BOOL DeviceInDFU() {
#ifdef USE_POIS0N
return pois0n_is_ready() == 0 && pois0n_is_compatible() == 0;
#else
return FALSE;
#endif
}
int main(int argc, char* argv[]) {
if (argc > 1 && (!strcmp(argv[1],"--help") || !strcmp(argv[1],"-h"))) {
printf("injectpois0n\n\t-t Teather Boot\n\t-r Boot ramdisk\n\t-s Only execute iBSS payload\n\t-o Only execute iBSS payload and boot iBoot\n\nUsage: %s [-r|-s|-o]\n", argv[0]);
return 0;
}
pois0n_init();
pois0n_set_callback(&print_progress, NULL);
info("Waiting for device to enter DFU mode\n");
while(pois0n_is_ready()) {
sleep(1);
}
info("Found device in DFU mode\n");
if(!pois0n_is_compatible()) {
if (argc > 1) {
if (!strcmp(argv[1],"-t"))
pois0n_inject("1");
else if (!strcmp(argv[1],"-r"))
pois0n_inject("0");
else if (!strcmp(argv[1],"-s"))
pois0n_inject("2");
else if (!strcmp(argv[1],"-o"))
pois0n_inject("3");
} else {
pois0n_inject(NULL);
}
}
pois0n_exit();
return 0;
}
int main(int argc, char* argv[]) {
if (argc > 1) {
if (!strcmp(argv[1],"-go")){
pois0n_init();
pois0n_set_callback(&print_progress, NULL);
info("Waiting for device to enter DFU mode\n");
pois0n_is_ready();
info("Found device in DFU mode\n");
if(!pois0n_is_compatible()){
pois0n_inject("2");
}
pois0n_exit();
}if (!strcmp(argv[1],"-irecovery")) {
system("build/irecovery -v -s");
}
}else {
help();
}
return 0;
}
int main(int argc, char* argv[]) {
int result = 0;
if (argc != 3) {
usage();
}
const char* ibssFile = argv[1];
const char* kernelcacheFile = argv[2];
pois0n_init();
pois0n_set_callback(&print_progress, NULL);
info("Waiting for device to enter DFU mode\n");
while(pois0n_is_ready()) {
sleep(1);
}
info("Found device in DFU mode\n");
result = pois0n_is_compatible();
if (result < 0) {
error("Your device in incompatible with this exploit!\n");
return result;
}
result = pois0n_injectonly();
if (result < 0) {
error("Exploit injection failed!\n");
return result;
}
debug("Uploading %s to device\n", ibssFile);
irecv_error_t error = irecv_send_file(client, ibssFile, 1);
if(error != IRECV_E_SUCCESS) {
error("Unable to upload iBSS\n");
debug("%s\n", irecv_strerror(error));
return -1;
}
client = irecv_reconnect(client, 10);
debug("Uploading %s to device\n", kernelcacheFile);
error = irecv_send_file(client, kernelcacheFile, 1);
if(error != IRECV_E_SUCCESS) {
error("Unable to upload kernelcache\n");
debug("%s\n", irecv_strerror(error));
return -1;
}
error = irecv_send_command(client, "bootx");
if(error != IRECV_E_SUCCESS) {
error("Unable send the bootx command\n");
return -1;
}
pois0n_exit();
return 0;
}
int main(int argc, char* argv[]) {
pois0n_init();
pois0n_set_callback(&print_progress, NULL);
info("Waiting for device to enter DFU mode\n");
while(pois0n_is_ready()) {
sleep(1);
}
info("Found device in DFU mode\n");
if(!pois0n_is_compatible()) {
pois0n_inject();
}
pois0n_exit();
return 0;
}
/*
* Class: Jsyringe
* Method: exploit
* Signature: ()I
*/
JNIEXPORT jint JNICALL Java_Jsyringe_exploit
(JNIEnv * env, jclass jClass)
{
int result = 0;
irecv_error_t ir_error = IRECV_E_SUCCESS;
irecv_client_t client = g_syringe_client;
