AbstractFile* duplicateAbstractFile(AbstractFile* file, AbstractFile* backing) {
uint32_t signatureBE;
uint32_t signatureLE;
AbstractFile* orig;
if (!backing) { /* imagine that: createAbstractFileFromComp() fails, because of decompress_lzss() */
return NULL;
}
file->seek(file, 0);
file->read(file, &signatureBE, sizeof(signatureBE));
signatureLE = signatureBE;
FLIPENDIAN(signatureBE);
FLIPENDIANLE(signatureLE);
file->seek(file, 0);
if(signatureLE == IMG2_SIGNATURE) {
orig = createAbstractFileFromImg2(file);
return duplicateAbstractFile(orig, duplicateImg2File(orig, backing));
} else if(signatureLE == IMG3_SIGNATURE) {
orig = createAbstractFileFromImg3(file);
return duplicateAbstractFile(orig, duplicateImg3File(orig, backing));
} else if(signatureBE == COMP_SIGNATURE) {
orig = createAbstractFileFromComp(file);
return duplicateAbstractFile(orig, duplicateCompFile(orig, backing));
} else {
file->close(file);
return backing;
}
}
AbstractFile *duplicateAbstractFile2(AbstractFile * file,
AbstractFile * backing,
const unsigned int *key,
const unsigned int *iv,
AbstractFile * certificate)
{
uint32_t signatureBE;
uint32_t signatureLE;
AbstractFile *orig;
AbstractFile *newFile;
file->seek(file, 0);
file->read(file, &signatureBE, sizeof(signatureBE));
signatureLE = signatureBE;
FLIPENDIAN(signatureBE);
FLIPENDIANLE(signatureLE);
file->seek(file, 0);
if (signatureBE == SIGNATURE_8900) {
orig = createAbstractFileFrom8900(file);
newFile = duplicate8900File(orig, backing);
if (certificate != NULL)
replaceCertificate8900(newFile, certificate);
return duplicateAbstractFile(orig, newFile);
} else if (signatureLE == IMG2_SIGNATURE) {
orig = createAbstractFileFromImg2(file);
return duplicateAbstractFile(orig,
duplicateImg2File(orig, backing));
} else if (signatureLE == IMG3_SIGNATURE) {
AbstractFile2 *newFile;
AbstractFile2 *img3;
img3 = (AbstractFile2 *) createAbstractFileFromImg3(file);
if (key != NULL)
img3->setKey(img3, key, iv);
newFile =
(AbstractFile2 *) duplicateImg3File((AbstractFile *) img3,
backing);
if (key != NULL)
img3->setKey(newFile, key, iv);
if (certificate != NULL)
replaceCertificateImg3((AbstractFile *) newFile,
certificate);
return duplicateAbstractFile((AbstractFile *) img3,
(AbstractFile *) newFile);
} else if (signatureBE == COMP_SIGNATURE) {
orig = createAbstractFileFromComp(file);
return duplicateAbstractFile(orig,
duplicateCompFile(orig, backing));
} else {
file->close(file);
return backing;
}
}
void doPatchInPlace(Volume* volume, const char* filePath, const char* patchPath) {
void* buffer;
void* buffer2;
size_t bufferSize;
size_t bufferSize2;
AbstractFile* bufferFile;
AbstractFile* patchFile;
AbstractFile* out;
buffer = malloc(1);
bufferSize = 0;
bufferFile = createAbstractFileFromMemoryFile((void**)&buffer, &bufferSize);
XLOG(0, "retrieving..."); fflush(stdout);
get_hfs(volume, filePath, bufferFile);
bufferFile->close(bufferFile);
XLOG(0, "patching..."); fflush(stdout);
patchFile = createAbstractFileFromFile(fopen(patchPath, "rb"));
