Пример #1
0
CFDictionaryRef device_info(int socket, CFDictionaryRef request)
{
    uint8_t dkey[40]={0};
    uint8_t emf[36]={0};

    struct HFSInfos hfsinfos={0};
    
    CFMutableDictionaryRef out  = CFDictionaryCreateMutable(kCFAllocatorDefault,
                                                            0,
                                                            &kCFTypeDictionaryKeyCallBacks,
                                                            &kCFTypeDictionaryValueCallBacks);	
    
    get_device_infos(out);
    
    getHFSInfos(&hfsinfos);
    /*
    printf("NAND block size  : %x\n", hfsinfos.blockSize);
    printf("Data volume UUID : %llx\n", CFSwapInt64BigToHost(hfsinfos.volumeUUID));
    printf("Data volume offset : %x\n", hfsinfos.dataVolumeOffset);
    */
    uint8_t* key835 = IOAES_key835();
    uint8_t* key89B = IOAES_key89B();
    
    if (!AppleEffaceableStorage__getBytes(lockers, 960))
    {
        CFDataRef lockersData = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, lockers, 960, kCFAllocatorNull);
        CFDictionaryAddValue(out, CFSTR("lockers"), lockersData);
        CFRelease(lockersData);
        
        if (!AppleEffaceableStorage__getLockerFromBytes(LOCKER_DKEY, lockers, 960, dkey, 40))
        {
            aes_key_wrap_ctx ctx;

            aes_key_wrap_set_key(&ctx, key835, 16);

            if(aes_key_unwrap(&ctx, dkey, dkey, 32/8))
                printf("FAIL unwrapping DKey with key 0x835\n");
        }
        if (!AppleEffaceableStorage__getLockerFromBytes(LOCKER_EMF, lockers, 960, emf, 36))
        {
            doAES(&emf[4], &emf[4], 32, kIOAESAcceleratorCustomMask, key89B, NULL, kIOAESAcceleratorDecrypt, 128);
        }
        else if (!AppleEffaceableStorage__getLockerFromBytes(LOCKER_LWVM, lockers, 960, lwvm, 0x50))
        {
            doAES(lwvm, lwvm, 0x50, kIOAESAcceleratorCustomMask, key89B, NULL, kIOAESAcceleratorDecrypt, 128);
            memcpy(&emf[4], &lwvm[32+16], 32);
        }
    }
    
    CFNumberRef n = CFNumberCreate(kCFAllocatorDefault, kCFNumberSInt32Type, &hfsinfos.dataVolumeOffset);
    CFDictionaryAddValue(out, CFSTR("dataVolumeOffset"), n);
    CFRelease(n);
    addHexaString(out, CFSTR("dataVolumeUUID"), (uint8_t*) &hfsinfos.volumeUUID, 8);
    addHexaString(out, CFSTR("key835"), key835, 16);
    addHexaString(out, CFSTR("key89B"), key89B, 16);
    addHexaString(out, CFSTR("EMF"), &emf[4], 32);
    addHexaString(out, CFSTR("DKey"), dkey, 32);
    
    return out;
}
CFDictionaryRef bruteforce_system_keybag(int socket, CFDictionaryRef dict)
{
    uint8_t passcodeKey[32];
    
    CFDataRef kbkeys = CFDictionaryGetValue(dict, CFSTR("KeyBagKeys")); 
    if(kbkeys == NULL || CFGetTypeID(kbkeys) != CFDataGetTypeID())
        return NULL;

    char* passcode = bruteforceWithAppleKeyStore(kbkeys, bruteforceProgressCallback, (void*) socket);
    
    if (passcode == NULL)
        return NULL;

    KeyBag* kb = AppleKeyStore_parseBinaryKeyBag(kbkeys);
    if (kb == NULL)
    {
        printf("FAIL: AppleKeyStore_parseBinaryKeyBag\n");
        return NULL;
    }
    AppleKeyStore_getPasscodeKey(kb, passcode, strlen(passcode), passcodeKey);
    
    free(kb);
    CFMutableDictionaryRef out  = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);	
    CFStringRef cfpasscode = CFStringCreateWithCString(kCFAllocatorDefault, passcode, kCFStringEncodingASCII);
    CFDictionaryAddValue(out, CFSTR("passcode"), cfpasscode);
    CFRelease(cfpasscode);
    
    addHexaString(out, CFSTR("passcodeKey"), passcodeKey, 32);
    return out;
}
Пример #3
0
void get_device_infos(CFMutableDictionaryRef out) {
    CC_SHA1_CTX sha1ctx;
    uint8_t udid[20];
    char udid1[100];
    CFStringRef serial;
    CFStringRef imei;
    CFStringRef macwifi;
    CFStringRef macbt;
    
    CFStringRef hw = copy_hardware_model(); 
    if (hw != NULL)
    {
        CFDictionaryAddValue(out, CFSTR("hwModel"), hw);
        CFRelease(hw);
    }
    
    serial = copy_device_serial_number();
    imei = copy_device_imei();
    macwifi = copy_wifi_mac_address();
    macbt = copy_bluetooth_mac_address();
    