libpois0n_debug = 1;
pois0n_init();
info("Waiting for device to enter DFU mode\n");
while(pois0n_is_ready()) {
sleep(1);
}
info("Found device in DFU mode\n");
result = pois0n_is_compatible();
if (result < 0) {
error("Your device in incompatible with this exploit!\n");
goto cleanup;
}
result = pois0n_injectonly();
if (result < 0) {
error("Exploit injection failed!\n");
goto cleanup;
}
result = 0;
cleanup:
fflush(stderr);
if (g_syringe_client) {
irecv_close(&g_syringe_client);
g_syringe_client = NULL;
}
//pois0n_exit();
return result;
}
int tethered_boot(const char *ibssFile, const char *ibecFile, const char *kernelcacheFile, const char *ramdiskFile, const char *devicetreeFile)
{
int result = 0;
irecv_error_t ir_error = IRECV_E_SUCCESS;
irecv_client_t client = g_syringe_client;
libpois0n_debug = 1;
pois0n_init();
info("Waiting for device to enter DFU mode\n");
while(pois0n_is_ready()) {
sleep(1);
}
info("Found device in DFU mode\n");
result = pois0n_is_compatible();
if (result < 0) {
error("Your device in incompatible with this exploit!\n");
goto cleanup;
}
result = pois0n_injectonly();
if (result < 0) {
error("Exploit injection failed!\n");
goto cleanup;
}
client = g_syringe_client;
if (ibssFile != NULL) {
debug("Uploading %s to device, mode: 0x%x\n", ibssFile, client->mode);
ir_error = irecv_send_file(client, ibssFile, 1);
if(ir_error != IRECV_E_SUCCESS) {
error("Unable to upload iBSS\n");
debug("%s\n", irecv_strerror(ir_error));
result = -1;
goto cleanup;
}
sleep(10);
} else {
error("ibss can't be null\n");
result = -1;
goto cleanup;
}
if (ibecFile != NULL) {
client = g_syringe_client = irecv_reconnect(client, 10);
debug("Uploading iBEC %s to device, mode: 0x%x\n", ibecFile, client->mode);
ir_error = irecv_send_file(client, ibecFile, 1);
if(ir_error != IRECV_E_SUCCESS) {
error("Unable to upload iBEC\n");
debug("%s\n", irecv_strerror(ir_error));
result = -1;
goto cleanup;
}
sleep(5);
}
client = g_syringe_client = irecv_reconnect(client, 10);
if (ramdiskFile != NULL) {
debug("Uploading ramdisk %s to device\n", ramdiskFile);
ir_error = irecv_send_file(client, ramdiskFile, 1);
if(ir_error != IRECV_E_SUCCESS) {
error("Unable to upload ramdisk\n");
debug("%s\n", irecv_strerror(ir_error));
result = -1;
goto cleanup;
}
sleep(5);
ir_error = irecv_send_command(client, "ramdisk");
if(ir_error != IRECV_E_SUCCESS) {
error("Unable send the ramdisk command\n");
result = -1;
goto cleanup;
}
}
if (devicetreeFile != NULL) {
debug("Uploading device tree %s to device\n", devicetreeFile);
ir_error = irecv_send_file(client, devicetreeFile, 1);
if(ir_error != IRECV_E_SUCCESS) {
error("Unable to upload device tree\n");
debug("%s\n", irecv_strerror(ir_error));
result = -1;
goto cleanup;
}
ir_error = irecv_send_command(client, "devicetree");
if(ir_error != IRECV_E_SUCCESS) {
error("Unable to send the devicetree command\n");
result = -1;
goto cleanup;
}
}
if (kernelcacheFile != NULL) {
debug("Uploading kernel %s to device, mode: 0x%x\n", kernelcacheFile, client->mode);
ir_error = irecv_send_file(client, kernelcacheFile, 1);
