CFDictionaryRef device_info(int socket, CFDictionaryRef request)
{
uint8_t dkey[40]={0};
uint8_t emf[36]={0};
struct HFSInfos hfsinfos={0};
CFMutableDictionaryRef out = CFDictionaryCreateMutable(kCFAllocatorDefault,
0,
&kCFTypeDictionaryKeyCallBacks,
&kCFTypeDictionaryValueCallBacks);
get_device_infos(out);
getHFSInfos(&hfsinfos);
/*
printf("NAND block size : %x\n", hfsinfos.blockSize);
printf("Data volume UUID : %llx\n", CFSwapInt64BigToHost(hfsinfos.volumeUUID));
printf("Data volume offset : %x\n", hfsinfos.dataVolumeOffset);
*/
uint8_t* key835 = IOAES_key835();
uint8_t* key89B = IOAES_key89B();
if (!AppleEffaceableStorage__getBytes(lockers, 960))
{
CFDataRef lockersData = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, lockers, 960, kCFAllocatorNull);
CFDictionaryAddValue(out, CFSTR("lockers"), lockersData);
CFRelease(lockersData);
if (!AppleEffaceableStorage__getLockerFromBytes(LOCKER_DKEY, lockers, 960, dkey, 40))
{
aes_key_wrap_ctx ctx;
aes_key_wrap_set_key(&ctx, key835, 16);
if(aes_key_unwrap(&ctx, dkey, dkey, 32/8))
printf("FAIL unwrapping DKey with key 0x835\n");
}
if (!AppleEffaceableStorage__getLockerFromBytes(LOCKER_EMF, lockers, 960, emf, 36))
{
doAES(&emf[4], &emf[4], 32, kIOAESAcceleratorCustomMask, key89B, NULL, kIOAESAcceleratorDecrypt, 128);
}
else if (!AppleEffaceableStorage__getLockerFromBytes(LOCKER_LWVM, lockers, 960, lwvm, 0x50))
{
doAES(lwvm, lwvm, 0x50, kIOAESAcceleratorCustomMask, key89B, NULL, kIOAESAcceleratorDecrypt, 128);
memcpy(&emf[4], &lwvm[32+16], 32);
}
}
CFNumberRef n = CFNumberCreate(kCFAllocatorDefault, kCFNumberSInt32Type, &hfsinfos.dataVolumeOffset);
CFDictionaryAddValue(out, CFSTR("dataVolumeOffset"), n);
CFRelease(n);
addHexaString(out, CFSTR("dataVolumeUUID"), (uint8_t*) &hfsinfos.volumeUUID, 8);
addHexaString(out, CFSTR("key835"), key835, 16);
addHexaString(out, CFSTR("key89B"), key89B, 16);
addHexaString(out, CFSTR("EMF"), &emf[4], 32);
addHexaString(out, CFSTR("DKey"), dkey, 32);
return out;
}
CFDictionaryRef bruteforce_system_keybag(int socket, CFDictionaryRef dict)
{
uint8_t passcodeKey[32];
CFDataRef kbkeys = CFDictionaryGetValue(dict, CFSTR("KeyBagKeys"));
if(kbkeys == NULL || CFGetTypeID(kbkeys) != CFDataGetTypeID())
return NULL;
char* passcode = bruteforceWithAppleKeyStore(kbkeys, bruteforceProgressCallback, (void*) socket);
if (passcode == NULL)
return NULL;
KeyBag* kb = AppleKeyStore_parseBinaryKeyBag(kbkeys);
if (kb == NULL)
{
printf("FAIL: AppleKeyStore_parseBinaryKeyBag\n");
return NULL;
}
AppleKeyStore_getPasscodeKey(kb, passcode, strlen(passcode), passcodeKey);
free(kb);
CFMutableDictionaryRef out = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
CFStringRef cfpasscode = CFStringCreateWithCString(kCFAllocatorDefault, passcode, kCFStringEncodingASCII);
CFDictionaryAddValue(out, CFSTR("passcode"), cfpasscode);
CFRelease(cfpasscode);
addHexaString(out, CFSTR("passcodeKey"), passcodeKey, 32);
return out;
}
void get_device_infos(CFMutableDictionaryRef out) {
CC_SHA1_CTX sha1ctx;
uint8_t udid[20];
char udid1[100];
CFStringRef serial;
CFStringRef imei;
CFStringRef macwifi;
CFStringRef macbt;
CFStringRef hw = copy_hardware_model();
if (hw != NULL)
{
CFDictionaryAddValue(out, CFSTR("hwModel"), hw);
CFRelease(hw);
}
serial = copy_device_serial_number();
imei = copy_device_imei();
macwifi = copy_wifi_mac_address();
macbt = copy_bluetooth_mac_address();
CFMutableStringRef udidInput = CFStringCreateMutable(kCFAllocatorDefault, 0);
if (serial != NULL)
{
CFStringAppend(udidInput, serial);