buffer2 = malloc(1);
bufferSize2 = 0;
out = duplicateAbstractFile(createAbstractFileFromMemoryFile((void**)&buffer, &bufferSize), createAbstractFileFromMemoryFile((void**)&buffer2, &bufferSize2));
// reopen the inner package
bufferFile = openAbstractFile(createAbstractFileFromMemoryFile((void**)&buffer, &bufferSize));
if(!patchFile || !bufferFile || !out) {
XLOG(0, "file error\n");
exit(0);
}
if(patch(bufferFile, out, patchFile) != 0) {
XLOG(0, "patch failed\n");
exit(0);
}
XLOG(0, "writing... "); fflush(stdout);
add_hfs(volume, createAbstractFileFromMemoryFile((void**)&buffer2, &bufferSize2), filePath);
free(buffer2);
free(buffer);
XLOG(0, "success\n"); fflush(stdout);
}
int doDecrypt(StringValue* decryptValue, StringValue* fileValue, const char* bundlePath, OutputState** state, unsigned int* key, unsigned int* iv, int useMemory) {
size_t bufferSize;
void* buffer;
AbstractFile* file;
AbstractFile* out;
AbstractFile* outRaw;
char* tmpFileName;
if(useMemory) {
bufferSize = 0;
buffer = malloc(1);
outRaw = createAbstractFileFromMemoryFile((void**)&buffer, &bufferSize);
} else {
tmpFileName = createTempFile();
outRaw = createAbstractFileFromFile(fopen(tmpFileName, "wb"));
}
out = duplicateAbstractFile(getFileFromOutputState(state, fileValue->value), outRaw);
file = openAbstractFile3(getFileFromOutputState(state, fileValue->value), key, iv, 0);
if(!file || !out) {
XLOG(0, "file error\n");
exit(0);
}
char *buf = malloc(1024 * 1024);
off_t inDataSize = file->getLength(file);
while (inDataSize > 0) {
off_t avail, chunk = 1024 * 1024;
if (chunk > inDataSize) {
chunk = inDataSize;
}
if (chunk < 0) {
XLOG(0, "decrypt failed\n");
exit(0);
}
avail = file->read(file, buf, chunk);
out->write(out, buf, avail);
if (avail < chunk) {
break;
}
inDataSize -= chunk;
}
out->close(out);
file->close(file);
free(buf);
XLOG(0, "writing... "); fflush(stdout);
if (decryptValue) {
fileValue = decryptValue;
}
if(useMemory) {
addToOutput(state, fileValue->value, buffer, bufferSize);
} else {
outRaw = createAbstractFileFromFile(fopen(tmpFileName, "rb"));
size_t length = outRaw->getLength(outRaw);
outRaw->close(outRaw);
addToOutput2(state, fileValue->value, NULL, length, tmpFileName);
}
XLOG(0, "success\n"); fflush(stdout);
return 0;
}
int doPatch(StringValue* patchValue, StringValue* fileValue, const char* bundlePath, OutputState** state, unsigned int* key, unsigned int* iv, int useMemory, int isPlain) {
char* patchPath;
size_t bufferSize;
void* buffer;
AbstractFile* patchFile;
AbstractFile* file;
AbstractFile* out;
AbstractFile* outRaw;
char* tmpFileName;
if(useMemory) {
bufferSize = 0;
buffer = malloc(1);
outRaw = createAbstractFileFromMemoryFile((void**)&buffer, &bufferSize);
} else {
tmpFileName = createTempFile();
outRaw = createAbstractFileFromFile(fopen(tmpFileName, "wb"));
}
patchPath = malloc(sizeof(char) * (strlen(bundlePath) + strlen(patchValue->value) + 2));
strcpy(patchPath, bundlePath);
strcat(patchPath, "/");
strcat(patchPath, patchValue->value);