    CFMutableStringRef udidInput = CFStringCreateMutable(kCFAllocatorDefault, 0);
    if (serial != NULL)
    {
        CFStringAppend(udidInput, serial);
        CFDictionaryAddValue(out, CFSTR("serialNumber"), serial);
        CFRelease(serial);
    }
    if (imei != NULL)
    {
        CFStringAppend(udidInput, imei);
        CFDictionaryAddValue(out, CFSTR("imei"), imei);
        CFRelease(imei);
    }
    if (macwifi != NULL)
    {
        CFStringAppend(udidInput, macwifi);
        CFDictionaryAddValue(out, CFSTR("wifiMac"), macwifi);
        CFRelease(macwifi);
    }
    if (macbt != NULL)
    {
        CFStringAppend(udidInput, macbt);
        CFDictionaryAddValue(out, CFSTR("btMac"), macbt);
        CFRelease(macbt);
    }
    
    CFStringGetCString(udidInput, udid1, 99, kCFStringEncodingASCII);
    
    CC_SHA1_Init(&sha1ctx);
    CC_SHA1_Update(&sha1ctx, udid1, CFStringGetLength(udidInput));
    CC_SHA1_Final(udid, &sha1ctx);
    
    CFRelease(udidInput);
    addHexaString(out, CFSTR("udid"), udid, 20);

}
CFDictionaryRef keybag_get_passcode_key(int socket, CFDictionaryRef dict)
{
    uint8_t passcodeKey[32];
    CFDataRef passcode_cfdata = NULL;
    
    CFDataRef kbkeys = CFDictionaryGetValue(dict, CFSTR("KeyBagKeys")); 
    if(kbkeys == NULL || CFGetTypeID(kbkeys) != CFDataGetTypeID())
        return NULL;
    
    KeyBag* kb = AppleKeyStore_parseBinaryKeyBag(kbkeys);
    if (kb == NULL)
        return NULL;

    CFTypeRef cfpasscode = CFDictionaryGetValue(dict, CFSTR("passcode"));
    
    if(cfpasscode == NULL)
        return NULL;
    if(CFGetTypeID(cfpasscode) == CFDataGetTypeID())
    {
        passcode_cfdata = cfpasscode;
    }
    else if(CFGetTypeID(cfpasscode) == CFStringGetTypeID())
    {
        passcode_cfdata = CFStringCreateExternalRepresentation(kCFAllocatorDefault, cfpasscode, kCFStringEncodingUTF8, 0);
    }
    else
        return NULL;
    
    AppleKeyStore_getPasscodeKey(kb,
                                CFDataGetBytePtr(passcode_cfdata),
                                CFDataGetLength(passcode_cfdata),
                                passcodeKey);
    free(kb);
    
    if (passcode_cfdata != cfpasscode)
        CFRelease(passcode_cfdata);
    
    CFMutableDictionaryRef out  = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);	
    CFDictionaryAddValue(out, CFSTR("passcode"), cfpasscode);
    addHexaString(out, CFSTR("passcodeKey"), passcodeKey, 32);
    return out;
}
Пример #5
0
//http://iphonedevwiki.net/index.php/Lockdownd
void get_device_infos(CFMutableDictionaryRef out) {
    CC_SHA1_CTX sha1ctx;
    uint8_t udid[20];
    char udid1[100];
    CFStringRef serial;
    CFStringRef imei;
    CFStringRef macwifi;
    CFStringRef macbt;
    
    CFStringRef hw = copy_hardware_model(); 
    if (hw != NULL)
    {
        CFDictionaryAddValue(out, CFSTR("hwModel"), hw);
        CFRelease(hw);
    }
    
    serial = copy_device_serial_number();
    imei = copy_device_imei();
    macwifi = copy_wifi_mac_address();
    macbt = copy_bluetooth_mac_address();
    
    CFMutableStringRef udidInput = CFStringCreateMutable(kCFAllocatorDefault, 0);
    if (serial != NULL)
    {
        CFStringAppend(udidInput, serial);
        CFDictionaryAddValue(out, CFSTR("serialNumber"), serial);
        CFRelease(serial);
    }
    
    uint64_t _ecid = 0;
    CFNumberRef ecid = copyNumberFromChosen(CFSTR("unique-chip-id"));
    if (ecid != NULL)
    {
        CFDictionaryAddValue(out, CFSTR("ECID"), ecid);
    }
    
    if (ecid != NULL && useNewUDID(hw))
    {
        CFNumberGetValue(ecid, kCFNumberSInt64Type, &_ecid);
        CFStringAppendFormat(udidInput, NULL, CFSTR("%llu"), _ecid);
    }
    else if (imei != NULL)
    {
        CFStringAppend(udidInput, imei);
        CFDictionaryAddValue(out, CFSTR("imei"), imei);
        CFRelease(imei);
    }
    if (macwifi != NULL)
    {
        CFStringAppend(udidInput, macwifi);
        CFDictionaryAddValue(out, CFSTR("wifiMac"), macwifi);
        CFRelease(macwifi);
    }
    if (macbt != NULL)
    {
        CFStringAppend(udidInput, macbt);
        CFDictionaryAddValue(out, CFSTR("btMac"), macbt);
        CFRelease(macbt);
    }
    
    CFStringGetCString(udidInput, udid1, 99, kCFStringEncodingASCII);
    
    CC_SHA1_Init(&sha1ctx);
    CC_SHA1_Update(&sha1ctx, udid1, CFStringGetLength(udidInput));
    CC_SHA1_Final(udid, &sha1ctx);
    
    CFRelease(udidInput);
    addHexaString(out, CFSTR("udid"), udid, 20);

}