int dfu_get_cpid(struct idevicerestore_client_t* client, unsigned int* cpid) {
irecv_error_t dfu_error = IRECV_E_SUCCESS;
if(client->dfu == NULL) {
if (dfu_client_new(client) < 0) {
return -1;
}
}
dfu_error = irecv_get_cpid(client->dfu->client, cpid);
if (dfu_error != IRECV_E_SUCCESS) {
return -1;
}
return 0;
}
int recovery_get_cpid(struct idevicerestore_client_t* client, uint32_t* cpid) {
irecv_error_t recovery_error = IRECV_E_SUCCESS;
if(client->recovery == NULL) {
if (recovery_client_new(client) < 0) {
return -1;
}
}
recovery_error = irecv_get_cpid(client->recovery->client, cpid);
if (recovery_error != IRECV_E_SUCCESS) {
return -1;
}
return 0;
}
int recovery_get_cpid(uint32_t* cpid) {
irecv_client_t recovery = NULL;
irecv_error_t recovery_error = IRECV_E_SUCCESS;
if (recovery_open_with_timeout(&recovery) < 0) {
return -1;
}
recovery_error = irecv_get_cpid(recovery, cpid);
if (recovery_error != IRECV_E_SUCCESS) {
irecv_close(recovery);
return -1;
}
irecv_close(recovery);
recovery = NULL;
return 0;
}
irecv_error_t irecv_get_device(irecv_client_t client, irecv_device_t* device) {
int device_id = DEVICE_UNKNOWN;
uint32_t bdid = 0;
uint32_t cpid = 0;
if (irecv_get_cpid(client, &cpid) < 0) {
return IRECV_E_UNKNOWN_ERROR;
}
switch (cpid) {
case CPID_IPHONE2G:
// iPhone1,1 iPhone1,2 and iPod1,1 all share the same ChipID
// so we need to check the BoardID
if (irecv_get_bdid(client, &bdid) < 0) {
break;
}
switch (bdid) {
case BDID_IPHONE2G:
device_id = DEVICE_IPHONE2G;
break;
case BDID_IPHONE3G:
device_id = DEVICE_IPHONE3G;
break;
case BDID_IPOD1G:
device_id = DEVICE_IPOD1G;
break;
default:
device_id = DEVICE_UNKNOWN;
break;
}
break;
case CPID_IPHONE3GS:
device_id = DEVICE_IPHONE3GS;
break;
case CPID_IPOD2G:
device_id = DEVICE_IPOD2G;
break;
case CPID_IPOD3G:
device_id = DEVICE_IPOD3G;
break;
case CPID_IPAD1G:
// iPhone3,1 iPhone3,3 iPad4,1 and iPad1,1 all share the same ChipID
// so we need to check the BoardID
if (irecv_get_bdid(client, &bdid) < 0) {
break;
}
switch (bdid) {
case BDID_IPAD1G:
device_id = DEVICE_IPAD1G;
break;
case BDID_IPHONE4:
device_id = DEVICE_IPHONE4;
break;
case BDID_IPOD4G:
device_id = DEVICE_IPOD4G;
break;
case BDID_APPLETV2:
device_id = DEVICE_APPLETV2;
break;
case BDID_IPHONE42:
device_id = DEVICE_IPHONE42;
break;
default:
device_id = DEVICE_UNKNOWN;
break;
}
break;
default:
device_id = DEVICE_UNKNOWN;
break;
}
*device = &irecv_devices[device_id];
return IRECV_E_SUCCESS;
}
void parse_command(irecv_client_t client, unsigned char* command, unsigned int size) {
char* cmd = strdup(command);
char* action = strtok(cmd, " ");
debug("Executing %s\n", action);
if (!strcmp(cmd, "/exit")) {
quit = 1;
} else
if (!strcmp(cmd, "/help")) {
shell_usage();
} else
if (!strcmp(cmd, "/upload")) {
char* filename = strtok(NULL, " ");
debug("Uploading files %s\n", filename);
if (filename != NULL) {
irecv_send_file(client, filename, 0);
}
} else
if (!strcmp(cmd, "/deviceinfo")) {
int ret;
unsigned int cpid, bdid;
unsigned long long ecid;
unsigned char srnm[12], imei[15], bt[15];
ret = irecv_get_cpid(client, &cpid);
if(ret == IRECV_E_SUCCESS) {
printf("CPID: %d\n", cpid);
}
ret = irecv_get_bdid(client, &bdid);
if(ret == IRECV_E_SUCCESS) {
printf("BDID: %d\n", bdid);
}
ret = irecv_get_ecid(client, &ecid);
if(ret == IRECV_E_SUCCESS) {
printf("ECID: %lld\n", ecid);
}
ret = irecv_get_srnm(client, srnm);
if(ret == IRECV_E_SUCCESS) {
printf("SRNM: %s\n", srnm);
}
ret = irecv_get_imei(client, imei);
if(ret == IRECV_E_SUCCESS) {
printf("IMEI: %s\n", imei);
}
} else
if (!strcmp(cmd, "/exploit")) {
char* filename = strtok(NULL, " ");
debug("Sending exploit %s\n", filename);
if (filename != NULL) {
irecv_send_file(client, filename, 0);
}
irecv_send_exploit(client);
} else
if (!strcmp(cmd, "/execute")) {
