From 345ea539bc305a072f2ba92a6dccca5fb7403cde Mon Sep 17 00:00:00 2001 From: planetbeing Date: Fri, 19 Sep 2008 22:01:06 +0000 Subject: [PATCH] Lots of miscellaneous fixes merged from private branch --- CMakeLists.txt | 2 +- dfu-util/CMakeLists.txt | 30 +- hfs/rawfile.c | 918 +++++++++--------- includes/common.h | 3 + includes/hfs/hfsplus.h | 3 + includes/xpwn/pwnutil.h | 6 + ipsw-patch/CMakeLists.txt | 50 +- .../018-4108-7-nowipe.patch | Bin 0 -> 292 bytes .../018-4108-7.patch | Bin 0 -> 250 bytes .../018-4118-1.patch | Bin 0 -> 232 bytes .../DeviceTree.m68ap.patch | Bin 0 -> 168 bytes .../iPhone1,1_2.1_5F136.bundle/Info.plist | 254 +++++ .../LLB.m68ap.RELEASE.patch | Bin 0 -> 155 bytes .../iPhone1,1_2.1_5F136.bundle/Services.patch | Bin 0 -> 251 bytes .../WTF.m68ap.RELEASE.patch | Bin 0 -> 156 bytes .../WTF.s5l8900xall.RELEASE.patch | Bin 0 -> 155 bytes .../bbupdater.patch | Bin 0 -> 203 bytes .../iPhone1,1_2.1_5F136.bundle/fstab.patch | Bin 0 -> 166 bytes .../iBEC.m68ap.RELEASE.patch | Bin 0 -> 156 bytes .../iBSS.m68ap.RELEASE.patch | Bin 0 -> 156 bytes .../iBoot.m68ap.RELEASE.patch | Bin 0 -> 156 bytes .../kernelcache.release.patch | Bin 0 -> 181 bytes .../lockdownd.patch | Bin 0 -> 363 bytes .../018-4118-1.patch | Bin 0 -> 232 bytes .../018-4122-1-nowipe.patch | Bin 0 -> 277 bytes .../018-4122-1.patch | Bin 0 -> 231 bytes .../DeviceTree.n82ap.patch | Bin 0 -> 170 bytes .../iPhone1,2_2.1_5F136.bundle/Info.plist | 218 +++++ .../LLB.n82ap.RELEASE.patch | Bin 0 -> 155 bytes .../iPhone1,2_2.1_5F136.bundle/Services.patch | Bin 0 -> 251 bytes .../WTF.n82ap.RELEASE.patch | Bin 0 -> 156 bytes .../WTF.s5l8900xall.RELEASE.patch | Bin 0 -> 155 bytes .../iPhone1,2_2.1_5F136.bundle/fstab.patch | Bin 0 -> 166 bytes .../iBEC.n82ap.RELEASE.patch | Bin 0 -> 156 bytes .../iBSS.n82ap.RELEASE.patch | Bin 0 -> 156 bytes .../iBoot.n82ap.RELEASE.patch | Bin 0 -> 155 bytes .../kernelcache.release.patch | Bin 0 -> 181 bytes .../lockdownd.patch | Bin 0 -> 363 bytes .../iPod1,1_2.1_5F137.bundle/018-4146-1.patch | Bin 0 -> 232 bytes .../018-4149-1-nowipe.patch | Bin 0 -> 277 bytes .../iPod1,1_2.1_5F137.bundle/018-4149-1.patch | Bin 0 -> 231 bytes .../DeviceTree.n45ap.patch | Bin 0 -> 166 bytes .../iPod1,1_2.1_5F137.bundle/Info.plist | 203 ++++ .../LLB.n45ap.RELEASE.patch | Bin 0 -> 156 bytes .../iPod1,1_2.1_5F137.bundle/Services.patch | Bin 0 -> 251 bytes .../WTF.n45ap.RELEASE.patch | Bin 0 -> 157 bytes .../WTF.s5l8900xall.RELEASE.patch | Bin 0 -> 155 bytes .../iPod1,1_2.1_5F137.bundle/fstab.patch | Bin 0 -> 166 bytes .../iBEC.n45ap.RELEASE.patch | Bin 0 -> 157 bytes .../iBSS.n45ap.RELEASE.patch | Bin 0 -> 153 bytes .../iBoot.n45ap.RELEASE.patch | Bin 0 -> 155 bytes .../kernelcache.release.patch | Bin 0 -> 182 bytes ipsw-patch/img3.c | 92 ++ ipsw-patch/libxpwn.c | 7 + ipsw-patch/outputstate.c | 8 +- ipsw-patch/pwnutil.c | 134 ++- xpwn/CMakeLists.txt | 36 +- 57 files changed, 1454 insertions(+), 510 deletions(-) create mode 100644 ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/018-4108-7-nowipe.patch create mode 100644 ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/018-4108-7.patch create mode 100644 ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/018-4118-1.patch create mode 100644 ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/DeviceTree.m68ap.patch create mode 100644 ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/Info.plist create mode 100644 ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/LLB.m68ap.RELEASE.patch create mode 100644 ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/Services.patch create mode 100644 ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/WTF.m68ap.RELEASE.patch create mode 100644 ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/WTF.s5l8900xall.RELEASE.patch create mode 100644 ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/bbupdater.patch create mode 100644 ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/fstab.patch create mode 100644 ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/iBEC.m68ap.RELEASE.patch create mode 100644 ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/iBSS.m68ap.RELEASE.patch create mode 100644 ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/iBoot.m68ap.RELEASE.patch create mode 100644 ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/kernelcache.release.patch create mode 100644 ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/lockdownd.patch create mode 100644 ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/018-4118-1.patch create mode 100644 ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/018-4122-1-nowipe.patch create mode 100644 ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/018-4122-1.patch create mode 100644 ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/DeviceTree.n82ap.patch create mode 100644 ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/Info.plist create mode 100644 ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/LLB.n82ap.RELEASE.patch create mode 100644 ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/Services.patch create mode 100644 ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/WTF.n82ap.RELEASE.patch create mode 100644 ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/WTF.s5l8900xall.RELEASE.patch create mode 100644 ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/fstab.patch create mode 100644 ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/iBEC.n82ap.RELEASE.patch create mode 100644 ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/iBSS.n82ap.RELEASE.patch create mode 100644 ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/iBoot.n82ap.RELEASE.patch create mode 100644 ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/kernelcache.release.patch create mode 100644 ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/lockdownd.patch create mode 100644 ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/018-4146-1.patch create mode 100644 ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/018-4149-1-nowipe.patch create mode 100644 ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/018-4149-1.patch create mode 100644 ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/DeviceTree.n45ap.patch create mode 100644 ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/Info.plist create mode 100644 ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/LLB.n45ap.RELEASE.patch create mode 100644 ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/Services.patch create mode 100644 ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/WTF.n45ap.RELEASE.patch create mode 100644 ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/WTF.s5l8900xall.RELEASE.patch create mode 100644 ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/fstab.patch create mode 100644 ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/iBEC.n45ap.RELEASE.patch create mode 100644 ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/iBSS.n45ap.RELEASE.patch create mode 100644 ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/iBoot.n45ap.RELEASE.patch create mode 100644 ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/kernelcache.release.patch diff --git a/CMakeLists.txt b/CMakeLists.txt index a049a6e7..76d99f22 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -41,7 +41,7 @@ SET(CPACK_RESOURCE_FILE_README "${PROJECT_SOURCE_DIR}/README.markdown") SET(CPACK_RESOURCE_FILE_LICENSE "${PROJECT_SOURCE_DIR}/LICENSE") SET(CPACK_PACKAGE_VERSION_MAJOR "0") SET(CPACK_PACKAGE_VERSION_MINOR "5") -SET(CPACK_PACKAGE_VERSION_PATCH "2") +SET(CPACK_PACKAGE_VERSION_PATCH "3") SET(CPACK_PACKAGE_EXECUTABLES "xpwn" "XPwn Pwner") SET(CPACK_PACKAGE_EXECUTABLES "ipsw" "IPSW Tool") SET(CPACK_PACKAGE_EXECUTABLES "hdutil" "Apple disk image utility") diff --git a/dfu-util/CMakeLists.txt b/dfu-util/CMakeLists.txt index 55f5808b..266be555 100644 --- a/dfu-util/CMakeLists.txt +++ b/dfu-util/CMakeLists.txt @@ -1,21 +1,23 @@ INCLUDE(${PROJECT_SOURCE_DIR}/FindUSB.cmake) -IF(NOT USB_FOUND) - message(STATUS "libusb is required for dfu-util!") -ELSE(NOT USB_FOUND) - include_directories(${USB_INCLUDE_DIR}) - link_directories(${USB_LIBRARIES}) +IF(NOT APPLE OR NOT BUILD_STATIC) + IF(NOT USB_FOUND) + message(STATUS "libusb is required for dfu-util!") + ELSE(NOT USB_FOUND) + include_directories(${USB_INCLUDE_DIR}) + link_directories(${USB_LIBRARIES}) - add_executable(dfu-util dfu.c sam7dfu.c main.c) + add_executable(dfu-util dfu.c sam7dfu.c main.c) - link_directories(${PROJECT_BINARY_DIR}/common ${PROJECT_BINARY_DIR}/hfs ${PROJECT_BINARY_DIR}/ipsw-patch) + link_directories(${PROJECT_BINARY_DIR}/common ${PROJECT_BINARY_DIR}/hfs ${PROJECT_BINARY_DIR}/ipsw-patch) - IF(APPLE) - SET_TARGET_PROPERTIES(dfu-util PROPERTIES LINK_FLAGS "-framework CoreFoundation -framework IOKit") - ENDIF(APPLE) + IF(APPLE) + SET_TARGET_PROPERTIES(dfu-util PROPERTIES LINK_FLAGS "-framework CoreFoundation -framework