diff options
author | Munehisa Kamata | 2022-07-17 13:33:33 -0700 |
---|---|---|
committer | Nikias Bassen | 2022-08-29 01:44:27 +0200 |
commit | 65f170986d03fb536e48967cf3ffc5fb91f57a2d (patch) | |
tree | 548fc37720ddc7ad300461e6c0b7655205e90e2d | |
parent | 4a516e5f5e0c509de966cc1ac45622f452f23e0b (diff) | |
download | idevicerestore-65f170986d03fb536e48967cf3ffc5fb91f57a2d.tar.gz idevicerestore-65f170986d03fb536e48967cf3ffc5fb91f57a2d.tar.bz2 |
restore: use an appropriate ticket for Cryptex1 global manifest
macOS 13 introduced a new global manifest for Cryptex1 and it requires
tickets found in Firmware/Manifests/restore/cryptex1/macOS Customer/
inside an IPSW, but we currently do not use the tickets and end up
unexpected behavior on a Mac device after restoring, e.g. bputil
fails to downgrade security mode due to "Cryptex1 manifest verification
failed". This adds a proper handling to use the appropriate tickets.
Signed-off-by: Munehisa Kamata <kamatam@amazon.com>
-rw-r--r-- | src/restore.c | 31 |
1 files changed, 24 insertions, 7 deletions
diff --git a/src/restore.c b/src/restore.c index d51de03..1a15959 100644 --- a/src/restore.c +++ b/src/restore.c @@ -3293,7 +3293,7 @@ int extract_macos_variant(plist_t build_identity, char** output) return 0; } -int extract_global_manifest(struct idevicerestore_client_t* client, plist_t build_identity, unsigned char** pbuffer, unsigned int* psize) +int extract_global_manifest(struct idevicerestore_client_t* client, plist_t build_identity, char *variant, unsigned char** pbuffer, unsigned int* psize) { plist_t build_info = plist_dict_get_item(build_identity, "Info"); if (!build_info) { @@ -3310,10 +3310,15 @@ int extract_global_manifest(struct idevicerestore_client_t* client, plist_t buil plist_get_string_val(device_class_node, &device_class); char *macos_variant = NULL; - int ret = extract_macos_variant(build_identity, &macos_variant); - if (ret != 0) { - free(device_class); - return -1; + int ret; + if (variant) { + macos_variant = variant; + } else { + ret = extract_macos_variant(build_identity, &macos_variant); + if (ret != 0) { + free(device_class); + return -1; + } } // The path of the global manifest is hardcoded. There's no pointer to in the build manifest. @@ -3362,7 +3367,7 @@ int restore_send_personalized_boot_object_v3(restored_client_t restore, struct i info("About to send %s...\n", component_name); if (strcmp(image_name, "__GlobalManifest__") == 0) { - int ret = extract_global_manifest(client, build_identity, &data, &size); + int ret = extract_global_manifest(client, build_identity, NULL, &data, &size); if (ret != 0) { return -1; } @@ -3488,7 +3493,19 @@ int restore_send_source_boot_object_v4(restored_client_t restore, struct idevice info("About to send %s...\n", component_name); if (strcmp(image_name, "__GlobalManifest__") == 0) { - int ret = extract_global_manifest(client, build_identity, &data, &size); + char *variant = NULL; + plist_t node = plist_access_path(msg, 2, "Arguments", "Variant"); + if (!node || plist_get_node_type(node) != PLIST_STRING) { + debug("Failed to parse arguments from SourceBootObjectV4 plist\n"); + return -1; + } + plist_get_string_val(node, &variant); + if (!variant) { + debug("Failed to parse arguments from SourceBootObjectV4 as string\n"); + return -1; + } + + int ret = extract_global_manifest(client, build_identity, variant, &data, &size); if (ret != 0) { return -1; } |