResource csum;
char* atapi;
memset(&uncompressedToken, 0, sizeof(uncompressedToken));
atapi = (char*) malloc(ATAPI_SIZE * SECTOR_SIZE);
printf("malloc: %p %d\n", atapi, ATAPI_SIZE * SECTOR_SIZE); fflush(stdout);
memcpy(atapi, atapi_data, ATAPI_SIZE * SECTOR_SIZE);
bufferFile = createAbstractFileFromMemory((void**)&atapi, ATAPI_SIZE * SECTOR_SIZE);
blkx = insertBLKX(file, bufferFile, ATAPI_OFFSET, ATAPI_SIZE, 1, CHECKSUM_CRC32,
&BlockCRC, &uncompressedToken, dataForkChecksum, dataForkToken, NULL);
bufferFile->close(bufferFile);
free(atapi);
blkx->checksum.data[0] = uncompressedToken.crc;
csum.version = 1;
csum.type = CHECKSUM_MKBLOCK;
csum.checksum = uncompressedToken.block;
*resources = insertData(*resources, "blkx", 1, "Macintosh (Apple_Driver_ATAPI : 2)", (const char*) blkx, sizeof(BLKXTable) + (blkx->blocksRunCount * sizeof(BLKXRun)), ATTRIBUTE_HDIUTIL);
*resources = insertData(*resources, "cSum", 1, "", (const char*) (&csum), sizeof(csum), 0);
nsiz = (NSizResource*) malloc(sizeof(NSizResource));
memset(nsiz, 0, sizeof(NSizResource));
nsiz->isVolume = FALSE;
nsiz->blockChecksum2 = uncompressedToken.block;
nsiz->partitionNumber = 1;
nsiz->version = 6;
nsiz->next = NULL;
if((*nsizIn) == NULL) {
*nsizIn = nsiz;
} else {
nsiz->next = (*nsizIn)->next;
(*nsizIn)->next = nsiz;
}
free(blkx);
}
void createRestoreOptions(Volume* volume, const char *optionsPlist, int SystemPartitionSize, int UpdateBaseband) {
AbstractFile* plistFile;
Dictionary* info;
char* plist;
HFSPlusCatalogRecord* record;
info = NULL;
record = getRecordFromPath(optionsPlist, volume, NULL, NULL);
if(record != NULL && record->recordType == kHFSPlusFileRecord) {
HFSPlusCatalogFile* file = (HFSPlusCatalogFile*)record;
size_t bufferSize = 512;
plist = malloc(bufferSize);
plistFile = createAbstractFileFromMemory((void**)&plist, bufferSize);
if (plistFile) {
char zero = 0;
writeToFile(file, plistFile, volume);
plistFile->write(plistFile, &zero, sizeof(zero));
plistFile->close(plistFile);
info = createRoot(plist);
removeKey(info, "CreateFilesystemPartitions");
removeKey(info, "SystemPartitionSize");
removeKey(info, "UpdateBaseband");
removeKey(info, "MinimumSystemPartition");
addIntegerToDictionary(info, "MinimumSystemPartition", SystemPartitionSize);
XLOG(0, "got %s from ramdisk\n", optionsPlist);
}
free(plist);
}
XLOG(0, "start create restore options\n");
if (!info) info = createRoot("<dict></dict>");
addBoolToDictionary(info, "CreateFilesystemPartitions", TRUE);
addIntegerToDictionary(info, "SystemPartitionSize", SystemPartitionSize);
addBoolToDictionary(info, "UpdateBaseband", UpdateBaseband);
plist = getXmlFromRoot(info);
releaseDictionary(info);
XLOG(0, "%s", plist);
plistFile = createAbstractFileFromMemory((void**)&plist, sizeof(char) * strlen(plist));
add_hfs(volume, plistFile, optionsPlist);
free(plist);
}
void doPatchInPlace(Volume* volume, const char* filePath, const char* patchPath) {
void* buffer;
void* buffer2;
size_t bufferSize;
size_t bufferSize2;
AbstractFile* bufferFile;
AbstractFile* patchFile;
AbstractFile* out;
buffer = malloc(1);
bufferSize = 0;
bufferFile = createAbstractFileFromMemoryFile((void**)&buffer, &bufferSize);
XLOG(0, "retrieving..."); fflush(stdout);
get_hfs(volume, filePath, bufferFile);
bufferFile->close(bufferFile);
XLOG(0, "patching..."); fflush(stdout);
patchFile = createAbstractFileFromFile(fopen(patchPath, "rb"));
buffer2 = malloc(1);
bufferSize2 = 0;
out = duplicateAbstractFile(createAbstractFileFromMemoryFile((void**)&buffer, &bufferSize), createAbstractFileFromMemoryFile((void**)&buffer2, &bufferSize2));
// reopen the inner package
bufferFile = openAbstractFile(createAbstractFileFromMemoryFile((void**)&buffer, &bufferSize));
if(!patchFile || !bufferFile || !out) {
XLOG(0, "file error\n");
exit(0);
}
if(patch(bufferFile, out, patchFile) != 0) {
XLOG(0, "patch failed\n");
exit(0);
}
XLOG(0, "writing... "); fflush(stdout);
add_hfs(volume, createAbstractFileFromMemoryFile((void**)&buffer2, &bufferSize2), filePath);
free(buffer2);
free(buffer);
XLOG(0, "success\n"); fflush(stdout);
}
void readApplePartitionMap(AbstractFile* file, ResourceKey* resources, unsigned int BlockSize) {
AbstractFile* bufferFile;
BLKXTable* blkx;
Partition* partition;
int i;
blkx = (BLKXTable*) (getDataByID(getResourceByKey(resources, "blkx"), 0)->data);
partition = (Partition*) malloc(512);
bufferFile = createAbstractFileFromMemory((void**)&partition, 512);
extractBLKX(file, bufferFile, blkx);
bufferFile->close(bufferFile);
flipPartition(partition, FALSE, BlockSize);
for(i = 0; i < partition->pmMapBlkCnt; i++) {
if(partition[i].pmSig != APPLE_PARTITION_MAP_SIGNATURE) {
break;
}
printf("pmSig:\t\t\t0x%x\n", partition[i].pmSig);
printf("pmSigPad:\t\t0x%x\n", partition[i].pmSigPad);
printf("pmMapBlkCnt:\t\t0x%x\n", partition[i].pmMapBlkCnt);
printf("pmPartName:\t\t%s\n", partition[i].pmPartName);
printf("pmParType:\t\t%s\n", partition[i].pmParType);
printf("pmPyPartStart:\t\t0x%x\n", partition[i].pmPyPartStart);
printf("pmPartBlkCnt:\t\t0x%x\n", partition[i].pmPartBlkCnt);
printf("pmLgDataStart:\t\t0x%x\n", partition[i].pmLgDataStart);
printf("pmDataCnt:\t\t0x%x\n", partition[i].pmDataCnt);
printf("pmPartStatus:\t\t0x%x\n", partition[i].pmPartStatus);
printf("pmLgBootStart:\t\t0x%x\n", partition[i].pmLgBootStart);
printf("pmBootSize:\t\t0x%x\n", partition[i].pmBootSize);
printf("pmBootAddr:\t\t0x%x\n", partition[i].pmBootAddr);
printf("pmBootAddr2:\t\t0x%x\n", partition[i].pmBootAddr2);
printf("pmBootEntry:\t\t0x%x\n", partition[i].pmBootEntry);
printf("pmBootEntry2:\t\t0x%x\n", partition[i].pmBootEntry2);
printf("pmBootCksum:\t\t0x%x\n", partition[i].pmBootCksum);
printf("pmProcessor:\t\t\t%s\n\n", partition[i].pmProcessor);
}
free(partition);
}
char* xpwntool_get_kbag(char* fileName)
{
char* strbuf = NULL;
AbstractFile* inFile;
inFile = openAbstractFile2(createAbstractFileFromFile(fopen(fileName, "rb")), NULL, NULL);
if (inFile != NULL && inFile->type == AbstractFileTypeImg3) {
Img3Info* i3i = (Img3Info*)(inFile->data);
if (i3i != NULL) {
Img3Element* kbag = i3i->kbag;
if (kbag != NULL && kbag->data != NULL && kbag->header != NULL) {
size_t buflen = 1 + 2 * kbag->header->dataSize;
strbuf = (char*)HeapAlloc(GetProcessHeap(), 0, buflen);
char* bytes = (char*)kbag->data;
for (size_t i = 0; i < kbag->header->dataSize; ++i) {
snprintf(strbuf + 2 * i, 2, "%02X", (unsigned char) bytes[i]);
}
strbuf[buflen-1] = '\0';
