int tss_populate_basebandvals(plist_t tssreq, plist_t tssparameters, int64_t BbGoldCertId){
plist_t parameters = plist_new_dict();
char bbnonce[noncelen+1];
char bbsnum[5];
int64_t BbChipID = 0;
getRandNum(bbnonce, noncelen, 256);
getRandNum(bbsnum, 4, 256);
int n=0; for (int i=1; i<7; i++) BbChipID += (arc4random() % 10) * pow(10, ++n);
plist_dict_set_item(parameters, "BbNonce", plist_new_data(bbnonce, noncelen));
plist_dict_set_item(parameters, "BbChipID", plist_new_uint(BbChipID));
plist_dict_set_item(parameters, "BbGoldCertId", plist_new_uint(BbGoldCertId));
plist_dict_set_item(parameters, "BbSNUM", plist_new_data(bbsnum, 4));
/* BasebandFirmware */
plist_t BasebandFirmware = plist_access_path(tssparameters, 2, "Manifest", "BasebandFirmware");
if (!BasebandFirmware || plist_get_node_type(BasebandFirmware) != PLIST_DICT) {
error("ERROR: Unable to get BasebandFirmware node\n");
return -1;
}
plist_t bbfwdict = plist_copy(BasebandFirmware);
BasebandFirmware = NULL;
if (plist_dict_get_item(bbfwdict, "Info")) {
plist_dict_remove_item(bbfwdict, "Info");
}
plist_dict_set_item(tssreq, "BasebandFirmware", bbfwdict);
tss_request_add_baseband_tags(tssreq, parameters, NULL);
return 0;
}
webinspector_error_t webinspector_send(webinspector_client_t client, plist_t plist)
{
webinspector_error_t res = WEBINSPECTOR_E_UNKNOWN_ERROR;
uint32_t offset = 0;
int is_final_message = 0;
char *packet = NULL;
uint32_t packet_length = 0;
debug_info("Sending webinspector message...");
debug_plist(plist);
/* convert plist to packet */
plist_to_bin(plist, &packet, &packet_length);
if (!packet || packet_length == 0) {
debug_info("Error converting plist to binary.");
return res;
}
do {
/* determine if we need to send partial messages */
if (packet_length < WEBINSPECTOR_PARTIAL_PACKET_CHUNK_SIZE) {
is_final_message = 1;
} else {
/* send partial packet */
is_final_message = 0;
}
plist_t outplist = plist_new_dict();
if (!is_final_message) {
/* split packet into partial chunks */
plist_dict_set_item(outplist, "WIRPartialMessageKey", plist_new_data(packet + offset, WEBINSPECTOR_PARTIAL_PACKET_CHUNK_SIZE));
offset += WEBINSPECTOR_PARTIAL_PACKET_CHUNK_SIZE;
packet_length -= WEBINSPECTOR_PARTIAL_PACKET_CHUNK_SIZE;
} else {
/* send final chunk */
plist_dict_set_item(outplist, "WIRFinalMessageKey", plist_new_data(packet + offset, packet_length));
offset += packet_length;
packet_length -= packet_length;
}
res = webinspector_error(property_list_service_send_binary_plist(client->parent, outplist));
plist_free(outplist);
outplist = NULL;
if (res != WEBINSPECTOR_E_SUCCESS) {
debug_info("Sending plist failed with error %d", res);
return res;
}
} while(packet_length > 0);
free(packet);
packet = NULL;
return res;
}
/**
* Returns a new plist from the supplied lockdownd pair record. The caller is
* responsible for freeing the plist.
*
* @param pair_record The pair record to create a plist from.
*
* @return A pair record plist from the device, NULL if pair_record is not set
*/
static plist_t lockdownd_pair_record_to_plist(lockdownd_pair_record_t pair_record)
{
if (!pair_record)
return NULL;
/* setup request plist */
plist_t dict = plist_new_dict();
plist_dict_set_item(dict, "DeviceCertificate", plist_new_data(pair_record->device_certificate, strlen(pair_record->device_certificate)));
plist_dict_set_item(dict, "HostCertificate", plist_new_data(pair_record->host_certificate, strlen(pair_record->host_certificate)));
plist_dict_set_item(dict, "HostID", plist_new_string(pair_record->host_id));
plist_dict_set_item(dict, "RootCertificate", plist_new_data(pair_record->root_certificate, strlen(pair_record->root_certificate)));
plist_dict_set_item(dict, "SystemBUID", plist_new_string(pair_record->system_buid));
return dict;
}
/**
* Mounts an image on the device.
*
* @param client The connected mobile_image_mounter client.
* @param image_path The absolute path of the image to mount. The image must
* be present before calling this function.
* @param image_signature Pointer to a buffer holding the images' signature
* @param signature_length Length of the signature image_signature points to
* @param image_type Type of image to mount
* @param result Pointer to a plist that will receive the result of the
* operation.
*
* @note This function may return MOBILE_IMAGE_MOUNTER_E_SUCCESS even if the
* operation has failed. Check the resulting plist for further information.
* Note that there is no unmounting function. The mount persists until the
* device is rebooted.
*
* @return MOBILE_IMAGE_MOUNTER_E_SUCCESS on success,
* MOBILE_IMAGE_MOUNTER_E_INVALID_ARG if on ore more parameters are
* invalid, or another error code otherwise.
*/
mobile_image_mounter_error_t mobile_image_mounter_mount_image(mobile_image_mounter_client_t client, const char *image_path, const char *image_signature, uint16_t signature_length, const char *image_type, plist_t *result)
{
if (!client || !image_path || !image_signature || (signature_length == 0) || !image_type || !result) {
return MOBILE_IMAGE_MOUNTER_E_INVALID_ARG;
}
mobile_image_mounter_lock(client);
plist_t dict = plist_new_dict();
plist_dict_insert_item(dict, "Command", plist_new_string("MountImage"));
plist_dict_insert_item(dict, "ImagePath", plist_new_string(image_path));
plist_dict_insert_item(dict, "ImageSignature", plist_new_data(image_signature, signature_length));
plist_dict_insert_item(dict, "ImageType", plist_new_string(image_type));
mobile_image_mounter_error_t res = mobile_image_mounter_error(property_list_service_send_xml_plist(client->parent, dict));
plist_free(dict);
if (res != MOBILE_IMAGE_MOUNTER_E_SUCCESS) {
debug_info("%s: Error sending XML plist to device!", __func__);
goto leave_unlock;
}
res = mobile_image_mounter_error(property_list_service_receive_plist(client->parent, result));
if (res != MOBILE_IMAGE_MOUNTER_E_SUCCESS) {
debug_info("%s: Error receiving response from device!", __func__);
}
leave_unlock:
mobile_image_mounter_unlock(client);
return res;
}
int tss_populate_devicevals(plist_t tssreq, uint64_t ecid, char *nonce, size_t nonce_size, char *sep_nonce, size_t sep_nonce_size, int image4supported){
plist_dict_set_item(tssreq, "ApECID", plist_new_uint(ecid)); //0000000000000000
if (nonce) {
plist_dict_set_item(tssreq, "ApNonce", plist_new_data(nonce, nonce_size));//aa aa aa aa bb cc dd ee ff 00 11 22 33 44 55 66 77 88 99 aa
}
if (sep_nonce) {//aa aa aa aa bb cc dd ee ff 00 11 22 33 44 55 66 77 88 99 aa
plist_dict_set_item(tssreq, "ApSepNonce", plist_new_data(sep_nonce, sep_nonce_size));
}
plist_dict_set_item(tssreq, "ApProductionMode", plist_new_bool(1));
if (image4supported) {
plist_dict_set_item(tssreq, "ApSecurityMode", plist_new_bool(1));
plist_dict_set_item(tssreq, "ApSupportsImg4", plist_new_bool(1));
} else {
plist_dict_set_item(tssreq, "ApSupportsImg4", plist_new_bool(0));
}
return 0;
}
static plist_t plist_data_from_plist(plist_t plist)
{
if (plist && plist_get_node_type(plist) == PLIST_DATA) {
return plist_copy(plist);
}
plist_t result = NULL;
char *xml = NULL;
uint32_t xml_len = 0;
plist_to_xml(plist, &xml, &xml_len);
result = plist_new_data(xml, xml_len);
free(xml);
return result;
}
int restore_send_kernelcache(restored_client_t client, char* kernel_data, int len) {
info("Sending kernelcache\n");
plist_t kernelcache_node = plist_new_data(kernel_data, len);
plist_t dict = plist_new_dict();
plist_dict_insert_item(dict, "KernelCacheFile", kernelcache_node);
restored_error_t ret = restored_send(client, dict);
if (ret != RESTORE_E_SUCCESS) {
error("ERROR: Unable to send kernelcache data\n");
plist_free(dict);
return -1;
}
info("Done sending kernelcache\n");
plist_free(dict);
return 0;
}
Node::Node(plist_type type, Node* parent) : _parent(parent)
{
_node = NULL;
switch (type)
{
case PLIST_BOOLEAN:
_node = plist_new_bool(0);
break;
case PLIST_UINT:
_node = plist_new_uint(0);
