/*
 * libirecovery.c
 * Communication to iBoot/iBSS on Apple iOS devices via USB
 *
 * Copyright (c) 2011-2019 Nikias Bassen <nikias@gmx.li>
 * Copyright (c) 2012-2015 Martin Szulecki <martin.szulecki@libimobiledevice.org>
 * Copyright (c) 2010 Chronic-Dev Team
 * Copyright (c) 2010 Joshua Hill
 * Copyright (c) 2008-2011 Nicolas Haunold
 *
 * All rights reserved. This program and the accompanying materials
 * are made available under the terms of the GNU Lesser General Public License
 * (LGPL) version 2.1 which accompanies this distribution, and is available at
 * http://www.gnu.org/licenses/lgpl-2.1.html
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * Lesser General Public License for more details.
 */

#ifdef HAVE_CONFIG_H
#include <config.h>
#endif

#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include <unistd.h>
#include <sys/stat.h>

#ifndef USE_DUMMY
#ifndef WIN32
#ifndef HAVE_IOKIT
#include <libusb.h>
#include <pthread.h>
#if (defined(LIBUSB_API_VERSION) && (LIBUSB_API_VERSION >= 0x01000102)) || (defined(LIBUSBX_API_VERSION) && (LIBUSBX_API_VERSION >= 0x01000102))
#define HAVE_LIBUSB_HOTPLUG_API 1
#endif
#else
#include <CoreFoundation/CoreFoundation.h>
#include <IOKit/usb/IOUSBLib.h>
#include <IOKit/IOCFPlugIn.h>
#include <pthread.h>
#endif
#define _FMT_qX "%qX"
#define _FMT_016llx "%016llx"
#else
#define WIN32_LEAN_AND_MEAN
#include <windows.h>
#include <setupapi.h>
#define _FMT_qX "%I64X"
#define _FMT_016llx "%016I64x"
#ifndef sleep
#define sleep(n) Sleep(1000 * n)
#endif
#endif
#endif

#ifdef WIN32
#define IRECV_API __declspec( dllexport )
#else
#ifdef HAVE_FVISIBILITY
#define IRECV_API __attribute__((visibility("default")))
#else
#define IRECV_API
#endif
#endif

#include "libirecovery.h"
#include "utils.h"
#include "thread.h"

struct irecv_client_private {
	int debug;
	int usb_config;
	int usb_interface;
	int usb_alt_interface;
	unsigned int mode;
	struct irecv_device_info device_info;
#ifndef USE_DUMMY
#ifndef WIN32
#ifndef HAVE_IOKIT
	libusb_device_handle* handle;
#else
	IOUSBDeviceInterface320 **handle;
	IOUSBInterfaceInterface300 **usbInterface;
#endif
#else
	HANDLE handle;
	HANDLE hDFU;
	HANDLE hIB;
	LPSTR iBootPath;
	LPSTR DfuPath;
#endif
	irecv_event_cb_t progress_callback;
	irecv_event_cb_t received_callback;
	irecv_event_cb_t connected_callback;
	irecv_event_cb_t precommand_callback;
	irecv_event_cb_t postcommand_callback;
	irecv_event_cb_t disconnected_callback;
#endif
};

#define USB_TIMEOUT 10000
#define APPLE_VENDOR_ID 0x05AC

#define BUFFER_SIZE 0x1000
#define debug(...) if(libirecovery_debug) fprintf(stderr, __VA_ARGS__)

static int libirecovery_debug = 0;
#ifndef USE_DUMMY
#ifndef WIN32
#ifndef HAVE_IOKIT
static libusb_context* libirecovery_context = NULL;
#endif
#endif
#endif