char* filename = strtok(NULL, " ");
debug("Executing script %s\n", filename);
if (filename != NULL) {
irecv_execute_script(client, filename);
}
}
free(action);
}
static void parse_command(irecv_client_t client, unsigned char* command, unsigned int size) {
char* cmd = strdup((char*)command);
char* action = strtok(cmd, " ");
if (!strcmp(cmd, "/exit")) {
quit = 1;
} else if (!strcmp(cmd, "/help")) {
shell_usage();
} else if (!strcmp(cmd, "/upload")) {
char* filename = strtok(NULL, " ");
debug("Uploading files %s\n", filename);
if (filename != NULL) {
irecv_send_file(client, filename, 0);
}
} else if (!strcmp(cmd, "/deviceinfo")) {
int ret, mode;
unsigned int cpid, bdid;
unsigned long long ecid;
char srnm[12], imei[15];
ret = irecv_get_cpid(client, &cpid);
if(ret == IRECV_E_SUCCESS) {
printf("CPID: %d\n", cpid);
}
ret = irecv_get_bdid(client, &bdid);
if(ret == IRECV_E_SUCCESS) {
printf("BDID: %d\n", bdid);
}
ret = irecv_get_ecid(client, &ecid);
if(ret == IRECV_E_SUCCESS) {
printf("ECID: " _FMT_lld "\n", ecid);
}
ret = irecv_get_srnm(client, srnm);
if(ret == IRECV_E_SUCCESS) {
printf("SRNM: %s\n", srnm);
}
ret = irecv_get_imei(client, imei);
if(ret == IRECV_E_SUCCESS) {
printf("IMEI: %s\n", imei);
}
ret = irecv_get_mode(client, &mode);
if (ret == IRECV_E_SUCCESS) {
printf("MODE: %s\n", mode_to_str(mode));
}
} else if (!strcmp(cmd, "/limera1n")) {
char* filename = strtok(NULL, " ");
debug("Sending limera1n payload %s\n", filename);
if (filename != NULL) {
irecv_send_file(client, filename, 0);
}
irecv_trigger_limera1n_exploit(client);
} else if (!strcmp(cmd, "/execute")) {
char* filename = strtok(NULL, " ");
debug("Executing script %s\n", filename);
if (filename != NULL) {
char* buffer = NULL;
uint64_t buffer_length = 0;
buffer_read_from_filename(filename, &buffer, &buffer_length);
if (buffer) {
buffer[buffer_length] = '\0';
irecv_execute_script(client, buffer);
free(buffer);
} else {
printf("Could not read file '%s'\n", filename);
}
}
}
free(action);
}
int main(int argc, char* argv[])
{
irecv_error_t error;
unsigned int cpid;
int can_ra1n = 0;
printf("Loadibec " LOADIBEC_VERSION COMMIT_STRING ".\n");
if(argc != 2)
{
printf("Usage: %s <file>\n"
"\tLoads a file to an iDevice in recovery mode and jumps to it.\n", argv[0]);
return 0;
}
irecv_init();
printf("Connecting to iDevice...\n");
error = irecv_open_attempts(&g_syringe_client, 10);
if(error != IRECV_E_SUCCESS)
{
fprintf(stderr, "Failed to connect to iBoot, error %d.\n", error);
return -error;
}
if(irecv_get_cpid(g_syringe_client, &cpid) == IRECV_E_SUCCESS)
{
if(cpid > 8900)
can_ra1n = 1;
}
if(g_syringe_client->mode == kDfuMode && can_ra1n)
{
int ret;
printf("linera1n compatible device detected, injecting limera1n.\n");
irecv_close(&g_syringe_client);
irecv_exit();
pois0n_init();
ret = pois0n_is_ready();
if(ret < 0)
return ret;
ret = pois0n_is_compatible();
if(ret < 0)
return ret;
pois0n_inject();
irecv_close(&g_syringe_client);
g_syringe_client = NULL;
printf("limera1ned, reconnecting...\n");
g_syringe_client = irecv_reconnect(g_syringe_client, 10);
if(!g_syringe_client)
{
fprintf(stderr, "Failed to reconnect.\n");
return 4;
}
}
else
can_ra1n = 0;
printf("Starting transfer of '%s'.\n", argv[1]);
irecv_event_subscribe(g_syringe_client, IRECV_PROGRESS, &progress_cb, NULL);
error = irecv_send_file(g_syringe_client, argv[1], 0);
if(error != IRECV_E_SUCCESS)
{
fprintf(stderr, "Failed to upload '%s', error %d.\n", argv[1], error);
return 2;
}
error = irecv_send_command(g_syringe_client, "go");
if(error != IRECV_E_SUCCESS)
{
fprintf(stderr, "Failed to jump to uploaded file, error %d.\n", error);
return 3;
}
irecv_send_command(g_syringe_client, "go jump 0x41000000");
printf("Uploaded Successfully.\n");
irecv_exit();
return 0;
}