CFDictionaryAddValue(out, CFSTR("serialNumber"), serial);
CFRelease(serial);
}
if (imei != NULL)
{
CFStringAppend(udidInput, imei);
CFDictionaryAddValue(out, CFSTR("imei"), imei);
CFRelease(imei);
}
if (macwifi != NULL)
{
CFStringAppend(udidInput, macwifi);
CFDictionaryAddValue(out, CFSTR("wifiMac"), macwifi);
CFRelease(macwifi);
}
if (macbt != NULL)
{
CFStringAppend(udidInput, macbt);
CFDictionaryAddValue(out, CFSTR("btMac"), macbt);
CFRelease(macbt);
}
CFStringGetCString(udidInput, udid1, 99, kCFStringEncodingASCII);
CC_SHA1_Init(&sha1ctx);
CC_SHA1_Update(&sha1ctx, udid1, CFStringGetLength(udidInput));
CC_SHA1_Final(udid, &sha1ctx);
CFRelease(udidInput);
addHexaString(out, CFSTR("udid"), udid, 20);
}
CFDictionaryRef keybag_get_passcode_key(int socket, CFDictionaryRef dict)
{
uint8_t passcodeKey[32];
CFDataRef passcode_cfdata = NULL;
CFDataRef kbkeys = CFDictionaryGetValue(dict, CFSTR("KeyBagKeys"));
if(kbkeys == NULL || CFGetTypeID(kbkeys) != CFDataGetTypeID())
return NULL;
KeyBag* kb = AppleKeyStore_parseBinaryKeyBag(kbkeys);
if (kb == NULL)
return NULL;
CFTypeRef cfpasscode = CFDictionaryGetValue(dict, CFSTR("passcode"));
if(cfpasscode == NULL)
return NULL;
if(CFGetTypeID(cfpasscode) == CFDataGetTypeID())
{
passcode_cfdata = cfpasscode;
}
else if(CFGetTypeID(cfpasscode) == CFStringGetTypeID())
{
passcode_cfdata = CFStringCreateExternalRepresentation(kCFAllocatorDefault, cfpasscode, kCFStringEncodingUTF8, 0);
}
else
return NULL;
AppleKeyStore_getPasscodeKey(kb,
CFDataGetBytePtr(passcode_cfdata),
CFDataGetLength(passcode_cfdata),
passcodeKey);
free(kb);
if (passcode_cfdata != cfpasscode)
CFRelease(passcode_cfdata);
CFMutableDictionaryRef out = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
CFDictionaryAddValue(out, CFSTR("passcode"), cfpasscode);
addHexaString(out, CFSTR("passcodeKey"), passcodeKey, 32);
return out;
}
//http://iphonedevwiki.net/index.php/Lockdownd
void get_device_infos(CFMutableDictionaryRef out) {
CC_SHA1_CTX sha1ctx;
uint8_t udid[20];
char udid1[100];
CFStringRef serial;
CFStringRef imei;
CFStringRef macwifi;
CFStringRef macbt;
CFStringRef hw = copy_hardware_model();
if (hw != NULL)
{
CFDictionaryAddValue(out, CFSTR("hwModel"), hw);
CFRelease(hw);
}
serial = copy_device_serial_number();
imei = copy_device_imei();
macwifi = copy_wifi_mac_address();
macbt = copy_bluetooth_mac_address();
CFMutableStringRef udidInput = CFStringCreateMutable(kCFAllocatorDefault, 0);
if (serial != NULL)
{
CFStringAppend(udidInput, serial);
CFDictionaryAddValue(out, CFSTR("serialNumber"), serial);
CFRelease(serial);
}
uint64_t _ecid = 0;
CFNumberRef ecid = copyNumberFromChosen(CFSTR("unique-chip-id"));
if (ecid != NULL)
{
CFDictionaryAddValue(out, CFSTR("ECID"), ecid);
}
if (ecid != NULL && useNewUDID(hw))
{
CFNumberGetValue(ecid, kCFNumberSInt64Type, &_ecid);
CFStringAppendFormat(udidInput, NULL, CFSTR("%llu"), _ecid);
}
else if (imei != NULL)
{
CFStringAppend(udidInput, imei);
CFDictionaryAddValue(out, CFSTR("imei"), imei);
CFRelease(imei);
}
if (macwifi != NULL)
{
CFStringAppend(udidInput, macwifi);
CFDictionaryAddValue(out, CFSTR("wifiMac"), macwifi);
CFRelease(macwifi);
}
if (macbt != NULL)
{
CFStringAppend(udidInput, macbt);
CFDictionaryAddValue(out, CFSTR("btMac"), macbt);
CFRelease(macbt);
}
CFStringGetCString(udidInput, udid1, 99, kCFStringEncodingASCII);
CC_SHA1_Init(&sha1ctx);
CC_SHA1_Update(&sha1ctx, udid1, CFStringGetLength(udidInput));
CC_SHA1_Final(udid, &sha1ctx);
CFRelease(udidInput);
addHexaString(out, CFSTR("udid"), udid, 20);
}
