summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar Munehisa Kamata2022-07-17 13:33:33 -0700
committerGravatar Nikias Bassen2022-08-29 01:44:27 +0200
commit65f170986d03fb536e48967cf3ffc5fb91f57a2d (patch)
tree548fc37720ddc7ad300461e6c0b7655205e90e2d
parent4a516e5f5e0c509de966cc1ac45622f452f23e0b (diff)
downloadidevicerestore-65f170986d03fb536e48967cf3ffc5fb91f57a2d.tar.gz
idevicerestore-65f170986d03fb536e48967cf3ffc5fb91f57a2d.tar.bz2
restore: use an appropriate ticket for Cryptex1 global manifest
macOS 13 introduced a new global manifest for Cryptex1 and it requires tickets found in Firmware/Manifests/restore/cryptex1/macOS Customer/ inside an IPSW, but we currently do not use the tickets and end up unexpected behavior on a Mac device after restoring, e.g. bputil fails to downgrade security mode due to "Cryptex1 manifest verification failed". This adds a proper handling to use the appropriate tickets. Signed-off-by: Munehisa Kamata <kamatam@amazon.com>
-rw-r--r--src/restore.c31
1 files changed, 24 insertions, 7 deletions
diff --git a/src/restore.c b/src/restore.c
index d51de03..1a15959 100644
--- a/src/restore.c
+++ b/src/restore.c
@@ -3293,7 +3293,7 @@ int extract_macos_variant(plist_t build_identity, char** output)
return 0;
}
-int extract_global_manifest(struct idevicerestore_client_t* client, plist_t build_identity, unsigned char** pbuffer, unsigned int* psize)
+int extract_global_manifest(struct idevicerestore_client_t* client, plist_t build_identity, char *variant, unsigned char** pbuffer, unsigned int* psize)
{
plist_t build_info = plist_dict_get_item(build_identity, "Info");
if (!build_info) {
@@ -3310,10 +3310,15 @@ int extract_global_manifest(struct idevicerestore_client_t* client, plist_t buil
plist_get_string_val(device_class_node, &device_class);
char *macos_variant = NULL;
- int ret = extract_macos_variant(build_identity, &macos_variant);
- if (ret != 0) {
- free(device_class);
- return -1;
+ int ret;
+ if (variant) {
+ macos_variant = variant;
+ } else {
+ ret = extract_macos_variant(build_identity, &macos_variant);
+ if (ret != 0) {
+ free(device_class);
+ return -1;
+ }
}
// The path of the global manifest is hardcoded. There's no pointer to in the build manifest.
@@ -3362,7 +3367,7 @@ int restore_send_personalized_boot_object_v3(restored_client_t restore, struct i
info("About to send %s...\n", component_name);
if (strcmp(image_name, "__GlobalManifest__") == 0) {
- int ret = extract_global_manifest(client, build_identity, &data, &size);
+ int ret = extract_global_manifest(client, build_identity, NULL, &data, &size);
if (ret != 0) {
return -1;
}
@@ -3488,7 +3493,19 @@ int restore_send_source_boot_object_v4(restored_client_t restore, struct idevice
info("About to send %s...\n", component_name);
if (strcmp(image_name, "__GlobalManifest__") == 0) {
- int ret = extract_global_manifest(client, build_identity, &data, &size);
+ char *variant = NULL;
+ plist_t node = plist_access_path(msg, 2, "Arguments", "Variant");
+ if (!node || plist_get_node_type(node) != PLIST_STRING) {
+ debug("Failed to parse arguments from SourceBootObjectV4 plist\n");
+ return -1;
+ }
+ plist_get_string_val(node, &variant);
+ if (!variant) {
+ debug("Failed to parse arguments from SourceBootObjectV4 as string\n");
+ return -1;
+ }
+
+ int ret = extract_global_manifest(client, build_identity, variant, &data, &size);
if (ret != 0) {
return -1;
}