IOKit") + ENDIF(APPLE) - target_link_libraries(dfu-util xpwn) - target_link_libraries(dfu-util ${USB_LIBRARIES}) + target_link_libraries(dfu-util xpwn) + target_link_libraries(dfu-util ${USB_LIBRARIES}) - install(TARGETS dfu-util DESTINATION .) -ENDIF(NOT USB_FOUND) + install(TARGETS dfu-util DESTINATION .) + ENDIF(NOT USB_FOUND) +ENDIF(NOT APPLE OR NOT BUILD_STATIC) diff --git a/hfs/rawfile.c b/hfs/rawfile.c index 29bf539b..5057bc57 100644 --- a/hfs/rawfile.c +++ b/hfs/rawfile.c @@ -6,486 +6,494 @@ int writeExtents(RawFile* rawFile); int isBlockUsed(Volume* volume, uint32_t block) { - unsigned char byte; - - READ(volume->allocationFile, block / 8, 1, &byte); - return (byte & (1 << (7 - (block % 8)))) != 0; + unsigned char byte; + + READ(volume->allocationFile, block / 8, 1, &byte); + return (byte & (1 << (7 - (block % 8)))) != 0; } int setBlockUsed(Volume* volume, uint32_t block, int used) { - unsigned char byte; - - READ(volume->allocationFile, block / 8, 1, &byte); - if(used) { - byte |= (1 << (7 - (block % 8))); - } else { - byte &= ~(1 << (7 - (block % 8))); - } - ASSERT(WRITE(volume->allocationFile, block / 8, 1, &byte), "WRITE"); - - return TRUE; + unsigned char byte; + + READ(volume->allocationFile, block / 8, 1, &byte); + if(used) { + byte |= (1 << (7 - (block % 8))); + } else { + byte &= ~(1 << (7 - (block % 8))); + } + ASSERT(WRITE(volume->allocationFile, block / 8, 1, &byte), "WRITE"); + + return TRUE; } int allocate(RawFile* rawFile, off_t size) { - unsigned char* zeros; - Volume* volume; - HFSPlusForkData* forkData; - uint32_t blocksNeeded; - uint32_t blocksToAllocate; - Extent* extent; - Extent* lastExtent; - - uint32_t curBlock; - - volume = rawFile->volume; - forkData = rawFile->forkData; - extent = rawFile->extents; - - blocksNeeded = ((uint64_t)size / (uint64_t)volume->volumeHeader->blockSize) + (((size % volume->volumeHeader->blockSize) == 0) ? 0 : 1); - - if(blocksNeeded > forkData->totalBlocks) { - zeros = (unsigned char*) malloc(volume->volumeHeader->blockSize); - memset(zeros, 0, volume->volumeHeader->blockSize); - - blocksToAllocate = blocksNeeded - forkData->totalBlocks; - - if(blocksToAllocate > volume->volumeHeader->freeBlocks) { - return FALSE; - } - - lastExtent = NULL; - while(extent != NULL) { - lastExtent = extent; - extent = extent->next; - } - - if(lastExtent == NULL) { - rawFile->extents = (Extent*) malloc(sizeof(Extent)); - lastExtent = rawFile->extents; - lastExtent->blockCount = 0; - lastExtent->next = NULL; - curBlock = volume->volumeHeader->nextAllocation; - } else { - curBlock = lastExtent->startBlock + lastExtent->blockCount; - } - - while(blocksToAllocate > 0) { - if(isBlockUsed(volume, curBlock)) { - if(lastExtent->blockCount > 0) { - lastExtent->next = (Extent*) malloc(sizeof(Extent)); - lastExtent = lastExtent->next; - lastExtent->blockCount = 0; - lastExtent->next = NULL; - } - curBlock = volume->volumeHeader->nextAllocation; - volume->volumeHeader->nextAllocation++; - if(volume->volumeHeader->nextAllocation >= volume->volumeHeader->totalBlocks) { - volume->volumeHeader->nextAllocation = 0; - } - } else { - if(lastExtent->blockCount == 0) { - lastExtent->startBlock = curBlock; - } - - /* zero out allocated block */ - ASSERT(WRITE(volume->image, curBlock * volume->volumeHeader->blockSize, volume->volumeHeader->blockSize, zeros), "WRITE"); - - setBlockUsed(volume, curBlock, TRUE); - volume->volumeHeader->freeBlocks--; - blocksToAllocate--; - curBlock++; - lastExtent->blockCount++; - - if(curBlock >= volume->volumeHeader->totalBlocks) { - curBlock = volume->volumeHeader->nextAllocation; - } - } - } - - free(zeros); - } else if(blocksNeeded < forkData->totalBlocks) { - blocksToAllocate = blocksNeeded; - - lastExtent = NULL; - - while(blocksToAllocate > 0) { - if(blocksToAllocate > extent->blockCount) { - blocksToAllocate -= extent->blockCount; - lastExtent = extent; - extent = extent->next; - } else { - break; - } - } - - - if(blocksToAllocate == 0 && lastExtent != NULL) { - lastExtent->next = NULL; - } else { - rawFile->extents = NULL; - } - - do { - for(curBlock = (extent->startBlock + blocksToAllocate); curBlock < (extent->startBlock + extent->blockCount); curBlock++) { - setBlockUsed(volume, curBlock, FALSE); - volume->volumeHeader->freeBlocks++; - } - blocksToAllocate = 0; - lastExtent = extent; - extent = extent->next; - free(lastExtent); - - } while(extent != NULL); - } - - writeExtents(rawFile); - - forkData->logicalSize = size; - forkData->totalBlocks = blocksNeeded; - - updateVolume(rawFile->volume); - - if(rawFile->catalogRecord != NULL) { - updateCatalog(rawFile->volume, rawFile->catalogRecord); - } - - return TRUE; + unsigned char* zeros; + Volume* volume; + HFSPlusForkData* forkData; + uint32_t blocksNeeded; + uint32_t blocksToAllocate; + Extent* extent; + Extent* lastExtent; + + uint32_t curBlock; + + volume = rawFile->volume; + forkData = rawFile->forkData; + extent = rawFile->extents; + + blocksNeeded = ((uint64_t)size / (uint64_t)volume->volumeHeader->blockSize) + (((size % volume->volumeHeader->blockSize) == 0) ? 0 : 1); + + if(blocksNeeded > forkData->totalBlocks) { + zeros = (unsigned char*) malloc(volume->volumeHeader->blockSize); + memset(zeros, 0, volume->volumeHeader->blockSize); + + blocksToAllocate = blocksNeeded - forkData->totalBlocks; + + if(blocksToAllocate > volume->volumeHeader->freeBlocks) { + return FALSE; + } + + lastExtent = NULL; + while(extent != NULL) { + lastExtent = extent; + extent = extent->next; + } + + if(lastExtent == NULL) { + rawFile->extents = (Extent*) malloc(sizeof(Extent)); + lastExtent = rawFile->extents; + lastExtent->blockCount = 0; + lastExtent->next = NULL; + curBlock = volume->volumeHeader->nextAllocation; + } else { + curBlock = lastExtent->startBlock + lastExtent->blockCount; + } + + while(blocksToAllocate > 0) { + if(isBlockUsed(volume, curBlock)) { + if(lastExtent->blockCount > 0) { + lastExtent->next = (Extent*) malloc(sizeof(Extent)); + lastExtent = lastExtent->next; + lastExtent->blockCount = 0; + lastExtent->next = NULL; + } + curBlock = volume->volumeHeader->nextAllocation; + volume->volumeHeader->nextAllocation++; + if(volume->volumeHeader->nextAllocation >= volume->volumeHeader->totalBlocks) { + volume->volumeHeader->nextAllocation = 0; + } + } else { + if(lastExtent->blockCount == 0) { + lastExtent->startBlock = curBlock; + } + + /* zero out allocated block */ + ASSERT(WRITE(volume->image, curBlock * volume->volumeHeader->blockSize, volume->volumeHeader->blockSize, zeros), "WRITE"); + + setBlockUsed(volume, curBlock, TRUE); + volume->volumeHeader->freeBlocks--; + blocksToAllocate--; + curBlock++; + lastExtent->blockCount++; + + if(curBlock >= volume->volumeHeader->totalBlocks) { + curBlock = volume->volumeHeader->nextAllocation; + } + } + } + + free(zeros); + } else if(blocksNeeded < forkData->totalBlocks) { + blocksToAllocate = blocksNeeded; + + lastExtent = NULL; + + while(blocksToAllocate > 0) { + if(blocksToAllocate > extent->blockCount) { + blocksToAllocate -= extent->blockCount; + lastExtent = extent; + extent = extent->next; + } else { + break; + } + } + + + if(blocksToAllocate == 0 && lastExtent != NULL) { + // snip the extent list here, since we don't need the rest + lastExtent->next = NULL; + } else if(blocksNeeded == 0) { + rawFile->extents = NULL; + } + + do { + for(curBlock = (extent->startBlock + blocksToAllocate); curBlock < (extent->startBlock + extent->blockCount); curBlock++) { + setBlockUsed(volume, curBlock, FALSE); + volume->volumeHeader->freeBlocks++; + } + lastExtent = extent; + extent = extent->next; + + if(blocksToAllocate == 0) + { + free(lastExtent); + } else { + lastExtent->next = NULL; + lastExtent->blockCount = blocksToAllocate; + } + + blocksToAllocate = 0; + } while(extent != NULL); + } + + writeExtents(rawFile); + + forkData->logicalSize = size; + forkData->totalBlocks = blocksNeeded; + + updateVolume(rawFile->volume); + + if(rawFile->catalogRecord != NULL) { + updateCatalog(rawFile->volume, rawFile->catalogRecord); + } + + return TRUE; } static int rawFileRead(io_func* io,off_t location, size_t size, void *buffer) { - RawFile* rawFile; - Volume* volume; - Extent* extent; - - size_t blockSize; - off_t fileLoc; - off_t locationInBlock; - size_t possible; - - rawFile = (RawFile*) io->data; - volume = rawFile->volume; - blockSize = volume->volumeHeader->blockSize; - - extent = rawFile->extents; - fileLoc = 0; - - locationInBlock = location; - while(TRUE) { - fileLoc += extent->blockCount * blockSize; - if(fileLoc <= location) { - locationInBlock -= extent->blockCount * blockSize; - extent = extent->next; - if(extent == NULL) - break; - } else { - break; - } - } - - while(size > 0) { - if(extent == NULL) - return FALSE; - - possible = extent->blockCount * blockSize - locationInBlock; - - if(size > possible) { - ASSERT(READ(volume->image, extent->startBlock * blockSize + locationInBlock, possible, buffer), "READ"); - size -= possible; - buffer = (void*)(((size_t)buffer) + possible); - extent = extent->next; - } else { - ASSERT(READ(volume->image, extent->startBlock * blockSize + locationInBlock, size, buffer), "READ"); - break; - } - - locationInBlock = 0; - } - - return TRUE; + RawFile* rawFile; + Volume* volume; + Extent* extent; + + size_t blockSize; + off_t fileLoc; + off_t locationInBlock; + size_t possible; + + rawFile = (RawFile*) io->data; + volume = rawFile->volume; + blockSize = volume->volumeHeader->blockSize; + + extent = rawFile->extents; + fileLoc = 0; + + locationInBlock = location; + while(TRUE) { + fileLoc += extent->blockCount * blockSize; + if(fileLoc <= location) { + locationInBlock -= extent->blockCount * blockSize; + extent = extent->next; + if(extent == NULL) + break; + } else { + break; + } + } + + while(size > 0) { + if(extent == NULL) + return FALSE; + + possible = extent->blockCount * blockSize - locationInBlock; + + if(size > possible) { + ASSERT(READ(volume->image, extent->startBlock * blockSize + locationInBlock, possible, buffer), "READ"); + size -= possible; + buffer = (void*)(((size_t)buffer) + possible); + extent = extent->next; + } else { + ASSERT(READ(volume->image, extent->startBlock * blockSize + locationInBlock, size, buffer), "READ"); + break; + } + + locationInBlock = 0; + } + + return TRUE; } static int rawFileWrite(io_func* io,off_t location, size_t size, void *buffer) { - RawFile* rawFile; - Volume* volume; - Extent* extent; - - size_t blockSize; - off_t fileLoc; - off_t locationInBlock; - size_t possible; - - rawFile = (RawFile*) io->data; - volume = rawFile->volume; - blockSize = volume->volumeHeader->blockSize; - - if(rawFile->forkData->logicalSize < (location + size)) { - ASSERT(allocate(rawFile, location + size), "allocate"); - } - - extent = rawFile->extents; - fileLoc = 0; - - locationInBlock = location; - while(TRUE) { - fileLoc += extent->blockCount * blockSize; - if(fileLoc <= location) { - locationInBlock -= extent->blockCount * blockSize; - extent = extent->next; - if(extent == NULL) - break; - } else { - break; - } - } - - while(size > 0) { - if(extent == NULL) - return FALSE; - - possible = extent->blockCount * blockSize - locationInBlock; - - if(size > possible) { - ASSERT(WRITE(volume->image, extent->startBlock * blockSize + locationInBlock, possible, buffer), "WRITE"); - size -= possible; - buffer = (void*)(((size_t)buffer) + possible); - extent = extent->next; - } else { - ASSERT(WRITE(volume->image, extent->startBlock * blockSize + locationInBlock, size, buffer), "WRITE"); - break; - } - - locationInBlock = 0; - } - - return TRUE; + RawFile* rawFile; + Volume* volume; + Extent* extent; + + size_t blockSize; + off_t fileLoc; + off_t locationInBlock; + size_t possible; + + rawFile = (RawFile*) io->data; + volume = rawFile->volume; + blockSize = volume->volumeHeader->blockSize; + + if(rawFile->forkData->logicalSize < (location + size)) { + ASSERT(allocate(rawFile, location + size), "allocate"); + } + + extent = rawFile->extents; + fileLoc = 0; + + locationInBlock = location; + while(TRUE) { + fileLoc += extent->blockCount * blockSize; + if(fileLoc <= location) { + locationInBlock -= extent->blockCount * blockSize; + extent = extent->next; + if(extent == NULL) + break; + } else { + break; + } + } + + while(size > 0) { + if(extent == NULL) + return FALSE; + + possible = extent->blockCount * blockSize - locationInBlock; + + if(size > possible) { + ASSERT(WRITE(volume->image, extent->startBlock * blockSize + locationInBlock, possible, buffer), "WRITE"); + size -= possible; + buffer = (void*)(((size_t)buffer) + possible); + extent = extent->next; + } else { + ASSERT(WRITE(volume->image, extent->startBlock * blockSize + locationInBlock, size, buffer), "WRITE"); + break; + } + + locationInBlock = 0; + } + + return TRUE; } static void closeRawFile(io_func* io) { - RawFile* rawFile; - Extent* extent; - Extent* toRemove; - - rawFile = (RawFile*) io->data; - extent = rawFile->extents; - - while(extent != NULL) { - toRemove = extent; - extent = extent->next; - free(toRemove); - } - - free(rawFile); - free(io); + RawFile* rawFile; + Extent* extent; + Extent* toRemove; + + rawFile = (RawFile*) io->data; + extent = rawFile->extents; + + while(extent != NULL) { + toRemove = extent; + extent = extent->next; + free(toRemove); + } + + free(rawFile); + free(io); } int removeExtents(RawFile* rawFile) { - uint32_t blocksLeft; - HFSPlusForkData* forkData; - uint32_t currentBlock; - - uint32_t startBlock; - uint32_t blockCount; - - HFSPlusExtentDescriptor* descriptor; - int currentExtent; - HFSPlusExtentKey extentKey; - int exact; - - extentKey.keyLength = sizeof(HFSPlusExtentKey) - sizeof(extentKey.keyLength); - extentKey.forkType = 0; - extentKey.fileID = rawFile->id; - - forkData = rawFile->forkData; - blocksLeft = forkData->totalBlocks; - currentExtent = 0; - currentBlock = 0; - descriptor = (HFSPlusExtentDescriptor*) forkData->extents; - - while(blocksLeft > 0) { - if(currentExtent == 8) { - if(rawFile->volume->extentsTree == NULL) { - hfs_panic("no extents overflow file loaded yet!"); - return FALSE; - } - - if(descriptor != ((HFSPlusExtentDescriptor*) forkData->extents)) { - free(descriptor); - } - - extentKey.startBlock = currentBlock; - descriptor = (HFSPlusExtentDescriptor*) search(rawFile->volume->extentsTree, (BTKey*)(&extentKey), &exact, NULL, NULL); - if(descriptor == NULL || exact == FALSE) { - hfs_panic("inconsistent extents information!"); - return FALSE; - } else { - removeFromBTree(rawFile->volume->extentsTree, (BTKey*)(&extentKey)); - currentExtent = 0; - continue; - } - } - - startBlock = descriptor[currentExtent].startBlock; - blockCount = descriptor[currentExtent].blockCount; - - currentBlock += blockCount; - blocksLeft -= blockCount; - currentExtent++; - } - - if(descriptor != ((HFSPlusExtentDescriptor*) forkData->extents)) { - free(descriptor); - } - - return TRUE; + uint32_t blocksLeft; + HFSPlusForkData* forkData; + uint32_t currentBlock; + + uint32_t startBlock; + uint32_t blockCount; + + HFSPlusExtentDescriptor* descriptor; + int currentExtent; + HFSPlusExtentKey extentKey; + int exact; + + extentKey.keyLength = sizeof(HFSPlusExtentKey) - sizeof(extentKey.keyLength); + extentKey.forkType = 0; + extentKey.fileID = rawFile->id; + + forkData = rawFile->forkData; + blocksLeft = forkData->totalBlocks; + currentExtent = 0; + currentBlock = 0; + descriptor = (HFSPlusExtentDescriptor*) forkData->extents; + + while(blocksLeft > 0) { + if(currentExtent == 8) { + if(rawFile->volume->extentsTree == NULL) { + hfs_panic("no extents overflow file loaded yet!"); + return FALSE; + } + + if(descriptor != ((HFSPlusExtentDescriptor*) forkData->extents)) { + free(descriptor); + } + + extentKey.startBlock = currentBlock; + descriptor = (HFSPlusExtentDescriptor*) search(rawFile->volume->extentsTree, (BTKey*)(&extentKey), &exact, NULL, NULL); + if(descriptor == NULL || exact == FALSE) { + hfs_panic("inconsistent extents information!"); + return FALSE; + } else { + removeFromBTree(rawFile->volume->extentsTree, (BTKey*)(&extentKey)); + currentExtent = 0; + continue; + } + } + + startBlock = descriptor[currentExtent].startBlock; + blockCount = descriptor[currentExtent].blockCount; + + currentBlock += blockCount; + blocksLeft -= blockCount; + currentExtent++; + } + + if(descriptor != ((HFSPlusExtentDescriptor*) forkData->extents)) { + free(descriptor); + } + + return TRUE; } int writeExtents(RawFile* rawFile) { - Extent* extent; - int currentExtent; - HFSPlusExtentKey extentKey; - HFSPlusExtentDescriptor descriptor[8]; - HFSPlusForkData* forkData; - - removeExtents(rawFile); - - forkData = rawFile->forkData; - currentExtent = 0; - extent = rawFile->extents; - - memset(forkData->extents, 0, sizeof(HFSPlusExtentRecord)); - while(extent != NULL && currentExtent < 8) { - ((HFSPlusExtentDescriptor*)forkData->extents)[currentExtent].startBlock = extent->startBlock; - ((HFSPlusExtentDescriptor*)forkData->extents)[currentExtent].blockCount = extent->blockCount; - extent = extent->next; - currentExtent++; - } - - if(extent != NULL) { - extentKey.keyLength = sizeof(HFSPlusExtentKey) - sizeof(extentKey.keyLength); - extentKey.forkType = 0; - extentKey.fileID = rawFile->id; - - currentExtent = 0; - - while(extent != NULL) { - if(currentExtent == 0) { - memset(descriptor, 0, sizeof(HFSPlusExtentRecord)); - } - - if(currentExtent == 8) { - extentKey.startBlock = descriptor[0].startBlock; - addToBTree(rawFile->volume->extentsTree, (BTKey*)(&extentKey), sizeof(HFSPlusExtentRecord), (unsigned char *)(&(descriptor[0]))); - currentExtent = 0; - } - - descriptor[currentExtent].startBlock = extent->startBlock; - descriptor[currentExtent].blockCount = extent->blockCount; - - currentExtent++; - extent = extent->next; - } - - extentKey.startBlock = descriptor[0].startBlock; - addToBTree(rawFile->volume->extentsTree, (BTKey*)(&extentKey), sizeof(HFSPlusExtentRecord), (unsigned