static struct irecv_device irecv_devices[] = {
	/* iPhone */
	{ "iPhone1,1",   "m68ap",    0x00, 0x8900, "iPhone 2G" },
	{ "iPhone1,2",   "n82ap",    0x04, 0x8900, "iPhone 3G" },
	{ "iPhone2,1",   "n88ap",    0x00, 0x8920, "iPhone 3Gs" },
	{ "iPhone3,1",   "n90ap",    0x00, 0x8930, "iPhone 4 (GSM)" },
	{ "iPhone3,2",   "n90bap",   0x04, 0x8930, "iPhone 4 (GSM) R2 2012" },
	{ "iPhone3,3",   "n92ap",    0x06, 0x8930, "iPhone 4 (CDMA)" },
	{ "iPhone4,1",   "n94ap",    0x08, 0x8940, "iPhone 4s" },
	{ "iPhone5,1",   "n41ap",    0x00, 0x8950, "iPhone 5 (GSM)" },
	{ "iPhone5,2",   "n42ap",    0x02, 0x8950, "iPhone 5 (Global)" },
	{ "iPhone5,3",   "n48ap",    0x0a, 0x8950, "iPhone 5c (GSM)" },
	{ "iPhone5,4",   "n49ap",    0x0e, 0x8950, "iPhone 5c (Global)" },
	{ "iPhone6,1",   "n51ap",    0x00, 0x8960, "iPhone 5s (GSM)" },
	{ "iPhone6,2",   "n53ap",    0x02, 0x8960, "iPhone 5s (Global)" },
	{ "iPhone7,1",   "n56ap",    0x04, 0x7000, "iPhone 6 Plus" },
	{ "iPhone7,2",   "n61ap",    0x06, 0x7000, "iPhone 6" },
	{ "iPhone8,1",   "n71ap",    0x04, 0x8000, "iPhone 6s" },
	{ "iPhone8,1",   "n71map",   0x04, 0x8003, "iPhone 6s" },
	{ "iPhone8,2",   "n66ap",    0x06, 0x8000, "iPhone 6s Plus" },
	{ "iPhone8,2",   "n66map",   0x06, 0x8003, "iPhone 6s Plus" },
	{ "iPhone8,4",   "n69ap",    0x02, 0x8003, "iPhone SE" },
	{ "iPhone8,4",   "n69uap",   0x02, 0x8000, "iPhone SE" },
	{ "iPhone9,1",   "d10ap",    0x08, 0x8010, "iPhone 7 (Global)" },
	{ "iPhone9,2",   "d11ap",    0x0a, 0x8010, "iPhone 7 Plus (Global)" },
	{ "iPhone9,3",   "d101ap",   0x0c, 0x8010, "iPhone 7 (GSM)" },
	{ "iPhone9,4",   "d111ap",   0x0e, 0x8010, "iPhone 7 Plus (GSM)" },
	{ "iPhone10,1",  "d20ap",    0x02, 0x8015, "iPhone 8 (Global)" },
	{ "iPhone10,2",  "d21ap",    0x04, 0x8015, "iPhone 8 Plus (Global)" },
	{ "iPhone10,3",  "d22ap",    0x06, 0x8015, "iPhone X (Global)" },
	{ "iPhone10,4",  "d201ap",   0x0a, 0x8015, "iPhone 8 (GSM)" },
	{ "iPhone10,5",  "d211ap",   0x0c, 0x8015, "iPhone 8 Plus (GSM)" },
	{ "iPhone10,6",  "d221ap",   0x0e, 0x8015, "iPhone X (GSM)" },
	{ "iPhone11,2",  "d321ap",   0x0e, 0x8020, "iPhone XS" },
	{ "iPhone11,4",  "d331ap",   0x0a, 0x8020, "iPhone XS Max (China)" },
	{ "iPhone11,6",  "d331pap",  0x1a, 0x8020, "iPhone XS Max" },
	{ "iPhone11,8",  "n841ap",   0x0c, 0x8020, "iPhone XR" },
	{ "iPhone12,1",  "n104ap",   0x04, 0x8030, "iPhone 11" },
	{ "iPhone12,3",  "d421ap",   0x06, 0x8030, "iPhone 11 Pro" },
	{ "iPhone12,5",  "d431ap",   0x02, 0x8030, "iPhone 11 Pro Max" },
	/* iPod */
	{ "iPod1,1",     "n45ap",    0x02, 0x8900, "iPod Touch (1st gen)" },
	{ "iPod2,1",     "n72ap",    0x00, 0x8720, "iPod Touch (2nd gen)" },
	{ "iPod3,1",     "n18ap",    0x02, 0x8922, "iPod Touch (3rd gen)" },
	{ "iPod4,1",     "n81ap",    0x08, 0x8930, "iPod Touch (4th gen)" },
	{ "iPod5,1",     "n78ap",    0x00, 0x8942, "iPod Touch (5th gen)" },
	{ "iPod7,1",     "n102ap",   0x10, 0x7000, "iPod Touch (6th gen)" },
	{ "iPod9,1",     "n112ap",   0x16, 0x8010, "iPod Touch (7th gen)" },
	/* iPad */
	{ "iPad1,1",     "k48ap",    0x02, 0x8930, "iPad" },
	{ "iPad2,1",     "k93ap",    0x04, 0x8940, "iPad 2 (WiFi)" },
	{ "iPad2,2",     "k94ap",    0x06, 0x8940, "iPad 2 (GSM)" },
	{ "iPad2,3",     "k95ap",    0x02, 0x8940, "iPad 2 (CDMA)" },
	{ "iPad2,4",     "k93aap",   0x06, 0x8942, "iPad 2 (WiFi) R2 2012" },
	{ "iPad2,5",     "p105ap",   0x0a, 0x8942, "iPad Mini (WiFi)" },
	{ "iPad2,6",     "p106ap",   0x0c, 0x8942, "iPad Mini (GSM)" },
	{ "iPad2,7",     "p107ap",   0x0e, 0x8942, "iPad Mini (Global)" },
	{ "iPad3,1",     "j1ap",     0x00, 0x8945, "iPad 3 (WiFi)" },