break;
case PLIST_REAL:
_node = plist_new_real(0.);
break;
case PLIST_STRING:
_node = plist_new_string("");
break;
case PLIST_KEY:
_node = plist_new_string("");
plist_set_key_val(_node, "");
break;
case PLIST_UID:
_node = plist_new_uid(0);
break;
case PLIST_DATA:
_node = plist_new_data(NULL,0);
break;
case PLIST_DATE:
_node = plist_new_date(0,0);
break;
case PLIST_ARRAY:
_node = plist_new_array();
break;
case PLIST_DICT:
_node = plist_new_dict();
break;
case PLIST_NONE:
default:
break;
}
}
static int send_pair_record(struct mux_client *client, uint32_t tag, const char* record_id)
{
int res = -1;
char* record_data = NULL;
uint64_t record_size = 0;
if (!record_id) {
return send_result(client, tag, EINVAL);
}
config_get_device_record(record_id, &record_data, &record_size);
if (record_data) {
plist_t dict = plist_new_dict();
plist_dict_insert_item(dict, "PairRecordData", plist_new_data(record_data, record_size));
free(record_data);
res = send_plist_pkt(client, tag, dict);
plist_free(dict);
} else {
res = send_result(client, tag, ENOENT);
}
return res;
}
int main(int argc, char *argv[])
{
lockdownd_client_t client = NULL;
lockdownd_service_descriptor_t service = NULL;
idevice_t device = NULL;
idevice_error_t ret = IDEVICE_E_UNKNOWN_ERROR;
int i;
int op = -1;
const char* udid = NULL;
const char* param = NULL;
/* parse cmdline args */
for (i = 1; i < argc; i++) {
if (!strcmp(argv[i], "-d") || !strcmp(argv[i], "--debug")) {
idevice_set_debug_level(1);
continue;
}
else if (!strcmp(argv[i], "-u") || !strcmp(argv[i], "--udid")) {
i++;
if (!argv[i] || (strlen(argv[i]) != 40)) {
print_usage(argc, argv);
return 0;
}
udid = argv[i];
continue;
}
else if (!strcmp(argv[i], "install")) {
i++;
if (!argv[i] || (strlen(argv[i]) < 1)) {
print_usage(argc, argv);
return 0;
}
param = argv[i];
op = OP_INSTALL;
continue;
}
else if (!strcmp(argv[i], "list")) {
op = OP_LIST;
}
else if (!strcmp(argv[i], "copy")) {
i++;
if (!argv[i] || (strlen(argv[i]) < 1)) {
print_usage(argc, argv);
return 0;
}
param = argv[i];
op = OP_COPY;
continue;
}
else if (!strcmp(argv[i], "remove")) {
i++;
if (!argv[i] || (strlen(argv[i]) < 1)) {
print_usage(argc, argv);
return 0;
}
param = argv[i];
op = OP_REMOVE;
continue;
}
else if (!strcmp(argv[i], "-h") || !strcmp(argv[i], "--help")) {
print_usage(argc, argv);
return 0;
}
else {
print_usage(argc, argv);
return 0;
}
}
if ((op == -1) || (op >= NUM_OPS)) {
print_usage(argc, argv);
return 0;
}
ret = idevice_new(&device, udid);
if (ret != IDEVICE_E_SUCCESS) {
if (udid) {
printf("No device found with udid %s, is it plugged in?\n", udid);
} else {
printf("No device found, is it plugged in?\n");
}
return -1;
}
if (LOCKDOWN_E_SUCCESS != lockdownd_client_new_with_handshake(device, &client, "ideviceprovision")) {
idevice_free(device);
return -1;
}
if (LOCKDOWN_E_SUCCESS != lockdownd_start_service(client, "com.apple.misagent", &service)) {
fprintf(stderr, "Could not start service \"com.apple.misagent\"\n");
lockdownd_client_free(client);
idevice_free(device);
return -1;
}
lockdownd_client_free(client);
client = NULL;
misagent_client_t mis = NULL;
if (misagent_client_new(device, service, &mis) != MISAGENT_E_SUCCESS) {
fprintf(stderr, "Could not connect to \"com.apple.misagent\" on device\n");
if (service)
lockdownd_service_descriptor_free(service);
lockdownd_client_free(client);
idevice_free(device);
return -1;
}
if (service)
lockdownd_service_descriptor_free(service);
switch (op) {
case OP_INSTALL:
{
FILE* f = fopen(param, "rb");
if (!f) {
fprintf(stderr, "Could not open file '%s'\n", param);
break;
}
fseek(f, 0, SEEK_END);
long int size = ftell(f);
fseek(f, 0, SEEK_SET);
if (size >= 0x1000000) {
fprintf(stderr, "The file '%s' is too large for processing.\n", param);
fclose(f);
break;
}
char* buf = (char *)malloc(size);
if (!buf) {
fprintf(stderr, "Could not allocate memory...\n");
fclose(f);
break;
}
long int cur = 0;
while (cur < size) {
ssize_t r = fread(buf+cur, 1, 512, f);
if (r <= 0) {
break;
}
cur += r;
}
fclose(f);
if (cur != size) {
free(buf);
fprintf(stderr, "Could not read in file '%s' (size %ld read %ld)\n", param, size, cur);
break;
}
uint64_t psize = size;
plist_t pdata = plist_new_data(buf, psize);
if (misagent_install(mis, pdata) == MISAGENT_E_SUCCESS) {
printf("Profile '%s' installed successfully.\n", param);
} else {
int sc = misagent_get_status_code(mis);
fprintf(stderr, "Could not install profile '%s', status code: 0x%x\n", param, sc);
}
free(buf);
}
break;
case OP_LIST:
case OP_COPY:
{
plist_t profiles = NULL;
if (misagent_copy(mis, &profiles) == MISAGENT_E_SUCCESS) {
uint32_t num_profiles = plist_array_get_size(profiles);
printf("Device has %d provisioning %s installed:\n", num_profiles, (num_profiles == 1) ? "profile" : "profiles");
uint32_t j;
for (j = 0; j < num_profiles; j++) {
char* p_name = NULL;
char* p_uuid = NULL;
plist_t profile = plist_array_get_item(profiles, j);
plist_t pl = profile_get_embedded_plist(profile);
if (pl && (plist_get_node_type(pl) == PLIST_DICT)) {
plist_t node;
node = plist_dict_get_item(pl, "Name");
if (node && (plist_get_node_type(node) == PLIST_STRING)) {
plist_get_string_val(node, &p_name);
}
node = plist_dict_get_item(pl, "UUID");
if (node && (plist_get_node_type(node) == PLIST_STRING)) {
plist_get_string_val(node, &p_uuid);
}
}
printf("%s - %s\n", (p_uuid) ? p_uuid : "(unknown id)", (p_name) ? p_name : "(no name)");
if (op == OP_COPY) {
char pfname[512];
if (p_uuid) {
sprintf(pfname, "%s/%s.mobileprovision", param, p_uuid);
} else {
sprintf(pfname, "%s/profile%d.mobileprovision", param, j);
}
FILE* f = fopen(pfname, "wb");
if (f) {
char* dt = NULL;
uint64_t ds = 0;
plist_get_data_val(profile, &dt, &ds);
fwrite(dt, 1, (size_t) ds, f);
fclose(f);
printf(" => %s\n", pfname);
} else {
fprintf(stderr, "Could not open '%s' for writing\n", pfname);
}
}
if (p_uuid) {
free(p_uuid);
}
if (p_name) {
free(p_name);
}
}
} else {
int sc = misagent_get_status_code(mis);
fprintf(stderr, "Could not get installed profiles from device, status code: 0x%x\n", sc);
}
}
break;
case OP_REMOVE:
if (misagent_remove(mis, param) == MISAGENT_E_SUCCESS) {
printf("Profile '%s' removed.\n", param);
} else {
int sc = misagent_get_status_code(mis);
fprintf(stderr, "Could not remove profile '%s', status code 0x%x\n", param, sc);
}
break;
default:
break;
}
misagent_client_free(mis);
idevice_free(device);
return 0;
}
int main(int argc, char *argv[])
{
lockdownd_client_t client = NULL;
lockdownd_error_t ldret = LOCKDOWN_E_UNKNOWN_ERROR;
lockdownd_service_descriptor_t service = NULL;
idevice_t device = NULL;
idevice_error_t ret = IDEVICE_E_UNKNOWN_ERROR;
int i;
int op = -1;
int output_xml = 0;
const char* udid = NULL;
const char* param = NULL;
/* parse cmdline args */
for (i = 1; i < argc; i++) {
if (!strcmp(argv[i], "-d") || !strcmp(argv[i], "--debug")) {
idevice_set_debug_level(1);
continue;
}
else if (!strcmp(argv[i], "-u") || !strcmp(argv[i], "--udid")) {
i++;
if (!argv[i] || (strlen(argv[i]) != 40)) {
print_usage(argc, argv);
return 0;
}
udid = argv[i];
continue;
}
else if (!strcmp(argv[i], "install")) {
i++;
if (!argv[i] || (strlen(argv[i]) < 1)) {
print_usage(argc, argv);
return 0;
}
param = argv[i];
op = OP_INSTALL;
continue;
}
else if (!strcmp(argv[i], "list")) {
op = OP_LIST;
}
else if (!strcmp(argv[i], "copy")) {
i++;
if (!argv[i] || (strlen(argv[i]) < 1)) {
print_usage(argc, argv);
return 0;
}
param = argv[i];
op = OP_COPY;
continue;
}
else if (!strcmp(argv[i], "remove")) {
i++;
if (!argv[i] || (strlen(argv[i]) < 1)) {
print_usage(argc, argv);
return 0;
}
param = argv[i];
op = OP_REMOVE;
continue;
}
else if (!strcmp(argv[i], "dump")) {
i++;
if (!argv[i] || (strlen(argv[i]) < 1)) {
print_usage(argc, argv);
return 0;
}
param = argv[i];
op = OP_DUMP;
continue;
}
else if (!strcmp(argv[i], "-x") || !strcmp(argv[i], "--xml")) {
output_xml = 1;
continue;