char *)(&(descriptor[0]))); - } - - return TRUE; + Extent* extent; + int currentExtent; + HFSPlusExtentKey extentKey; + HFSPlusExtentDescriptor descriptor[8]; + HFSPlusForkData* forkData; + + removeExtents(rawFile); + + forkData = rawFile->forkData; + currentExtent = 0; + extent = rawFile->extents; + + memset(forkData->extents, 0, sizeof(HFSPlusExtentRecord)); + while(extent != NULL && currentExtent < 8) { + ((HFSPlusExtentDescriptor*)forkData->extents)[currentExtent].startBlock = extent->startBlock; + ((HFSPlusExtentDescriptor*)forkData->extents)[currentExtent].blockCount = extent->blockCount; + extent = extent->next; + currentExtent++; + } + + if(extent != NULL) { + extentKey.keyLength = sizeof(HFSPlusExtentKey) - sizeof(extentKey.keyLength); + extentKey.forkType = 0; + extentKey.fileID = rawFile->id; + + currentExtent = 0; + + while(extent != NULL) { + if(currentExtent == 0) { + memset(descriptor, 0, sizeof(HFSPlusExtentRecord)); + } + + if(currentExtent == 8) { + extentKey.startBlock = descriptor[0].startBlock; + addToBTree(rawFile->volume->extentsTree, (BTKey*)(&extentKey), sizeof(HFSPlusExtentRecord), (unsigned char *)(&(descriptor[0]))); + currentExtent = 0; + } + + descriptor[currentExtent].startBlock = extent->startBlock; + descriptor[currentExtent].blockCount = extent->blockCount; + + currentExtent++; + extent = extent->next; + } + + extentKey.startBlock = descriptor[0].startBlock; + addToBTree(rawFile->volume->extentsTree, (BTKey*)(&extentKey), sizeof(HFSPlusExtentRecord), (unsigned char *)(&(descriptor[0]))); + } + + return TRUE; } int readExtents(RawFile* rawFile) { - uint32_t blocksLeft; - HFSPlusForkData* forkData; - uint32_t currentBlock; - - Extent* extent; - Extent* lastExtent; - - HFSPlusExtentDescriptor* descriptor; - int currentExtent; - HFSPlusExtentKey extentKey; - int exact; - - extentKey.keyLength = sizeof(HFSPlusExtentKey) - sizeof(extentKey.keyLength); - extentKey.forkType = 0; - extentKey.fileID = rawFile->id; - - forkData = rawFile->forkData; - blocksLeft = forkData->totalBlocks; - currentExtent = 0; - currentBlock = 0; - descriptor = (HFSPlusExtentDescriptor*) forkData->extents; - - lastExtent = NULL; - - while(blocksLeft > 0) { - extent = (Extent*) malloc(sizeof(Extent)); - - if(currentExtent == 8) { - if(rawFile->volume->extentsTree == NULL) { - hfs_panic("no extents overflow file loaded yet!"); - return FALSE; - } - - if(descriptor != ((HFSPlusExtentDescriptor*) forkData->extents)) { - free(descriptor); - } - - extentKey.startBlock = currentBlock; - descriptor = (HFSPlusExtentDescriptor*) search(rawFile->volume->extentsTree, (BTKey*)(&extentKey), &exact, NULL, NULL); - if(descriptor == NULL || exact == FALSE) { - hfs_panic("inconsistent extents information!"); - return FALSE; - } else { - currentExtent = 0; - continue; - } - } - - extent->startBlock = descriptor[currentExtent].startBlock; - extent->blockCount = descriptor[currentExtent].blockCount; - extent->next = NULL; - - currentBlock += extent->blockCount; - blocksLeft -= extent->blockCount; - currentExtent++; - - if(lastExtent == NULL) { - rawFile->extents = extent; - } else { - lastExtent->next = extent; - } - - lastExtent = extent; - } - - if(descriptor != ((HFSPlusExtentDescriptor*) forkData->extents)) { - free(descriptor); - } - - return TRUE; + uint32_t blocksLeft; + HFSPlusForkData* forkData; + uint32_t currentBlock; + + Extent* extent; + Extent* lastExtent; + + HFSPlusExtentDescriptor* descriptor; + int currentExtent; + HFSPlusExtentKey extentKey; + int exact; + + extentKey.keyLength = sizeof(HFSPlusExtentKey) - sizeof(extentKey.keyLength); + extentKey.forkType = 0; + extentKey.fileID = rawFile->id; + + forkData = rawFile->forkData; + blocksLeft = forkData->totalBlocks; + currentExtent = 0; + currentBlock = 0; + descriptor = (HFSPlusExtentDescriptor*) forkData->extents; + + lastExtent = NULL; + + while(blocksLeft > 0) { + extent = (Extent*) malloc(sizeof(Extent)); + + if(currentExtent == 8) { + if(rawFile->volume->extentsTree == NULL) { + hfs_panic("no extents overflow file loaded yet!"); + return FALSE; + } + + if(descriptor != ((HFSPlusExtentDescriptor*) forkData->extents)) { + free(descriptor); + } + + extentKey.startBlock = currentBlock; + descriptor = (HFSPlusExtentDescriptor*) search(rawFile->volume->extentsTree, (BTKey*)(&extentKey), &exact, NULL, NULL); + if(descriptor == NULL || exact == FALSE) { + hfs_panic("inconsistent extents information!"); + return FALSE; + } else { + currentExtent = 0; + continue; + } + } + + extent->startBlock = descriptor[currentExtent].startBlock; + extent->blockCount = descriptor[currentExtent].blockCount; + extent->next = NULL; + + currentBlock += extent->blockCount; + blocksLeft -= extent->blockCount; + currentExtent++; + + if(lastExtent == NULL) { + rawFile->extents = extent; + } else { + lastExtent->next = extent; + } + + lastExtent = extent; + } + + if(descriptor != ((HFSPlusExtentDescriptor*) forkData->extents)) { + free(descriptor); + } + + return TRUE; } io_func* openRawFile(HFSCatalogNodeID id, HFSPlusForkData* forkData, HFSPlusCatalogRecord* catalogRecord, Volume* volume) { - io_func* io; - RawFile* rawFile; - - io = (io_func*) malloc(sizeof(io_func)); - rawFile = (RawFile*) malloc(sizeof(RawFile)); - - rawFile->id = id; - rawFile->volume = volume; - rawFile->forkData = forkData; - rawFile->catalogRecord = catalogRecord; - rawFile->extents = NULL; - - io->data = rawFile; - io->read = &rawFileRead; - io->write = &rawFileWrite; - io->close = &closeRawFile; - - if(!readExtents(rawFile)) { - return NULL; - } - - return io; + io_func* io; + RawFile* rawFile; + + io = (io_func*) malloc(sizeof(io_func)); + rawFile = (RawFile*) malloc(sizeof(RawFile)); + + rawFile->id = id; + rawFile->volume = volume; + rawFile->forkData = forkData; + rawFile->catalogRecord = catalogRecord; + rawFile->extents = NULL; + + io->data = rawFile; + io->read = &rawFileRead; + io->write = &rawFileWrite; + io->close = &closeRawFile; + + if(!readExtents(rawFile)) { + return NULL; + } + + return io; } diff --git a/includes/common.h b/includes/common.h index eaba70e7..39026088 100644 --- a/includes/common.h +++ b/includes/common.h @@ -12,6 +12,9 @@ #define ftello ftello64 #define off_t off64_t #define mkdir(x, y) mkdir(x) +#define PATH_SEPARATOR "\\" +#else +#define PATH_SEPARATOR "/" #endif #define TRUE 1 diff --git a/includes/hfs/hfsplus.h b/includes/hfs/hfsplus.h index 0ff28332..68ca4dfe 100644 --- a/includes/hfs/hfsplus.h +++ b/includes/hfs/hfsplus.h @@ -161,6 +161,7 @@ struct HFSPlusCatalogKey { } __attribute__((__packed__)); typedef struct HFSPlusCatalogKey HFSPlusCatalogKey; +#ifndef __MACTYPES__ struct Point { int16_t v; int16_t h; @@ -180,6 +181,8 @@ typedef struct Rect Rect; typedef uint32_t FourCharCode; typedef FourCharCode OSType; +#endif + /* Finder flags (finderFlags, fdFlags and frFlags) */ enum { kIsOnDesk = 0x0001, /* Files and folders (System 6) */ diff --git a/includes/xpwn/pwnutil.h b/includes/xpwn/pwnutil.h index d811fa2f..853c58bb 100644 --- a/includes/xpwn/pwnutil.h +++ b/includes/xpwn/pwnutil.h @@ -5,6 +5,8 @@ #include #include +typedef int (*PatchFunction)(AbstractFile* file); + #ifdef __cplusplus extern "C" { #endif @@ -15,6 +17,10 @@ extern "C" { void doPatchInPlace(Volume* volume, const char* filePath, const char* patchPath); void fixupBootNeuterArgs(Volume* volume, char unlockBaseband, char selfDestruct, char use39, char use46); void createRestoreOptions(Volume* volume, int SystemPartitionSize, int UpdateBaseband); + + int patchSigCheck(AbstractFile* file); + int patchKernel(AbstractFile* file); + int patchDeviceTree(AbstractFile* file); #ifdef __cplusplus } #endif diff --git a/ipsw-patch/CMakeLists.txt b/ipsw-patch/CMakeLists.txt index 7791a71a..0f9f5ccd 100644 --- a/ipsw-patch/CMakeLists.txt +++ b/ipsw-patch/CMakeLists.txt @@ -27,7 +27,11 @@ IF(NOT PNG_FOUND) ENDIF(NOT PNG_FOUND) include_directories(${ZLIB_INCLUDE_DIR}) + +IF(NOT APPLE) link_directories(${ZLIB_LIBRARIES}) +ENDIF(NOT APPLE) + include_directories(${BZIP2_INCLUDE_DIR}) link_directories(${BZIP2_LIBRARIES}) include_directories(${PNG_INCLUDE_DIR}) @@ -38,20 +42,42 @@ link_directories(${PROJECT_BINARY_DIR}/minizip) link_directories(${PROJECT_BINARY_DIR}/common ${PROJECT_BINARY_DIR}/hfs ${PROJECT_BINARY_DIR}/dmg) +IF(HAVE_HW_CRYPTO) + add_definitions(-DHAVE_HW_CRYPTO) +ENDIF(HAVE_HW_CRYPTO) + add_library(xpwn 8900.c bspatch.c ibootim.c img2.c img3.c libxpwn.c lzss.c lzssfile.c nor_files.c outputstate.c plist.c pwnutil.c) -target_link_libraries(xpwn dmg hfs common minizip ${CRYPTO_LIBRARIES} ${BZIP2_LIBRARIES} ${PNG_LIBRARIES} ${ZLIB_LIBRARIES} m) - -ADD_CUSTOM_TARGET(libXPwn.a - COMMAND ${CMAKE_C_COMPILER} - -L${PROJECT_BINARY_DIR}/ipsw-patch -L${PROJECT_BINARY_DIR}/dmg -L${PROJECT_BINARY_DIR}/hfs - -L${PROJECT_BINARY_DIR}/hfs -L${PROJECT_BINARY_DIR}/minizip -L${PROJECT_BINARY_DIR}/common - -Xlinker --whole-archive -lxpwn -ldmg -lhfs -lcommon -lminizip - ${CRYPTO_LIBRARIES} ${BZIP2_LIBRARIES} ${PNG_LIBRARIES} - -Xlinker --unresolved-symbols=ignore-all -Xlinker -r -nostdlib -o libXPwn.o - COMMAND ${CMAKE_AR} cr libXPwn.a libXPwn.o - COMMAND ${CMAKE_RANLIB} libXPwn.a - DEPENDS xpwn dmg hfs common minizip) +IF(HAVE_HW_CRYPTO) + target_link_libraries(xpwn IOKit) +ENDIF(HAVE_HW_CRYPTO) + +target_link_libraries(xpwn dmg hfs common minizip ${CRYPTO_LIBRARIES} ${BZIP2_LIBRARIES} ${PNG_LIBRARIES} m) + +IF(NOT APPLE) + target_link_libraries(xpwn ${ZLIB_LIBRARIES}) +ENDIF(NOT APPLE) + +IF(APPLE) + ADD_CUSTOM_TARGET(libXPwn.a + COMMAND powerpc-apple-darwin8-libtool -static -o libXPwn.a + ${PROJECT_BINARY_DIR}/ipsw-patch/libxpwn.a ${PROJECT_BINARY_DIR}/minizip/libminizip.a + ${PROJECT_BINARY_DIR}/common/libcommon.a ${PROJECT_BINARY_DIR}/hfs/libhfs.a + ${PROJECT_BINARY_DIR}/dmg/libdmg.a ${PNG_LIBRARIES} ${BZIP2_LIBRARIES} + ${CRYPTO_LIBRARIES} + DEPENDS xpwn dmg hfs common minizip) +ELSE(APPLE) + ADD_CUSTOM_TARGET(libXPwn.a + COMMAND ${CMAKE_C_COMPILER} + -L${PROJECT_BINARY_DIR}/ipsw-patch -L${PROJECT_BINARY_DIR}/dmg -L${PROJECT_BINARY_DIR}/hfs + -L${PROJECT_BINARY_DIR}/hfs -L${PROJECT_BINARY_DIR}/minizip -L${PROJECT_BINARY_DIR}/common + -Xlinker --whole-archive -lxpwn -ldmg -lhfs -lcommon -lminizip + ${CRYPTO_LIBRARIES} ${BZIP2_LIBRARIES} ${PNG_LIBRARIES} + -Xlinker --unresolved-symbols=ignore-all -Xlinker -r -nostdlib -o libXPwn.o + COMMAND ${CMAKE_AR} cr libXPwn.a libXPwn.o + COMMAND ${CMAKE_RANLIB} libXPwn.a + DEPENDS xpwn dmg hfs common minizip) +ENDIF(APPLE) IF(WIN32) TARGET_LINK_LIBRARIES(xpwn gdi32) diff --git a/ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/018-4108-7-nowipe.patch b/ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/018-4108-7-nowipe.patch new file mode 100644 index 0000000000000000000000000000000000000000..c8ec9a5f04d5b52987be9bca394c3c7e29f25d58 GIT binary patch literal 292 zcmZ;IoI Q(>sslTtd9gYR4V`07-LPEdT%j literal 0 HcmV?d00001 diff --git a/ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/018-4108-7.patch b/ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/018-4108-7.patch new file mode 100644 index 0000000000000000000000000000000000000000..8362166cbc4973d89cee59af9d066ad54e71597d GIT binary patch literal 250 zcmZ{BlL zUs%eL?5e0V-N*Fp`r6I?7U$3WKF_=T!YVJfKb#>G?*G_5N%K%k+bje21cXIdl4j;0 YZ!j`6039mf*7VL}IhPQxv)Zu-0Alt`{{R30 literal 0 HcmV?d00001 diff --git a/ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/018-4118-1.patch b/ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/018-4118-1.patch new file mode 100644 index 0000000000000000000000000000000000000000..0ebbd8f2f13a321a3e442e4db5977e1e0eed55e2 GIT binary patch literal 232 zcmZCz_=m;FcYO!N~`k$PEp`~bqV z^YsdC3~CzHHxDo{a4{%22rzIc3J5T;F>olbFbOaya4cXb2r#*D;$(-&N(Y{vE15r3 zG;WK8taR7pS`cxdH9+t7mXFKl@4O%TdEL$Pc7`ENeFk1rH6H)iJxTLWOI!6%76Xu7 N;zh0&0TV#}002nYNjm@l literal 0 HcmV?d00001 diff --git a/ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/DeviceTree.m68ap.patch b/ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/DeviceTree.m68ap.patch new file mode 100644 index 0000000000000000000000000000000000000000..683704d7bae6bcc3de16d52c49a4e4334b5d1e4d GIT binary patch literal 168 zcmZp`>F(?<#5GG5uh<84(APKF)*+wFfcGNa40Ys`Y + + + + BasebandPatches + + BBUpdater + + File + usr/local/bin/bbupdater + Patch + bbupdater.patch + Path + Applications/BootNeuter.app/bin/bbupdater + + Baseband EEP + + File + usr/local/standalone/firmware/ICE04.05.04_G.eep + Path + Applications/BootNeuter.app/firmware/ICE04.05.04_G.eep + + Baseband FLS + + File + usr/local/standalone/firmware/ICE04.05.04_G.fls + Path + Applications/BootNeuter.app/firmware/ICE04.05.04_G.fls + + Bootloader 3.9 + + Path + Applications/BootNeuter.app/firmware/bl39.bin + + Bootloader 4.6 + + Path + Applications/BootNeuter.app/firmware/bl46.bin + + + FilesystemPatches + + Core Files Installation + + + Action + ReplaceKernel + File + kernelcache.release.s5l8900x + Name + KernelCache + Path + System/Library/Caches/com.apple.kernelcaches/kernelcache.s5l8900x + + + Filesystem Jailbreak + + + Action + Patch + File + etc/fstab + Name + Filesystem Write Access + Patch + fstab.patch + + + Action + Patch + File + System/Library/Lockdown/Services.plist + Name + Apple File Connection v2 + Patch + Services.patch + + + Phone Activation + + + Action + Patch + File + usr/libexec/lockdownd + Name + Lockdownd Patch + Patch + lockdownd.patch + + + + FirmwarePatches + + AppleLogo + + File + Firmware/all_flash/all_flash.m68ap.production/applelogo.s5l8900x.img3 + IV + c9721629a4d994932c802f4277a9bcee + Key + 97bfa5c532bf1cef85a147c9eb78e77a + + DeviceTree + + File + Firmware/all_flash/all_flash.m68ap.production/DeviceTree.m68ap.img3 + Patch + DeviceTree.m68ap.patch + IV + e7a5c596612f2cae195f8c4cca19da9a + Key + 4f140e2e56f32e923e75502e734834ce + TypeFlag + 8 + + KernelCache + + File + kernelcache.release.s5l8900x + Patch + kernelcache.release.patch + IV + 2b4764d4c5bdeaa4cea2100eac7c47bb + Key + de52cebf74b7747360535fde5c331bd1 + TypeFlag + 4 + + LLB + + File + Firmware/all_flash/all_flash.m68ap.production/LLB.m68ap.RELEASE.img3 + Patch + LLB.m68ap.RELEASE.patch + TypeFlag + 8 + + RecoveryMode + + File + Firmware/all_flash/all_flash.m68ap.production/recoverymode.s5l8900x.img3 + IV + 80a64935155a9af54e39fb7c0aa52bd1 + Key + e54dede9164129300cf0c6a6a0232ce8 + + Restore Ramdisk + + File + 018-4108-7.dmg + Patch + 018-4108-7.patch + Patch2 + 018-4108-7-nowipe.patch + IV + fd530c4cf8a878f16387432988b199b8 + Key + 42b4f39976afa59f9ec680fccd2c7d04 + TypeFlag + 8 + + Update Ramdisk + + File + 018-4118-1.dmg + Patch + 018-4118-1.patch + IV + 4b9a4d90965381c1fec08922f7242644 + Key + d77bd81b9d1adc01fe540eecd885547b + TypeFlag + 8 + + iBEC + + File + Firmware/dfu/iBEC.m68ap.RELEASE.dfu + Patch + iBEC.m68ap.RELEASE.patch + TypeFlag + 8 + + iBSS + + File + Firmware/dfu/iBSS.m68ap.RELEASE.dfu + Patch + iBSS.m68ap.RELEASE.patch + TypeFlag + 8 + + WTF + + File + Firmware/dfu/WTF.m68ap.RELEASE.dfu + Patch + WTF.m68ap.RELEASE.patch + TypeFlag + 8 + + WTF 2 + + File + Firmware/dfu/WTF.s5l8900xall.RELEASE.dfu + Patch + WTF.s5l8900xall.RELEASE.patch + TypeFlag + 8 + + iBoot + + File + Firmware/all_flash/all_flash.m68ap.production/iBoot.m68ap.RELEASE.img3 + Patch + iBoot.m68ap.RELEASE.patch + IV + 12a18540363aad4f446b264d11ae2692 + Key + 3fe2f270daaeb5debb1d7fe748db42d8 + TypeFlag + 8 + + + PreInstalledPackages + + com.ripdev.install + org.saurik.cydia + + RamdiskMountVolume + ramdisk + RootFilesystem + 018-3946-43.dmg + RootFilesystemUsedSpace + 414 + RootFilesystemSize + 500 + RootFilesystemKey + 562ca0f7963eafb462da74a9c1f01a45c30a7eb5f1f493feceecae03ee6521a334f4ff68 + RootFilesystemMountVolume + SugarBowl5F136.M68OS + SHA1 + 353b7745767b85932e14e262e69463620939bdf7 + Filename + iPhone1,1_2.1_5F136_Restore.ipsw + Name + iPhone1,1_2.1_5F136 + DownloadUrl + http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone/061-5202.20080909.gkbEj/iPhone1,1_2.1_5F136_Restore.ipsw + Platform + 1 + + diff --git a/ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/LLB.m68ap.RELEASE.patch b/ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/LLB.m68ap.RELEASE.patch new file mode 100644 index 0000000000000000000000000000000000000000..ca37c38508d513af7a79bedd7e1a5cbe5357b687 GIT binary patch literal 155 zcmZ|YfM&SU|>l&kf7kez+m9OpunJH za@mw4LAj#qLcDm9t3|*BkQ#&zzXiwo7#KPpupeMxXaMQ~n%Kahz+iBI<*KvV6yuKj b9Lw@UwSMfLqj*hg#Y?y{vbDv_cF5Sq=b4IV(c| literal 0 HcmV?d00001 diff --git a/ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/bbupdater.patch b/ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/bbupdater.patch new file mode 100644 index 0000000000000000000000000000000000000000..63507af19ab1d6c08fdbcc64a05f738197ca1368 GIT binary patch literal 203 zcmZozbR?&;pCG)KcD>76k{1IQlnB3Fxm2_Uxu0M$D<(f|Me literal 0 HcmV?d00001 diff --git a/ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/fstab.patch b/ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/fstab.patch new file mode 100644 index 0000000000000000000000000000000000000000..8b10f3c6348c98b05c679e6dc6e243347274c5fd GIT binary patch literal 166 zcmZWWmp}fW+$Qf&~dy?j%mX;FFZ3PI$N-v@( Z0Ttf>n(Dw108%_F!`N3a9bzy@767a_EHwZC literal 0 HcmV?d00001 diff --git a/ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/iBEC.m68ap.RELEASE.patch b/ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/iBEC.m68ap.RELEASE.patch new file mode 100644 index 0000000000000000000000000000000000000000..d051696b857b278b91bb73907c1605001cf0b1b9 GIT binary patch literal 156 zcmZ3kW9;lN(F=#l~;#V7#JQVs2yNn-~ei6U|?k6P+%}Pz%-R- ewnp@!