summaryrefslogtreecommitdiffstats
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2023-11-15Change path_get_basename()'s return type to const char*Gravatar tihmstar3-6/+5
This makes it clear that the return value is immutable and moreover suggests that the return vale is not allocated and thus should be treated carefully.
2023-11-15restore: Fix UaFGravatar tihmstar1-2/+2
`fsname_base` points inside the dynamically allocated `path` which is freed before `fsname_base` is used, creating a use-after-free condition. This commits makes sure to free `path` only after it is no longer needed.
2023-11-15asr: Fix sending payload without checksumGravatar tihmstar1-4/+6
2023-11-09Fix update restore by making sure the premanifest is properly generatedGravatar Nikias Bassen3-14/+32
2023-11-09Print progress for large components (e.g. Cryptex)Gravatar Nikias Bassen5-13/+41
2023-11-07Print device Product and Build Version and IPSW Product and Build VersionGravatar Nikias Bassen2-18/+26
It wasn't entirely clear what "Product Version" and "Product Build" would be so prefixing it with "IPSW" makes it clear it's the version being restored.
2023-11-02Extract OS component when using older ipsw archivesGravatar Nikias Bassen7-11/+143
Older ipsw archives have the root filesystem stored in compressed format rather than just "stored". The "Verifying Filesystem" step would then fail as compressed files are not seekable in ZIP files. This commit introduces a detection for this and has the filesystem extracted should it be required. If not using a cache path, the temp file used for extraction will be deleted after the procedure is completed.
2023-10-09tss: Add USBPortController1,* entries to parametersGravatar Nikias Bassen1-0/+4
2023-10-07Improve debug output by suppressing libimobiledevice and libirecovery debug ↵Gravatar Nikias Bassen2-3/+7
output by default To get libimobiledevice and libirecovery output, add -d or --debug twice.
2023-10-06restore: Also print checkpoint warning messagesGravatar Nikias Bassen1-0/+4
2023-10-06restore: Add Ace3 as known updater name to suppress error messageGravatar Nikias Bassen1-0/+6
2023-10-06restore: Skip adding FirmwareData to FirmwareResponseData for RoseGravatar Nikias Bassen1-0/+6
2023-10-04restore: Improve checkpoint log output again, make sure to always check for ↵Gravatar Nikias Bassen1-5/+8
errors Turns out even with a CHECKPOINT_RESULT of 0 we can still have a CHECKPOINT_ERROR string.
2023-10-04restore: Refine checkpoint log outputGravatar Nikias Bassen1-6/+15
2023-10-04restore/tss: Prefer DeviceGeneratedRequest for Rose TSS request, and add ↵Gravatar Nikias Bassen2-4/+11
missing tag
2023-10-02restore: Add new SE,ChipID 0x36 to list of known valuesGravatar Nikias Bassen1-1/+1
2023-10-02restore: Attributed status code 50 with SEP load failureGravatar Nikias Bassen1-0/+1
2023-10-02restore: Handle SepStage1 (SEPPatchImageData) in NORImageDataGravatar Nikias Bassen1-0/+25
2023-09-29tss: Add Ap,SikaFuse to TSS request as seen for iPhone 14/15 devicesGravatar Nikias Bassen1-0/+8
This is currently implemented as a workaround as the evaluation of when this value should be set is unclear. Right now we set it when UID_MODE is set too.
2023-09-14Refactor ipsw code to transparently stream images directly from ZIP or ↵Gravatar Nikias Bassen9-355/+272
extracted ipsw This allows flashing directly from IPSW archive without having to extract it first, and ultimately removes the "Extracting filesystem from IPSW" part. Restoring from extracted IPSW is also supported, just pass the path to the directory that has all the files from a given IPSW.
2023-09-14autoconf: Link against libusbmuxd tooGravatar Nikias Bassen1-0/+2
2023-09-14tss: Make missing ApNonce non-fatal for IMG3Gravatar Nikias Bassen1-2/+1
For IMG3 devices, DFU does not provide ApNonce, but a valid SHSH is needed to boot into iBSS (which then does provide ApNonce). Thanks to @tihmstar for providing the fix!