}
else if (!strcmp(argv[i], "-h") || !strcmp(argv[i], "--help")) {
print_usage(argc, argv);
return 0;
}
else {
print_usage(argc, argv);
return 0;
}
}
if ((op == -1) || (op >= NUM_OPS)) {
print_usage(argc, argv);
return 0;
}
if (op == OP_DUMP) {
int res = 0;
unsigned char* profile_data = NULL;
unsigned int profile_size = 0;
if (profile_read_from_file(param, &profile_data, &profile_size) != 0) {
return -1;
}
plist_t pdata = plist_new_data((char*)profile_data, profile_size);
plist_t pl = profile_get_embedded_plist(pdata);
plist_free(pdata);
free(profile_data);
if (pl) {
if (output_xml) {
char* xml = NULL;
uint32_t xlen = 0;
plist_to_xml(pl, &xml, &xlen);
if (xml) {
printf("%s\n", xml);
free(xml);
}
} else {
if (pl && (plist_get_node_type(pl) == PLIST_DICT)) {
plist_print_to_stream(pl, stdout);
} else {
fprintf(stderr, "ERROR: unexpected node type in profile plist (not PLIST_DICT)\n");
res = -1;
}
}
} else {
fprintf(stderr, "ERROR: could not extract embedded plist from profile!\n");
}
plist_free(pl);
return res;
}
ret = idevice_new(&device, udid);
if (ret != IDEVICE_E_SUCCESS) {
if (udid) {
printf("No device found with udid %s, is it plugged in?\n", udid);
} else {
printf("No device found, is it plugged in?\n");
}
return -1;
}
if (LOCKDOWN_E_SUCCESS != (ldret = lockdownd_client_new_with_handshake(device, &client, "ideviceprovision"))) {
fprintf(stderr, "ERROR: Could not connect to lockdownd, error code %d\n", ldret);
idevice_free(device);
return -1;
}
if (LOCKDOWN_E_SUCCESS != lockdownd_start_service(client, "com.apple.misagent", &service)) {
fprintf(stderr, "Could not start service \"com.apple.misagent\"\n");
lockdownd_client_free(client);
idevice_free(device);
return -1;
}
lockdownd_client_free(client);
client = NULL;
misagent_client_t mis = NULL;
if (misagent_client_new(device, service, &mis) != MISAGENT_E_SUCCESS) {
fprintf(stderr, "Could not connect to \"com.apple.misagent\" on device\n");
if (service)
lockdownd_service_descriptor_free(service);
lockdownd_client_free(client);
idevice_free(device);
return -1;
}
if (service)
lockdownd_service_descriptor_free(service);
switch (op) {
case OP_INSTALL:
{
unsigned char* profile_data = NULL;
unsigned int profile_size = 0;
if (profile_read_from_file(param, &profile_data, &profile_size) != 0) {
break;
}
uint64_t psize = profile_size;
plist_t pdata = plist_new_data((const char*)profile_data, psize);
free(profile_data);
if (misagent_install(mis, pdata) == MISAGENT_E_SUCCESS) {
printf("Profile '%s' installed successfully.\n", param);
} else {
int sc = misagent_get_status_code(mis);
fprintf(stderr, "Could not install profile '%s', status code: 0x%x\n", param, sc);
}
}
break;
case OP_LIST:
case OP_COPY:
{
plist_t profiles = NULL;
if (misagent_copy(mis, &profiles) == MISAGENT_E_SUCCESS) {
uint32_t num_profiles = plist_array_get_size(profiles);
printf("Device has %d provisioning %s installed:\n", num_profiles, (num_profiles == 1) ? "profile" : "profiles");
uint32_t j;
for (j = 0; j < num_profiles; j++) {
char* p_name = NULL;
char* p_uuid = NULL;
plist_t profile = plist_array_get_item(profiles, j);
plist_t pl = profile_get_embedded_plist(profile);
if (pl && (plist_get_node_type(pl) == PLIST_DICT)) {
plist_t node;
node = plist_dict_get_item(pl, "Name");
if (node && (plist_get_node_type(node) == PLIST_STRING)) {
plist_get_string_val(node, &p_name);
}
node = plist_dict_get_item(pl, "UUID");
if (node && (plist_get_node_type(node) == PLIST_STRING)) {
plist_get_string_val(node, &p_uuid);
}
}
printf("%s - %s\n", (p_uuid) ? p_uuid : "(unknown id)", (p_name) ? p_name : "(no name)");
if (op == OP_COPY) {
char pfname[512];
if (p_uuid) {
sprintf(pfname, "%s/%s.mobileprovision", param, p_uuid);
} else {
sprintf(pfname, "%s/profile%d.mobileprovision", param, j);
}
FILE* f = fopen(pfname, "wb");
if (f) {
char* dt = NULL;
uint64_t ds = 0;
plist_get_data_val(profile, &dt, &ds);
fwrite(dt, 1, ds, f);
fclose(f);
printf(" => %s\n", pfname);
} else {
fprintf(stderr, "Could not open '%s' for writing\n", pfname);
}
}
if (p_uuid) {
free(p_uuid);
}
if (p_name) {
free(p_name);
}
}
} else {
int sc = misagent_get_status_code(mis);
fprintf(stderr, "Could not get installed profiles from device, status code: 0x%x\n", sc);
}
}
break;
case OP_REMOVE:
if (misagent_remove(mis, param) == MISAGENT_E_SUCCESS) {
printf("Profile '%s' removed.\n", param);
} else {
int sc = misagent_get_status_code(mis);
fprintf(stderr, "Could not remove profile '%s', status code 0x%x\n", param, sc);
}
break;
default:
break;
}
misagent_client_free(mis);
idevice_free(device);
return 0;
}
LIBIMOBILEDEVICE_API lockdownd_error_t lockdownd_client_new(idevice_t device, lockdownd_client_t *client, const char *label)
{
if (!client)
return LOCKDOWN_E_INVALID_ARG;
static struct lockdownd_service_descriptor service = {
.port = 0xf27e,
.ssl_enabled = 0
};
property_list_service_client_t plistclient = NULL;
if (property_list_service_client_new(device, (lockdownd_service_descriptor_t)&service, &plistclient) != PROPERTY_LIST_SERVICE_E_SUCCESS) {
debug_info("could not connect to lockdownd (device %s)", device->udid);
return LOCKDOWN_E_MUX_ERROR;
}
lockdownd_client_t client_loc = (lockdownd_client_t) malloc(sizeof(struct lockdownd_client_private));
client_loc->parent = plistclient;
client_loc->ssl_enabled = 0;
client_loc->session_id = NULL;
if (idevice_get_udid(device, &client_loc->udid) != IDEVICE_E_SUCCESS) {
debug_info("failed to get device udid.");
}
debug_info("device udid: %s", client_loc->udid);
client_loc->label = label ? strdup(label) : NULL;
*client = client_loc;
return LOCKDOWN_E_SUCCESS;
}
LIBIMOBILEDEVICE_API lockdownd_error_t lockdownd_client_new_with_handshake(idevice_t device, lockdownd_client_t *client, const char *label)
{
if (!client)
return LOCKDOWN_E_INVALID_ARG;
lockdownd_error_t ret = LOCKDOWN_E_SUCCESS;
lockdownd_client_t client_loc = NULL;
char *host_id = NULL;
char *type = NULL;
ret = lockdownd_client_new(device, &client_loc, label);
if (LOCKDOWN_E_SUCCESS != ret) {
debug_info("failed to create lockdownd client.");
return ret;
}
/* perform handshake */
if (LOCKDOWN_E_SUCCESS != lockdownd_query_type(client_loc, &type)) {
debug_info("QueryType failed in the lockdownd client.");
ret = LOCKDOWN_E_NOT_ENOUGH_DATA;
} else {
if (strcmp("com.apple.mobile.lockdown", type)) {
debug_info("Warning QueryType request returned \"%s\".", type);
}
}
if (type)
free(type);
plist_t pair_record = NULL;
userpref_read_pair_record(client_loc->udid, &pair_record);
if (pair_record) {
pair_record_get_host_id(pair_record, &host_id);
}
if (LOCKDOWN_E_SUCCESS == ret && !host_id) {
ret = LOCKDOWN_E_INVALID_CONF;
}
if (LOCKDOWN_E_SUCCESS == ret && !pair_record) {
/* attempt pairing */
ret = lockdownd_pair(client_loc, NULL);
}
plist_free(pair_record);
pair_record = NULL;
/* in any case, we need to validate pairing to receive trusted host status */
ret = lockdownd_validate_pair(client_loc, NULL);
/* if not paired yet, let's do it now */
if (LOCKDOWN_E_INVALID_HOST_ID == ret) {
ret = lockdownd_pair(client_loc, NULL);
if (LOCKDOWN_E_SUCCESS == ret) {
ret = lockdownd_validate_pair(client_loc, NULL);
} else if (LOCKDOWN_E_PAIRING_DIALOG_PENDING == ret) {
debug_info("Device shows the pairing dialog.");
}
}
if (LOCKDOWN_E_SUCCESS == ret) {
if (!host_id) {
userpref_read_pair_record(client_loc->udid, &pair_record);
if (pair_record) {
pair_record_get_host_id(pair_record, &host_id);
plist_free(pair_record);
}
}
ret = lockdownd_start_session(client_loc, host_id, NULL, NULL);
if (LOCKDOWN_E_SUCCESS != ret) {
debug_info("Session opening failed.");
}
if (host_id) {
free(host_id);
host_id = NULL;
}
}
if (LOCKDOWN_E_SUCCESS == ret) {
*client = client_loc;
} else {
lockdownd_client_free(client_loc);
}
return ret;
}
/**
* Returns a new plist from the supplied lockdownd pair record. The caller is
* responsible for freeing the plist.
