int dfu_get_cpid(struct idevicerestore_client_t* client, unsigned int* cpid) { irecv_error_t dfu_error = IRECV_E_SUCCESS; if(client->dfu == NULL) { if (dfu_client_new(client) < 0) { return -1; } } dfu_error = irecv_get_cpid(client->dfu->client, cpid); if (dfu_error != IRECV_E_SUCCESS) { return -1; } return 0; }
int recovery_get_cpid(struct idevicerestore_client_t* client, uint32_t* cpid) { irecv_error_t recovery_error = IRECV_E_SUCCESS; if(client->recovery == NULL) { if (recovery_client_new(client) < 0) { return -1; } } recovery_error = irecv_get_cpid(client->recovery->client, cpid); if (recovery_error != IRECV_E_SUCCESS) { return -1; } return 0; }
int recovery_get_cpid(uint32_t* cpid) { irecv_client_t recovery = NULL; irecv_error_t recovery_error = IRECV_E_SUCCESS; if (recovery_open_with_timeout(&recovery) < 0) { return -1; } recovery_error = irecv_get_cpid(recovery, cpid); if (recovery_error != IRECV_E_SUCCESS) { irecv_close(recovery); return -1; } irecv_close(recovery); recovery = NULL; return 0; }
irecv_error_t irecv_get_device(irecv_client_t client, irecv_device_t* device) { int device_id = DEVICE_UNKNOWN; uint32_t bdid = 0; uint32_t cpid = 0; if (irecv_get_cpid(client, &cpid) < 0) { return IRECV_E_UNKNOWN_ERROR; } switch (cpid) { case CPID_IPHONE2G: // iPhone1,1 iPhone1,2 and iPod1,1 all share the same ChipID // so we need to check the BoardID if (irecv_get_bdid(client, &bdid) < 0) { break; } switch (bdid) { case BDID_IPHONE2G: device_id = DEVICE_IPHONE2G; break; case BDID_IPHONE3G: device_id = DEVICE_IPHONE3G; break; case BDID_IPOD1G: device_id = DEVICE_IPOD1G; break; default: device_id = DEVICE_UNKNOWN; break; } break; case CPID_IPHONE3GS: device_id = DEVICE_IPHONE3GS; break; case CPID_IPOD2G: device_id = DEVICE_IPOD2G; break; case CPID_IPOD3G: device_id = DEVICE_IPOD3G; break; case CPID_IPAD1G: // iPhone3,1 iPhone3,3 iPad4,1 and iPad1,1 all share the same ChipID // so we need to check the BoardID if (irecv_get_bdid(client, &bdid) < 0) { break; } switch (bdid) { case BDID_IPAD1G: device_id = DEVICE_IPAD1G; break; case BDID_IPHONE4: device_id = DEVICE_IPHONE4; break; case BDID_IPOD4G: device_id = DEVICE_IPOD4G; break; case BDID_APPLETV2: device_id = DEVICE_APPLETV2; break; case BDID_IPHONE42: device_id = DEVICE_IPHONE42; break; default: device_id = DEVICE_UNKNOWN; break; } break; default: device_id = DEVICE_UNKNOWN; break; } *device = &irecv_devices[device_id]; return IRECV_E_SUCCESS; }
void parse_command(irecv_client_t client, unsigned char* command, unsigned int size) { char* cmd = strdup(command); char* action = strtok(cmd, " "); debug("Executing %s\n", action); if (!strcmp(cmd, "/exit")) { quit = 1; } else if (!strcmp(cmd, "/help")) { shell_usage(); } else if (!strcmp(cmd, "/upload")) { char* filename = strtok(NULL, " "); debug("Uploading files %s\n", filename); if (filename != NULL) { irecv_send_file(client, filename, 0); } } else if (!strcmp(cmd, "/deviceinfo")) { int ret; unsigned int cpid, bdid; unsigned long long ecid; unsigned char srnm[12], imei[15], bt[15]; ret = irecv_get_cpid(client, &cpid); if(ret == IRECV_E_SUCCESS) { printf("CPID: %d\n", cpid); } ret = irecv_get_bdid(client, &bdid); if(ret == IRECV_E_SUCCESS) { printf("BDID: %d\n", bdid); } ret = irecv_get_ecid(client, &ecid); if(ret == IRECV_E_SUCCESS) { printf("ECID: %lld\n", ecid); } ret = irecv_get_srnm(client, srnm); if(ret == IRECV_E_SUCCESS) { printf("SRNM: %s\n", srnm); } ret = irecv_get_imei(client, imei); if(ret == IRECV_E_SUCCESS) { printf("IMEI: %s\n", imei); } } else if (!strcmp(cmd, "/exploit")) { char* filename = strtok(NULL, " "); debug("Sending exploit %s\n", filename); if (filename != NULL) { irecv_send_file(client, filename, 0); } irecv_send_exploit(client); } else if (!strcmp(cmd, "/execute")) { char* filename = strtok(NULL, " "); debug("Executing script %s\n", filename); if (filename != NULL) { irecv_execute_script(client, filename); } } free(action); }