if(ir_error != IRECV_E_SUCCESS) {
error("Unable to upload kernelcache\n");
debug("%s\n", irecv_strerror(ir_error));
result = -1;
goto cleanup;
}
ir_error = irecv_send_command(client, "bootx");
if(ir_error != IRECV_E_SUCCESS) {
error("Unable send the bootx command\n");
result = -1;
goto cleanup;
}
} else {
error("kernelcache can't be null\n");
result = -1;
goto cleanup;
}
result = 0;
cleanup:
fflush(stderr);
if (g_syringe_client) {
irecv_close(&g_syringe_client);
g_syringe_client = NULL;
}
//pois0n_exit();
return result;
}
int main(int argc, char* argv[]) {
int result = 0;
irecv_error_t ir_error = IRECV_E_SUCCESS;
//int index;
const char
*ibssFile = NULL,
*ibecFile = NULL,
*kernelcacheFile = NULL,
*ramdiskFile = NULL,
*bgcolor = NULL,
*bootlogo = NULL;
int c;
opterr = 0;
while ((c = getopt (argc, argv, "vhi:b:k:r:l:c:")) != -1)
switch (c)
{
case 'v':
g_verbose = true;
break;
case 'h':
usage();
break;
case 'i':
if (!file_exists(optarg)) {
error("Cannot open iBSS file '%s'\n", optarg);
return -1;
}
ibssFile = optarg;
break;
case 'b':
if (!file_exists(optarg)) {
error("Cannot open iBEC file '%s'\n", optarg);
return -1;
}
ibecFile = optarg;
break;
case 'k':
if (!file_exists(optarg)) {
error("Cannot open kernelcache file '%s'\n", optarg);
return -1;
}
kernelcacheFile = optarg;
break;
case 'r':
if (!file_exists(optarg)) {
error("Cannot open ramdisk file '%s'\n", optarg);
return -1;
}
ramdiskFile = optarg;
break;
case 'l':
if (!file_exists(optarg)) {
error("Cannot open bootlogo file '%s'\n", optarg);
return -1;
}
bootlogo = optarg;
break;
case 'c':
bgcolor = optarg;
break;
default:
usage();
}
pois0n_init();
pois0n_set_callback(&print_progress, NULL);
info("Waiting for device to enter DFU mode\n");
while(pois0n_is_ready()) {
sleep(1);
}
info("Found device in DFU mode\n");
result = pois0n_is_compatible();
if (result < 0) {
error("Your device in incompatible with this exploit!\n");
return result;
}
result = pois0n_injectonly();
if (result < 0) {
error("Exploit injection failed!\n");
return result;
}
if (ibssFile != NULL) {
debug("Uploading %s to device\n", ibssFile);
ir_error = irecv_send_file(g_syringe_client, ibssFile, 1);
if(ir_error != IRECV_E_SUCCESS) {
error("Unable to upload iBSS\n");
debug("%s\n", irecv_strerror(ir_error));
return -1;
}
sleep(10);
} else {
return 0;
}
if (ibecFile != NULL) {
g_syringe_client = irecv_reconnect(g_syringe_client, 10);
debug("Uploading iBEC %s to device\n", ibecFile);
ir_error = irecv_send_file(g_syringe_client, ibecFile, 1);
if(ir_error != IRECV_E_SUCCESS) {
error("Unable to upload iBEC\n");
debug("%s\n", irecv_strerror(ir_error));
return -1;
}
sleep(5);
}
g_syringe_client = irecv_reconnect(g_syringe_client, 10);
if (ramdiskFile != NULL) {
debug("Uploading ramdisk %s to device\n", ramdiskFile);
ir_error = irecv_send_file(g_syringe_client, ramdiskFile, 1);
if(ir_error != IRECV_E_SUCCESS) {
error("Unable to upload ramdisk\n");
debug("%s\n", irecv_strerror(ir_error));
return -1;
}
sleep(5);
ir_error = irecv_send_command(g_syringe_client, "ramdisk");
if(ir_error != IRECV_E_SUCCESS) {