*
* @param pair_record The pair record to create a plist from.
*
* @return A pair record plist from the device, NULL if pair_record is not set
*/
static plist_t lockdownd_pair_record_to_plist(lockdownd_pair_record_t pair_record)
{
if (!pair_record)
return NULL;
/* setup request plist */
plist_t dict = plist_new_dict();
plist_dict_set_item(dict, "DeviceCertificate", plist_new_data(pair_record->device_certificate, strlen(pair_record->device_certificate)));
plist_dict_set_item(dict, "HostCertificate", plist_new_data(pair_record->host_certificate, strlen(pair_record->host_certificate)));
plist_dict_set_item(dict, "HostID", plist_new_string(pair_record->host_id));
plist_dict_set_item(dict, "RootCertificate", plist_new_data(pair_record->root_certificate, strlen(pair_record->root_certificate)));
plist_dict_set_item(dict, "SystemBUID", plist_new_string(pair_record->system_buid));
return dict;
}
/**
* Generates a pair record plist with required certificates for a specific
* device. If a pairing exists, it is loaded from the computer instead of being
* generated.
*
* @param pair_record_plist Holds the pair record.
*
* @return LOCKDOWN_E_SUCCESS on success
*/
static lockdownd_error_t pair_record_generate(lockdownd_client_t client, plist_t *pair_record)
{
lockdownd_error_t ret = LOCKDOWN_E_UNKNOWN_ERROR;
key_data_t public_key = { NULL, 0 };
char* host_id = NULL;
char* system_buid = NULL;
/* retrieve device public key */
ret = lockdownd_get_device_public_key_as_key_data(client, &public_key);
if (ret != LOCKDOWN_E_SUCCESS) {
debug_info("device refused to send public key.");
goto leave;
}
debug_info("device public key follows:\n%.*s", public_key.size, public_key.data);
*pair_record = plist_new_dict();
/* generate keys and certificates into pair record */
userpref_error_t uret = USERPREF_E_SUCCESS;
uret = pair_record_generate_keys_and_certs(*pair_record, public_key);
switch(uret) {
case USERPREF_E_INVALID_ARG:
ret = LOCKDOWN_E_INVALID_ARG;
break;
case USERPREF_E_INVALID_CONF:
ret = LOCKDOWN_E_INVALID_CONF;
break;
case USERPREF_E_SSL_ERROR:
ret = LOCKDOWN_E_SSL_ERROR;
default:
break;
}
/* set SystemBUID */
userpref_read_system_buid(&system_buid);
if (system_buid) {
plist_dict_set_item(*pair_record, USERPREF_SYSTEM_BUID_KEY, plist_new_string(system_buid));
}
/* set HostID */
host_id = generate_uuid();
pair_record_set_host_id(*pair_record, host_id);
leave:
if (host_id)
free(host_id);
if (system_buid)
free(system_buid);
if (public_key.data)
free(public_key.data);
return ret;
}
int restore_send_nor(restored_client_t client, const char* ipsw, plist_t tss) {
char* llb_path = NULL;
if (tss_get_entry_path(tss, "LLB", &llb_path) < 0) {
error("ERROR: Unable to get LLB info from TSS response\n");
return -1;
}
char* llb_filename = strstr(llb_path, "LLB");
if (llb_filename == NULL) {
error("ERROR: Unable to extract firmware path from LLB filename\n");
free(llb_path);
return -1;
}
char firmware_path[256];
memset(firmware_path, '\0', sizeof(firmware_path));
memcpy(firmware_path, llb_path, (llb_filename - 1) - llb_path);
info("Found firmware path %s\n", firmware_path);
char manifest_file[256];
memset(manifest_file, '\0', sizeof(manifest_file));
snprintf(manifest_file, sizeof(manifest_file), "%s/manifest", firmware_path);
info("Getting firmware manifest %s\n", manifest_file);
int manifest_size = 0;
char* manifest_data = NULL;
if (ipsw_extract_to_memory(ipsw, manifest_file, &manifest_data, &manifest_size) < 0) {
error("ERROR: Unable to extract firmware manifest from ipsw\n");
free(llb_path);
return -1;
}
char firmware_filename[256];
memset(firmware_filename, '\0', sizeof(firmware_filename));
int llb_size = 0;
char* llb_data = NULL;
plist_t dict = plist_new_dict();
char* filename = strtok(manifest_data, "\n");
if (filename != NULL) {
memset(firmware_filename, '\0', sizeof(firmware_filename));
snprintf(firmware_filename, sizeof(firmware_filename), "%s/%s", firmware_path, filename);
if (get_signed_component(ipsw, tss, firmware_filename, &llb_data, &llb_size) < 0) {
error("ERROR: Unable to get signed LLB\n");
return -1;
}
plist_dict_insert_item(dict, "LlbImageData", plist_new_data(llb_data, (uint64_t) llb_size));
}
int nor_size = 0;
char* nor_data = NULL;
filename = strtok(NULL, "\n");
plist_t norimage_array = plist_new_array();
while (filename != NULL) {
memset(firmware_filename, '\0', sizeof(firmware_filename));
snprintf(firmware_filename, sizeof(firmware_filename), "%s/%s", firmware_path, filename);
if (get_signed_component(ipsw, tss, firmware_filename, &nor_data, &nor_size) < 0) {
error("ERROR: Unable to get signed firmware %s\n", firmware_filename);
break;
}
plist_array_append_item(norimage_array, plist_new_data(nor_data, (uint64_t) nor_size));
free(nor_data);
nor_data = NULL;
nor_size = 0;
filename = strtok(NULL, "\n");
}
plist_dict_insert_item(dict, "NorImageData", norimage_array);
debug_plist(dict);
restored_error_t ret = restored_send(client, dict);
if (ret != RESTORE_E_SUCCESS) {
error("ERROR: Unable to send kernelcache data\n");
plist_free(dict);
return -1;
}
plist_free(dict);
return 0;
}
/*
WIRFinalMessageKey
__selector
__argument
*/
wi_status wi_send_plist(wi_t self, plist_t rpc_dict) {
wi_private_t my = self->private_state;
char *rpc_bin = NULL;
uint32_t rpc_len = 0;
plist_to_bin(rpc_dict, &rpc_bin, &rpc_len);
// if our message is <8k, we'll send a single final_msg,
// otherwise we'll send <8k partial_msg "chunks" then a final_msg "chunk"
wi_status ret = WI_ERROR;
uint32_t i;
for (i = 0; ; i += MAX_RPC_LEN) {
bool is_partial = false;
char *data = NULL;
uint32_t data_len = 0;
if (my->is_sim) {
data = rpc_bin;
data_len = rpc_len;
rpc_bin = NULL;
} else {
is_partial = (rpc_len - i > MAX_RPC_LEN);
plist_t wi_dict = plist_new_dict();
plist_t wi_rpc = plist_new_data(rpc_bin + i,
(is_partial ? MAX_RPC_LEN : rpc_len - i));
plist_dict_set_item(wi_dict,
(is_partial ? "WIRPartialMessageKey" : "WIRFinalMessageKey"), wi_rpc);
plist_to_bin(wi_dict, &data, &data_len);
plist_free(wi_dict);
wi_dict = NULL;
wi_rpc = NULL; // freed by wi_dict
if (!data) {
break;
}
}
size_t length = data_len + 4;
char *out_head = (char*)malloc(length * sizeof(char));
if (!out_head) {
if (!my->is_sim) {
free(data);
}
break;
}
char *out_tail = out_head;
// write big-endian int
*out_tail++ = ((data_len >> 24) & 0xFF);
*out_tail++ = ((data_len >> 16) & 0xFF);
*out_tail++ = ((data_len >> 8) & 0xFF);
*out_tail++ = (data_len & 0xFF);
// write data
memcpy(out_tail, data, data_len);
free(data);
wi_on_debug(self, "wi.send_packet", out_head, length);
wi_status not_sent = self->send_packet(self, out_head, length);
free(out_head);
if (not_sent) {
break;
}
if (!is_partial) {
ret = WI_SUCCESS;
