From 1fc7fe84bdd7e4daf35ed19e5f7171c48c2d6751 Mon Sep 17 00:00:00 2001
From: Nikias Bassen
Date: Thu, 2 Feb 2012 23:09:47 +0100
Subject: add limera1n exploit and use pwned dfu mode for custom firmwares

---
 src/idevicerestore.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

(limited to 'src/idevicerestore.c')

diff --git a/src/idevicerestore.c b/src/idevicerestore.c
index 6733a59..bfe19c7 100644
--- a/src/idevicerestore.c
+++ b/src/idevicerestore.c
@@ -36,6 +36,8 @@
 #include "recovery.h"
 #include "idevicerestore.h"
 
+#include "limera1n.h"
+
 int use_apple_server;
 
 static struct option longopts[] = {
@@ -406,6 +408,21 @@ int main(int argc, char* argv[]) {
 	// if the device is in DFU mode, place device into recovery mode
 	if (client->mode->index == MODE_DFU) {
 		recovery_client_free(client);
+		if (client->flags & FLAG_CUSTOM) {
+			info("connecting to DFU\n");
+			if (dfu_client_new(client) < 0) {
+				return -1;
+			}
+			info("exploiting with limera1n\n");
+			// TODO: check for non-limera1n device and fail
+			if (limera1n_exploit(client->device, client->dfu->client) != 0) {
+				error("ERROR: limera1n exploit failed\n");
+				dfu_client_free(client);
+				return -1;
+			}
+			dfu_client_free(client);
+			info("exploited\n");
+		}
 		if (dfu_enter_recovery(client, build_identity) < 0) {
 			error("ERROR: Unable to place device into recovery mode\n");
 			plist_free(buildmanifest);
-- 
cgit v1.1-32-gdbae