summaryrefslogtreecommitdiffstats
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2023-09-06fdr: Fix a debug log messageGravatar Nikias Bassen1-1/+1
2023-09-06tss: Bump auth client version to match iOS 16.5Gravatar Daniel VanBritsom1-1/+1
Sourced from the iOS 16.5 UpdateBrain.dylib
2023-07-25Add generic TSS request generatorGravatar Clément Decoodt1-2/+67
This uses the DeviceGeneratedRequest and DeviceGeneratedTags to generate the full TSS request. This allows to have a more future-proof approach to new firmware names they add.
2023-07-25Add SE,ChipID 0x2CGravatar Clément Decoodt1-1/+1
2023-07-25Display iBoot boot stageGravatar Clément Decoodt2-0/+29
This helps debugging cases where the iDevice does not go into stage 2 because of a missing firmware
2023-07-25Add support for incoherent iBoot parametersGravatar Clément Decoodt1-5/+7
Some firmwares to load during iBoot stage 1 can have both: - isLoadedByiBoot = false - isLoadedByiBootStage1 = true This allows to load it at stage 1
2023-05-23Use DeviceGeneratedRequest plist for SE TSS requestsGravatar Clément Decoodt2-8/+22
2023-04-21Updated to use latest libplist APIGravatar Nikias Bassen1-1/+1
2023-04-14Allow setting custom TSS request URL through command line switchGravatar Nikias Bassen2-6/+34
2023-04-13img4: Remove unused debug codeGravatar Nikias Bassen1-31/+0
2022-10-19restore: Fix compilation error due to wrong variable nameGravatar Nikias Bassen1-2/+2
2022-10-19restore: Only print boot object v3/v4 plist in debug modeGravatar Nikias Bassen1-2/+8
2022-10-18Use limera1n_is_supported instead of compatibility check added with previous ↵Gravatar Nikias Bassen1-17/+1
commit
2022-10-12Check if device is limera1n-vulnerable for --pwn optionGravatar Alfie Cockell Gwinnett1-8/+30
2022-10-11recovery: Also send "go" and "reset" commands with bRequest set to 1Gravatar Nikias Bassen1-2/+2
2022-10-08recovery: Send bootx with bRequest set to 1 for all platformsGravatar Nikias Bassen1-1/+1
2022-10-05recovery: set bRequest to 1 when sending bootx commandGravatar Munehisa Kamata1-1/+1
In macOS 13 beta 8 or newer release, bootx seems to fail if bRequest is 0 in the control transfer setup. Then, the device fails to enter restore mode. Seems like something has changed in iBEC since beta 8 and Apple Configurator 2 has set it to 1, so do the same thing. While this could be applied for all *OS variants, it's limited to macOS for now just to be safe. Signed-off-by: Munehisa Kamata <kamatam@amazon.com>
2022-10-04img4: Add support for stitching with additional TBM dataGravatar Nikias Bassen3-7/+191
2022-10-02Reduce memory usage for SourceBootObjectV4 imagesGravatar Nikias Bassen4-91/+201
2022-09-25tss: Add preliminary code to set UID_MODEGravatar Nikias Bassen1-0/+12
2022-09-25tss: Make sure vinyl tags include eUICC,Gold and eUICC,Main digestsGravatar Nikias Bassen1-0/+19
... as well as eUICC,ApProductionMode which was missing before.
2022-09-21img4: Add some more component tagsGravatar Nikias Bassen1-16/+28
2022-09-21tss: Add NeRDEpoch to TSS requests for newer devices (iPhone 13 and up)Gravatar Nikias Bassen1-0/+2
2022-09-20ipsw: Add some NULL checks to ipsw_extract_to_file_with_progress()Gravatar Nikias Bassen1-1/+12
2022-09-16tss: Don't add @BBTicket in tss_request_new()Gravatar Nikias Bassen2-2/+1
2022-09-16Fix Cryptex1 and Cryptex1LocalPolicy TSS request handlingGravatar Nikias Bassen3-15/+74
2022-08-29restore: Add support for Cryptex1LocalPolicy firmware updaterGravatar Nikias Bassen1-10/+23
2022-08-29restore: use an appropriate ticket for Cryptex1 global manifestGravatar Munehisa Kamata1-7/+24
macOS 13 introduced a new global manifest for Cryptex1 and it requires tickets found in Firmware/Manifests/restore/cryptex1/macOS Customer/ inside an IPSW, but we currently do not use the tickets and end up unexpected behavior on a Mac device after restoring, e.g. bputil fails to downgrade security mode due to "Cryptex1 manifest verification failed". This adds a proper handling to use the appropriate tickets. Signed-off-by: Munehisa Kamata <kamatam@amazon.com>
2022-08-23tss: Skip components with IsFTAB:true when adding AP tags to requestGravatar Nikias Bassen1-0/+6
This should fix devices failing to enter restore mode due to an incorrect signature for the repective components.