$X6~i_cq3h7r9ylOaLhcX@&4WmIDB*H!8{i literal 0 HcmV?d00001 diff --git a/ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/iBoot.m68ap.RELEASE.patch b/ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/iBoot.m68ap.RELEASE.patch new file mode 100644 index 0000000000000000000000000000000000000000..0e86f641b296b302b7f5fe3007dd968d851100e1 GIT binary patch literal 156 zcmZ!9j?Dk%2>j!QcSPRmEjj l+8(vOTghB>Csg%gxk_*=C&z}BtrtKV#fw}m0w#bg2LRd2DoFqU literal 0 HcmV?d00001 diff --git a/ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/kernelcache.release.patch b/ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/kernelcache.release.patch new file mode 100644 index 0000000000000000000000000000000000000000..2da230eeed1faa5749cca8afeae4c8ea91b880c0 GIT binary patch literal 181 zcmZC+7%cI z9C%o+YOt@|P}sD@^3*EN!YLDYPI=0g3UMvnz2|=FP7a|uy(e7-3l%QrOj`#sPrS(0 JB47f@RRFi4GmQWM literal 0 HcmV?d00001 diff --git a/ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/lockdownd.patch b/ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/lockdownd.patch new file mode 100644 index 0000000000000000000000000000000000000000..ba4a0ab83e881acb928da974e48053fbee4db894 GIT binary patch literal 363 zcmZZgiVb-b^j~}}yX&!26$Q3$x17X0S>KmSS%MZYFfcB5xL{-y?5cjlZI7{2%Z62rAwa=T4>Xj74k#&!F9;Ci{penE z+w{fO*E*NqJ$+PTS{-z)HYeMpxL?WReprF}e!m|_X1S%`^mK4wWMnX~hPbkQ|4aQH z2v@oXeSgcqAXvTXj}8k10}BT*L=G@GFt7kI1EYh00)vv=QnQ5Cz_=m;FcYO!N~`k$PEp`~bqV z^YsdC3~CzHHxDo{a4{%22rzIc3J5T;F>olbFbOaya4cXb2r#*D;$(-&N(Y{vE15r3 zG;WK8taR7pS`cxdH9+t7mXFKl@4O%TdEL$Pc7`ENeFk1rH6H)iJxTLWOI!6%76Xu7 N;zh0&0TV#}002nYNjm@l literal 0 HcmV?d00001 diff --git a/ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/018-4122-1-nowipe.patch b/ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/018-4122-1-nowipe.patch new file mode 100644 index 0000000000000000000000000000000000000000..8d9eebce3677cfed1f6abbeb7d94b51ef7aca1b4 GIT binary patch literal 277 zcmZJCsqupvc6)z|;ej zzQDlXpunKG@}(48o1(9gp`oE|aM+;fQ5;ZOI1LCm5o`!L6bp*iNS$^MS#J;V*$gYjsOORjEszg zD;ca>fh(AO87DhCFitLI+|9u4$2H0MzDUSQH>ar%8yi&vbgfIje5-kJEPTls)8lSs z(_7Zg+%;+E`S-r9r`4tx{yFZzq@ + + + + FilesystemPatches + + Core Files Installation + + + Action + ReplaceKernel + File + kernelcache.release.s5l8900x + Name + KernelCache + Path + System/Library/Caches/com.apple.kernelcaches/kernelcache.s5l8900x + + + Filesystem Jailbreak + + + Action + Patch + File + etc/fstab + Name + Filesystem Write Access + Patch + fstab.patch + + + Action + Patch + File + System/Library/Lockdown/Services.plist + Name + Apple File Connection v2 + Patch + Services.patch + + + Phone Activation + + + Action + Patch + File + usr/libexec/lockdownd + Name + Lockdownd Patch + Patch + lockdownd.patch + + + + FirmwarePatches + + AppleLogo + + File + Firmware/all_flash/all_flash.n82ap.production/applelogo.s5l8900x.img3 + IV + c9721629a4d994932c802f4277a9bcee + Key + 97bfa5c532bf1cef85a147c9eb78e77a + + DeviceTree + + File + Firmware/all_flash/all_flash.n82ap.production/DeviceTree.n82ap.img3 + Patch + DeviceTree.n82ap.patch + IV + d191a46cb673216b516dbf299d7c1c2e + Key + 8c0d15eeb8f71fb8b436833ab1ad54b1 + TypeFlag + 8 + + KernelCache + + File + kernelcache.release.s5l8900x + Patch + kernelcache.release.patch + IV + 2b4764d4c5bdeaa4cea2100eac7c47bb + Key + de52cebf74b7747360535fde5c331bd1 + TypeFlag + 4 + + LLB + + File + Firmware/all_flash/all_flash.n82ap.production/LLB.n82ap.RELEASE.img3 + Patch + LLB.n82ap.RELEASE.patch + TypeFlag + 8 + + RecoveryMode + + File + Firmware/all_flash/all_flash.n82ap.production/recoverymode.s5l8900x.img3 + IV + 80a64935155a9af54e39fb7c0aa52bd1 + Key + e54dede9164129300cf0c6a6a0232ce8 + + Restore Ramdisk + + File + 018-4122-1.dmg + Patch + 018-4122-1.patch + Patch2 + 018-4122-1-nowipe.patch + IV + 66a5b36499cb2af303747b473ef0b219 + Key + a05dd9094438c350f3ecc97ad13ab065 + TypeFlag + 8 + + Update Ramdisk + + File + 018-4118-1.dmg + Patch + 018-4118-1.patch + IV + 4b9a4d90965381c1fec08922f7242644 + Key + d77bd81b9d1adc01fe540eecd885547b + TypeFlag + 8 + + iBEC + + File + Firmware/dfu/iBEC.n82ap.RELEASE.dfu + Patch + iBEC.n82ap.RELEASE.patch + TypeFlag + 8 + + iBSS + + File + Firmware/dfu/iBSS.n82ap.RELEASE.dfu + Patch + iBSS.n82ap.RELEASE.patch + TypeFlag + 8 + + WTF + + File + Firmware/dfu/WTF.n82ap.RELEASE.dfu + Patch + WTF.n82ap.RELEASE.patch + TypeFlag + 8 + + WTF 2 + + File + Firmware/dfu/WTF.s5l8900xall.RELEASE.dfu + Patch + WTF.s5l8900xall.RELEASE.patch + TypeFlag + 8 + + iBoot + + File + Firmware/all_flash/all_flash.n82ap.production/iBoot.n82ap.RELEASE.img3 + Patch + iBoot.n82ap.RELEASE.patch + IV + 6f1ea15d6e593050c98559c243bfb144 + Key + 5f378e5445fc9e62257235c7dd4154fe + TypeFlag + 8 + + + PreInstalledPackages + + com.ripdev.install + org.saurik.cydia + + RamdiskMountVolume + ramdisk + RootFilesystem + 018-3940-43.dmg + RootFilesystemUsedSpace + 414 + RootFilesystemSize + 500 + RootFilesystemKey + 562ca0f7963eafb462da74a9c1f01a45c30a7eb5f1f493feceecae03ee6521a334f4ff68 + RootFilesystemMountVolume + SugarBowl5F136.N82OS + SHA1 + c6957dcbf2a95ccfd6dce374a727b1b7700a9043 + Filename + iPhone1,2_2.1_5F136_Restore.ipsw + Name + iPhone1,2_2.1_5F136 + DownloadUrl + http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone/061-5198.20080909.K3294/iPhone1,2_2.1_5F136_Restore.ipsw + Platform + 3 + + diff --git a/ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/LLB.n82ap.RELEASE.patch b/ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/LLB.n82ap.RELEASE.patch new file mode 100644 index 0000000000000000000000000000000000000000..0cdc5b51eab1e8e3e7f64a56af3fa830b11c74c4 GIT binary patch literal 155 zcmZoQ0^7&HMf3EYbQLUA%$qu`387JEO*z`)|*mZ0Fk;LyMzpunKG z_{tH*hK7v?%Wgk<=dqkih(9o^HUXhU_78g&1H;1vwF3+c3Ji=63=E769108u2biYv l%;wnMn7&dd?Hg-N>`9S_P7dWCWLJQ+iWj+B1WW)~4gje#D#-u< literal 0 HcmV?d00001 diff --git a/ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/WTF.s5l8900xall.RELEASE.patch b/ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/WTF.s5l8900xall.RELEASE.patch new file mode 100644 index 0000000000000000000000000000000000000000..d96df895a2e66c83ecd44606041190ac95ccbc10 GIT binary patch literal 155 zcmZj*hg#Y?y{vbDv_cF5Sq=b4IV(c| literal 0 HcmV?d00001 diff --git a/ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/fstab.patch b/ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/fstab.patch new file mode 100644 index 0000000000000000000000000000000000000000..8b10f3c6348c98b05c679e6dc6e243347274c5fd GIT binary patch literal 166 zcmZWWmp}fW+$Qf&~dy?j%mX;FFZ3PI$N-v@( Z0Ttf>n(Dw108%_F!`N3a9bzy@767a_EHwZC literal 0 HcmV?d00001 diff --git a/ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/iBEC.n82ap.RELEASE.patch b/ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/iBEC.n82ap.RELEASE.patch new file mode 100644 index 0000000000000000000000000000000000000000..9064e6aaf65eac4b93023c636e49689585d64d30 GIT binary patch literal 156 zcmZJEO*z`)|*mZ0Fk;LyMzpunKG z_{tH*hK7v?%Wgk<=dqkih(9o^HUXhU_78g&1H;1vwF3+c3Ji=63=E769108u2biYv l%;wnMn7&dd?Hg-N>`9S_P7dWCWLJQ+iWj+B1WW)~4gje#D#-u< literal 0 HcmV?d00001 diff --git a/ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/iBSS.n82ap.RELEASE.patch b/ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/iBSS.n82ap.RELEASE.patch new file mode 100644 index 0000000000000000000000000000000000000000..d74be1a41bdea132ad461524d356ab10bfcaa197 GIT binary patch literal 156 zcmZ3ko0!-;|>Tdx&|w?85kZWs2u>B)!^X3z`)4Bp}=5pfN3hv fY=!Nuk*{24?rn@0FLJdAm;h1?(hA`LH821GiAO2> literal 0 HcmV?d00001 diff --git a/ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/iBoot.n82ap.RELEASE.patch b/ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/iBoot.n82ap.RELEASE.patch new file mode 100644 index 0000000000000000000000000000000000000000..c0e96e10ff92d1b63ca5445c2d5d0703b9d606d4 GIT binary patch literal 155 zcmZSkcYr|wq=k`@LxI8I0Mk^S*$nAS iv!5(5uIlpd-l;T4!^7(K+(`@|o#I8V76B7Lb^`#Z{3pf$ literal 0 HcmV?d00001 diff --git a/ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/kernelcache.release.patch b/ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/kernelcache.release.patch new file mode 100644 index 0000000000000000000000000000000000000000..2da230eeed1faa5749cca8afeae4c8ea91b880c0 GIT binary patch literal 181 zcmZC+7%cI z9C%o+YOt@|P}sD@^3*EN!YLDYPI=0g3UMvnz2|=FP7a|uy(e7-3l%QrOj`#sPrS(0 JB47f@RRFi4GmQWM literal 0 HcmV?d00001 diff --git a/ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/lockdownd.patch b/ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/lockdownd.patch new file mode 100644 index 0000000000000000000000000000000000000000..ba4a0ab83e881acb928da974e48053fbee4db894 GIT binary patch literal 363 zcmZZgiVb-b^j~}}yX&!26$Q3$x17X0S>KmSS%MZYFfcB5xL{-y?5cjlZI7{2%Z62rAwa=T4>Xj74k#&!F9;Ci{penE z+w{fO*E*NqJ$+PTS{-z)HYeMpxL?WReprF}e!m|_X1S%`^mK4wWMnX~hPbkQ|4aQH z2v@oXeSgcqAXvTXj}8k10}BT*L=G@GFt7kI1EYh00)vv=QnQ5Cz_=m;FcYO!N~`k$PEp`~bqV z^YsdC3~CzHHxDo{a4{%22rzIc3J5T;F>olbFbOaya4cXb2r#*D;$(-&N(Y{vE15r3 zG;WK8taR7pS`cxdH9+t7mXFKl@4O%TdEL$Pc7`ENeFk1rH6H)iJxTLWOI!6%76Xu7 N;zh0&0TV#}002nYNjm@l literal 0 HcmV?d00001 diff --git a/ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/018-4149-1-nowipe.patch b/ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/018-4149-1-nowipe.patch new file mode 100644 index 0000000000000000000000000000000000000000..8d9eebce3677cfed1f6abbeb7d94b51ef7aca1b4 GIT binary patch literal 277 zcmZJCsqupvc6)z|;ej zzQDlXpunKG@}(48o1(9gp`oE|aM+;fQ5;ZOI1LCm5o`!L6bp*iNS$^MS#J;V*$gYjsOORjEszg zD;ca>fh(AO87DhCFitLI+|9u4$2H0MzDUSQH>ar%8yi&vbgfIje5-kJEPTls)8lSs z(_7Zg+%;+E`S-r9r`4tx{yFZzq@fB+XL{i7MeaEi*XG<1wq3y%EWyts~mf!)RFfdB)e2Ll5OgM$Kt zqJ~6^fpQqbFUv>oJeG3_$$covKY-99*uL}y0|R3L!