summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/irecovery.c106
-rw-r--r--src/libirecovery.c136
2 files changed, 91 insertions, 151 deletions
diff --git a/src/irecovery.c b/src/irecovery.c
index d53cf9b..a763272 100644
--- a/src/irecovery.c
+++ b/src/irecovery.c
@@ -33,25 +33,28 @@ enum {
static unsigned int quit = 0;
static unsigned int verbose = 0;
+int received_cb(irecv_client_t client, const irecv_event_t* event);
int precommand_cb(irecv_client_t client, const irecv_event_t* event);
int postcommand_cb(irecv_client_t client, const irecv_event_t* event);
-void print_shell_usage() {
+void shell_usage() {
printf("Usage:\n");
printf("\t/upload <file>\tSend file to client.\n");
+ printf("\t/exploit [file]\tSend usb exploit with optional payload\n");
printf("\t/help\t\tShow this help.\n");
printf("\t/exit\t\tExit interactive shell.\n");
}
void parse_command(irecv_client_t client, unsigned char* command, unsigned int size) {
- char* cmd = strtok(strdup(command), " ");
- debug("Executing %s %s\n", cmd, command);
+ char* cmd = strdup(command);
+ char* action = strtok(cmd, " ");
+ debug("Executing %s\n", action);
if (!strcmp(cmd, "/exit")) {
quit = 1;
} else
if (!strcmp(cmd, "/help")) {
- print_shell_usage();
+ shell_usage();
} else
if (!strcmp(cmd, "/upload")) {
@@ -60,22 +63,18 @@ void parse_command(irecv_client_t client, unsigned char* command, unsigned int s
if (filename != NULL) {
irecv_send_file(client, filename);
}
- }
- free(cmd);
-}
+ } else
-int recv_callback(irecv_client_t client, unsigned char* data, int size) {
- int i = 0;
- for (i = 0; i < size; i++) {
- printf("%c", data[i]);
+ if (!strcmp(cmd, "/exploit")) {
+ char* filename = strtok(NULL, " ");
+ debug("Sending %s\n", filename);
+ if (filename != NULL) {
+ irecv_send_file(client, filename);
+ }
+ irecv_send_exploit(client);
}
- return size;
-}
-int send_callback(irecv_client_t client, unsigned char* command, int size) {
-
-
- return size;
+ free(action);
}
void load_command_history() {
@@ -90,7 +89,7 @@ void append_command_to_history(char* cmd) {
void init_shell(irecv_client_t client) {
irecv_error_t error = 0;
load_command_history();
- irecv_set_receiver(client, &recv_callback);
+ irecv_event_subscribe(client, IRECV_RECEIVED, &received_cb, NULL);
irecv_event_subscribe(client, IRECV_PRECOMMAND, &precommand_cb, NULL);
irecv_event_subscribe(client, IRECV_POSTCOMMAND, &postcommand_cb, NULL);
while (!quit) {
@@ -113,49 +112,64 @@ void init_shell(irecv_client_t client) {
}
}
-void print_usage() {
- printf("iRecovery - iDevice Recovery Utility\n");
- printf("Usage: ./irecovery [args]\n");
- printf("\t-v\t\tStart irecovery in verbose mode.\n");
- printf("\t-c <cmd>\tSend command to client.\n");
- printf("\t-f <file>\tSend file to client.\n");
- printf("\t-k [exploit]\tSend usb exploit to client.\n");
- printf("\t-h\t\tShow this help.\n");
- printf("\t-r\t\tReset client.\n");
- printf("\t-s\t\tStart interactive shell.\n");
- exit(1);
+int received_cb(irecv_client_t client, const irecv_event_t* event) {
+ if (event->type == IRECV_RECEIVED) {
+ int i = 0;
+ int size = event->size;
+ char* data = event->data;
+ for (i = 0; i < size; i++) {
+ printf("%c", data[i]);
+ }
+ }