error("Unable send the ramdisk command\n");
return -1;
}
}
if (bootlogo != NULL) {
debug("Uploading boot logo %s to device\n", bootlogo);
ir_error = irecv_send_file(g_syringe_client, bootlogo, 1);
if(ir_error != IRECV_E_SUCCESS) {
error("Unable to upload bootlogo\n");
debug("%s\n", irecv_strerror(ir_error));
return -1;
}
ir_error = irecv_send_command(g_syringe_client, "setpicture 1");
if(ir_error != IRECV_E_SUCCESS) {
error("Unable to set picture\n");
return -1;
}
ir_error = irecv_send_command(g_syringe_client, "bgcolor 0 0 0");
if(ir_error != IRECV_E_SUCCESS) {
error("Unable to set picture\n");
return -1;
}
}
if (bgcolor != NULL) {
char finalbgcolor[255];
sprintf(finalbgcolor, "bgcolor %s", bgcolor);
ir_error = irecv_send_command(g_syringe_client, finalbgcolor);
if(ir_error != IRECV_E_SUCCESS) {
error("Unable set bgcolor\n");
return -1;
}
}
if (kernelcacheFile != NULL) {
debug("Uploading %s to device\n", kernelcacheFile);
ir_error = irecv_send_file(g_syringe_client, kernelcacheFile, 1);
if(ir_error != IRECV_E_SUCCESS) {
error("Unable to upload kernelcache\n");
debug("%s\n", irecv_strerror(ir_error));
return -1;
}
ir_error = irecv_send_command(g_syringe_client, "bootx");
if(ir_error != IRECV_E_SUCCESS) {
error("Unable send the bootx command\n");
return -1;
}
}
pois0n_exit();
return 0;
}
int main(int argc, char* argv[])
{
irecv_error_t error;
unsigned int cpid;
int can_ra1n = 0;
printf("Loadibec " LOADIBEC_VERSION COMMIT_STRING ".\n");
if(argc != 2)
{
printf("Usage: %s <file>\n"
"\tLoads a file to an iDevice in recovery mode and jumps to it.\n", argv[0]);
return 0;
}
irecv_init();
printf("Connecting to iDevice...\n");
error = irecv_open_attempts(&g_syringe_client, 10);
if(error != IRECV_E_SUCCESS)
{
fprintf(stderr, "Failed to connect to iBoot, error %d.\n", error);
return -error;
}
if(irecv_get_cpid(g_syringe_client, &cpid) == IRECV_E_SUCCESS)
{
if(cpid > 8900)
can_ra1n = 1;
}
if(g_syringe_client->mode == kDfuMode && can_ra1n)
{
int ret;
printf("linera1n compatible device detected, injecting limera1n.\n");
irecv_close(&g_syringe_client);
irecv_exit();
pois0n_init();
ret = pois0n_is_ready();
if(ret < 0)
return ret;
ret = pois0n_is_compatible();
if(ret < 0)
return ret;
pois0n_inject();
irecv_close(&g_syringe_client);
g_syringe_client = NULL;
printf("limera1ned, reconnecting...\n");
g_syringe_client = irecv_reconnect(g_syringe_client, 10);
if(!g_syringe_client)
{
fprintf(stderr, "Failed to reconnect.\n");
return 4;
}
}
else
can_ra1n = 0;
printf("Starting transfer of '%s'.\n", argv[1]);
irecv_event_subscribe(g_syringe_client, IRECV_PROGRESS, &progress_cb, NULL);
error = irecv_send_file(g_syringe_client, argv[1], 0);
if(error != IRECV_E_SUCCESS)
{
fprintf(stderr, "Failed to upload '%s', error %d.\n", argv[1], error);
return 2;
}
error = irecv_send_command(g_syringe_client, "go");
if(error != IRECV_E_SUCCESS)
{
fprintf(stderr, "Failed to jump to uploaded file, error %d.\n", error);
return 3;
}
irecv_send_command(g_syringe_client, "go jump 0x41000000");
printf("Uploaded Successfully.\n");
irecv_exit();
return 0;
}