From 89078bb47ff20ea5de1d665272552fd16e8b2d18 Mon Sep 17 00:00:00 2001
From: Nikias Bassen
Date: Wed, 24 Apr 2013 14:12:33 +0200
Subject: limera1n: use chip_id constants from libirecovery to detect device
 model

---
 src/limera1n.c | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

(limited to 'src/limera1n.c')

diff --git a/src/limera1n.c b/src/limera1n.c
index 29cb02a..5d9eb4f 100644
--- a/src/limera1n.c
+++ b/src/limera1n.c
@@ -36,20 +36,25 @@ int limera1n_exploit(struct irecv_device *device, irecv_client_t *pclient)
 	unsigned char shellcode[0x800];
 	unsigned int max_size = 0x24000;
 	//unsigned int load_address = 0x84000000;
-	unsigned int stack_address = 0x84033F98;
-	unsigned int shellcode_address = 0x84023001;
+	unsigned int stack_address = 0;
+	unsigned int shellcode_address = 0;
 	unsigned int shellcode_length = 0;
 
-
-	if (device->chip_id == 8930) {
+	if (device->chip_id == irecv_devices[DEVICE_IPHONE4].chip_id) {
 		max_size = 0x2C000;
 		stack_address = 0x8403BF9C;
 		shellcode_address = 0x8402B001;
-	}
-	if (device->chip_id == 8920) {
+	} else if (device->chip_id == irecv_devices[DEVICE_IPHONE3GS].chip_id) {
 		max_size = 0x24000;
 		stack_address = 0x84033FA4;
 		shellcode_address = 0x84023001;
+	} else if (device->chip_id == irecv_devices[DEVICE_IPOD3G].chip_id) {
+		max_size = 0x24000;
+		stack_address = 0x84033F98;
+		shellcode_address = 0x84023001;	
+	} else {
+		error("Unsupported ChipID 0x%04x. Can't exploit with limera1n.\n", device->chip_id);
+		return -1;
 	}
 
 	memset(shellcode, 0x0, 0x800);
-- 
cgit v1.1-32-gdbae