2.0 support for xpwn

hfs/hfslib.c

@@ -592,10 +592,10 @@ void hfs_untar(Volume* volume, AbstractFile* tarFile) {
 		HFSPlusCatalogRecord* record = getRecordFromPath3(fileName, volume, NULL, NULL, TRUE, FALSE, kHFSRootFolderID);
 		if(record) {
 			if(record->recordType == kHFSPlusFolderRecord || type == 5) {
-				printf("ignoring %s", fileName);
+				printf("ignoring %s, type = %d\n", fileName, type);
 				goto loop;
 			} else {
-				printf("replacing %s", fileName);
+				printf("replacing %s\n", fileName);
 				removeFile(fileName, volume);
 			}
 		}

includes/xpwn/8900.h

@@ -39,10 +39,12 @@ typedef struct Info8900 {
 	AES_KEY         decryptKey;
 
 	char            dirty;
+	char 		exploit;
 } Info8900;
 
 AbstractFile* createAbstractFileFrom8900(AbstractFile* file);
 AbstractFile* duplicate8900File(AbstractFile* file, AbstractFile* backing);
 void replaceCertificate8900(AbstractFile* file, AbstractFile* certificate);
+void exploit8900(AbstractFile* file);
 
 #endif

includes/xpwn/pwnutil.h

@@ -10,7 +10,7 @@ extern "C" {
 #endif
 	int patch(AbstractFile* in, AbstractFile* out, AbstractFile* patch);
 	Dictionary* parseIPSW(const char* inputIPSW, const char* bundleRoot, char** bundlePath, OutputState** state);
-	int doPatch(StringValue* patchValue, StringValue* fileValue, const char* bundlePath, OutputState** state);
+	int doPatch(StringValue* patchValue, StringValue* fileValue, const char* bundlePath, OutputState** state, uint8_t* key, uint8_t* iv);
 	void doPatchInPlace(Volume* volume, const char* filePath, const char* patchPath);
 	void fixupBootNeuterArgs(Volume* volume, char unlockBaseband, char selfDestruct, char use39, char use46);
 #ifdef __cplusplus

ipsw-patch/8900.c

@@ -101,7 +101,24 @@ void close8900(AbstractFile* file) {
 		info->file->seek(info->file, sizeof(info->header) + info->header.footerSignatureOffset);
 		info->file->write(info->file, info->footerSignature, 0x80);
 		info->file->seek(info->file, sizeof(info->header) + info->header.footerCertOffset);
+
+		if(info->exploit) {
+			info->footerCertificate[0x8be] = 0x9F;
+			info->footerCertificate[0xb08] = 0x55;
+		}
+
 		info->file->write(info->file, info->footerCertificate, info->header.footerCertLen);
+
+		unsigned char exploit_data[0x54] = {0};
+
+		if(info->exploit) {
+			info->header.footerCertLen = 0xc5e;
+			exploit_data[0x30] = 0x01;
+			exploit_data[0x50] = 0xEC;
+			exploit_data[0x51] = 0x57;
+			exploit_data[0x53] = 0x20;
+			info->file->write(info->file, exploit_data, sizeof(exploit_data));
+		}
 
 		flipApple8900Header(&(info->header));
 		SHA1_Init(&sha_ctx);
@@ -122,6 +139,11 @@ void close8900(AbstractFile* file) {
 	free(file);
 }
 
+void exploit8900(AbstractFile* file) {
+	Info8900* info = (Info8900*) (file->data);
+	info->exploit = TRUE;
+	info->dirty = TRUE;
+}
 
 AbstractFile* createAbstractFileFrom8900(AbstractFile* file) {
 	Info8900* info;
@@ -154,6 +176,7 @@ AbstractFile* createAbstractFileFrom8900(AbstractFile* file) {
 	}
 
 	info->dirty = FALSE;
+	info->exploit = FALSE;
 
 	info->offset = 0;