diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/irecovery.c | 23 | ||||
-rw-r--r-- | src/libirecovery.c | 15 |
2 files changed, 35 insertions, 3 deletions
diff --git a/src/irecovery.c b/src/irecovery.c index 7150f90..98b1e90 100644 --- a/src/irecovery.c +++ b/src/irecovery.c @@ -27,7 +27,7 @@ #define debug(...) if(verbose) fprintf(stderr, __VA_ARGS__) enum { - kResetDevice, kStartShell, kSendCommand, kSendFile + kResetDevice, kStartShell, kSendCommand, kSendFile, kSendExploit }; static unsigned int quit = 0; @@ -146,9 +146,9 @@ void print_usage() { printf("iRecovery - iDevice Recovery Utility\n"); printf("Usage: ./irecovery [args]\n"); printf("\t-v\t\tStart irecovery in verbose mode.\n"); - printf("\t-u <uuid>\ttarget specific client by its 40-digit client UUID\n"); printf("\t-c <cmd>\tSend command to client.\n"); printf("\t-f <file>\tSend file to client.\n"); + printf("\t-k [exploit]\tSend usb exploit to client.\n"); printf("\t-h\t\tShow this help.\n"); printf("\t-r\t\tReset client.\n"); printf("\t-s\t\tStart interactive shell.\n"); @@ -162,7 +162,7 @@ int main(int argc, char** argv) { char* argument = NULL; irecv_error_t error = 0; if(argc == 1) print_usage(); - while ((opt = getopt(argc, argv, "vhrsc:f:")) > 0) { + while ((opt = getopt(argc, argv, "vhrsc:f:k::")) > 0) { switch (opt) { case 'v': verbose += 1; @@ -190,6 +190,11 @@ int main(int argc, char** argv) { argument = optarg; break; + case 'k': + action = kSendExploit; + argument = optarg; + break; + default: fprintf(stderr, "Unknown argument\n"); return -1; @@ -225,6 +230,18 @@ int main(int argc, char** argv) { debug("%s\n", irecv_strerror(error)); break; + case kSendExploit: + if(argument != NULL) { + error = irecv_send_file(client, argument); + if(error != IRECV_E_SUCCESS) { + debug("%s\n", irecv_strerror(error)); + break; + } + } + error = irecv_send_exploit(client); + debug("%s\n", irecv_strerror(error)); + break; + case kStartShell: init_shell(client); break; diff --git a/src/libirecovery.c b/src/libirecovery.c index 78745b1..6587fe0 100644 --- a/src/libirecovery.c +++ b/src/libirecovery.c @@ -428,6 +428,21 @@ irecv_error_t irecv_get_ecid(irecv_client_t client, unsigned long long* ecid) { return IRECV_E_SUCCESS; } + +irecv_error_t irecv_send_exploit(irecv_client_t client) { + if(client == NULL || client->handle == NULL) { + return IRECV_E_NO_DEVICE; + } + + irecv_error_t error = irecv_set_interface(client, 1, 1); + if(error != IRECV_E_SUCCESS) { + return error; + } + + libusb_control_transfer(client->handle, 0x21, 2, 0, 0, NULL, 0, 100); + return IRECV_E_SUCCESS; +} + const char* irecv_strerror(irecv_error_t error) { switch(error) { case IRECV_E_SUCCESS: |