2023-09-13normal: Don't do unpair before entering recovery mode, remove pairing record ↵Gravatar Nikias Bassen1-6/+4
afterwards instead
2023-09-13restore: Remove plist debug print for non-existent UniqueBuildIDGravatar Nikias Bassen1-1/+4
and print it in a better format if it does exist
2023-09-06fdr: Fix a debug log messageGravatar Nikias Bassen1-1/+1
2023-09-06tss: Bump auth client version to match iOS 16.5Gravatar Daniel VanBritsom1-1/+1
Sourced from the iOS 16.5 UpdateBrain.dylib
2023-07-25Add generic TSS request generatorGravatar Clément Decoodt1-2/+67
This uses the DeviceGeneratedRequest and DeviceGeneratedTags to generate the full TSS request. This allows to have a more future-proof approach to new firmware names they add.
2023-07-25Add SE,ChipID 0x2CGravatar Clément Decoodt1-1/+1
2023-07-25Display iBoot boot stageGravatar Clément Decoodt2-0/+29
This helps debugging cases where the iDevice does not go into stage 2 because of a missing firmware
2023-07-25Add support for incoherent iBoot parametersGravatar Clément Decoodt1-5/+7
Some firmwares to load during iBoot stage 1 can have both: - isLoadedByiBoot = false - isLoadedByiBootStage1 = true This allows to load it at stage 1
2023-05-23Use DeviceGeneratedRequest plist for SE TSS requestsGravatar Clément Decoodt2-8/+22
2023-04-21Updated to use latest libplist APIGravatar Nikias Bassen1-1/+1
2023-04-14Allow setting custom TSS request URL through command line switchGravatar Nikias Bassen2-6/+34
2023-04-13img4: Remove unused debug codeGravatar Nikias Bassen1-31/+0
2022-10-19restore: Fix compilation error due to wrong variable nameGravatar Nikias Bassen1-2/+2
2022-10-19restore: Only print boot object v3/v4 plist in debug modeGravatar Nikias Bassen1-2/+8
2022-10-18Use limera1n_is_supported instead of compatibility check added with previous ↵Gravatar Nikias Bassen1-17/+1
commit
2022-10-12Check if device is limera1n-vulnerable for --pwn optionGravatar Alfie Cockell Gwinnett1-8/+30
2022-10-11recovery: Also send "go" and "reset" commands with bRequest set to 1Gravatar Nikias Bassen1-2/+2
2022-10-08recovery: Send bootx with bRequest set to 1 for all platformsGravatar Nikias Bassen1-1/+1
2022-10-05recovery: set bRequest to 1 when sending bootx commandGravatar Munehisa Kamata1-1/+1
In macOS 13 beta 8 or newer release, bootx seems to fail if bRequest is 0 in the control transfer setup. Then, the device fails to enter restore mode. Seems like something has changed in iBEC since beta 8 and Apple Configurator 2 has set it to 1, so do the same thing. While this could be applied for all *OS variants, it's limited to macOS for now just to be safe. Signed-off-by: Munehisa Kamata <kamatam@amazon.com>
2022-10-04img4: Add support for stitching with additional TBM dataGravatar Nikias Bassen3-7/+191
2022-10-02Reduce memory usage for SourceBootObjectV4 imagesGravatar Nikias Bassen4-91/+201
2022-09-25tss: Add preliminary code to set UID_MODEGravatar Nikias Bassen1-0/+12
2022-09-25tss: Make sure vinyl tags include eUICC,Gold and eUICC,Main digestsGravatar Nikias Bassen1-0/+19
... as well as eUICC,ApProductionMode which was missing before.
2022-09-21img4: Add some more component tagsGravatar Nikias Bassen1-16/+28
2022-09-21tss: Add NeRDEpoch to TSS requests for newer devices (iPhone 13 and up)Gravatar Nikias Bassen1-0/+2
2022-09-20ipsw: Add some NULL checks to ipsw_extract_to_file_with_progress()Gravatar Nikias Bassen1-1/+12
2022-09-16tss: Don't add @BBTicket in tss_request_new()Gravatar Nikias Bassen2-2/+1
2022-09-16Fix Cryptex1 and Cryptex1LocalPolicy TSS request handlingGravatar Nikias Bassen3-15/+74