+ return 0;
}
int precommand_cb(irecv_client_t client, const irecv_event_t* event) {
- irecv_error_t error = 0;
- if (event->data[0] == '/') {
- parse_command(client, event->data, strlen(event->data));
- return -1;
+ if (event->type == IRECV_PRECOMMAND) {
+ irecv_error_t error = 0;
+ if (event->data[0] == '/') {
+ parse_command(client, event->data, event->size);
+ return -1;
+ }
}
return 0;
}
int postcommand_cb(irecv_client_t client, const irecv_event_t* event) {
- irecv_error_t error = 0;
- if (strstr(event->data, "getenv") != NULL) {
- unsigned char* value = NULL;
- error = irecv_getenv(client, &value);
- if (error != IRECV_E_SUCCESS) {
- debug("%s\n", irecv_strerror(error));
- return error;
+ unsigned char* value = NULL;
+ if (event->type == IRECV_POSTCOMMAND) {
+ irecv_error_t error = 0;
+ if (strstr(event->data, "getenv") != NULL) {
+ error = irecv_getenv(client, &value);
+ if (error != IRECV_E_SUCCESS) {
+ debug("%s\n", irecv_strerror(error));
+ return error;
+ }
+ printf("%s\n", value);
}
- printf("%s\n", value);
- free(value);
- }
-
- if (!strcmp(event->data, "reboot")) {
- quit = 1;
+ if (!strcmp(event->data, "reboot")) {
+ quit = 1;
+ }
}
+ if (value != NULL) free(value);
return 0;
}
+void print_usage() {
+ printf("iRecovery - iDevice Recovery Utility\n");
+ printf("Usage: ./irecovery [args]\n");
+ printf("\t-v\t\tStart irecovery in verbose mode.\n");
+ printf("\t-c <cmd>\tSend command to client.\n");
+ printf("\t-f <file>\tSend file to client.\n");
+ printf("\t-k [payload]\tSend usb exploit to client.\n");
+ printf("\t-h\t\tShow this help.\n");
+ printf("\t-r\t\tReset client.\n");
+ printf("\t-s\t\tStart interactive shell.\n");
+ exit(1);
+}
+
int main(int argc, char** argv) {
int i = 0;
int opt = 0;
diff --git a/src/libirecovery.c b/src/libirecovery.c
index 8f029ed..a641562 100644
--- a/src/libirecovery.c
+++ b/src/libirecovery.c
@@ -27,9 +27,6 @@
#define BUFFER_SIZE 0x1000
#define debug(...) if(client->debug) fprintf(stderr, __VA_ARGS__)
-int irecv_default_sender(irecv_client_t client, unsigned char* data, int size);
-int irecv_default_receiver(irecv_client_t client, unsigned char* data, int size);
-
irecv_error_t irecv_open(irecv_client_t* pclient) {
int i = 0;
char serial[256];
@@ -41,7 +38,6 @@ irecv_error_t irecv_open(irecv_client_t* pclient) {
*pclient = NULL;
libusb_init(&usb_context);
- //libusb_init(NULL);
irecv_error_t error = IRECV_E_SUCCESS;
int usb_device_count = libusb_get_device_list(usb_context, &usb_device_list);
for (i = 0; i < usb_device_count; i++) {
@@ -49,10 +45,11 @@ irecv_error_t irecv_open(irecv_client_t* pclient) {
libusb_get_device_descriptor(usb_device, &usb_descriptor);
if (usb_descriptor.idVendor == APPLE_VENDOR_ID) {
/* verify this device is in a mode we understand */
- if (usb_descriptor.idProduct == kRecoveryMode1 || usb_descriptor.idProduct
- == kRecoveryMode2 || usb_descriptor.idProduct == kRecoveryMode3
- || usb_descriptor.idProduct == kRecoveryMode4 || usb_descriptor.idProduct
- == kDfuMode) {
+ if (usb_descriptor.idProduct == kRecoveryMode1 ||
+ usb_descriptor.idProduct == kRecoveryMode2 ||
+ usb_descriptor.idProduct == kRecoveryMode3 ||
+ usb_descriptor.idProduct == kRecoveryMode4 ||