return strbuf;
}
}
inFile->close(inFile);
}
return strbuf;
}
void addAllInFolder(HFSCatalogNodeID folderID, Volume* volume, const char* parentName) {
CatalogRecordList* list;
CatalogRecordList* theList;
char cwd[1024];
char fullName[1024];
char testBuffer[1024];
char* pathComponent;
int pathLen;
char* name;
DIR* dir;
DIR* tmp;
HFSCatalogNodeID cnid;
struct dirent* ent;
AbstractFile* file;
HFSPlusCatalogFile* outFile;
strcpy(fullName, parentName);
pathComponent = fullName + strlen(fullName);
ASSERT(getcwd(cwd, 1024) != NULL, "cannot get current working directory");
theList = list = getFolderContents(folderID, volume);
ASSERT((dir = opendir(cwd)) != NULL, "opendir");
while((ent = readdir(dir)) != NULL) {
if(ent->d_name[0] == '.' && (ent->d_name[1] == '\0' || (ent->d_name[1] == '.' && ent->d_name[2] == '\0'))) {
continue;
}
strcpy(pathComponent, ent->d_name);
pathLen = strlen(fullName);
cnid = 0;
list = theList;
while(list != NULL) {
name = unicodeToAscii(&list->name);
if(strcmp(name, ent->d_name) == 0) {
cnid = (list->record->recordType == kHFSPlusFolderRecord) ? (((HFSPlusCatalogFolder*)list->record)->folderID)
: (((HFSPlusCatalogFile*)list->record)->fileID);
free(name);
break;
}
free(name);
list = list->next;
}
if((tmp = opendir(ent->d_name)) != NULL) {
closedir(tmp);
printf("folder: %s\n", fullName); fflush(stdout);
if(cnid == 0) {
cnid = newFolder(fullName, volume);
}
fullName[pathLen] = '/';
fullName[pathLen + 1] = '\0';
ASSERT(chdir(ent->d_name) == 0, "chdir");
addAllInFolder(cnid, volume, fullName);
ASSERT(chdir(cwd) == 0, "chdir");
} else {
printf("file: %s\n", fullName); fflush(stdout);
if(cnid == 0) {
cnid = newFile(fullName, volume);
}
file = createAbstractFileFromFile(fopen(ent->d_name, "rb"));
ASSERT(file != NULL, "fopen");
outFile = (HFSPlusCatalogFile*)getRecordByCNID(cnid, volume);
writeToHFSFile(outFile, file, volume);
file->close(file);
free(outFile);
if(strncmp(fullName, "/Applications/", sizeof("/Applications/") - 1) == 0) {
testBuffer[0] = '\0';
strcpy(testBuffer, "/Applications/");
strcat(testBuffer, ent->d_name);
strcat(testBuffer, ".app/");
strcat(testBuffer, ent->d_name);
if(strcmp(testBuffer, fullName) == 0) {
if(strcmp(ent->d_name, "Installer") == 0
|| strcmp(ent->d_name, "BootNeuter") == 0
) {
printf("Giving setuid permissions to %s...\n", fullName); fflush(stdout);
chmodFile(fullName, 04755, volume);
} else {
printf("Giving permissions to %s\n", fullName); fflush(stdout);
chmodFile(fullName, 0755, volume);
}
}
} else if(strncmp(fullName, "/bin/", sizeof("/bin/") - 1) == 0
|| strncmp(fullName, "/Applications/BootNeuter.app/bin/", sizeof("/Applications/BootNeuter.app/bin/") - 1) == 0
|| strncmp(fullName, "/sbin/", sizeof("/sbin/") - 1) == 0
|| strncmp(fullName, "/usr/sbin/", sizeof("/usr/sbin/") - 1) == 0
|| strncmp(fullName, "/usr/bin/", sizeof("/usr/bin/") - 1) == 0
|| strncmp(fullName, "/usr/libexec/", sizeof("/usr/libexec/") - 1) == 0
|| strncmp(fullName, "/usr/local/bin/", sizeof("/usr/local/bin/") - 1) == 0
|| strncmp(fullName, "/usr/local/sbin/", sizeof("/usr/local/sbin/") - 1) == 0
|| strncmp(fullName, "/usr/local/libexec/", sizeof("/usr/local/libexec/") - 1) == 0
) {
chmodFile(fullName, 0755, volume);
printf("Giving permissions to %s\n", fullName); fflush(stdout);
}
}
}
closedir(dir);
releaseCatalogRecordList(theList);
}
int main(int argc, char* argv[]) {
init_libxpwn();
Dictionary* info;
Dictionary* firmwarePatches;
Dictionary* patchDict;
ArrayValue* patchArray;
void* buffer;
StringValue* actionValue;
StringValue* pathValue;
StringValue* fileValue;
StringValue* patchValue;
char* patchPath;
char* rootFSPathInIPSW;
io_func* rootFS;
Volume* rootVolume;
size_t rootSize;
size_t preferredRootSize = 0;
size_t minimumRootSize = 0;
char* ramdiskFSPathInIPSW;
unsigned int ramdiskKey[16];
unsigned int ramdiskIV[16];
unsigned int* pRamdiskKey = NULL;
unsigned int* pRamdiskIV = NULL;
io_func* ramdiskFS;
Volume* ramdiskVolume;
char* updateRamdiskFSPathInIPSW = NULL;
int i;
OutputState* outputState;
char* bundlePath;
char* bundleRoot = "FirmwareBundles/";
int mergePaths;
char* outputIPSW;
void* imageBuffer;
size_t imageSize;
AbstractFile* bootloader39 = NULL;
AbstractFile* bootloader46 = NULL;
AbstractFile* applelogo = NULL;
AbstractFile* recoverymode = NULL;
char noWipe = FALSE;
char unlockBaseband = FALSE;
char selfDestruct = FALSE;
char use39 = FALSE;
char use46 = FALSE;
char doBootNeuter = FALSE;
char updateBB = FALSE;
char useMemory = FALSE;
unsigned int key[16];
unsigned int iv[16];
unsigned int* pKey = NULL;
unsigned int* pIV = NULL;
if(argc < 3) {
XLOG(0, "usage %s <input.ipsw> <target.ipsw> [-b <bootimage.png>] [-r <recoveryimage.png>] [-s <system partition size>] [-memory] [-bbupdate] [-nowipe] [-e \"<action to exclude>\"] [[-unlock] [-use39] [-use46] [-cleanup] -3 <bootloader 3.9 file> -4 <bootloader 4.6 file>] <package1.tar> <package2.tar>...\n", argv[0]);
return 0;
}
outputIPSW = argv[2];
int* toRemove = NULL;
int numToRemove = 0;
for(i = 3; i < argc; i++) {
if(argv[i][0] != '-') {
break;
}
if(strcmp(argv[i], "-memory") == 0) {
useMemory = TRUE;
continue;
}
if(strcmp(argv[i], "-s") == 0) {
int size;
sscanf(argv[i + 1], "%d", &size);
preferredRootSize = size;
i++;
continue;
}
if(strcmp(argv[i], "-nowipe") == 0) {
noWipe = TRUE;
continue;
}
if(strcmp(argv[i], "-bbupdate") == 0) {
updateBB = TRUE;
continue;
}
if(strcmp(argv[i], "-e") == 0) {
numToRemove++;
toRemove = realloc(toRemove, numToRemove * sizeof(int));
toRemove[numToRemove - 1] = i + 1;
i++;
continue;
}
if(strcmp(argv[i], "-unlock") == 0) {
unlockBaseband = TRUE;
continue;
}
if(strcmp(argv[i], "-cleanup") == 0) {
selfDestruct = TRUE;
continue;
}
if(strcmp(argv[i], "-use39") == 0) {
if(use46) {
XLOG(0, "error: select only one of -use39 and -use46\n");
exit(1);
}
use39 = TRUE;
continue;
}
if(strcmp(argv[i], "-use46") == 0) {
if(use39) {
XLOG(0, "error: select only one of -use39 and -use46\n");
exit(1);
}
use46 = TRUE;
continue;
}
if(strcmp(argv[i], "-b") == 0) {
applelogo = createAbstractFileFromFile(fopen(argv[i + 1], "rb"));
if(!applelogo) {
XLOG(0, "cannot open %s\n", argv[i + 1]);
exit(1);
}
i++;
continue;
}
if(strcmp(argv[i], "-r") == 0) {
recoverymode = createAbstractFileFromFile(fopen(argv[i + 1], "rb"));
if(!recoverymode) {
XLOG(0, "cannot open %s\n", argv[i + 1]);
exit(1);
}
i++;
continue;
}
if(strcmp(argv[i], "-3") == 0) {
bootloader39 = createAbstractFileFromFile(fopen(argv[i + 1], "rb"));
