| Age | Commit message (Collapse) | Author | Files | Lines | 
|---|
|  |  | 
|  | macOS 13 introduced a new global manifest for Cryptex1 and it requires
tickets found in Firmware/Manifests/restore/cryptex1/macOS Customer/
inside an IPSW, but we currently do not use the tickets and end up
unexpected behavior on a Mac device after restoring, e.g. bputil
fails to downgrade security mode due to "Cryptex1 manifest verification
failed". This adds a proper handling to use the appropriate tickets.
Signed-off-by: Munehisa Kamata <kamatam@amazon.com> | 
|  | This should fix devices failing to enter restore mode due to an incorrect
signature for the repective components. | 
|  | when no error was detected
This only occurred when using --ignore-errors command line option. | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  | Some devices seem to not have a serial number, usually in restore mode, which
will cause the restore operation to fail since we specifically check for it.
An earlier commit already removed the actual comparison in favor of comparing
the ECID, but some checks would still result in restore failures as it can't
retrieve the serial number on said devices at all.
This commit also makes sure to get the ECID in all modes as early as possible
and removes all the helper functions for it since they are not needed anymore. | 
|  | This message seems mandatory on the new versions of MacOS (12+), but it
seems an empty response is what's expected. | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  | Because of a default value of (uint64_t)-1LL returned when _plist_dict_get_uint
doesn't find the dictionary entry for the given key, a later comparison of
that unsigned value against something like >= 5 will result in the condition
being true even though it was not supposed to. _plist_dict_get_uint will now
return a default value of 0 if the key is not found. Code paths that deal with
actual values of 0 vs. non-existent values need to test the existence of the
key deal with that; I am currently not aware of anything that would be affected. | 
|  |  | 
|  |  | 
|  |  | 
|  | comparison) | 
|  |  | 
|  | At least this has been going unnoticed until recently. For quite some time
we have been sending NorImageData as array to the device, but it turned out
that this was only expected for iOS < 7.0 and from then on it was supposed
to be a dictionary with the components.
Now we should correctly handle it. | 
|  | This will prevent the otherwise confusing (but harmless) error messages
  ERROR: Unable to get (null)-FirmwarePreflightInfo from lockdownd
  ERROR: Unable to get FirmwarePreflightInfo
during restore. | 
|  |  | 
|  | unneeded comments | 
|  |  | 
|  |  | 
|  | match device
Some devices seem to not provide serial number information in recovery or
restore mode so we use ECID instead to make sure we deal with the same device. | 
|  |  | 
|  |  | 
|  | Updates the "TSS_CLIENT_VERSION_STRING" to match that of iTunes 12.12.0.6 on Windows and Finder on the latest macOS. | 
|  | with fallback to the legacy code with a compile time warning. The legacy
code will be removed in the future once a newer libimobiledevice has been
officially released. | 
|  |  | 
|  | Signed-off-by: Hector Martin <marcan@marcan.st> | 
|  | This is used on macOS 12+ (Monterey and later) to allow older OSes to
perform the bless2/bootability process for newer OSes, by putting a
shared library in the Preboot partition that contains the specific logic
required to make a given macOS install bootable.
Closes: #441
Signed-off-by: Hector Martin <marcan@marcan.st> | 
|  | This already works for zip files, but we need to do a readlink dance for
unpacked archives.
Signed-off-by: Hector Martin <marcan@marcan.st> | 
|  | This is required to enumerate the BootabilityBundle contents.
Signed-off-by: Hector Martin <marcan@marcan.st> | 
|  | Monterey got rid of VariantSupportsGlobalSigning. Identify builds
based on the Variant field (which seems to always have consistent
values) instead of using RestoreBehavior and
VariantSupportsGlobalSigning.
Signed-off-by: Hector Martin <marcan@marcan.st> | 
|  | update failure) | 
|  |  | 
|  |  | 
|  | Older firmware versions don't seem to always include CHECKPOINT_COMPLETE
so we assume that state is false instead of aborting with an error. | 
|  |  | 
|  | This fixes flaky restores / activation not proceeding if you're more
than 100ms away from Apple's servers.
Signed-off-by: Hector Martin <marcan@marcan.st> | 
|  | Closes: #442
Co-authored-by: Nikias Bassen <nikias@gmx.li>
Signed-off-by: Hector Martin <marcan@marcan.st> | 
|  |  | 
|  |  | 
|  | identities etc. |