+C>Q3=Ay{910AEK%GIo%xNom p76|SV{O!?UIn{P@_vfJ0FB}3F%AztKa5ikMd4ge<4E%yKb literal 0 HcmV?d00001 diff --git a/ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/Info.plist b/ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/Info.plist new file mode 100644 index 00000000..0f274d13 --- /dev/null +++ b/ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/Info.plist @@ -0,0 +1,203 @@ + + + + + FilesystemPatches + + Core Files Installation + + + Action + ReplaceKernel + File + kernelcache.release.s5l8900x + Name + KernelCache + Path + System/Library/Caches/com.apple.kernelcaches/kernelcache.s5l8900x + + + Filesystem Jailbreak + + + Action + Patch + File + etc/fstab + Name + Filesystem Write Access + Patch + fstab.patch + + + Action + Patch + File + System/Library/Lockdown/Services.plist + Name + Apple File Connection v2 + Patch + Services.patch + + + + FirmwarePatches + + AppleLogo + + File + Firmware/all_flash/all_flash.n45ap.production/applelogo.s5l8900x.img3 + IV + c9721629a4d994932c802f4277a9bcee + Key + 97bfa5c532bf1cef85a147c9eb78e77a + + DeviceTree + + File + Firmware/all_flash/all_flash.n45ap.production/DeviceTree.n45ap.img3 + Patch + DeviceTree.n45ap.patch + IV + 27d3aa1a89e3cea2bddc02342434e94a + Key + 8b88e102d53ecac2b4276bc93147e431 + TypeFlag + 8 + + KernelCache + + File + kernelcache.release.s5l8900x + Patch + kernelcache.release.patch + IV + ed71e1ae905d2ff18ed840b111bda009 + Key + 2e2b844f2fd50432fb44a285de07361b + TypeFlag + 4 + + LLB + + File + Firmware/all_flash/all_flash.n45ap.production/LLB.n45ap.RELEASE.img3 + Patch + LLB.n45ap.RELEASE.patch + TypeFlag + 8 + + RecoveryMode + + File + Firmware/all_flash/all_flash.n45ap.production/recoverymode.s5l8900x.img3 + IV + 80a64935155a9af54e39fb7c0aa52bd1 + Key + e54dede9164129300cf0c6a6a0232ce8 + + Restore Ramdisk + + File + 018-4149-1.dmg + Patch + 018-4149-1.patch + Patch2 + 018-4149-1-nowipe.patch + IV + 5cb7fa82e8fc42b9db6c027d8f4c7c39 + Key + 7c807f6565015daa6d182dff795e1091 + TypeFlag + 8 + + Update Ramdisk + + File + 018-4146-1.dmg + Patch + 018-4146-1.patch + IV + c0b45881ec3ae9578c9f0e8085f70f1c + Key + 4ffb6fe87bb370008a6f8ecd8e4a5258 + TypeFlag + 8 + + iBEC + + File + Firmware/dfu/iBEC.n45ap.RELEASE.dfu + Patch + iBEC.n45ap.RELEASE.patch + TypeFlag + 8 + + iBSS + + File + Firmware/dfu/iBSS.n45ap.RELEASE.dfu + Patch + iBSS.n45ap.RELEASE.patch + TypeFlag + 8 + + WTF + + File + Firmware/dfu/WTF.n45ap.RELEASE.dfu + Patch + WTF.n45ap.RELEASE.patch + TypeFlag + 8 + + WTF 2 + + File + Firmware/dfu/WTF.s5l8900xall.RELEASE.dfu + Patch + WTF.s5l8900xall.RELEASE.patch + TypeFlag + 8 + + iBoot + + File + Firmware/all_flash/all_flash.n45ap.production/iBoot.n45ap.RELEASE.img3 + Patch + iBoot.n45ap.RELEASE.patch + IV + 36a2bcf1b0c6f9af3774710602cb9468 + Key + f17a2e75c9addd765ac8561215191ecb + TypeFlag + 8 + + + PreInstalledPackages + + com.ripdev.install + org.saurik.cydia + + RamdiskMountVolume + ramdisk + RootFilesystem + 018-4116-2.dmg + RootFilesystemUsedSpace + 409 + RootFilesystemSize + 500 + RootFilesystemKey + 9714f2cb955afa550d6287a1c7dd7bd0efb3c26cf74b948de7c43cf934913df69fc5a05f + RootFilesystemMountVolume + SugarBowl5F137.N45OS + SHA1 + fc7f6d0972927df502ffca47438ca75dcccffaf3 + Filename + iPod1,1_2.1_5F137_Restore.ipsw + Name + iPod1,1_2.1_5F137 + Platform + 2 + + diff --git a/ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/LLB.n45ap.RELEASE.patch b/ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/LLB.n45ap.RELEASE.patch new file mode 100644 index 0000000000000000000000000000000000000000..a15d9be68a5c2ff167dabaf23ad34ffd93857d37 GIT binary patch literal 156 zcmZfB-8f%^<)CW;sP=SQl)kf7kez#zcj;J~23 zpk#76lOuucW8k8BdQZ9v7AmyK2k9X6B+Z@K$iUEXg6#kUP(339BLjy5gTVootBT83 kNjL5l^iO*lw7z?%(i{yBL%%Zz8bCV5i(D-NCV(sl09fQGmjD0& literal 0 HcmV?d00001 diff --git a/ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/Services.patch b/ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/Services.patch new file mode 100644 index 0000000000000000000000000000000000000000..4ec787a290e98e0f9bb2ece597a4a2d73bedfd50 GIT binary patch literal 251 zcmZbwBZ>_T8xNMj*hg#Y?y{vbDv_cF5Sq=b4IV(c| literal 0 HcmV?d00001 diff --git a/ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/fstab.patch b/ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/fstab.patch new file mode 100644 index 0000000000000000000000000000000000000000..8b10f3c6348c98b05c679e6dc6e243347274c5fd GIT binary patch literal 166 zcmZWWmp}fW+$Qf&~dy?j%mX;FFZ3PI$N-v@( Z0Ttf>n(Dw108%_F!`N3a9bzy@767a_EHwZC literal 0 HcmV?d00001 diff --git a/ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/iBEC.n45ap.RELEASE.patch b/ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/iBEC.n45ap.RELEASE.patch new file mode 100644 index 0000000000000000000000000000000000000000..cad373c66f4529ba4dff16a77029219927bae185 GIT binary patch literal 157 zcmZbwBZ>_T8xNMCt cQ7d}wRhK`pCq*7QIh8LhsR3z(7{dSr0K_*cwEzGB literal 0 HcmV?d00001 diff --git a/ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/iBoot.n45ap.RELEASE.patch b/ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/iBoot.n45ap.RELEASE.patch new file mode 100644 index 0000000000000000000000000000000000000000..a0180895c82dda1689f57d1a350b69c198bca68c GIT binary patch literal 155 zcmZvFPeOVficiQ>;MB3NDHF?hXRAa0hX)IYAYm9 iO}g*NY`$s9KD{Sh1q&6YyQ*&h=@c(=wFsC1vKs&p)F-0= literal 0 HcmV?d00001 diff --git a/ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/kernelcache.release.patch b/ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/kernelcache.release.patch new file mode 100644 index 0000000000000000000000000000000000000000..951de4caa8ae600892642dfa4341bf80b67e4b0d GIT binary patch literal 182 zcmZK&r^qzDTEL3ptJYR#*Xa3|zF9Z8wSIq|u3M>o^4GoM;42%pM z3Je7fJS +#ifdef HAVE_HW_CRYPTO +#include +#include + +typedef struct +{ + void* inbuf; + void* outbuf; + uint32_t size; + uint8_t iv[16]; + uint32_t mode; + uint32_t bits; + uint8_t keybuf[32]; + uint32_t mask; +} IOAESStruct; + +#define kIOAESAcceleratorInfo 0 +#define kIOAESAcceleratorTask 1 +#define kIOAESAcceleratorTest 2 + +#define kIOAESAcceleratorEncrypt 0 +#define kIOAESAcceleratorDecrypt 1 + +#define kIOAESAcceleratorGIDMask 0x3E8 +#define kIOAESAcceleratorUIDMask 0x7D0 +#define kIOAESAcceleratorCustomMask 0 + +typedef enum { + UID, + GID, + Custom +} IOAESKeyType; + +IOReturn doAES(io_connect_t conn, void* inbuf, void *outbuf, uint32_t size, IOAESKeyType keyType, void* key, void* iv, int mode) { + IOAESStruct in; + + in.mode = mode; + in.bits = 128; + in.inbuf = inbuf; + in.outbuf = outbuf; + in.size = size; + + switch(keyType) { + case UID: + in.mask = kIOAESAcceleratorUIDMask; + break; + case GID: + in.mask = kIOAESAcceleratorGIDMask; + break; + case Custom: + in.mask = kIOAESAcceleratorCustomMask; + break; + } + memset(in.keybuf, 0, sizeof(in.keybuf)); + + if(key) + memcpy(in.keybuf, key, in.bits / 8); + + if(iv) + memcpy(in.iv, iv, 16); + else + memset(in.iv, 0, 16); + + IOByteCount inSize = sizeof(in); + + return IOConnectCallStructMethod(conn, kIOAESAcceleratorTask, &in, inSize, &in, &inSize); +} + +#endif + void writeImg3Element(AbstractFile* file, Img3Element* element); void writeImg3Root(AbstractFile* file, Img3Element* element); @@ -314,11 +384,33 @@ AbstractFile* createAbstractFileFromImg3(AbstractFile* file) { keySeedLen = 16 + (((AppleImg3KBAGHeader*)info->kbag->data)->key_bits)/8; keySeed = (uint8_t*) malloc(keySeedLen); memcpy(keySeed, (uint8_t*)((AppleImg3KBAGHeader*)info->kbag->data) + sizeof(AppleImg3KBAGHeader), keySeedLen); +#ifdef HAVE_HW_CRYPTO + CFMutableDictionaryRef dict = IOServiceMatching("IOAESAccelerator"); + io_service_t dev = IOServiceGetMatchingService(kIOMasterPortDefault, dict); + io_connect_t conn = 0; + IOServiceOpen(dev, mach_task_self(), 0, &conn); + doAES(conn, keySeed, keySeed, keySeedLen, GID, NULL, NULL, kIOAESAcceleratorDecrypt); + IOServiceClose(conn); + IOObjectRelease(dev); + + unsigned int key[keySeedLen - 16]; + unsigned int iv[16]; + + int i; + for(i = 0; i < 16; i++) + iv[i] = keySeed[i]; + + for(i = 0; i < (keySeedLen - 16); i++) + key[i] = keySeed[i + 16]; + + setKeyImg3(abstractFile2, key, iv); +#else int i = 0; for(i = 0; i < keySeedLen; i++) { printf("%02x", keySeed[i]); } printf("\n"); +#endif free(keySeed); } diff --git a/ipsw-patch/libxpwn.c b/ipsw-patch/libxpwn.c index a591fabf..e5e48120 100644 --- a/ipsw-patch/libxpwn.c +++ b/ipsw-patch/libxpwn.c @@ -33,6 +33,10 @@ void libxpwn_loglevel(int logLevel) { } void Log(int level, const char* file, unsigned int line, const char* function, const char* format, ...) { + static FILE* logFile = NULL; + if(logFile == NULL) + logFile = fopen("log.txt", "w"); + char