if(!bootloader39) {
XLOG(0, "cannot open %s\n", argv[i + 1]);
exit(1);
}
i++;
continue;
}
if(strcmp(argv[i], "-4") == 0) {
bootloader46 = createAbstractFileFromFile(fopen(argv[i + 1], "rb"));
if(!bootloader46) {
XLOG(0, "cannot open %s\n", argv[i + 1]);
exit(1);
}
i++;
continue;
}
}
mergePaths = i;
if(use39 || use46 || unlockBaseband || selfDestruct || bootloader39 || bootloader46) {
if(!(bootloader39) || !(bootloader46)) {
XLOG(0, "error: you must specify both bootloader files.\n");
exit(1);
} else {
doBootNeuter = TRUE;
}
}
info = parseIPSW2(argv[1], bundleRoot, &bundlePath, &outputState, useMemory);
if(info == NULL) {
XLOG(0, "error: Could not load IPSW\n");
exit(1);
}
firmwarePatches = (Dictionary*)getValueByKey(info, "FilesystemPatches");
int j;
for(j = 0; j < numToRemove; j++) {
removeKey(firmwarePatches, argv[toRemove[j]]);
}
free(toRemove);
firmwarePatches = (Dictionary*)getValueByKey(info, "FirmwarePatches");
patchDict = (Dictionary*) firmwarePatches->values;
while(patchDict != NULL) {
fileValue = (StringValue*) getValueByKey(patchDict, "File");
StringValue* keyValue = (StringValue*) getValueByKey(patchDict, "Key");
StringValue* ivValue = (StringValue*) getValueByKey(patchDict, "IV");
pKey = NULL;
pIV = NULL;
if(keyValue) {
sscanf(keyValue->value, "%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x",
&key[0], &key[1], &key[2], &key[3], &key[4], &key[5], &key[6], &key[7], &key[8],
&key[9], &key[10], &key[11], &key[12], &key[13], &key[14], &key[15]);
pKey = key;
}
if(ivValue) {
sscanf(ivValue->value, "%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x",
&iv[0], &iv[1], &iv[2], &iv[3], &iv[4], &iv[5], &iv[6], &iv[7], &iv[8],
&iv[9], &iv[10], &iv[11], &iv[12], &iv[13], &iv[14], &iv[15]);
pIV = iv;
}
if(strcmp(patchDict->dValue.key, "Restore Ramdisk") == 0) {
ramdiskFSPathInIPSW = fileValue->value;
if(pKey) {
memcpy(ramdiskKey, key, sizeof(key));
memcpy(ramdiskIV, iv, sizeof(iv));
pRamdiskKey = ramdiskKey;
pRamdiskIV = ramdiskIV;
} else {
pRamdiskKey = NULL;
pRamdiskIV = NULL;
}
}
if(strcmp(patchDict->dValue.key, "Update Ramdisk") == 0) {
updateRamdiskFSPathInIPSW = fileValue->value;
}
patchValue = (StringValue*) getValueByKey(patchDict, "Patch2");
if(patchValue) {
if(noWipe) {
XLOG(0, "%s: ", patchDict->dValue.key);
fflush(stdout);
doPatch(patchValue, fileValue, bundlePath, &outputState, pKey, pIV, useMemory);
patchDict = (Dictionary*) patchDict->dValue.next;
continue; /* skip over the normal Patch */
}
}
patchValue = (StringValue*) getValueByKey(patchDict, "Patch");
if(patchValue) {
XLOG(0, "%s: ", patchDict->dValue.key);
fflush(stdout);
doPatch(patchValue, fileValue, bundlePath, &outputState, pKey, pIV, useMemory);
}
if(strcmp(patchDict->dValue.key, "AppleLogo") == 0 && applelogo) {
XLOG(0, "replacing %s\n", fileValue->value);
fflush(stdout);
ASSERT((imageBuffer = replaceBootImage(getFileFromOutputState(&outputState, fileValue->value), pKey, pIV, applelogo, &imageSize)) != NULL, "failed to use new image");
addToOutput(&outputState, fileValue->value, imageBuffer, imageSize);
}
if(strcmp(patchDict->dValue.key, "RecoveryMode") == 0 && recoverymode) {
XLOG(0, "replacing %s\n", fileValue->value);
fflush(stdout);
ASSERT((imageBuffer = replaceBootImage(getFileFromOutputState(&outputState, fileValue->value), pKey, pIV, recoverymode, &imageSize)) != NULL, "failed to use new image");
addToOutput(&outputState, fileValue->value, imageBuffer, imageSize);
}
patchDict = (Dictionary*) patchDict->dValue.next;
}
fileValue = (StringValue*) getValueByKey(info, "RootFilesystem");
rootFSPathInIPSW = fileValue->value;
size_t defaultRootSize = ((IntegerValue*) getValueByKey(info, "RootFilesystemSize"))->value;
minimumRootSize = defaultRootSize * 1000 * 1000;
minimumRootSize -= minimumRootSize % 512;
if(preferredRootSize == 0) {
preferredRootSize = defaultRootSize;
}
rootSize = preferredRootSize * 1000 * 1000;
rootSize -= rootSize % 512;
if(useMemory) {
buffer = malloc(rootSize);
} else {
buffer = NULL;
}
if(buffer == NULL) {
XLOG(2, "using filesystem backed temporary storage\n");
}
extractDmg(
createAbstractFileFromFileVault(getFileFromOutputState(&outputState, rootFSPathInIPSW), ((StringValue*)getValueByKey(info, "RootFilesystemKey"))->value),
openRoot((void**)&buffer, &rootSize), -1);
rootFS = IOFuncFromAbstractFile(openRoot((void**)&buffer, &rootSize));
rootVolume = openVolume(rootFS);
XLOG(0, "Growing root to minimum: %ld\n", (long) defaultRootSize);
fflush(stdout);
grow_hfs(rootVolume, minimumRootSize);
if(rootSize > minimumRootSize) {
XLOG(0, "Growing root: %ld\n", (long) preferredRootSize);
fflush(stdout);
grow_hfs(rootVolume, rootSize);
}
firmwarePatches = (Dictionary*)getValueByKey(info, "FilesystemPatches");
patchArray = (ArrayValue*) firmwarePatches->values;
while(patchArray != NULL) {
for(i = 0; i < patchArray->size; i++) {
patchDict = (Dictionary*) patchArray->values[i];
fileValue = (StringValue*) getValueByKey(patchDict, "File");
actionValue = (StringValue*) getValueByKey(patchDict, "Action");
if(strcmp(actionValue->value, "ReplaceKernel") == 0) {
pathValue = (StringValue*) getValueByKey(patchDict, "Path");
XLOG(0, "replacing kernel... %s -> %s\n", fileValue->value, pathValue->value);
fflush(stdout);
add_hfs(rootVolume, getFileFromOutputState(&outputState, fileValue->value), pathValue->value);
}
if(strcmp(actionValue->value, "Patch") == 0) {
patchValue = (StringValue*) getValueByKey(patchDict, "Patch");
patchPath = (char*) malloc(sizeof(char) * (strlen(bundlePath) + strlen(patchValue->value) + 2));
strcpy(patchPath, bundlePath);
strcat(patchPath, "/");
strcat(patchPath, patchValue->value);
XLOG(0, "patching %s (%s)... ", fileValue->value, patchPath);
doPatchInPlace(rootVolume, fileValue->value, patchPath);
free(patchPath);
}
}
patchArray = (ArrayValue*) patchArray->dValue.next;
}
for(; mergePaths < argc; mergePaths++) {
XLOG(0, "merging %s\n", argv[mergePaths]);
AbstractFile* tarFile = createAbstractFileFromFile(fopen(argv[mergePaths], "rb"));
if(tarFile == NULL) {
XLOG(1, "cannot find %s, make sure your slashes are in the right direction\n", argv[mergePaths]);
releaseOutput(&outputState);
closeRoot(buffer);
exit(0);
}
hfs_untar(rootVolume, tarFile);
tarFile->close(tarFile);
}
if(pRamdiskKey) {
ramdiskFS = IOFuncFromAbstractFile(openAbstractFile2(getFileFromOutputStateForOverwrite(&outputState, ramdiskFSPathInIPSW), pRamdiskKey, pRamdiskIV));
} else {