2022-06-28restore: Don't print 'Attempting to continue after critical error' warning ↵Gravatar Nikias Bassen1-1/+1
when no error was detected This only occurred when using --ignore-errors command line option.
2022-06-28Make sure to exactly match the passed variant when using --variantGravatar Nikias Bassen3-9/+9
2022-06-27Add --variant command line switch to specify build identity to useGravatar Nikias Bassen2-4/+16
2022-06-27Ignore 'Research*' variant in build identity selectionGravatar Nikias Bassen1-2/+2
2022-06-27ipsw: Add workaround for missing RestoreBehavior entries for ipsw infoGravatar Nikias Bassen1-1/+9
2022-06-27Don't print an error message when RestoreBehavior is missingGravatar Nikias Bassen1-13/+6
2022-06-27ipsw: Improve error message when fwrite failsGravatar Nikias Bassen1-2/+2
2022-06-23Support iOS 16.0 Beta 2 (#506)Gravatar Emma Lethaltail1-0/+1
2022-06-20Remove more serial number checks, and get ECID early on in all modesGravatar Nikias Bassen8-135/+31
Some devices seem to not have a serial number, usually in restore mode, which will cause the restore operation to fail since we specifically check for it. An earlier commit already removed the actual comparison in favor of comparing the ECID, but some checks would still result in restore failures as it can't retrieve the serial number on said devices at all. This commit also makes sure to get the ECID in all modes as early as possible and removes all the helper functions for it since they are not needed anymore.
2022-06-20Add support for FirmwareUpdaterPreflight messageGravatar Clément Decoodt1-0/+31
This message seems mandatory on the new versions of MacOS (12+), but it seems an empty response is what's expected.
2022-06-17Use more elegant way to match file name to component nameGravatar Nikias Bassen1-37/+33
2022-06-17restore: Fix memory corruption in restore_get_timer_firmware_dataGravatar Doron Zarhi1-1/+1
2022-06-17Add support for iOS 16Gravatar Doron Zarhi4-21/+157
2022-05-23ipsw: Update to reflect color macro name change in libimobiledevice-glueGravatar Nikias Bassen1-7/+7
2022-04-27Fix restore for devices that don't have eUICCGravatar Nikias Bassen1-1/+1
Because of a default value of (uint64_t)-1LL returned when _plist_dict_get_uint doesn't find the dictionary entry for the given key, a later comparison of that unsigned value against something like >= 5 will result in the condition being true even though it was not supposed to. _plist_dict_get_uint will now return a default value of 0 if the key is not found. Code paths that deal with actual values of 0 vs. non-existent values need to test the existence of the key deal with that; I am currently not aware of anything that would be affected.
2022-04-25Increase recovery mode disconnect and re-connect timeout from 10 to 60 secondsGravatar Rodrigo Arias1-2/+2
2022-04-13Print version string upon executionGravatar Nikias Bassen1-0/+2
2022-04-12More code improvements using _plist_dict_copy_* helperGravatar Nikias Bassen3-52/+13
2022-04-12Use proper detection for macOS restore path (instead of version number ↵Gravatar Nikias Bassen5-17/+21
comparison)
2022-04-10Fix build identity selection for beta (developer) firmwareGravatar Nikias Bassen3-17/+14
2022-04-10restore: Fixed a problem that nobody even knew existedGravatar Nikias Bassen2-7/+11
At least this has been going unnoticed until recently. For quite some time we have been sending NorImageData as array to the device, but it turned out that this was only expected for iOS < 7.0 and from then on it was supposed to be a dictionary with the components. Now we should correctly handle it.