+ usb_descriptor.idProduct == kDfuMode) {
libusb_open(usb_device, &usb_handle);
if (usb_handle == NULL) {
@@ -61,8 +58,6 @@ irecv_error_t irecv_open(irecv_client_t* pclient) {
libusb_exit(usb_context);
return IRECV_E_UNABLE_TO_CONNECT;
}
- libusb_set_debug(usb_context, 3);
-
libusb_free_device_list(usb_device_list, 1);
irecv_client_t client = (irecv_client_t) malloc(sizeof(struct irecv_client));
@@ -71,6 +66,7 @@ irecv_error_t irecv_open(irecv_client_t* pclient) {
libusb_exit(usb_context);
return IRECV_E_OUT_OF_MEMORY;
}
+
memset(client, '\0', sizeof(struct irecv_client));
client->interface = 0;
client->handle = usb_handle;
@@ -150,6 +146,10 @@ irecv_error_t irecv_reset(irecv_client_t client) {
irecv_error_t irecv_event_subscribe(irecv_client_t client, irecv_event_type type, irecv_event_cb_t callback, void* user_data) {
switch(type) {
+ case IRECV_RECEIVED:
+ client->received_callback = callback;
+ break;
+
case IRECV_PRECOMMAND:
client->precommand_callback = callback;
break;
@@ -167,6 +167,10 @@ irecv_error_t irecv_event_subscribe(irecv_client_t client, irecv_event_type type
irecv_error_t irecv_event_unsubscribe(irecv_client_t client, irecv_event_type type) {
switch(type) {
+ case IRECV_RECEIVED:
+ client->received_callback = NULL;
+ break;
+
case IRECV_PRECOMMAND:
client->precommand_callback = NULL;
break;
@@ -185,7 +189,7 @@ irecv_error_t irecv_event_unsubscribe(irecv_client_t client, irecv_event_type ty
irecv_error_t irecv_close(irecv_client_t client) {
if (client != NULL) {
if (client->handle != NULL) {
- libusb_release_interface(client->handle, 1);
+ libusb_release_interface(client->handle, client->interface);
libusb_close(client->handle);
client->handle = NULL;
}
@@ -212,39 +216,11 @@ irecv_error_t irecv_set_debug(irecv_client_t client, int level) {
return IRECV_E_SUCCESS;
}
-irecv_error_t irecv_send(irecv_client_t client, unsigned char* command) {
- if (client == NULL || client->handle == NULL) {
- return IRECV_E_NO_DEVICE;
- }
-
- unsigned int length = strlen(command);
- if (length >= 0x100) {
- length = 0xFF;
- }
-
- if (client->send_callback != NULL) {
- // Call our user defined callback first, this must return a number of bytes to send
- // or zero to abort send.
- length = client->send_callback(client, command, length);
- }
-
- if (length > 0) {
- irecv_send_command(client, command);
- }
-
- return IRECV_E_SUCCESS;
-}
-
irecv_error_t irecv_send_command(irecv_client_t client, unsigned char* command) {
if (client == NULL || client->handle == NULL) {
return IRECV_E_NO_DEVICE;
}
- /*
- irecv_error_t error = irecv_set_interface(client, 1, 1);
- if(error != IRECV_E_SUCCESS) {
- return error;
- }
- */
+
unsigned int length = strlen(command);
if (length >= 0x100) {
length = 0xFF;
@@ -252,6 +228,7 @@ irecv_error_t irecv_send_command(irecv_client_t client, unsigned char* command)
irecv_event_t event;
if(client->precommand_callback != NULL) {
+ event.size = length;
event.data = command;
event.type = IRECV_PRECOMMAND;
if(client->precommand_callback(client, &event)) {
@@ -264,6 +241,7 @@ irecv_error_t irecv_send_command(irecv_client_t client, unsigned char* command)
}
if(client->postcommand_callback != NULL) {
+ event.size = length;