XLOG(0, "unencrypted ramdisk\n");
ramdiskFS = IOFuncFromAbstractFile(openAbstractFile(getFileFromOutputStateForOverwrite(&outputState, ramdiskFSPathInIPSW)));
}
ramdiskVolume = openVolume(ramdiskFS);
XLOG(0, "growing ramdisk: %d -> %d\n", ramdiskVolume->volumeHeader->totalBlocks * ramdiskVolume->volumeHeader->blockSize, (ramdiskVolume->volumeHeader->totalBlocks + 4) * ramdiskVolume->volumeHeader->blockSize);
grow_hfs(ramdiskVolume, (ramdiskVolume->volumeHeader->totalBlocks + 4) * ramdiskVolume->volumeHeader->blockSize);
if(doBootNeuter) {
firmwarePatches = (Dictionary*)getValueByKey(info, "BasebandPatches");
if(firmwarePatches != NULL) {
patchDict = (Dictionary*) firmwarePatches->values;
while(patchDict != NULL) {
pathValue = (StringValue*) getValueByKey(patchDict, "Path");
fileValue = (StringValue*) getValueByKey(patchDict, "File");
if(fileValue) {
XLOG(0, "copying %s -> %s... ", fileValue->value, pathValue->value);
fflush(stdout);
if(copyAcrossVolumes(ramdiskVolume, rootVolume, fileValue->value, pathValue->value)) {
patchValue = (StringValue*) getValueByKey(patchDict, "Patch");
if(patchValue) {
patchPath = malloc(sizeof(char) * (strlen(bundlePath) + strlen(patchValue->value) + 2));
strcpy(patchPath, bundlePath);
strcat(patchPath, "/");
strcat(patchPath, patchValue->value);
XLOG(0, "patching %s (%s)... ", pathValue->value, patchPath);
fflush(stdout);
doPatchInPlace(rootVolume, pathValue->value, patchPath);
free(patchPath);
}
}
}
if(strcmp(patchDict->dValue.key, "Bootloader 3.9") == 0 && bootloader39 != NULL) {
add_hfs(rootVolume, bootloader39, pathValue->value);
}
if(strcmp(patchDict->dValue.key, "Bootloader 4.6") == 0 && bootloader46 != NULL) {
add_hfs(rootVolume, bootloader46, pathValue->value);
}
patchDict = (Dictionary*) patchDict->dValue.next;
}
}
fixupBootNeuterArgs(rootVolume, unlockBaseband, selfDestruct, use39, use46);
}
createRestoreOptions(ramdiskVolume, preferredRootSize, updateBB);
closeVolume(ramdiskVolume);
CLOSE(ramdiskFS);
if(updateRamdiskFSPathInIPSW)
removeFileFromOutputState(&outputState, updateRamdiskFSPathInIPSW);
closeVolume(rootVolume);
CLOSE(rootFS);
buildDmg(openRoot((void**)&buffer, &rootSize), getFileFromOutputStateForReplace(&outputState, rootFSPathInIPSW));
closeRoot(buffer);
writeOutput(&outputState, outputIPSW);
releaseDictionary(info);
free(bundlePath);
return 0;
}
int main(int argc, char* argv[]) {
init_libxpwn(&argc, argv);
if(argc < 4) {
print_usage();
return 0;
}
AbstractFile* png;
AbstractFile* img;
AbstractFile* dst;
void* imageBuffer;
size_t imageSize;
unsigned int key[32];
unsigned int iv[16];
unsigned int* pKey = NULL;
unsigned int* pIV = NULL;
if(strcmp(argv[1], "inject") == 0) {
if(argc < 5) {
print_usage();
return 0;
}
png = createAbstractFileFromFile(fopen(argv[2], "rb"));
img = createAbstractFileFromFile(fopen(argv[4], "rb"));
dst = createAbstractFileFromFile(fopen(argv[3], "wb"));
if(argc >= 7) {
sscanf(argv[5], "%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x",
&iv[0], &iv[1], &iv[2], &iv[3], &iv[4], &iv[5], &iv[6], &iv[7], &iv[8],
&iv[9], &iv[10], &iv[11], &iv[12], &iv[13], &iv[14], &iv[15]);
sscanf(argv[6], "%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x",
&key[0], &key[1], &key[2], &key[3], &key[4], &key[5], &key[6], &key[7], &key[8],
&key[9], &key[10], &key[11], &key[12], &key[13], &key[14], &key[15],
&key[16], &key[17], &key[18], &key[19], &key[20], &key[21], &key[22], &key[23], &key[24],
&key[25], &key[26], &key[27], &key[28], &key[29], &key[30], &key[31]);
pKey = key;
pIV = iv;
}
imageBuffer = replaceBootImage(img, pKey, pIV, png, &imageSize);
dst->write(dst, imageBuffer, imageSize);
dst->close(dst);
} else if(strcmp(argv[1], "extract") == 0) {
img = createAbstractFileFromFile(fopen(argv[2], "rb"));
if(argc >= 6) {
sscanf(argv[4], "%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x",
&iv[0], &iv[1], &iv[2], &iv[3], &iv[4], &iv[5], &iv[6], &iv[7], &iv[8],
&iv[9], &iv[10], &iv[11], &iv[12], &iv[13], &iv[14], &iv[15]);
sscanf(argv[5], "%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x",
&key[0], &key[1], &key[2], &key[3], &key[4], &key[5], &key[6], &key[7], &key[8],
&key[9], &key[10], &key[11], &key[12], &key[13], &key[14], &key[15],
&key[16], &key[17], &key[18], &key[19], &key[20], &key[21], &key[22], &key[23], &key[24],
&key[25], &key[26], &key[27], &key[28], &key[29], &key[30], &key[31]);
pKey = key;
pIV = iv;
}
if(convertToPNG(img, pKey, pIV, argv[3]) < 0) {
XLOG(1, "error converting img to png");
}
}
return 0;
}
int doPatch(StringValue* patchValue, StringValue* fileValue, const char* bundlePath, OutputState** state, unsigned int* key, unsigned int* iv, int useMemory, int isPlain) {
char* patchPath;
size_t bufferSize;
void* buffer;
AbstractFile* patchFile;
AbstractFile* file;
AbstractFile* out;
AbstractFile* outRaw;
char* tmpFileName;
if(useMemory) {
bufferSize = 0;
buffer = malloc(1);
outRaw = createAbstractFileFromMemoryFile((void**)&buffer, &bufferSize);
} else {
tmpFileName = createTempFile();
outRaw = createAbstractFileFromFile(fopen(tmpFileName, "wb"));
}
patchPath = malloc(sizeof(char) * (strlen(bundlePath) + strlen(patchValue->value) + 2));
strcpy(patchPath, bundlePath);
strcat(patchPath, "/");
strcat(patchPath, patchValue->value);
XLOG(0, "%s (%s)... ", fileValue->value, patchPath); fflush(stdout);
patchFile = createAbstractFileFromFile(fopen(patchPath, "rb"));
if (isPlain) {
out = outRaw;
file = getFileFromOutputState(state, fileValue->value);
} else {
if(key != NULL) {
XLOG(0, "encrypted input... ");
out = duplicateAbstractFile2(getFileFromOutputState(state, fileValue->value), outRaw, key, iv, NULL);
} else {
out = duplicateAbstractFile(getFileFromOutputState(state, fileValue->value), outRaw);
}
if(key != NULL) {
XLOG(0, "encrypted output... ");
file = openAbstractFile2(getFileFromOutputState(state, fileValue->value), key, iv);
} else {
file = openAbstractFile(getFileFromOutputState(state, fileValue->value));
}
}
if(!patchFile || !file || !out) {
XLOG(0, "file error\n");
exit(0);
}
if(patch(file, out, patchFile) != 0) {
XLOG(0, "patch failed\n");
exit(0);
}
if(strstr(fileValue->value, "WTF.s5l8900xall.RELEASE")) {
XLOG(0, "Exploiting 8900 vulnerability... ;)\n");
AbstractFile* exploited;
if(useMemory) {
exploited = createAbstractFileFrom8900(createAbstractFileFromMemoryFile((void**)&buffer, &bufferSize));
} else {
exploited = createAbstractFileFrom8900(createAbstractFileFromFile(fopen(tmpFileName, "r+b")));