XLOG(0, "%s (%s)... ", fileValue->value, patchPath); fflush(stdout);
patchFile = createAbstractFileFromFile(fopen(patchPath, "rb"));
if (isPlain) {
out = outRaw;
file = getFileFromOutputState(state, fileValue->value);
} else {
if(key != NULL) {
XLOG(0, "encrypted input... ");
out = duplicateAbstractFile2(getFileFromOutputState(state, fileValue->value), outRaw, key, iv, NULL);
} else {
out = duplicateAbstractFile(getFileFromOutputState(state, fileValue->value), outRaw);
}
if(key != NULL) {
XLOG(0, "encrypted output... ");
file = openAbstractFile2(getFileFromOutputState(state, fileValue->value), key, iv);
} else {
file = openAbstractFile(getFileFromOutputState(state, fileValue->value));
}
}
if(!patchFile || !file || !out) {
XLOG(0, "file error\n");
exit(0);
}
if(patch(file, out, patchFile) != 0) {
XLOG(0, "patch failed\n");
exit(0);
}
if(strstr(fileValue->value, "WTF.s5l8900xall.RELEASE")) {
XLOG(0, "Exploiting 8900 vulnerability... ;)\n");
AbstractFile* exploited;
if(useMemory) {
exploited = createAbstractFileFrom8900(createAbstractFileFromMemoryFile((void**)&buffer, &bufferSize));
} else {
exploited = createAbstractFileFrom8900(createAbstractFileFromFile(fopen(tmpFileName, "r+b")));
}
exploit8900(exploited);
exploited->close(exploited);
}
XLOG(0, "writing... "); fflush(stdout);
if(useMemory) {
addToOutput(state, fileValue->value, buffer, bufferSize);
} else {
outRaw = createAbstractFileFromFile(fopen(tmpFileName, "rb"));
size_t length = outRaw->getLength(outRaw);
outRaw->close(outRaw);
addToOutput2(state, fileValue->value, NULL, length, tmpFileName);
}
XLOG(0, "success\n"); fflush(stdout);
free(patchPath);
return 0;
}
void* replaceBootImage(AbstractFile* imageWrapper, const unsigned int* key, const unsigned int* iv, AbstractFile* png, size_t *fileSize) {
AbstractFile* imageFile;
unsigned char header[8];
InfoIBootIM* info;
png_uint_32 i;
png_bytepp row_pointers;
uint8_t* imageBuffer;
void* buffer;
png->read(png, header, 8);
if(png_sig_cmp(header, 0, 8) != 0) {
XLOG(0, "error: not a valid png file\n");
return NULL;
}
png->seek(png, 0);
png_structp png_ptr = png_create_read_struct(PNG_LIBPNG_VER_STRING, NULL, pngError, pngWarn);
if (!png_ptr) {
return NULL;
}
png_infop info_ptr = png_create_info_struct(png_ptr);
if (!info_ptr)
{
png_destroy_read_struct(&png_ptr, (png_infopp)NULL, (png_infopp)NULL);
return NULL;
}
png_infop end_info = png_create_info_struct(png_ptr);
if (!end_info)
{
png_destroy_read_struct(&png_ptr, &info_ptr, (png_infopp)NULL);
return NULL;
}
if (setjmp(png_jmpbuf(png_ptr)))
{
XLOG(0, "error reading png\n");
png_destroy_read_struct(&png_ptr, &info_ptr, &end_info);
free(buffer);
return NULL;
}
png_set_read_fn(png_ptr, png, pngRead);
png_read_info(png_ptr, info_ptr);
if(png_get_bit_depth(png_ptr, info_ptr) > 8) {
XLOG(0, "warning: bit depth per channel is greater than 8 (%d). Attempting to strip, but image quality will be degraded.\n", png_get_bit_depth(png_ptr, info_ptr));
}
if(png_get_color_type(png_ptr, info_ptr) == PNG_COLOR_TYPE_GRAY || png_get_color_type(png_ptr, info_ptr) == PNG_COLOR_TYPE_RGB) {