break;
}
}
free(rpc_bin);
return ret;
}
plist_t tss_create_request(plist_t build_identity, uint64_t ecid, unsigned char* nonce, int nonce_size) {
uint64_t unique_build_size = 0;
char* unique_build_data = NULL;
plist_t unique_build_node = plist_dict_get_item(build_identity, "UniqueBuildID");
if (!unique_build_node || plist_get_node_type(unique_build_node) != PLIST_DATA) {
error("ERROR: Unable to find UniqueBuildID node\n");
return NULL;
}
plist_get_data_val(unique_build_node, &unique_build_data, &unique_build_size);
int chip_id = 0;
char* chip_id_string = NULL;
plist_t chip_id_node = plist_dict_get_item(build_identity, "ApChipID");
if (!chip_id_node || plist_get_node_type(chip_id_node) != PLIST_STRING) {
error("ERROR: Unable to find ApChipID node\n");
return NULL;
}
plist_get_string_val(chip_id_node, &chip_id_string);
sscanf(chip_id_string, "%x", &chip_id);
int board_id = 0;
char* board_id_string = NULL;
plist_t board_id_node = plist_dict_get_item(build_identity, "ApBoardID");
if (!board_id_node || plist_get_node_type(board_id_node) != PLIST_STRING) {
error("ERROR: Unable to find ApBoardID node\n");
return NULL;
}
plist_get_string_val(board_id_node, &board_id_string);
sscanf(board_id_string, "%x", &board_id);
int security_domain = 0;
char* security_domain_string = NULL;
plist_t security_domain_node = plist_dict_get_item(build_identity, "ApSecurityDomain");
if (!security_domain_node || plist_get_node_type(security_domain_node) != PLIST_STRING) {
error("ERROR: Unable to find ApSecurityDomain node\n");
return NULL;
}
plist_get_string_val(security_domain_node, &security_domain_string);
sscanf(security_domain_string, "%x", &security_domain);
char ecid_string[ECID_STRSIZE];
memset(ecid_string, '\0', ECID_STRSIZE);
if (ecid == 0) {
error("ERROR: Unable to get ECID\n");
return NULL;
}
snprintf(ecid_string, ECID_STRSIZE, FMT_qu, (long long unsigned int)ecid);
// Add build information to TSS request
plist_t tss_request = plist_new_dict();
plist_dict_insert_item(tss_request, "@APTicket", plist_new_bool(1));
plist_dict_insert_item(tss_request, "@BBTicket", plist_new_bool(1));
plist_dict_insert_item(tss_request, "@HostIpAddress", plist_new_string("192.168.0.1"));
plist_dict_insert_item(tss_request, "@HostPlatformInfo", plist_new_string("mac"));
plist_dict_insert_item(tss_request, "@Locality", plist_new_string("en_US"));
char* guid = generate_guid();
if (guid) {
plist_dict_insert_item(tss_request, "@UUID", plist_new_string(guid));
free(guid);
}
plist_dict_insert_item(tss_request, "@VersionInfo", plist_new_string("libauthinstall-107.3"));
plist_dict_insert_item(tss_request, "ApBoardID", plist_new_uint(board_id));
plist_dict_insert_item(tss_request, "ApChipID", plist_new_uint(chip_id));
plist_dict_insert_item(tss_request, "ApECID", plist_new_string(ecid_string));
if (nonce && (nonce_size > 0)) {
plist_dict_insert_item(tss_request, "ApNonce", plist_new_data(nonce, nonce_size));
}
plist_dict_insert_item(tss_request, "ApProductionMode", plist_new_bool(1));
plist_dict_insert_item(tss_request, "ApSecurityDomain", plist_new_uint(security_domain));
plist_dict_insert_item(tss_request, "UniqueBuildID", plist_new_data(unique_build_data, unique_build_size));
free(unique_build_data);
// Add all firmware files to TSS request
plist_t manifest_node = plist_dict_get_item(build_identity, "Manifest");
if (!manifest_node || plist_get_node_type(manifest_node) != PLIST_DICT) {
error("ERROR: Unable to find restore manifest\n");
plist_free(tss_request);
return NULL;
}
char* key = NULL;
plist_t manifest_entry = NULL;
plist_dict_iter iter = NULL;
plist_dict_new_iter(manifest_node, &iter);
while (1) {
plist_dict_next_item(manifest_node, iter, &key, &manifest_entry);
if (key == NULL)
break;
if (!manifest_entry || plist_get_node_type(manifest_entry) != PLIST_DICT) {
error("ERROR: Unable to fetch BuildManifest entry\n");
free(tss_request);
return NULL;
}
if (strcmp(key, "BasebandFirmware") == 0) {
free(key);
continue;
}
plist_t tss_entry = plist_copy(manifest_entry);
plist_dict_insert_item(tss_request, key, tss_entry);
free(key);
}
if (idevicerestore_debug) {
debug_plist(tss_request);
}
return tss_request;
}
int tss_request_add_ap_tags(plist_t request, plist_t parameters, plist_t overrides) {
/* loop over components from build manifest */
plist_t manifest_node = plist_dict_get_item(parameters, "Manifest");
if (!manifest_node || plist_get_node_type(manifest_node) != PLIST_DICT) {
error("ERROR: Unable to find restore manifest\n");
return -1;
}
/* add components to request */
char* key = NULL;
plist_t manifest_entry = NULL;
plist_dict_iter iter = NULL;
plist_dict_new_iter(manifest_node, &iter);
while (1) {
plist_dict_next_item(manifest_node, iter, &key, &manifest_entry);
if (key == NULL)
break;
if (!manifest_entry || plist_get_node_type(manifest_entry) != PLIST_DICT) {
error("ERROR: Unable to fetch BuildManifest entry\n");
return -1;
}
/* do not populate BaseBandFirmware, only in basebaseband request */
if ((strcmp(key, "BasebandFirmware") == 0)) {
free(key);
continue;
}
/* FIXME: only used with diagnostics firmware */
if (strcmp(key, "Diags") == 0) {
free(key);
continue;
}
/* copy this entry */
plist_t tss_entry = plist_copy(manifest_entry);
/* remove obsolete Info node */
plist_dict_remove_item(tss_entry, "Info");
/* handle RestoreRequestRules */
plist_t rules = plist_access_path(manifest_entry, 2, "Info", "RestoreRequestRules");
if (rules) {
debug("DEBUG: Applying restore request rules for entry %s\n", key);
tss_entry_apply_restore_request_rules(tss_entry, parameters, rules);
}
/* Make sure we have a Digest key for Trusted items even if empty */
plist_t node = plist_dict_get_item(manifest_entry, "Trusted");
if (node && plist_get_node_type(node) == PLIST_BOOLEAN) {
uint8_t trusted;
plist_get_bool_val(node, &trusted);
if (trusted && !plist_access_path(manifest_entry, 1, "Digest")) {
debug("DEBUG: No Digest data, using empty value for entry %s\n", key);
plist_dict_set_item(tss_entry, "Digest", plist_new_data(NULL, 0));
}
}
/* finally add entry to request */
plist_dict_set_item(request, key, tss_entry);
free(key);
}
free(iter);
/* apply overrides */
if (overrides) {
plist_dict_merge(&request, overrides);
}
return 0;
}
int main(int argc, char **argv)
{
idevice_t phone = NULL;
lockdownd_client_t client = NULL;
instproxy_client_t ipc = NULL;
instproxy_error_t err;
np_client_t np = NULL;
afc_client_t afc = NULL;
#ifdef HAVE_LIBIMOBILEDEVICE_1_1_5
lockdownd_service_descriptor_t service = NULL;
#else
uint16_t service = 0;
#endif
int res = 0;
char *bundleidentifier = NULL;
parse_opts(argc, argv);
argc -= optind;
argv += optind;
if (IDEVICE_E_SUCCESS != idevice_new(&phone, udid)) {