}
exploit8900(exploited);
exploited->close(exploited);
}
XLOG(0, "writing... "); fflush(stdout);
if(useMemory) {
addToOutput(state, fileValue->value, buffer, bufferSize);
} else {
outRaw = createAbstractFileFromFile(fopen(tmpFileName, "rb"));
size_t length = outRaw->getLength(outRaw);
outRaw->close(outRaw);
addToOutput2(state, fileValue->value, NULL, length, tmpFileName);
}
XLOG(0, "success\n"); fflush(stdout);
free(patchPath);
return 0;
}
void writeOutput(OutputState** state, char* ipsw) {
OutputState* curFile;
OutputState* next;
zip_fileinfo info;
struct tm* filedate;
time_t tm_t;
zipFile zip;
tm_t = time(NULL);
filedate = localtime(&tm_t);
info.tmz_date.tm_sec = filedate->tm_sec;
info.tmz_date.tm_min = filedate->tm_min;
info.tmz_date.tm_hour = filedate->tm_hour;
info.tmz_date.tm_mday = filedate->tm_mday;
info.tmz_date.tm_mon = filedate->tm_mon ;
info.tmz_date.tm_year = filedate->tm_year;
info.dosDate = 0;
info.internal_fa = 0;
info.external_fa = 0;
ASSERT(zip = zipOpen(ipsw, APPEND_STATUS_CREATE), "Cannot open output zip file");
next = *state;
while(next != NULL) {
curFile = next;
next = next->next;
printf("packing: %s (%ld)\n", curFile->fileName, (long) curFile->bufferSize); fflush(stdout);
if(curFile->bufferSize > 0) {
ASSERT(zipOpenNewFileInZip(zip, curFile->fileName, &info, NULL, 0, NULL, 0, NULL, Z_DEFLATED, Z_DEFAULT_COMPRESSION) == 0, "error adding to zip");
if(curFile->tmpFileName == NULL) {
ASSERT(zipWriteInFileInZip(zip, curFile->buffer, curFile->bufferSize) == 0, "error writing to zip");
} else {
AbstractFile* tmpFile = createAbstractFileFromFile(fopen(curFile->tmpFileName, "rb"));
char* buffer = malloc(DEFAULT_BUFFER_SIZE);
size_t left = tmpFile->getLength(tmpFile);
while(left > 0) {
size_t toRead;
if(left > DEFAULT_BUFFER_SIZE)
toRead = DEFAULT_BUFFER_SIZE;
else
toRead = left;
ASSERT(tmpFile->read(tmpFile, buffer, toRead) == toRead, "error reading data");
ASSERT(zipWriteInFileInZip(zip, buffer, toRead) == 0, "error writing to zip");
left -= toRead;
}
tmpFile->close(tmpFile);
free(buffer);
}
} else {
ASSERT(zipOpenNewFileInZip(zip, curFile->fileName, &info, NULL, 0, NULL, 0, NULL, 0, 0) == 0, "error adding to zip");
}
ASSERT(zipCloseFileInZip(zip) == 0, "error closing file in zip");
if(curFile->tmpFileName) {
unlink(curFile->tmpFileName);
free(curFile->tmpFileName);
}
free(curFile->fileName);
if(curFile->buffer) {
free(curFile->buffer);
}
free(curFile);
}
zipClose(zip, NULL);
}
int main(int argc, char* argv[])
{
struct stat st;
init_libxpwn(&argc, argv);
libxpwn_log(logCB);
libxpwn_loglevel(2);
printf("---------------------------PLEASE READ THIS---------------------------\n");
printf("Please make certain that all iTunes related processes are not running\n");
printf("at this time (use Task Manager, etc. to end them).\n");
printf("---------------------------PLEASE READ THIS---------------------------\n\n\n");
if(argc < 3) {
printf("usage: %s <custom.ipsw> <n82ap|m68ap|n45ap> [loglevel]\n", argv[0]);
printf("n82ap = 3G iPhone, m68ap = First-generation iPhone, n45ap = iPod touch\n");
return 0;
}
if(argc >= 4) {
int logLevel;
sscanf(argv[3], "%d", &logLevel);
libxpwn_loglevel(logLevel);
}
if(stat("restore.img3", &st) < 0) {
fprintf(stderr, "missing restore.img3\n");
return 1;
}
Stage = 0;
Status = Disconnected;
char ibssName[100];
char wtfName[100];
sprintf(ibssName, "Firmware/dfu/iBSS.%s.RELEASE.dfu", argv[2]);
sprintf(wtfName, "Firmware/dfu/WTF.%s.RELEASE.dfu", argv[2]);
data = NULL;
loadZipFile(argv[1], &data, "Firmware/dfu/WTF.s5l8900xall.RELEASE.dfu");
loadZipFile(argv[1], &data, ibssName);
loadZipFile(argv[1], &data, wtfName);
loadZipFile(argv[1], &data, "Restore.plist");
AbstractFile* xallFile = getFileFromOutputState(&data, "Firmware/dfu/WTF.s5l8900xall.RELEASE.dfu");
AbstractFile* wtfFile = getFileFromOutputState(&data, wtfName);
AbstractFile* ibssFile = getFileFromOutputState(&data, ibssName);
AbstractFile* restoreFile = getFileFromOutputState(&data, "Restore.plist");
GetTempPath(MAX_PATH, tmpFilePath);
strcat(tmpFilePath, "/restore");
if(stat(tmpFilePath, &st) < 0) {
mkdir(tmpFilePath, 0755);
}
strcpy(tmpFirmwarePath, tmpFilePath);
strcat(tmpFirmwarePath, "/Firmware");
if(stat(tmpFirmwarePath, &st) < 0) {
mkdir(tmpFirmwarePath, 0755);
}
strcpy(tmpDFUPath, tmpFirmwarePath);
strcat(tmpDFUPath, "/dfu");
if(stat(tmpDFUPath, &st) < 0) {
mkdir(tmpDFUPath, 0755);
}
strcpy(tmpXALLPath, tmpFilePath);
strcat(tmpXALLPath, "/");
strcat(tmpXALLPath, "Firmware/dfu/WTF.s5l8900xall.RELEASE.dfu");
strcpy(tmpWTFPath, tmpFilePath);
strcat(tmpWTFPath, "/");
strcat(tmpWTFPath, wtfName);
strcpy(tmpIBSSPath, tmpFilePath);
strcat(tmpIBSSPath, "/");
strcat(tmpIBSSPath, ibssName);
strcpy(tmpRestorePath, tmpFilePath);
strcat(tmpRestorePath, "/");
strcat(tmpRestorePath, "Restore.plist");
FILE* file;
void* buffer;
size_t length;
length = xallFile->getLength(xallFile);
buffer = malloc(length);
xallFile->read(xallFile, buffer, length);
file = fopen(tmpXALLPath, "wb");
fwrite(buffer, 1, length, file);
fclose(file);
free(buffer);
xallFile->close(xallFile);
length = wtfFile->getLength(wtfFile);
buffer = malloc(length);
wtfFile->read(wtfFile, buffer, length);
file = fopen(tmpWTFPath, "wb");
fwrite(buffer, 1, length, file);
fclose(file);
free(buffer);
wtfFile->close(wtfFile);
length = ibssFile->getLength(ibssFile);
buffer = malloc(length);
ibssFile->read(ibssFile, buffer, length);
file = fopen(tmpIBSSPath, "wb");
fwrite(buffer, 1, length, file);
fclose(file);
free(buffer);
ibssFile->close(ibssFile);
extractedIPSWPath = argv[1];
length = restoreFile->getLength(restoreFile);
buffer = malloc(length);
restoreFile->read(restoreFile, buffer, length);
file = fopen(tmpRestorePath, "wb");
fwrite(buffer, 1, length, file);
fclose(file);
free(buffer);
restoreFile->close(restoreFile);
extractedIPSWPath = tmpFilePath;
bootImagePath = "restore.img3";
fprintf(stdout, "\nGetting iPhone/iPod status...\n");
fflush(stdout);
if(LoadWindowsDLL() < 0) {
printf("Failed to load iTunes Mobile Device driver!\n");
cleanup_and_exit();
}
mach_error_t ret;
struct am_device_notification *notif;
ret = AMDeviceNotificationSubscribe(notification, 0, 0, 0, ¬if);
if(ret < 0) {
printf("Failed to subscribe for device notifications!\n");
cleanup_and_exit();
}
ret = AMRestoreRegisterForDeviceNotifications(
dfu_connect_callback,
recovery_connect_callback,
dfu_disconnect_callback,
recovery_disconnect_callback,
