LIBIMOBILEDEVICE_API lockdownd_error_t lockdownd_client_new_with_handshake(idevice_t device, lockdownd_client_t *client, const char *label) { if (!client) return LOCKDOWN_E_INVALID_ARG; lockdownd_error_t ret = LOCKDOWN_E_SUCCESS; lockdownd_client_t client_loc = NULL; plist_t pair_record = NULL; char *host_id = NULL; char *type = NULL; ret = lockdownd_client_new(device, &client_loc, label); if (LOCKDOWN_E_SUCCESS != ret) { debug_info("failed to create lockdownd client."); return ret; } /* perform handshake */ if (LOCKDOWN_E_SUCCESS != lockdownd_query_type(client_loc, &type)) { debug_info("QueryType failed in the lockdownd client."); ret = LOCKDOWN_E_NOT_ENOUGH_DATA; } else { if (strcmp("com.apple.mobile.lockdown", type)) { debug_info("Warning QueryType request returned \"%s\".", type); } } free(type); userpref_read_pair_record(client_loc->udid, &pair_record); if (pair_record) { pair_record_get_host_id(pair_record, &host_id); } if (LOCKDOWN_E_SUCCESS == ret && !host_id) { ret = LOCKDOWN_E_INVALID_CONF; } if (LOCKDOWN_E_SUCCESS == ret && !pair_record) { /* attempt pairing */ ret = lockdownd_pair(client_loc, NULL); } plist_free(pair_record); pair_record = NULL; /* in any case, we need to validate pairing to receive trusted host status */ ret = lockdownd_validate_pair(client_loc, NULL); /* if not paired yet, let's do it now */ if (LOCKDOWN_E_INVALID_HOST_ID == ret) { free(host_id); host_id = NULL; ret = lockdownd_pair(client_loc, NULL); if (LOCKDOWN_E_SUCCESS == ret) { ret = lockdownd_validate_pair(client_loc, NULL); } else if (LOCKDOWN_E_PAIRING_DIALOG_PENDING == ret) { debug_info("Device shows the pairing dialog."); } } if (LOCKDOWN_E_SUCCESS == ret) { if (!host_id) { userpref_read_pair_record(client_loc->udid, &pair_record); if (pair_record) { pair_record_get_host_id(pair_record, &host_id); plist_free(pair_record); } } ret = lockdownd_start_session(client_loc, host_id, NULL, NULL); if (LOCKDOWN_E_SUCCESS != ret) { debug_info("Session opening failed."); } } if (LOCKDOWN_E_SUCCESS == ret) { *client = client_loc; } else { lockdownd_client_free(client_loc); } free(host_id); return ret; }
LIBIMOBILEDEVICE_API lockdownd_error_t lockdownd_client_new(idevice_t device, lockdownd_client_t *client, const char *label) { if (!client) return LOCKDOWN_E_INVALID_ARG; static struct lockdownd_service_descriptor service = { .port = 0xf27e, .ssl_enabled = 0 }; property_list_service_client_t plistclient = NULL; if (property_list_service_client_new(device, (lockdownd_service_descriptor_t)&service, &plistclient) != PROPERTY_LIST_SERVICE_E_SUCCESS) { debug_info("could not connect to lockdownd (device %s)", device->udid); return LOCKDOWN_E_MUX_ERROR; } lockdownd_client_t client_loc = (lockdownd_client_t) malloc(sizeof(struct lockdownd_client_private)); client_loc->parent = plistclient; client_loc->ssl_enabled = 0; client_loc->session_id = NULL; if (idevice_get_udid(device, &client_loc->udid) != IDEVICE_E_SUCCESS) { debug_info("failed to get device udid."); } debug_info("device udid: %s", client_loc->udid); client_loc->label = label ? strdup(label) : NULL; *client = client_loc; return LOCKDOWN_E_SUCCESS; } LIBIMOBILEDEVICE_API lockdownd_error_t lockdownd_client_new_with_handshake(idevice_t device, lockdownd_client_t *client, const char *label) { if (!client) return LOCKDOWN_E_INVALID_ARG; lockdownd_error_t ret = LOCKDOWN_E_SUCCESS; lockdownd_client_t client_loc = NULL; char *host_id = NULL; char *type = NULL; ret = lockdownd_client_new(device, &client_loc, label); if (LOCKDOWN_E_SUCCESS != ret) { debug_info("failed to create lockdownd client."); return ret; } /* perform handshake */ if (LOCKDOWN_E_SUCCESS != lockdownd_query_type(client_loc, &type)) { debug_info("QueryType failed in the lockdownd client."); ret = LOCKDOWN_E_NOT_ENOUGH_DATA; } else { if (strcmp("com.apple.mobile.lockdown", type)) { debug_info("Warning QueryType request returned \"%s\".", type); } } if (type) free(type); plist_t pair_record = NULL; userpref_read_pair_record(client_loc->udid, &pair_record); if (pair_record) { pair_record_get_host_id(pair_record, &host_id); } if (LOCKDOWN_E_SUCCESS == ret && !host_id) { ret = LOCKDOWN_E_INVALID_CONF; } if (LOCKDOWN_E_SUCCESS == ret && !pair_record) { /* attempt pairing */ ret = lockdownd_pair(client_loc, NULL); } plist_free(pair_record); pair_record = NULL; /* in any case, we need to validate pairing to receive trusted host status */ ret = lockdownd_validate_pair(client_loc, NULL); /* if not paired yet, let's do it now */ if (LOCKDOWN_E_INVALID_HOST_ID == ret) { ret = lockdownd_pair(client_loc, NULL); if (LOCKDOWN_E_SUCCESS == ret) { ret = lockdownd_validate_pair(client_loc, NULL); } else if (LOCKDOWN_E_PAIRING_DIALOG_PENDING == ret) { debug_info("Device shows the pairing dialog."); } } if (LOCKDOWN_E_SUCCESS == ret) { if (!host_id) { userpref_read_pair_record(client_loc->udid, &pair_record); if (pair_record) { pair_record_get_host_id(pair_record, &host_id); plist_free(pair_record); } } ret = lockdownd_start_session(client_loc, host_id, NULL, NULL); if (LOCKDOWN_E_SUCCESS != ret) { debug_info("Session opening failed."); } if (host_id) { free(host_id); host_id = NULL; } } if (LOCKDOWN_E_SUCCESS == ret) { *client = client_loc; } else { lockdownd_client_free(client_loc); } return ret; } /** * Returns a new plist from the supplied lockdownd pair record. The caller is * responsible for freeing the plist. * * @param pair_record The pair record to create a plist from. * * @return A pair record plist from the device, NULL if pair_record is not set */ static plist_t lockdownd_pair_record_to_plist(lockdownd_pair_record_t pair_record) { if (!pair_record) return NULL; /* setup request plist */ plist_t dict = plist_new_dict(); plist_dict_set_item(dict, "DeviceCertificate", plist_new_data(pair_record->device_certificate, strlen(pair_record->device_certificate))); plist_dict_set_item(dict, "HostCertificate", plist_new_data(pair_record->host_certificate, strlen(pair_record->host_certificate))); plist_dict_set_item(dict, "HostID", plist_new_string(pair_record->host_id)); plist_dict_set_item(dict, "RootCertificate", plist_new_data(pair_record->root_certificate, strlen(pair_record->root_certificate))); plist_dict_set_item(dict, "SystemBUID", plist_new_string(pair_record->system_buid)); return dict; } /** * Generates a pair record plist with required certificates for a specific * device. If a pairing exists, it is loaded from the computer instead of being * generated. * * @param pair_record_plist Holds the pair record. * * @return LOCKDOWN_E_SUCCESS on success */ static lockdownd_error_t pair_record_generate(lockdownd_client_t client, plist_t *pair_record) { lockdownd_error_t ret = LOCKDOWN_E_UNKNOWN_ERROR; key_data_t public_key = { NULL, 0 }; char* host_id = NULL; char* system_buid = NULL; /* retrieve device public key */ ret = lockdownd_get_device_public_key_as_key_data(client, &public_key); if (ret != LOCKDOWN_E_SUCCESS) { debug_info("device refused to send public key."); goto leave; } debug_info("device public key follows:\n%.*s", public_key.size, public_key.data); *pair_record = plist_new_dict(); /* generate keys and certificates into pair record */ userpref_error_t uret = USERPREF_E_SUCCESS; uret = pair_record_generate_keys_and_certs(*pair_record, public_key); switch(uret) { case USERPREF_E_INVALID_ARG: ret = LOCKDOWN_E_INVALID_ARG; break; case USERPREF_E_INVALID_CONF: ret = LOCKDOWN_E_INVALID_CONF; break; case USERPREF_E_SSL_ERROR: ret = LOCKDOWN_E_SSL_ERROR; default: break; } /* set SystemBUID */ userpref_read_system_buid(&system_buid); if (system_buid) { plist_dict_set_item(*pair_record, USERPREF_SYSTEM_BUID_KEY, plist_new_string(system_buid)); } /* set HostID */ host_id = generate_uuid(); pair_record_set_host_id(*pair_record, host_id); leave: if (host_id) free(host_id); if (system_buid) free(system_buid); if (public_key.data) free(public_key.data); return ret; }