event.data = command;
event.type = IRECV_POSTCOMMAND;
if(client->postcommand_callback(client, &event)) {
@@ -312,12 +290,7 @@ irecv_error_t irecv_get_status(irecv_client_t client, unsigned int* status) {
*status = 0;
return IRECV_E_NO_DEVICE;
}
- /*
- irecv_error_t error = irecv_set_interface(client, 1, 1);
- if(error != IRECV_E_SUCCESS) {
- return error;
- }
- */
+
unsigned char buffer[6];
memset(buffer, '\0', 6);
if (libusb_control_transfer(client->handle, 0xA1, 3, 0, 0, buffer, 6, 1000) != 6) {
@@ -335,12 +308,7 @@ irecv_error_t irecv_send_buffer(irecv_client_t client, unsigned char* buffer, un
if (client == NULL || client->handle == NULL) {
return IRECV_E_NO_DEVICE;
}
- /*
- error = irecv_set_interface(client, 1, 1);
- if(error != IRECV_E_SUCCESS) {
- return error;
- }
- */
+
int last = length % 0x800;
int packets = length / 0x800;
if (last != 0) {
@@ -387,54 +355,22 @@ irecv_error_t irecv_receive(irecv_client_t client) {
if (client == NULL || client->handle == NULL) {
return IRECV_E_NO_DEVICE;
}
- /*
- irecv_error_t error = irecv_set_interface(client, 1, 1);
- if(error != IRECV_E_SUCCESS) {
- return error;
- }
- */
+
int bytes = 0;
while (libusb_bulk_transfer(client->handle, 0x81, buffer, BUFFER_SIZE, &bytes, 100) == 0) {
if (bytes > 0) {
- if (client->receive_callback != NULL) {
- if (client->receive_callback(client, buffer, bytes) != bytes) {
- return IRECV_E_UNKNOWN_ERROR;
+ if (client->received_callback != NULL) {
+ irecv_event_t event;
+ event.size = bytes;
+ event.data = buffer;
+ event.type = IRECV_RECEIVED;
+ if (client->received_callback(client, &event) != 0) {
+ return IRECV_E_SUCCESS;
}
}
- } else
- break;
- }
-
- return IRECV_E_SUCCESS;
-}
-
-int irecv_default_sender(irecv_client_t client, unsigned char* data, int size) {
- return size;
-}
-
-int irecv_default_receiver(irecv_client_t client, unsigned char* data, int size) {
- int i = 0;
- for (i = 0; i < size; i++) {
- printf("%c", data[i]);
- }
- return size;
-}
-
-irecv_error_t irecv_set_receiver(irecv_client_t client, irecv_receive_callback callback) {
- if (client == NULL) {
- return IRECV_E_NO_DEVICE;
- }
-
- client->receive_callback = callback;
- return IRECV_E_SUCCESS;
-}
-
-irecv_error_t irecv_set_sender(irecv_client_t client, irecv_send_callback callback) {
- if (client == NULL) {
- return IRECV_E_NO_DEVICE;
+ } else break;
}
- client->send_callback = callback;
return IRECV_E_SUCCESS;
}
@@ -442,12 +378,7 @@ irecv_error_t irecv_getenv(irecv_client_t client, unsigned char** var) {
if (client == NULL || client->handle == NULL) {
return IRECV_E_NO_DEVICE;
}
- /*
- irecv_error_t error = irecv_set_interface(client, 1, 1);
- if(error != IRECV_E_SUCCESS) {
- return error;
- }
- */
+
unsigned char* value = (unsigned char*) malloc(256);
if (value == NULL) {
return IRECV_E_OUT_OF_MEMORY;
@@ -488,12 +419,7 @@ irecv_error_t irecv_send_exploit(irecv_client_t client) {
if (client == NULL || client->handle == NULL) {
return IRECV_E_NO_DEVICE;
}
- /*
- irecv_error_t error = irecv_set_interface(client, 1, 1);
- if(error != IRECV_E_SUCCESS) {
- return error;
- }
- */
+
libusb_control_transfer(client->handle, 0x21, 2, 0, 0, NULL, 0, 100);
return IRECV_E_SUCCESS;
}