mainBuffer[1024]; char buffer[1024]; @@ -54,5 +58,8 @@ void Log(int level, const char* file, unsigned int line, const char* function, c snprintf(mainBuffer, sizeof(mainBuffer), "%s:%s:%d: %s", file, function, line, buffer); } logCallback(mainBuffer); + strcat(mainBuffer, "\n"); + fwrite(mainBuffer, 1, strlen(mainBuffer), logFile); + fflush(logFile); } diff --git a/ipsw-patch/outputstate.c b/ipsw-patch/outputstate.c index ea4e4e12..5a12d896 100644 --- a/ipsw-patch/outputstate.c +++ b/ipsw-patch/outputstate.c @@ -14,6 +14,8 @@ #define DEFAULT_BUFFER_SIZE (1 * 1024 * 1024) +uint64_t MaxLoadZipSize = UINT64_MAX; + void addToOutputQueue(OutputState** state, const char* fileName, void* buffer, const size_t bufferSize, char* tmpFileName) { OutputState* leftNeighbor; OutputState* rightNeighbor; @@ -282,10 +284,10 @@ char* createTempFile() { #ifdef WIN32 char tmpFilePath[512]; GetTempPath(512, tmpFilePath); - GetTempFileName(tmpFilePath, "zip", 0, tmpFileBuffer); + GetTempFileName(tmpFilePath, "pwn", 0, tmpFileBuffer); CloseHandle(CreateFile(tmpFilePath, GENERIC_READ | GENERIC_WRITE, FILE_SHARE_DELETE, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_TEMPORARY, NULL)); #else - strcpy(tmpFileBuffer, "/tmp/zipXXXXXX"); + strcpy(tmpFileBuffer, "/tmp/pwnXXXXXX"); close(mkstemp(tmpFileBuffer)); FILE* tFile = fopen(tmpFileBuffer, "wb"); fclose(tFile); @@ -323,7 +325,7 @@ void loadZipFile2(const char* ipsw, OutputState** output, const char* file, int ASSERT(unzGetCurrentFileInfo(zip, &pfile_info, NULL, 0, NULL, 0, NULL, 0) == UNZ_OK, "cannot get current file info from ipsw"); fileName = (char*) malloc(pfile_info.size_filename + 1); ASSERT(unzGetCurrentFileInfo(zip, NULL, fileName, pfile_info.size_filename + 1, NULL, 0, NULL, 0) == UNZ_OK, "cannot get current file name from ipsw"); - if((file == NULL && fileName[strlen(fileName) - 1] != '/') || (file != NULL && strcmp(fileName, file)) == 0) { + if(((file == NULL && fileName[strlen(fileName) - 1] != '/') || (file != NULL && strcmp(fileName, file)) == 0) && pfile_info.uncompressed_size <= MaxLoadZipSize) { printf("loading: %s (%ld)\n", fileName, pfile_info.uncompressed_size); fflush(stdout); ASSERT(unzOpenCurrentFile(zip) == UNZ_OK, "cannot open compressed file in IPSW"); if(useMemory) { diff --git a/ipsw-patch/pwnutil.c b/ipsw-patch/pwnutil.c index 46ed4d14..eb868187 100644 --- a/ipsw-patch/pwnutil.c +++ b/ipsw-patch/pwnutil.c @@ -55,7 +55,7 @@ Dictionary* parseIPSW2(const char* inputIPSW, const char* bundleRoot, char** bun fclose(inputIPSWFile); - XLOG(0, "Matching IPSW... (%02x%02x%02x%02x...)\n", (int) hash[0], (int) hash[1], (int) hash[2], (int) hash[3]); + XLOG(0, "Matching IPSW in %s... (%02x%02x%02x%02x...)\n", bundleRoot, (int) hash[0], (int) hash[1], (int) hash[2], (int) hash[3]); dir = opendir(bundleRoot); if(dir == NULL) { @@ -67,10 +67,8 @@ Dictionary* parseIPSW2(const char* inputIPSW, const char* bundleRoot, char** bun continue; } - infoPath = (char*) malloc(sizeof(char) * (strlen(bundleRoot) + strlen(ent->d_name) + sizeof("/Info.plist"))); - strcpy(infoPath, bundleRoot); - strcat(infoPath, ent->d_name); - strcat(infoPath, "/Info.plist"); + infoPath = (char*) malloc(sizeof(char) * (strlen(bundleRoot) + sizeof(PATH_SEPARATOR) + strlen(ent->d_name) + sizeof(PATH_SEPARATOR "Info.plist"))); + sprintf(infoPath, "%s" PATH_SEPARATOR "%s" PATH_SEPARATOR "Info.plist", bundleRoot, ent->d_name); XLOG(0, "checking: %s\n", infoPath); if((plistFile = createAbstractFileFromFile(fopen(infoPath, "rb"))) != NULL) { @@ -95,9 +93,8 @@ Dictionary* parseIPSW2(const char* inputIPSW, const char* bundleRoot, char** bun } if(i == 20) { - *bundlePath = (char*) malloc(sizeof(char) * (strlen(bundleRoot) + strlen(ent->d_name) + 1)); - strcpy(*bundlePath, bundleRoot); - strcat(*bundlePath, ent->d_name); + *bundlePath = (char*) malloc(sizeof(char) * (strlen(bundleRoot) + sizeof(PATH_SEPARATOR) + strlen(ent->d_name))); + sprintf(*bundlePath, "%s" PATH_SEPARATOR "%s", bundleRoot, ent->d_name); free(infoPath); break; @@ -325,3 +322,124 @@ void fixupBootNeuterArgs(Volume* volume, char unlockBaseband, char selfDestruct, add_hfs(volume, plistFile, bootNeuterPlist); free(plist); } + +int patchSigCheck(AbstractFile* file) { + const uint8_t patch[] = {0x01, 0xE0, 0x01, 0x20, 0x40, 0x42, 0x88, 0x23}; + + size_t length = file->getLength(file); + uint8_t* buffer = (uint8_t*)malloc(length); + file->seek(file, 0); + file->read(file, buffer, length); + + int retval = FALSE; + int i; + for(i = 0; i < length; i++) { + uint8_t* candidate = &buffer[i]; + if(memcmp(candidate, patch, sizeof(patch)) == 0) { + candidate[4] = 0; + candidate[5] = 0x20; + file->seek(file, i); + file->write(file, candidate, sizeof(patch)); + retval = TRUE; + continue; + } + } + + free(buffer); + return retval; +} + +int patchKernel(AbstractFile* file) { + const char patch[] = {0x00, 0x00, 0x00, 0x0A, 0x00, 0x40, 0xA0, 0xE3, 0x04, 0x00, 0xA0, 0xE1, 0x90, 0x80, 0xBD, 0xE8}; + + const char patch2[] = {0xFF, 0x50, 0xA0, 0xE3, 0x04, 0x00, 0xA0, 0xE1, 0x0A, 0x10, 0xA0, 0xE1}; + + const char patch3[] = {0x99, 0x91, 0x43, 0x2B, 0x91, 0xCD, 0xE7, 0x04, 0x24, 0x1D, 0xB0}; + + size_t length = file->getLength(file); + uint8_t* buffer = (uint8_t*)malloc(length); + file->seek(file, 0); + file->read(file, buffer, length); + + int retval = 0; + int i; + for(i = 0; i < length; i++) { + uint8_t* candidate = &buffer[i]; + if(memcmp(candidate, patch, sizeof(patch)) == 0) { + candidate[4] = 0x01; + file->seek(file, i); + file->write(file, candidate, sizeof(patch)); + retval = TRUE; + continue; + } + if(memcmp(candidate, patch2, sizeof(patch2)) == 0) { + candidate[0] = 0x00; + file->seek(file, i); + file->write(file, candidate, sizeof(patch2)); + retval = TRUE; + continue; + } + if(memcmp(candidate, patch3, sizeof(patch3)) == 0) { + candidate[0] = 0x2B; + candidate[1] = 0x99; + candidate[2] = 0x00; + candidate[3] = 0x00; + file->seek(file, i); + file->write(file, candidate, sizeof(patch3)); + retval = TRUE; + continue; + } + } + + free(buffer); + return retval; +} + +int patchDeviceTree(AbstractFile* file) { + const char patch[] = "secure-root-prefix"; + const char patch2[] = "function-disable_keys"; + + size_t length = file->getLength(file); + uint8_t* buffer = (uint8_t*)malloc(length); + file->seek(file, 0); + file->read(file, buffer, length); + + int retval = 0; + int i; + for(i = 0; i < length; i++) { + uint8_t* candidate = &buffer[i]; + if(memcmp(candidate, patch, sizeof(patch) - 1) == 0) { + candidate[0] = 'x'; + candidate[1] = 'x'; + candidate[2] = 'x'; + candidate[3] = 'x'; + candidate[4] = 'x'; + candidate[5] = 'x'; + file->seek(file, i); + file->write(file, candidate, sizeof(patch) - 1); + retval++; + continue; + } + if(memcmp(candidate, patch2, sizeof(patch2) - 1) == 0) { + candidate[0] = 'x'; + candidate[1] = 'x'; + candidate[2] = 'x'; + candidate[3] = 'x'; + candidate[4] = 'x'; + candidate[5] = 'x'; + candidate[6] = 'x'; + candidate[7] = 'x'; + file->seek(file, i); + file->write(file, candidate, sizeof(patch) - 1); + retval++; + continue; + } + } + + free(buffer); + if(retval == 2) + return TRUE; + else + return FALSE; +} + diff --git a/xpwn/CMakeLists.txt b/xpwn/CMakeLists.txt index 09d52865..530d37cc 100644 --- a/xpwn/CMakeLists.txt +++ b/xpwn/CMakeLists.txt @@ -1,29 +1,31 @@ INCLUDE(${PROJECT_SOURCE_DIR}/FindUSB.cmake) -IF(NOT USB_FOUND) - message(STATUS "libusb is required for xpwn!") -ELSE(NOT USB_FOUND) - include_directories(include) +IF(NOT APPLE OR NOT BUILD_STATIC) + IF(NOT USB_FOUND) + message(STATUS "libusb is required for xpwn!") + ELSE(NOT USB_FOUND) + include_directories(include) - include_directories(${USB_INCLUDE_DIR}) - link_directories(${USB_LIBRARIES}) + include_directories(${USB_INCLUDE_DIR}) + link_directories(${USB_LIBRARIES}) - add_executable(xpwn-bin src/xpwn.cpp src/libibooter.cpp) + add_executable(xpwn-bin src/xpwn.cpp src/libibooter.cpp) - target_link_libraries(xpwn-bin ${USB_LIBRARIES}) + target_link_libraries(xpwn-bin ${USB_LIBRARIES}) - link_directories(${PROJECT_BINARY_DIR}/common ${PROJECT_BINARY_DIR}/hfs ${PROJECT_BINARY_DIR}/ipsw-patch) + link_directories(${PROJECT_BINARY_DIR}/common ${PROJECT_BINARY_DIR}/hfs ${PROJECT_BINARY_DIR}/ipsw-patch) - target_link_libraries(xpwn-bin xpwn) + target_link_libraries(xpwn-bin xpwn) - set_target_properties(xpwn-bin PROPERTIES OUTPUT_NAME "xpwn") + set_target_properties(xpwn-bin PROPERTIES OUTPUT_NAME "xpwn") - IF(APPLE) - SET_TARGET_PROPERTIES(xpwn-bin PROPERTIES LINK_FLAGS "-framework CoreFoundation -framework IOKit") - ENDIF(APPLE) + IF(APPLE) + SET_TARGET_PROPERTIES(xpwn-bin PROPERTIES LINK_FLAGS "-framework CoreFoundation -framework IOKit") + ENDIF(APPLE) - install(FILES ramdisk.dmg DESTINATION .) - install(TARGETS xpwn-bin DESTINATION .) + install(FILES ramdisk.dmg DESTINATION .) + install(TARGETS xpwn-bin DESTINATION .) -ENDIF(NOT USB_FOUND) + ENDIF(NOT USB_FOUND) +ENDIF(NOT APPLE OR NOT BUILD_STATIC)