XLOG(0, "notice: attempting to add dummy transparency channel\n");
}
if(png_get_color_type(png_ptr, info_ptr) == PNG_COLOR_TYPE_PALETTE) {
XLOG(0, "notice: attempting to expand palette into full rgb\n");
}
png_set_expand(png_ptr);
png_set_strip_16(png_ptr);
png_set_bgr(png_ptr);
png_set_add_alpha(png_ptr, 0x0, PNG_FILLER_AFTER);
png_set_invert_alpha(png_ptr);
png_read_update_info(png_ptr, info_ptr);
if(png_get_image_width(png_ptr, info_ptr) > 320 || png_get_image_height(png_ptr, info_ptr) > 480) {
XLOG(0, "error: dimensions out of range, must be within 320x480, not %lux%lu\n", png_get_image_width(png_ptr, info_ptr), png_get_image_height(png_ptr, info_ptr));
png_destroy_read_struct(&png_ptr, &info_ptr, &end_info);
return NULL;
}
if(png_get_bit_depth(png_ptr, info_ptr) != 8) {
XLOG(0, "error: bit depth per channel must be 8 not %d!\n", png_get_bit_depth(png_ptr, info_ptr));
png_destroy_read_struct(&png_ptr, &info_ptr, &end_info);
return NULL;
}
if(png_get_color_type(png_ptr, info_ptr) != PNG_COLOR_TYPE_GRAY_ALPHA && png_get_color_type(png_ptr, info_ptr) != PNG_COLOR_TYPE_RGB_ALPHA) {
XLOG(0, "error: incorrect color type, must be greyscale with alpha, or rgb with alpha\n");
if(png_get_color_type(png_ptr, info_ptr) == PNG_COLOR_TYPE_GRAY || png_get_color_type(png_ptr, info_ptr) == PNG_COLOR_TYPE_RGB) {
XLOG(0, "It appears you're missing an alpha channel. Add transparency to your image\n");
}
if(png_get_color_type(png_ptr, info_ptr) == PNG_COLOR_TYPE_PALETTE) {
XLOG(0, "This PNG is saved with the palette color type rather than ARGB.\n");
}
png_destroy_read_struct(&png_ptr, &info_ptr, &end_info);
return NULL;
}
row_pointers = (png_bytepp) malloc(sizeof(png_bytep) * png_get_image_height(png_ptr, info_ptr));
imageBuffer = malloc(png_get_image_height(png_ptr, info_ptr) * png_get_rowbytes(png_ptr, info_ptr));
for(i = 0; i < png_get_image_height(png_ptr, info_ptr); i++) {
row_pointers[i] = imageBuffer + (png_get_rowbytes(png_ptr, info_ptr) * i);
}
png_read_image(png_ptr, row_pointers);
png_read_end(png_ptr, end_info);
buffer = malloc(1);
*fileSize = 0;
if(key != NULL) {
imageFile = duplicateAbstractFile2(imageWrapper, createAbstractFileFromMemoryFile((void**)&buffer, fileSize), key, iv, NULL);
} else {
imageFile = duplicateAbstractFile(imageWrapper, createAbstractFileFromMemoryFile((void**)&buffer, fileSize));
}
info = (InfoIBootIM*) (imageFile->data);
info->header.width = (uint16_t) png_get_image_width(png_ptr, info_ptr);
info->header.height = (uint16_t) png_get_image_height(png_ptr, info_ptr);
if(png_get_color_type(png_ptr, info_ptr) == PNG_COLOR_TYPE_GRAY_ALPHA) {
info->header.format = IBOOTIM_GREY;
} else {
info->header.format = IBOOTIM_ARGB;
}
imageFile->write(imageFile, imageBuffer, png_get_image_height(png_ptr, info_ptr) * png_get_rowbytes(png_ptr, info_ptr));
imageFile->close(imageFile);
png_destroy_read_struct(&png_ptr, &info_ptr, &end_info);
png->close(png);
free(row_pointers);
free(imageBuffer);
return buffer;
}