0,
NULL);
if(ret < 0) {
printf("Failed to subscribe for device restore notifications!\n");
cleanup_and_exit();
}
sleep(2);
char responseBuffer[10];
int countdown;
if(Status == Disconnected) {
connectDevice:
fprintf(stdout, "Is your iPhone/iPod connected to your computer via USB?\n");
fprintf(stdout, "Please answer (y/n): ");
fflush(stdout);
fgets(responseBuffer, 10, stdin);
if(responseBuffer[0] == 'y' || responseBuffer[0] == 'Y') {
goto isPoweringOn;
} else if(responseBuffer[0] == 'n' || responseBuffer[0] == 'N') {
fprintf(stdout, "Please connect your iPhone/iPod to your computer\n");
fprintf(stdout, "Press enter when you have connected your iPhone/iPod... ");
fflush(stdout);
fgets(responseBuffer, 10, stdin);
sleep(2);
if(Status != Disconnected) {
goto turnOffDevice;
} else {
isPoweringOn:
fprintf(stdout, "Is your iPhone currently powering on?\n");
fprintf(stdout, "Please answer (y/n): ");
fflush(stdout);
fgets(responseBuffer, 10, stdin);
if(responseBuffer[0] == 'y' || responseBuffer[0] == 'Y') {
fprintf(stdout, "Waiting for iPhone/iPod to power on...\n");
fflush(stdout);
while(Status == Disconnected) {
sleep(1);
}
goto turnOffDevice;
} else if(responseBuffer[0] == 'n' || responseBuffer[0] == 'N') {
goto beginDFU;
} else {
goto isPoweringOn;
}
}
} else {
goto connectDevice;
}
} else {
turnOffDevice:
fprintf(stdout, "Please turn off your iPhone/iPod without disconnecting the cable connecting it to the computer\n");
fprintf(stdout, "Press enter when you have turned off your iPhone/iPod... ");
fflush(stdout);
fgets(responseBuffer, 10, stdin);
fprintf(stdout, "Waiting for iPhone/iPod to power off...\n");
fflush(stdout);
while(Status != Disconnected) {
sleep(1);
}
}
beginDFU:
fprintf(stdout, "\n!!! Your device should now be off. If it is not, please make sure it is before proceeding !!!\n\n");
fprintf(stdout, "Timing is crucial for the following tasks. I will ask you to do the following (DON'T START YET):\n");
fprintf(stdout, "\t1. Press and hold down the power button for five seconds\n");
fprintf(stdout, "\t2. Without letting go of the power button, press and hold down the power AND home buttons for ten seconds\n");
fprintf(stdout, "\t3. Without letting go of the home button, release the power button\n");
fprintf(stdout, "\t4. Wait 30 seconds while holding down the home button\n");
fprintf(stdout, "\nTry to get the timing as correct as possible, but don't fret if you miss it by a few seconds. It might still work, and if it doesn't, you can always try again. If you fail, you can always just turn the phone completely off by holding power and home for ten seconds, then pushing power to turn it back on.\n");
fprintf(stdout, "\nAre you ready to begin?\n");
fprintf(stdout, "Please answer (y/n): ");
fflush(stdout);
fgets(responseBuffer, 10, stdin);
if(responseBuffer[0] != 'y' && responseBuffer[0] != 'Y')
goto beginDFU;
for(countdown = 5; countdown > 0; countdown--) {
fprintf(stdout, "Beginning process in %d seconds...\n", countdown);
fflush(stdout);
sleep(1);
}
fprintf(stdout, "\nPress and hold down the POWER button (you should now be just holding the power button)... ");
fflush(stdout);
for(countdown = 5; countdown > 0; countdown--) {
fprintf(stdout, "%d... ", countdown);
fflush(stdout);
sleep(1);
}
fprintf(stdout, "\n\nPress and hold down the HOME button, DO NOT LET GO OF THE POWER BUTTON (you should now be just holding both the power and home buttons)... ");
fflush(stdout);
for(countdown = 10; countdown > 0; countdown--) {
fprintf(stdout, "%d... ", countdown);
fflush(stdout);
sleep(1);
}
fprintf(stdout, "\n\nRelease the POWER button, DO NOT LET GO OF THE HOME BUTTON (you should now be just holding the home button)... ");
fflush(stdout);
Stage = 2;
for(countdown = 30; countdown > 0; countdown--) {
if(Status != Disconnected)
goto waitForFinish;
fprintf(stdout, "%d... ", countdown);
fflush(stdout);
sleep(1);
}
fprintf(stdout, "\n\nEither you did not follow instructions correctly or your USB hardware is malfunctioning. Please use another USB port to connect your iPhone/iPod (NOT through a USB hub) and consider restarting your computer before trying again.\n");
fflush(stdout);
cleanup_and_exit();
waitForFinish:
while(1) {
msleep(1);
}
}
int doDecrypt(StringValue* decryptValue, StringValue* fileValue, const char* bundlePath, OutputState** state, unsigned int* key, unsigned int* iv, int useMemory) {
size_t bufferSize;
void* buffer;
AbstractFile* file;
AbstractFile* out;
AbstractFile* outRaw;
char* tmpFileName;
if(useMemory) {
bufferSize = 0;
buffer = malloc(1);
outRaw = createAbstractFileFromMemoryFile((void**)&buffer, &bufferSize);
} else {
tmpFileName = createTempFile();
outRaw = createAbstractFileFromFile(fopen(tmpFileName, "wb"));
}
out = duplicateAbstractFile(getFileFromOutputState(state, fileValue->value), outRaw);
file = openAbstractFile3(getFileFromOutputState(state, fileValue->value), key, iv, 0);
if(!file || !out) {
XLOG(0, "file error\n");
exit(0);
}
char *buf = malloc(1024 * 1024);
off_t inDataSize = file->getLength(file);
while (inDataSize > 0) {
off_t avail, chunk = 1024 * 1024;
if (chunk > inDataSize) {
chunk = inDataSize;
}
if (chunk < 0) {
XLOG(0, "decrypt failed\n");
exit(0);
}
avail = file->read(file, buf, chunk);
out->write(out, buf, avail);
if (avail < chunk) {
break;
}
inDataSize -= chunk;
}
out->close(out);
file->close(file);
free(buf);
XLOG(0, "writing... "); fflush(stdout);
if (decryptValue) {
fileValue = decryptValue;
}
if(useMemory) {
addToOutput(state, fileValue->value, buffer, bufferSize);
} else {
outRaw = createAbstractFileFromFile(fopen(tmpFileName, "rb"));
size_t length = outRaw->getLength(outRaw);
outRaw->close(outRaw);
addToOutput2(state, fileValue->value, NULL, length, tmpFileName);
}
XLOG(0, "success\n"); fflush(stdout);
return 0;
}
Dictionary* parseIPSW2(const char* inputIPSW, const char* bundleRoot, char** bundlePath, OutputState** state, int useMemory) {
Dictionary* info;
char* infoPath;
AbstractFile* plistFile;
char* plist;
FILE* inputIPSWFile;
SHA_CTX sha1_ctx;
char* buffer;
int read;
unsigned char hash[20];
DIR* dir;
struct dirent* ent;
StringValue* plistSHA1String;
unsigned int plistHash[20];
int i;
*bundlePath = NULL;
inputIPSWFile = fopen(inputIPSW, "rb");
if(!inputIPSWFile) {
return NULL;
}
XLOG(0, "Hashing IPSW...\n");
buffer = malloc(BUFFERSIZE);
SHA1_Init(&sha1_ctx);
while(!feof(inputIPSWFile)) {
read = fread(buffer, 1, BUFFERSIZE, inputIPSWFile);