static void parse_command(irecv_client_t client, unsigned char* command, unsigned int size) { char* cmd = strdup((char*)command); char* action = strtok(cmd, " "); if (!strcmp(cmd, "/exit")) { quit = 1; } else if (!strcmp(cmd, "/help")) { shell_usage(); } else if (!strcmp(cmd, "/upload")) { char* filename = strtok(NULL, " "); debug("Uploading files %s\n", filename); if (filename != NULL) { irecv_send_file(client, filename, 0); } } else if (!strcmp(cmd, "/deviceinfo")) { int ret, mode; unsigned int cpid, bdid; unsigned long long ecid; char srnm[12], imei[15]; ret = irecv_get_cpid(client, &cpid); if(ret == IRECV_E_SUCCESS) { printf("CPID: %d\n", cpid); } ret = irecv_get_bdid(client, &bdid); if(ret == IRECV_E_SUCCESS) { printf("BDID: %d\n", bdid); } ret = irecv_get_ecid(client, &ecid); if(ret == IRECV_E_SUCCESS) { printf("ECID: " _FMT_lld "\n", ecid); } ret = irecv_get_srnm(client, srnm); if(ret == IRECV_E_SUCCESS) { printf("SRNM: %s\n", srnm); } ret = irecv_get_imei(client, imei); if(ret == IRECV_E_SUCCESS) { printf("IMEI: %s\n", imei); } ret = irecv_get_mode(client, &mode); if (ret == IRECV_E_SUCCESS) { printf("MODE: %s\n", mode_to_str(mode)); } } else if (!strcmp(cmd, "/limera1n")) { char* filename = strtok(NULL, " "); debug("Sending limera1n payload %s\n", filename); if (filename != NULL) { irecv_send_file(client, filename, 0); } irecv_trigger_limera1n_exploit(client); } else if (!strcmp(cmd, "/execute")) { char* filename = strtok(NULL, " "); debug("Executing script %s\n", filename); if (filename != NULL) { char* buffer = NULL; uint64_t buffer_length = 0; buffer_read_from_filename(filename, &buffer, &buffer_length); if (buffer) { buffer[buffer_length] = '\0'; irecv_execute_script(client, buffer); free(buffer); } else { printf("Could not read file '%s'\n", filename); } } } free(action); }
int main(int argc, char* argv[]) { irecv_error_t error; unsigned int cpid; int can_ra1n = 0; printf("Loadibec " LOADIBEC_VERSION COMMIT_STRING ".\n"); if(argc != 2) { printf("Usage: %s <file>\n" "\tLoads a file to an iDevice in recovery mode and jumps to it.\n", argv[0]); return 0; } irecv_init(); printf("Connecting to iDevice...\n"); error = irecv_open_attempts(&g_syringe_client, 10); if(error != IRECV_E_SUCCESS) { fprintf(stderr, "Failed to connect to iBoot, error %d.\n", error); return -error; } if(irecv_get_cpid(g_syringe_client, &cpid) == IRECV_E_SUCCESS) { if(cpid > 8900) can_ra1n = 1; } if(g_syringe_client->mode == kDfuMode && can_ra1n) { int ret; printf("linera1n compatible device detected, injecting limera1n.\n"); irecv_close(&g_syringe_client); irecv_exit(); pois0n_init(); ret = pois0n_is_ready(); if(ret < 0) return ret; ret = pois0n_is_compatible(); if(ret < 0) return ret; pois0n_inject(); irecv_close(&g_syringe_client); g_syringe_client = NULL; printf("limera1ned, reconnecting...\n"); g_syringe_client = irecv_reconnect(g_syringe_client, 10); if(!g_syringe_client) { fprintf(stderr, "Failed to reconnect.\n"); return 4; } } else can_ra1n = 0; printf("Starting transfer of '%s'.\n", argv[1]); irecv_event_subscribe(g_syringe_client, IRECV_PROGRESS, &progress_cb, NULL); error = irecv_send_file(g_syringe_client, argv[1], 0); if(error != IRECV_E_SUCCESS) { fprintf(stderr, "Failed to upload '%s', error %d.\n", argv[1], error); return 2; } error = irecv_send_command(g_syringe_client, "go"); if(error != IRECV_E_SUCCESS) { fprintf(stderr, "Failed to jump to uploaded file, error %d.\n", error); return 3; } irecv_send_command(g_syringe_client, "go jump 0x41000000"); printf("Uploaded Successfully.\n"); irecv_exit(); return 0; }