int main(int argc, char **argv) { lockdownd_client_t client = NULL; idevice_t device = NULL; idevice_error_t ret = IDEVICE_E_UNKNOWN_ERROR; lockdownd_error_t lerr; int result; char *type = NULL; char *cmd; typedef enum { OP_NONE = 0, OP_PAIR, OP_VALIDATE, OP_UNPAIR, OP_LIST, OP_HOSTID, OP_SYSTEMBUID } op_t; op_t op = OP_NONE; parse_opts(argc, argv); if ((argc - optind) < 1) { printf("ERROR: You need to specify a COMMAND!\n"); print_usage(argc, argv); exit(EXIT_FAILURE); } cmd = (argv+optind)[0]; if (!strcmp(cmd, "pair")) { op = OP_PAIR; } else if (!strcmp(cmd, "validate")) { op = OP_VALIDATE; } else if (!strcmp(cmd, "unpair")) { op = OP_UNPAIR; } else if (!strcmp(cmd, "list")) { op = OP_LIST; } else if (!strcmp(cmd, "hostid")) { op = OP_HOSTID; } else if (!strcmp(cmd, "systembuid")) { op = OP_SYSTEMBUID; } else { printf("ERROR: Invalid command '%s' specified\n", cmd); print_usage(argc, argv); exit(EXIT_FAILURE); } if (op == OP_SYSTEMBUID) { char *systembuid = NULL; userpref_read_system_buid(&systembuid); printf("%s\n", systembuid); if (systembuid) free(systembuid); return EXIT_SUCCESS; } if (op == OP_LIST) { unsigned int i; char **udids = NULL; unsigned int count = 0; userpref_get_paired_udids(&udids, &count); for (i = 0; i < count; i++) { printf("%s\n", udids[i]); free(udids[i]); } if (udids) free(udids); if (udid) free(udid); return EXIT_SUCCESS; } if (udid) { ret = idevice_new(&device, udid); free(udid); udid = NULL; if (ret != IDEVICE_E_SUCCESS) { printf("No device found with udid %s, is it plugged in?\n", udid); return EXIT_FAILURE; } } else { ret = idevice_new(&device, NULL); if (ret != IDEVICE_E_SUCCESS) { printf("No device found, is it plugged in?\n"); return EXIT_FAILURE; } } ret = idevice_get_udid(device, &udid); if (ret != IDEVICE_E_SUCCESS) { printf("ERROR: Could not get device udid, error code %d\n", ret); result = EXIT_FAILURE; goto leave; } if (op == OP_HOSTID) { plist_t pair_record = NULL; char *hostid = NULL; userpref_read_pair_record(udid, &pair_record); pair_record_get_host_id(pair_record, &hostid); printf("%s\n", hostid); if (hostid) free(hostid); if (pair_record) plist_free(pair_record); return EXIT_SUCCESS; } lerr = lockdownd_client_new(device, &client, "idevicepair"); if (lerr != LOCKDOWN_E_SUCCESS) { idevice_free(device); printf("ERROR: Could not connect to lockdownd, error code %d\n", lerr); return EXIT_FAILURE; } result = EXIT_SUCCESS; lerr = lockdownd_query_type(client, &type); if (lerr != LOCKDOWN_E_SUCCESS) { printf("QueryType failed, error code %d\n", lerr); result = EXIT_FAILURE; goto leave; } else { if (strcmp("com.apple.mobile.lockdown", type)) { printf("WARNING: QueryType request returned '%s'\n", type); } if (type) { free(type); } } switch(op) { default: case OP_PAIR: lerr = lockdownd_pair(client, NULL); if (lerr == LOCKDOWN_E_SUCCESS) { printf("SUCCESS: Paired with device %s\n", udid); } else { result = EXIT_FAILURE; print_error_message(lerr); } break; case OP_VALIDATE: lerr = lockdownd_validate_pair(client, NULL); if (lerr == LOCKDOWN_E_SUCCESS) { printf("SUCCESS: Validated pairing with device %s\n", udid); } else { result = EXIT_FAILURE; print_error_message(lerr); } break; case OP_UNPAIR: lerr = lockdownd_unpair(client, NULL); if (lerr == LOCKDOWN_E_SUCCESS) { printf("SUCCESS: Unpaired with device %s\n", udid); } else { result = EXIT_FAILURE; print_error_message(lerr); } break; } leave: lockdownd_client_free(client); idevice_free(device); if (udid) { free(udid); } return result; }