	{ "iPad3,2",     "j2ap",     0x02, 0x8945, "iPad 3 (CDMA)" },
	{ "iPad3,3",     "j2aap",    0x04, 0x8945, "iPad 3 (GSM)" },
	{ "iPad3,4",     "p101ap",   0x00, 0x8955, "iPad 4 (WiFi)" },
	{ "iPad3,5",     "p102ap",   0x02, 0x8955, "iPad 4 (GSM)" },
	{ "iPad3,6",     "p103ap",   0x04, 0x8955, "iPad 4 (Global)" },
	{ "iPad4,1",     "j71ap",    0x10, 0x8960, "iPad Air (WiFi)" },
	{ "iPad4,2",     "j72ap",    0x12, 0x8960, "iPad Air (Cellular)" },
	{ "iPad4,4",     "j85ap",    0x0a, 0x8960, "iPad Mini 2 (WiFi)" },
	{ "iPad4,5",     "j86ap",    0x0c, 0x8960, "iPad Mini 2 (Cellular)" },
	{ "iPad4,6",     "j87ap",    0x0e, 0x8960, "iPad Mini 2 (China)" },
	{ "iPad4,7",     "j85map",   0x32, 0x8960, "iPad Mini 3 (WiFi)" },
	{ "iPad4,8",     "j86map",   0x34, 0x8960, "iPad Mini 3 (Cellular)" },
	{ "iPad4,9",     "j87map",   0x36, 0x8960, "iPad Mini 3 (China)" },
	{ "iPad5,1",     "j96ap",    0x08, 0x7000, "iPad Mini 4 (WiFi)" },
	{ "iPad5,2",     "j97ap",    0x0A, 0x7000, "iPad Mini 4 (Cellular)" },
	{ "iPad5,3",     "j81ap",    0x06, 0x7001, "iPad Air 2 (WiFi)" },
	{ "iPad5,4",     "j82ap",    0x02, 0x7001, "iPad Air 2 (Cellular)" },
	{ "iPad6,3",     "j127ap",   0x08, 0x8001, "iPad Pro 9.7in (WiFi)" },
	{ "iPad6,4",     "j128ap",   0x0a, 0x8001, "iPad Pro 9.7in (Cellular)" },
	{ "iPad6,7",     "j98aap",   0x10, 0x8001, "iPad Pro 12.9in (WiFi)" },
	{ "iPad6,8",     "j99aap",   0x12, 0x8001, "iPad Pro 12.9in (Cellular)" },
	{ "iPad6,11",    "j71sap",   0x10, 0x8000, "iPad 5 (WiFi)" },
	{ "iPad6,11",    "j71tap",   0x10, 0x8003, "iPad 5 (WiFi)" },
	{ "iPad6,12",    "j72sap",   0x12, 0x8000, "iPad 5 (Cellular)" },
	{ "iPad6,12",    "j72tap",   0x12, 0x8003, "iPad 5 (Cellular)" },
	{ "iPad7,1",     "j120ap",   0x0C, 0x8011, "iPad Pro 2 12.9in (WiFi)" },
	{ "iPad7,2",     "j121ap",   0x0E, 0x8011, "iPad Pro 2 12.9in (Cellular)" },
	{ "iPad7,3",     "j207ap",   0x04, 0x8011, "iPad Pro 10.5in (WiFi)" },
	{ "iPad7,4",     "j208ap",   0x06, 0x8011, "iPad Pro 10.5in (Cellular)" },
	{ "iPad7,5",     "j71bap",   0x18, 0x8010, "iPad 6 (WiFi)" },
	{ "iPad7,6",     "j72bap",   0x1A, 0x8010, "iPad 6 (Cellular)" },
	{ "iPad7,11",    "j172ap",   0x1E, 0x8010, "iPad 7 (WiFi)" },
	{ "iPad7,12",    "j171ap",   0x1C, 0x8010, "iPad 7 (Cellular)" },
	{ "iPad8,1",     "j317ap",   0x0C, 0x8027, "iPad Pro 3 11in (WiFi)" },
	{ "iPad8,2",     "j317xap",  0x1C, 0x8027, "iPad Pro 3 11in (WiFi, 1TB)" },
	{ "iPad8,3",     "j318ap",   0x0E, 0x8027, "iPad Pro 3 11in (Cellular)" },
	{ "iPad8,4",     "j318xap",  0x1E, 0x8027, "iPad Pro 3 11in (Cellular, 1TB)" },
	{ "iPad8,5",     "j320ap",   0x08, 0x8027, "iPad Pro 3 12.9in (WiFi)" },
	{ "iPad8,6",     "j320xap",  0x18, 0x8027, "iPad Pro 3 12.9in (WiFi, 1TB)" },
	{ "iPad8,7",     "j321ap",   0x0A, 0x8027, "iPad Pro 3 12.9in (Cellular)" },
	{ "iPad8,8",     "j321xap",  0x1A, 0x8027, "iPad Pro 3 12.9in (Cellular, 1TB)" },
	{ "iPad11,1",    "j210ap",   0x14, 0x8020, "iPad Mini 5 (WiFi)" },
	{ "iPad11,2",    "j211ap",   0x16, 0x8020, "iPad Mini 5 (Cellular)" },
	{ "iPad11,3",    "j217ap",   0x1C, 0x8020, "iPad Air 3 (WiFi)" },
	{ "iPad11,4",    "j218ap",   0x1E, 0x8020, "iPad Air 3 (Celluar)" },
	/* Apple TV */
	{ "AppleTV2,1",  "k66ap",    0x10, 0x8930, "Apple TV 2" },
	{ "AppleTV3,1",  "j33ap",    0x08, 0x8942, "Apple TV 3" },
	{ "AppleTV3,2",  "j33iap",   0x00, 0x8947, "Apple TV 3 (2013)" },
	{ "AppleTV5,3",  "j42dap",   0x34, 0x7000, "Apple TV 4" },
	{ "AppleTV6,2",  "j105aap",  0x02, 0x8011, "Apple TV 4K" },
	{ NULL,          NULL,      -1,   -1,     NULL }
};