SHA1_Update(&sha1_ctx, buffer, read);
}
SHA1_Final(hash, &sha1_ctx);
free(buffer);
fclose(inputIPSWFile);
XLOG(0, "Matching IPSW in %s... (%02x%02x%02x%02x...)\n", bundleRoot, (int) hash[0], (int) hash[1], (int) hash[2], (int) hash[3]);
dir = opendir(bundleRoot);
if(dir == NULL) {
XLOG(1, "Bundles directory not found\n");
return NULL;
}
while((ent = readdir(dir)) != NULL) {
if(ent->d_name[0] == '.' && (ent->d_name[1] == '\0' || (ent->d_name[1] == '.' && ent->d_name[2] == '\0'))) {
continue;
}
infoPath = (char*) malloc(sizeof(char) * (strlen(bundleRoot) + sizeof(PATH_SEPARATOR) + strlen(ent->d_name) + sizeof(PATH_SEPARATOR "Info.plist")));
sprintf(infoPath, "%s" PATH_SEPARATOR "%s" PATH_SEPARATOR "Info.plist", bundleRoot, ent->d_name);
XLOG(0, "checking: %s\n", infoPath);
if((plistFile = createAbstractFileFromFile(fopen(infoPath, "rb"))) != NULL) {
plist = (char*) malloc(plistFile->getLength(plistFile));
plistFile->read(plistFile, plist, plistFile->getLength(plistFile));
plistFile->close(plistFile);
info = createRoot(plist);
free(plist);
plistSHA1String = (StringValue*)getValueByKey(info, "SHA1");
if(plistSHA1String) {
sscanf(plistSHA1String->value, "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
&plistHash[0], &plistHash[1], &plistHash[2], &plistHash[3], &plistHash[4],
&plistHash[5], &plistHash[6], &plistHash[7], &plistHash[8], &plistHash[9],
&plistHash[10], &plistHash[11], &plistHash[12], &plistHash[13], &plistHash[14],
&plistHash[15], &plistHash[16], &plistHash[17], &plistHash[18], &plistHash[19]);
for(i = 0; i < 20; i++) {
if(plistHash[i] != hash[i]) {
break;
}
}
if(i == 20) {
*bundlePath = (char*) malloc(sizeof(char) * (strlen(bundleRoot) + sizeof(PATH_SEPARATOR) + strlen(ent->d_name)));
sprintf(*bundlePath, "%s" PATH_SEPARATOR "%s", bundleRoot, ent->d_name);
free(infoPath);
break;
}
}
releaseDictionary(info);
}
free(infoPath);
}
closedir(dir);
if(*bundlePath == NULL) {
return NULL;
}
*state = loadZip2(inputIPSW, useMemory);
return info;
}
int xpwntool_enc_dec(char* srcName, char* destName, char* templateFileName, char* ivStr, char* keyStr)
{
char* inData;
size_t inDataSize;
AbstractFile* templateFile = NULL;
unsigned int* key = NULL;
unsigned int* iv = NULL;
int hasKey = TRUE;
int hasIV = TRUE;
if (templateFileName != NULL && strlen(templateFileName) != 0) {
templateFile = createAbstractFileFromFile(fopen(templateFileName, "rb"));
if(!templateFile) {
fprintf(stderr, "error: cannot open template\n");
return 1;
}
}
size_t bytes;
hexToInts(keyStr, &key, &bytes);
if (bytes == 0) {
free(key);
key = NULL;
} else {
hexToInts(ivStr, &iv, &bytes);
}
AbstractFile* inFile;
inFile = openAbstractFile2(createAbstractFileFromFile(fopen(srcName, "rb")), key, iv);
if(!inFile) {
fprintf(stderr, "error: cannot open infile\n");
return 2;
}
AbstractFile* outFile = createAbstractFileFromFile(fopen(destName, "wb"));
if(!outFile) {
fprintf(stderr, "error: cannot open outfile\n");
return 3;
}
AbstractFile* newFile;
if(templateFile) {
newFile = duplicateAbstractFile2(templateFile, outFile, key, iv, NULL);
if(!newFile) {
fprintf(stderr, "error: cannot duplicate file from provided template\n");
return 4;
}
} else {
newFile = outFile;
}
if(newFile->type == AbstractFileTypeImg3) {
AbstractFile2* abstractFile2 = (AbstractFile2*) newFile;
if (key != NULL) {
abstractFile2->setKey(abstractFile2, key, iv);
}
}
inDataSize = (size_t) inFile->getLength(inFile);
inData = (char*) malloc(inDataSize);
inFile->read(inFile, inData, inDataSize);
inFile->close(inFile);
newFile->write(newFile, inData, inDataSize);
newFile->close(newFile);
free(inData);
if(key)
free(key);
if(iv)
free(iv);
return 0;
}
int main(int argc, char* argv[]) {
init_libxpwn(&argc, argv);
OutputState *outputState;
size_t fileLength;
AbstractFile *signFile;
Dictionary *signDict = NULL;
DataValue *ticket;
Dictionary *dict;
AbstractFile *manifestFile;
Dictionary* manifest;
struct component_t *array;
char *plist;
int i, j, n;
int rv, error = 0;
X509 *x0, *y1, *y2;
uint64_t savecid = 0;
const unsigned char *p;
int verbose = FALSE;
int fromzip = FALSE;
if (argc < 3) {
XLOG(0, "usage %s file.shsh BuildManifest.plist [-v] [-z]\n", argv[0]);
return 0;
}
for (i = 3; i < argc; i++) {
if (!strcmp(argv[i], "-v")) {
verbose = TRUE;
continue;
}
if (!strcmp(argv[i], "-z")) {
fromzip = TRUE;
continue;
}
}
// XXX handle gzip/bplist files
signFile = createAbstractFileFromFile(fopen(argv[1], "rb"));
if (!signFile) {
XLOG(0, "FATAL: cannot open %s\n", argv[1]);
exit(1);
}
fileLength = signFile->getLength(signFile);
plist = malloc(fileLength);
signFile->read(signFile, plist, fileLength);
signFile->close(signFile);
signDict = createRoot(plist);
free(plist);
if (!signDict) {
XLOG(0, "FATAL: cannot parse %s\n", argv[1]);
exit(1);
}
MaxLoadZipSize = 128 * 1024;
if (fromzip) {
outputState = loadZip2(argv[2], TRUE); // XXX ASSERT
manifestFile = getFileFromOutputState(&outputState, "BuildManifest.plist");
} else {
outputState = NULL;
manifestFile = createAbstractFileFromFile(fopen(argv[2], "rb"));
}
if (!manifestFile) {
XLOG(0, "FATAL: cannot open %s\n", argv[2]);
exit(1);
}
fileLength = manifestFile->getLength(manifestFile);
plist = malloc(fileLength);
manifestFile->read(manifestFile, plist, fileLength);
manifestFile->close(manifestFile);
manifest = createRoot(plist);
free(plist);
if (!manifest) {
XLOG(0, "FATAL: cannot parse %s\n", argv[2]);
exit(1);
}
releaseOutput(&outputState);
array = parseManifest(manifest, &n);
if (!array) {
XLOG(0, "FATAL: cannot parse manifest\n");
exit(1);
}
OPENSSL_add_all_algorithms_noconf();
p = cerb;
x0 = d2i_X509(NULL, &p, cerb_len);
if (!x0) {
XLOG(0, "FATAL: cannot load root CA\n");
exit(1);
}
ticket = (DataValue *)getValueByKey(signDict, "APTicket");
if (ticket) {
p = ticket->value;
rv = asn1_parse2(&p, ticket->len, 0, 0);
if (!rv || !apcert.value || !rsasig.value || !theset.value) {
XLOG(0, "FATAL: cannot parse ticket\n");
exit(1);
}
if (clen > 0 && contarray->len == 8) {
savecid = getECID(contarray->value);
}
if (!savecid) {
printf("ERROR: bad, bad ECID\n");
error = 1;
}
rv = extract2Certs(apcert.value, apcert.len, &y1, &y2);
if (rv == 0) {
rv = cryptoMagic(x0, y1, y2, theset.value, theset.len, (unsigned char *)rsasig.value, rsasig.len, NULL);
X509_free(y1);
X509_free(y2);
}
if (rv) {
printf("ERROR: APTicket failed crypto\n");
error = 1;
}
} else {
VERBOSE("WARNING: cannot find ticket in %s\n", argv[1]);
}