fprintf(stderr, "No iOS device found, is it plugged in?\n");
return -1;
}
if (LOCKDOWN_E_SUCCESS != lockdownd_client_new_with_handshake(phone, &client, "ideviceinstaller")) {
fprintf(stderr, "Could not connect to lockdownd. Exiting.\n");
goto leave_cleanup;
}
if ((lockdownd_start_service
(client, "com.apple.mobile.notification_proxy",
&service) != LOCKDOWN_E_SUCCESS) || !service) {
fprintf(stderr,
"Could not start com.apple.mobile.notification_proxy!\n");
goto leave_cleanup;
}
np_error_t nperr = np_client_new(phone, service, &np);
#ifdef HAVE_LIBIMOBILEDEVICE_1_1_5
if (service) {
lockdownd_service_descriptor_free(service);
}
service = NULL;
#else
service = 0;
#endif
if (nperr != NP_E_SUCCESS) {
fprintf(stderr, "Could not connect to notification_proxy!\n");
goto leave_cleanup;
}
#ifdef HAVE_LIBIMOBILEDEVICE_1_1
np_set_notify_callback(np, notifier, NULL);
#else
np_set_notify_callback(np, notifier);
#endif
const char *noties[3] = { NP_APP_INSTALLED, NP_APP_UNINSTALLED, NULL };
np_observe_notifications(np, noties);
run_again:
#ifdef HAVE_LIBIMOBILEDEVICE_1_1_5
if (service) {
lockdownd_service_descriptor_free(service);
}
service = NULL;
#else
service = 0;
#endif
if ((lockdownd_start_service(client, "com.apple.mobile.installation_proxy",
&service) != LOCKDOWN_E_SUCCESS) || !service) {
fprintf(stderr,
"Could not start com.apple.mobile.installation_proxy!\n");
goto leave_cleanup;
}
err = instproxy_client_new(phone, service, &ipc);
#ifdef HAVE_LIBIMOBILEDEVICE_1_1_5
if (service) {
lockdownd_service_descriptor_free(service);
}
service = NULL;
#else
service = 0;
#endif
if (err != INSTPROXY_E_SUCCESS) {
fprintf(stderr, "Could not connect to installation_proxy!\n");
goto leave_cleanup;
}
setbuf(stdout, NULL);
if (last_status) {
free(last_status);
last_status = NULL;
}
notification_expected = 0;
if (cmd == CMD_LIST_APPS) {
int xml_mode = 0;
plist_t client_opts = instproxy_client_options_new();
instproxy_client_options_add(client_opts, "ApplicationType", "User", NULL);
plist_t apps = NULL;
/* look for options */
if (options) {
char *opts = strdup(options);
char *elem = strtok(opts, ",");
while (elem) {
if (!strcmp(elem, "list_system")) {
if (!client_opts) {
client_opts = instproxy_client_options_new();
}
instproxy_client_options_add(client_opts, "ApplicationType", "System", NULL);
} else if (!strcmp(elem, "list_all")) {
instproxy_client_options_free(client_opts);
client_opts = NULL;
} else if (!strcmp(elem, "list_user")) {
/* do nothing, we're already set */
} else if (!strcmp(elem, "xml")) {
xml_mode = 1;
}
elem = strtok(NULL, ",");
}
free(opts);
}
err = instproxy_browse(ipc, client_opts, &apps);
instproxy_client_options_free(client_opts);
if (err != INSTPROXY_E_SUCCESS) {
fprintf(stderr, "ERROR: instproxy_browse returned %d\n", err);
goto leave_cleanup;
}
if (!apps || (plist_get_node_type(apps) != PLIST_ARRAY)) {
fprintf(stderr,
"ERROR: instproxy_browse returnd an invalid plist!\n");
goto leave_cleanup;
}
if (xml_mode) {
char *xml = NULL;
uint32_t len = 0;
plist_to_xml(apps, &xml, &len);
if (xml) {
puts(xml);
free(xml);
}
plist_free(apps);
goto leave_cleanup;
}
printf("Total: %d apps\n", plist_array_get_size(apps));
uint32_t i = 0;
for (i = 0; i < plist_array_get_size(apps); i++) {
plist_t app = plist_array_get_item(apps, i);
plist_t p_appid =
plist_dict_get_item(app, "CFBundleIdentifier");
char *s_appid = NULL;
char *s_dispName = NULL;
char *s_version = NULL;
plist_t dispName =
plist_dict_get_item(app, "CFBundleDisplayName");
plist_t version = plist_dict_get_item(app, "CFBundleVersion");
if (p_appid) {
plist_get_string_val(p_appid, &s_appid);
}
if (!s_appid) {
fprintf(stderr, "ERROR: Failed to get APPID!\n");
break;
}
if (dispName) {
plist_get_string_val(dispName, &s_dispName);
}
if (version) {
plist_get_string_val(version, &s_version);
}
if (!s_dispName) {
s_dispName = strdup(s_appid);
}
if (s_version) {
printf("%s - %s %s\n", s_appid, s_dispName, s_version);
free(s_version);
} else {
printf("%s - %s\n", s_appid, s_dispName);
}
free(s_dispName);
free(s_appid);
}
plist_free(apps);
} else if (cmd == CMD_INSTALL || cmd == CMD_UPGRADE) {
plist_t sinf = NULL;
plist_t meta = NULL;
char *pkgname = NULL;
struct stat fst;
uint64_t af = 0;
char buf[8192];
#ifdef HAVE_LIBIMOBILEDEVICE_1_1_5
if (service) {
lockdownd_service_descriptor_free(service);
}
service = NULL;
#else
service = 0;
#endif
if ((lockdownd_start_service(client, "com.apple.afc", &service) !=
LOCKDOWN_E_SUCCESS) || !service) {
fprintf(stderr, "Could not start com.apple.afc!\n");
goto leave_cleanup;
}
lockdownd_client_free(client);
client = NULL;
if (afc_client_new(phone, service, &afc) != INSTPROXY_E_SUCCESS) {
fprintf(stderr, "Could not connect to AFC!\n");
goto leave_cleanup;
}
if (stat(appid, &fst) != 0) {
fprintf(stderr, "ERROR: stat: %s: %s\n", appid, strerror(errno));
goto leave_cleanup;
}
char **strs = NULL;
if (afc_get_file_info(afc, PKG_PATH, &strs) != AFC_E_SUCCESS) {
if (afc_make_directory(afc, PKG_PATH) != AFC_E_SUCCESS) {
fprintf(stderr, "WARNING: Could not create directory '%s' on device!\n", PKG_PATH);
}
}
if (strs) {
int i = 0;
while (strs[i]) {
free(strs[i]);
i++;
}
free(strs);
}
plist_t client_opts = instproxy_client_options_new();
/* open install package */
int errp = 0;
struct zip *zf = NULL;
if ((strlen(appid) > 5) && (strcmp(&appid[strlen(appid)-5], ".ipcc") == 0)) {
zf = zip_open(appid, 0, &errp);
if (!zf) {
fprintf(stderr, "ERROR: zip_open: %s: %d\n", appid, errp);
goto leave_cleanup;
}
char* ipcc = strdup(appid);
if ((asprintf(&pkgname, "%s/%s", PKG_PATH, basename(ipcc)) > 0) && pkgname) {
afc_make_directory(afc, pkgname);
}
printf("Uploading %s package contents... ", basename(ipcc));
/* extract the contents of the .ipcc file to PublicStaging/<name>.ipcc directory */
zip_uint64_t numzf = zip_get_num_entries(zf, 0);
zip_uint64_t i = 0;
for (i = 0; numzf > 0 && i < numzf; i++) {
const char* zname = zip_get_name(zf, i, 0);
char* dstpath = NULL;
if (!zname) continue;
if (zname[strlen(zname)-1] == '/') {
// directory
if ((asprintf(&dstpath, "%s/%s/%s", PKG_PATH, basename(ipcc), zname) > 0) && dstpath) {
afc_make_directory(afc, dstpath); }
free(dstpath);
dstpath = NULL;
} else {
// file
struct zip_file* zfile = zip_fopen_index(zf, i, 0);
if (!zfile) continue;
if ((asprintf(&dstpath, "%s/%s/%s", PKG_PATH, basename(ipcc), zname) <= 0) || !dstpath || (afc_file_open(afc, dstpath, AFC_FOPEN_WRONLY, &af) != AFC_E_SUCCESS)) {
fprintf(stderr, "ERROR: can't open afc://%s for writing\n", dstpath);
free(dstpath);
dstpath = NULL;
zip_fclose(zfile);
continue;
}
struct zip_stat zs;
zip_stat_init(&zs);
if (zip_stat_index(zf, i, 0, &zs) != 0) {