dict = (Dictionary *)signDict->values;
while (dict) {
DataValue *blob = NULL;
DataValue *partialDigest = NULL;
if (dict->dValue.type == DictionaryType) {
blob = (DataValue *)getValueByKey(dict, "Blob");
partialDigest = (DataValue *)getValueByKey(dict, "PartialDigest");
}
if (blob && partialDigest) {
const char *diag = checkBlob(x0, blob, partialDigest, &savecid);
if (diag) {
printf("ERROR: Blob for %s is invalid (%s)\n", dict->dValue.key, diag);
error = 1;
} else {
for (i = 0; i < n; i++) {
struct component_t *centry = array + i;
if (centry->partial &&
partialDigest->len == centry->partial->len &&
!memcmp(partialDigest->value, centry->partial->value, partialDigest->len)) {
array[i].blob = blob;
}
}
}
}
dict = (Dictionary *)dict->dValue.next;
}
if (!ticket && !savecid) {
printf("ERROR: bad, bad ECID\n");
error = 1;
}
for (i = 0; i < n; i++) {
struct component_t *centry = array + i;
int found = FALSE;
for (j = 0; j < clen; j++) {
struct tuple_t *tentry = contarray + j;
if (tentry->len == centry->digest->len && !memcmp(tentry->value, centry->digest->value, tentry->len)) {
found = TRUE;
}
}
if (!found) {
if (centry->blob) {
VERBOSE("WARNING: no digest for %s (%s), but it has blob\n", centry->key, centry->path);
} else if (!centry->required) {
VERBOSE("WARNING: no digest for %s (%s), but it is not critical\n", centry->key, centry->path);
} else {
printf("ERROR: no digest for %s (%s) and no blob found\n", centry->key, centry->path);
error = 1;
}
} else {
VERBOSE("INFO: %s (%s) is signed by APTicket%s\n", centry->key, centry->path, centry->blob ? " and blob" : "");
}
}
free(array);
free(contarray);
releaseDictionary(manifest);
releaseDictionary(signDict);
if (error) {
printf("%s is BROKEN\n", argv[1]);
} else {
printf("%s seems usable for ECID 0x%016llX\n", argv[1], savecid);
}
X509_free(x0);
EVP_cleanup();
ERR_remove_state(0);
CRYPTO_cleanup_all_ex_data();
return error;
}
void closeAbsFile(io_func* io) {
AbstractFile* file;
file = (AbstractFile*) io->data;
file->close(file);
free(io);
}
void* replaceBootImage(AbstractFile* imageWrapper, const unsigned int* key, const unsigned int* iv, AbstractFile* png, size_t *fileSize) {
AbstractFile* imageFile;
unsigned char header[8];
InfoIBootIM* info;
png_uint_32 i;
png_bytepp row_pointers;
uint8_t* imageBuffer;
void* buffer;
png->read(png, header, 8);
if(png_sig_cmp(header, 0, 8) != 0) {
XLOG(0, "error: not a valid png file\n");
return NULL;
}
png->seek(png, 0);
png_structp png_ptr = png_create_read_struct(PNG_LIBPNG_VER_STRING, NULL, pngError, pngWarn);
if (!png_ptr) {
return NULL;
}
png_infop info_ptr = png_create_info_struct(png_ptr);
if (!info_ptr)
{
png_destroy_read_struct(&png_ptr, (png_infopp)NULL, (png_infopp)NULL);
return NULL;
}
png_infop end_info = png_create_info_struct(png_ptr);
if (!end_info)
{
png_destroy_read_struct(&png_ptr, &info_ptr, (png_infopp)NULL);
return NULL;
}
if (setjmp(png_jmpbuf(png_ptr)))
{
XLOG(0, "error reading png\n");
png_destroy_read_struct(&png_ptr, &info_ptr, &end_info);
free(buffer);
return NULL;
}
png_set_read_fn(png_ptr, png, pngRead);
png_read_info(png_ptr, info_ptr);
if(png_get_bit_depth(png_ptr, info_ptr) > 8) {
XLOG(0, "warning: bit depth per channel is greater than 8 (%d). Attempting to strip, but image quality will be degraded.\n", png_get_bit_depth(png_ptr, info_ptr));
}
if(png_get_color_type(png_ptr, info_ptr) == PNG_COLOR_TYPE_GRAY || png_get_color_type(png_ptr, info_ptr) == PNG_COLOR_TYPE_RGB) {
XLOG(0, "notice: attempting to add dummy transparency channel\n");
}
if(png_get_color_type(png_ptr, info_ptr) == PNG_COLOR_TYPE_PALETTE) {
XLOG(0, "notice: attempting to expand palette into full rgb\n");
}
png_set_expand(png_ptr);
png_set_strip_16(png_ptr);
png_set_bgr(png_ptr);
png_set_add_alpha(png_ptr, 0x0, PNG_FILLER_AFTER);
png_set_invert_alpha(png_ptr);
png_read_update_info(png_ptr, info_ptr);
if(png_get_image_width(png_ptr, info_ptr) > 320 || png_get_image_height(png_ptr, info_ptr) > 480) {
XLOG(0, "error: dimensions out of range, must be within 320x480, not %lux%lu\n", png_get_image_width(png_ptr, info_ptr), png_get_image_height(png_ptr, info_ptr));
png_destroy_read_struct(&png_ptr, &info_ptr, &end_info);
return NULL;
}
if(png_get_bit_depth(png_ptr, info_ptr) != 8) {
XLOG(0, "error: bit depth per channel must be 8 not %d!\n", png_get_bit_depth(png_ptr, info_ptr));
png_destroy_read_struct(&png_ptr, &info_ptr, &end_info);
return NULL;
}
if(png_get_color_type(png_ptr, info_ptr) != PNG_COLOR_TYPE_GRAY_ALPHA && png_get_color_type(png_ptr, info_ptr) != PNG_COLOR_TYPE_RGB_ALPHA) {
XLOG(0, "error: incorrect color type, must be greyscale with alpha, or rgb with alpha\n");
if(png_get_color_type(png_ptr, info_ptr) == PNG_COLOR_TYPE_GRAY || png_get_color_type(png_ptr, info_ptr) == PNG_COLOR_TYPE_RGB) {
XLOG(0, "It appears you're missing an alpha channel. Add transparency to your image\n");
}
if(png_get_color_type(png_ptr, info_ptr) == PNG_COLOR_TYPE_PALETTE) {
XLOG(0, "This PNG is saved with the palette color type rather than ARGB.\n");
}
png_destroy_read_struct(&png_ptr, &info_ptr, &end_info);
return NULL;
}
row_pointers = (png_bytepp) malloc(sizeof(png_bytep) * png_get_image_height(png_ptr, info_ptr));
imageBuffer = malloc(png_get_image_height(png_ptr, info_ptr) * png_get_rowbytes(png_ptr, info_ptr));
for(i = 0; i < png_get_image_height(png_ptr, info_ptr); i++) {
row_pointers[i] = imageBuffer + (png_get_rowbytes(png_ptr, info_ptr) * i);
}
png_read_image(png_ptr, row_pointers);
png_read_end(png_ptr, end_info);
buffer = malloc(1);
*fileSize = 0;
if(key != NULL) {
imageFile = duplicateAbstractFile2(imageWrapper, createAbstractFileFromMemoryFile((void**)&buffer, fileSize), key, iv, NULL);
} else {
imageFile = duplicateAbstractFile(imageWrapper, createAbstractFileFromMemoryFile((void**)&buffer, fileSize));
}
info = (InfoIBootIM*) (imageFile->data);
info->header.width = (uint16_t) png_get_image_width(png_ptr, info_ptr);
info->header.height = (uint16_t) png_get_image_height(png_ptr, info_ptr);
if(png_get_color_type(png_ptr, info_ptr) == PNG_COLOR_TYPE_GRAY_ALPHA) {
info->header.format = IBOOTIM_GREY;
} else {
info->header.format = IBOOTIM_ARGB;
}
imageFile->write(imageFile, imageBuffer, png_get_image_height(png_ptr, info_ptr) * png_get_rowbytes(png_ptr, info_ptr));
imageFile->close(imageFile);
png_destroy_read_struct(&png_ptr, &info_ptr, &end_info);
png->close(png);
free(row_pointers);
free(imageBuffer);
return buffer;
}