fprintf(stderr, "ERROR: zip_stat_index %" PRIu64 " failed!\n", i);
free(dstpath);
dstpath = NULL;
zip_fclose(zfile);
continue;
}
free(dstpath);
dstpath = NULL;
zip_uint64_t zfsize = 0;
while (zfsize < zs.size) {
zip_int64_t amount = zip_fread(zfile, buf, sizeof(buf));
if (amount == 0) {
break;
}
if (amount > 0) {
uint32_t written, total = 0;
while (total < amount) {
written = 0;
if (afc_file_write(afc, af, buf, amount, &written) !=
AFC_E_SUCCESS) {
fprintf(stderr, "AFC Write error!\n");
break;
}
total += written;
}
if (total != amount) {
fprintf(stderr, "Error: wrote only %d of %" PRIi64 "\n", total, amount);
afc_file_close(afc, af);
zip_fclose(zfile);
free(dstpath);
goto leave_cleanup;
}
}
zfsize += amount;
}
afc_file_close(afc, af);
af = 0;
zip_fclose(zfile);
}
}
free(ipcc);
printf("DONE.\n");
instproxy_client_options_add(client_opts, "PackageType", "CarrierBundle", NULL);
} else if (S_ISDIR(fst.st_mode)) {
/* upload developer app directory */
instproxy_client_options_add(client_opts, "PackageType", "Developer", NULL);
if (asprintf(&pkgname, "%s/%s", PKG_PATH, basename(appid)) < 0) {
fprintf(stderr, "ERROR: Out of memory allocating pkgname!?\n");
goto leave_cleanup;
}
printf("Uploading %s package contents... ", basename(appid));
afc_upload_dir(afc, appid, pkgname);
printf("DONE.\n");
} else {
zf = zip_open(appid, 0, &errp);
if (!zf) {
fprintf(stderr, "ERROR: zip_open: %s: %d\n", appid, errp);
goto leave_cleanup;
}
/* extract iTunesMetadata.plist from package */
char *zbuf = NULL;
uint32_t len = 0;
plist_t meta_dict = NULL;
if (zip_get_contents(zf, ITUNES_METADATA_PLIST_FILENAME, 0, &zbuf, &len) == 0) {
meta = plist_new_data(zbuf, len);
if (memcmp(zbuf, "bplist00", 8) == 0) {
plist_from_bin(zbuf, len, &meta_dict);
} else {
plist_from_xml(zbuf, len, &meta_dict);
}
} else {
fprintf(stderr, "WARNING: could not locate %s in archive!\n", ITUNES_METADATA_PLIST_FILENAME);
}
if (zbuf) {
free(zbuf);
}
/* determine .app directory in archive */
zbuf = NULL;
len = 0;
plist_t info = NULL;
char* filename = NULL;
char* app_directory_name = NULL;
if (zip_get_app_directory(zf, &app_directory_name)) {
fprintf(stderr, "Unable to locate app directory in archive!\n");
goto leave_cleanup;
}
/* construct full filename to Info.plist */
filename = (char*)malloc(strlen(app_directory_name)+10+1);
strcpy(filename, app_directory_name);
free(app_directory_name);
app_directory_name = NULL;
strcat(filename, "Info.plist");
if (zip_get_contents(zf, filename, 0, &zbuf, &len) < 0) {
fprintf(stderr, "WARNING: could not locate %s in archive!\n", filename);
free(filename);
zip_unchange_all(zf);
zip_close(zf);
goto leave_cleanup;
}
free(filename);
if (memcmp(zbuf, "bplist00", 8) == 0) {
plist_from_bin(zbuf, len, &info);
} else {
plist_from_xml(zbuf, len, &info);
}
free(zbuf);
if (!info) {
fprintf(stderr, "Could not parse Info.plist!\n");
zip_unchange_all(zf);
zip_close(zf);
goto leave_cleanup;
}
char *bundleexecutable = NULL;
plist_t bname = plist_dict_get_item(info, "CFBundleExecutable");
if (bname) {
plist_get_string_val(bname, &bundleexecutable);
}
bname = plist_dict_get_item(info, "CFBundleIdentifier");
if (bname) {
plist_get_string_val(bname, &bundleidentifier);
}
plist_free(info);
info = NULL;
if (!bundleexecutable) {
fprintf(stderr, "Could not determine value for CFBundleExecutable!\n");
zip_unchange_all(zf);
zip_close(zf);
goto leave_cleanup;
}
char *sinfname = NULL;
if (asprintf(&sinfname, "Payload/%s.app/SC_Info/%s.sinf", bundleexecutable, bundleexecutable) < 0) {
fprintf(stderr, "Out of memory!?\n");
goto leave_cleanup;
}
free(bundleexecutable);
/* extract .sinf from package */
zbuf = NULL;
len = 0;
if (zip_get_contents(zf, sinfname, 0, &zbuf, &len) == 0) {
sinf = plist_new_data(zbuf, len);
} else {
fprintf(stderr, "WARNING: could not locate %s in archive!\n", sinfname);
}
free(sinfname);
if (zbuf) {
free(zbuf);
}
/* copy archive to device */
pkgname = NULL;
if (asprintf(&pkgname, "%s/%s", PKG_PATH, bundleidentifier) < 0) {
fprintf(stderr, "Out of memory!?\n");
goto leave_cleanup;
}
printf("Copying '%s' to device... ", appid);
if (afc_upload_file(afc, appid, pkgname) < 0) {
free(pkgname);
goto leave_cleanup;
}
printf("DONE.\n");
if (bundleidentifier) {
instproxy_client_options_add(client_opts, "CFBundleIdentifier", bundleidentifier, NULL);
}
if (sinf) {
instproxy_client_options_add(client_opts, "ApplicationSINF", sinf, NULL);
}
if (meta) {
instproxy_client_options_add(client_opts, "iTunesMetadata", meta, NULL);
}
}
if (zf) {
zip_unchange_all(zf);
zip_close(zf);
}
/* perform installation or upgrade */
if (cmd == CMD_INSTALL) {
printf("Installing '%s'\n", bundleidentifier);
#ifdef HAVE_LIBIMOBILEDEVICE_1_1
instproxy_install(ipc, pkgname, client_opts, status_cb, NULL);
#else
instproxy_install(ipc, pkgname, client_opts, status_cb);
#endif
} else {
printf("Upgrading '%s'\n", bundleidentifier);
#ifdef HAVE_LIBIMOBILEDEVICE_1_1
instproxy_upgrade(ipc, pkgname, client_opts, status_cb, NULL);
#else
instproxy_upgrade(ipc, pkgname, client_opts, status_cb);
#endif
}
instproxy_client_options_free(client_opts);
free(pkgname);
wait_for_op_complete = 1;
notification_expected = 1;
} else if (cmd == CMD_UNINSTALL) {
printf("Uninstalling '%s'\n", appid);
#ifdef HAVE_LIBIMOBILEDEVICE_1_1
instproxy_uninstall(ipc, appid, NULL, status_cb, NULL);
#else
instproxy_uninstall(ipc, appid, NULL, status_cb);
#endif
wait_for_op_complete = 1;
notification_expected = 0;
} else if (cmd == CMD_LIST_ARCHIVES) {
int xml_mode = 0;
plist_t dict = NULL;
plist_t lres = NULL;
/* look for options */
if (options) {
char *opts = strdup(options);
char *elem = strtok(opts, ",");
while (elem) {
if (!strcmp(elem, "xml")) {
xml_mode = 1;
}
elem = strtok(NULL, ",");
}
}
err = instproxy_lookup_archives(ipc, NULL, &dict);
if (err != INSTPROXY_E_SUCCESS) {
fprintf(stderr, "ERROR: lookup_archives returned %d\n", err);
goto leave_cleanup;
}
if (!dict) {
fprintf(stderr,
"ERROR: lookup_archives did not return a plist!?\n");
goto leave_cleanup;
}
lres = plist_dict_get_item(dict, "LookupResult");
if (!lres || (plist_get_node_type(lres) != PLIST_DICT)) {
plist_free(dict);
fprintf(stderr, "ERROR: Could not get dict 'LookupResult'\n");
goto leave_cleanup;
}
if (xml_mode) {
char *xml = NULL;
uint32_t len = 0;
plist_to_xml(lres, &xml, &len);
if (xml) {
puts(xml);
free(xml);
}
plist_free(dict);
goto leave_cleanup;
}
plist_dict_iter iter = NULL;
plist_t node = NULL;
char *key = NULL;
printf("Total: %d archived apps\n", plist_dict_get_size(lres));
plist_dict_new_iter(lres, &iter);
if (!iter) {
plist_free(dict);
fprintf(stderr, "ERROR: Could not create plist_dict_iter!\n");
goto leave_cleanup;
}
do {
key = NULL;
node = NULL;
plist_dict_next_item(lres, iter, &key, &node);
if (key && (plist_get_node_type(node) == PLIST_DICT)) {
char *s_dispName = NULL;
char *s_version = NULL;
plist_t dispName =
plist_dict_get_item(node, "CFBundleDisplayName");
plist_t version =
plist_dict_get_item(node, "CFBundleVersion");
if (dispName) {
plist_get_string_val(dispName, &s_dispName);
}
if (version) {
plist_get_string_val(version, &s_version);
}
if (!s_dispName) {
s_dispName = strdup(key);
}
if (s_version) {
printf("%s - %s %s\n", key, s_dispName, s_version);
free(s_version);
} else {
printf("%s - %s\n", key, s_dispName);
}
free(s_dispName);
free(key);
}
}
while (node);
plist_free(dict);
} else if (cmd == CMD_ARCHIVE) {
char *copy_path = NULL;
int remove_after_copy = 0;
int skip_uninstall = 1;
int app_only = 0;
int docs_only = 0;
plist_t client_opts = NULL;
/* look for options */
if (options) {
char *opts = strdup(options);
char *elem = strtok(opts, ",");
while (elem) {
if (!strcmp(elem, "uninstall")) {
skip_uninstall = 0;
} else if (!strcmp(elem, "app_only")) {
app_only = 1;
docs_only = 0;
} else if (!strcmp(elem, "docs_only")) {
docs_only = 1;
app_only = 0;
} else if ((strlen(elem) > 5) && !strncmp(elem, "copy=", 5)) {
copy_path = strdup(elem+5);
} else if (!strcmp(elem, "remove")) {
remove_after_copy = 1;
}
elem = strtok(NULL, ",");
}
}
if (skip_uninstall || app_only || docs_only) {
client_opts = instproxy_client_options_new();
if (skip_uninstall) {
instproxy_client_options_add(client_opts, "SkipUninstall", 1, NULL);
}
if (app_only) {
instproxy_client_options_add(client_opts, "ArchiveType", "ApplicationOnly", NULL);
} else if (docs_only) {
instproxy_client_options_add(client_opts, "ArchiveType", "DocumentsOnly", NULL);
}
}
if (copy_path) {
struct stat fst;
if (stat(copy_path, &fst) != 0) {
fprintf(stderr, "ERROR: stat: %s: %s\n", copy_path, strerror(errno));
free(copy_path);
goto leave_cleanup;
}
if (!S_ISDIR(fst.st_mode)) {
fprintf(stderr, "ERROR: '%s' is not a directory as expected.\n", copy_path);
free(copy_path);
goto leave_cleanup;
}
#ifdef HAVE_LIBIMOBILEDEVICE_1_1_5
if (service) {
lockdownd_service_descriptor_free(service);
}
service = NULL;
#else
service = 0;
#endif
if ((lockdownd_start_service(client, "com.apple.afc", &service) != LOCKDOWN_E_SUCCESS) || !service) {
fprintf(stderr, "Could not start com.apple.afc!\n");
free(copy_path);
goto leave_cleanup;
}
lockdownd_client_free(client);
client = NULL;
if (afc_client_new(phone, service, &afc) != INSTPROXY_E_SUCCESS) {
fprintf(stderr, "Could not connect to AFC!\n");
goto leave_cleanup;
}
}
#ifdef HAVE_LIBIMOBILEDEVICE_1_1
instproxy_archive(ipc, appid, client_opts, status_cb, NULL);
#else
instproxy_archive(ipc, appid, client_opts, status_cb);
#endif
instproxy_client_options_free(client_opts);
wait_for_op_complete = 1;
if (skip_uninstall) {
notification_expected = 0;
} else {
notification_expected = 1;
}
idevice_wait_for_operation_to_complete();
if (copy_path) {
if (err_occured) {
afc_client_free(afc);
afc = NULL;
goto leave_cleanup;
}
FILE *f = NULL;
uint64_t af = 0;
/* local filename */
char *localfile = NULL;
if (asprintf(&localfile, "%s/%s.ipa", copy_path, appid) < 0) {
fprintf(stderr, "Out of memory!?\n");
goto leave_cleanup;
}
free(copy_path);
f = fopen(localfile, "wb");
if (!f) {
fprintf(stderr, "ERROR: fopen: %s: %s\n", localfile, strerror(errno));
free(localfile);
goto leave_cleanup;
}
/* remote filename */
char *remotefile = NULL;
if (asprintf(&remotefile, "%s/%s.zip", APPARCH_PATH, appid) < 0) {
fprintf(stderr, "Out of memory!?\n");
goto leave_cleanup;
}
uint32_t fsize = 0;
char **fileinfo = NULL;
if ((afc_get_file_info(afc, remotefile, &fileinfo) != AFC_E_SUCCESS) || !fileinfo) {
fprintf(stderr, "ERROR getting AFC file info for '%s' on device!\n", remotefile);
fclose(f);
free(remotefile);
free(localfile);
goto leave_cleanup;
}
int i;
for (i = 0; fileinfo[i]; i+=2) {
if (!strcmp(fileinfo[i], "st_size")) {
fsize = atoi(fileinfo[i+1]);
break;
}
}
i = 0;
while (fileinfo[i]) {
free(fileinfo[i]);
i++;
}
free(fileinfo);
if (fsize == 0) {
fprintf(stderr, "Hm... remote file length could not be determined. Cannot copy.\n");
fclose(f);
free(remotefile);
free(localfile);
goto leave_cleanup;
}
if ((afc_file_open(afc, remotefile, AFC_FOPEN_RDONLY, &af) != AFC_E_SUCCESS) || !af) {
fclose(f);
fprintf(stderr, "ERROR: could not open '%s' on device for reading!\n", remotefile);
free(remotefile);
free(localfile);
goto leave_cleanup;
}
/* copy file over */
printf("Copying '%s' --> '%s'... ", remotefile, localfile);
free(remotefile);
free(localfile);
uint32_t amount = 0;
uint32_t total = 0;
char buf[8192];
do {
if (afc_file_read(afc, af, buf, sizeof(buf), &amount) != AFC_E_SUCCESS) {
fprintf(stderr, "AFC Read error!\n");
break;
}
if (amount > 0) {
size_t written = fwrite(buf, 1, amount, f);
if (written != amount) {
fprintf(stderr, "Error when writing %d bytes to local file!\n", amount);
break;
}
total += written;
}
} while (amount > 0);
afc_file_close(afc, af);
fclose(f);
printf("DONE.\n");
if (total != fsize) {
fprintf(stderr, "WARNING: remote and local file sizes don't match (%d != %d)\n", fsize, total);
if (remove_after_copy) {
fprintf(stderr, "NOTE: archive file will NOT be removed from device\n");
remove_after_copy = 0;
}
}
if (remove_after_copy) {
/* remove archive if requested */
printf("Removing '%s'\n", appid);
cmd = CMD_REMOVE_ARCHIVE;
free(options);
options = NULL;
if (LOCKDOWN_E_SUCCESS != lockdownd_client_new_with_handshake(phone, &client, "ideviceinstaller")) {
fprintf(stderr, "Could not connect to lockdownd. Exiting.\n");
goto leave_cleanup;
}
goto run_again;
}
}
goto leave_cleanup;
} else if (cmd == CMD_RESTORE) {
#ifdef HAVE_LIBIMOBILEDEVICE_1_1
instproxy_restore(ipc, appid, NULL, status_cb, NULL);
#else
instproxy_restore(ipc, appid, NULL, status_cb);
#endif
wait_for_op_complete = 1;
notification_expected = 1;
} else if (cmd == CMD_REMOVE_ARCHIVE) {
#ifdef HAVE_LIBIMOBILEDEVICE_1_1
instproxy_remove_archive(ipc, appid, NULL, status_cb, NULL);
#else
instproxy_remove_archive(ipc, appid, NULL, status_cb);
#endif
wait_for_op_complete = 1;
} else {
printf
("ERROR: no operation selected?! This should not be reached!\n");
res = -2;
goto leave_cleanup;
}
if (client) {
/* not needed anymore */
lockdownd_client_free(client);
client = NULL;
}
idevice_wait_for_operation_to_complete();
leave_cleanup:
if (bundleidentifier) {
free(bundleidentifier);
}
if (np) {
np_client_free(np);
}
if (ipc) {
instproxy_client_free(ipc);
}
if (afc) {
afc_client_free(afc);
}
if (client) {
lockdownd_client_free(client);
}
idevice_free(phone);
if (udid) {
free(udid);
}
if (appid) {
free(appid);
}
if (options) {
free(options);
}
return res;
}