#ifndef USE_DUMMY
static unsigned int crc32_lookup_t1[256] = {
	0x00000000, 0x77073096, 0xEE0E612C, 0x990951BA,
	0x076DC419, 0x706AF48F, 0xE963A535, 0x9E6495A3,
	0x0EDB8832, 0x79DCB8A4, 0xE0D5E91E, 0x97D2D988,
	0x09B64C2B, 0x7EB17CBD, 0xE7B82D07, 0x90BF1D91,
	0x1DB71064, 0x6AB020F2, 0xF3B97148, 0x84BE41DE,
	0x1ADAD47D, 0x6DDDE4EB, 0xF4D4B551, 0x83D385C7,
	0x136C9856, 0x646BA8C0, 0xFD62F97A, 0x8A65C9EC,
	0x14015C4F, 0x63066CD9, 0xFA0F3D63, 0x8D080DF5,
	0x3B6E20C8, 0x4C69105E, 0xD56041E4, 0xA2677172,
	0x3C03E4D1, 0x4B04D447, 0xD20D85FD, 0xA50AB56B,
	0x35B5A8FA, 0x42B2986C, 0xDBBBC9D6, 0xACBCF940,
	0x32D86CE3, 0x45DF5C75, 0xDCD60DCF, 0xABD13D59,
	0x26D930AC, 0x51DE003A, 0xC8D75180, 0xBFD06116,
	0x21B4F4B5, 0x56B3C423, 0xCFBA9599, 0xB8BDA50F,
	0x2802B89E, 0x5F058808, 0xC60CD9B2, 0xB10BE924,
	0x2F6F7C87, 0x58684C11, 0xC1611DAB, 0xB6662D3D,
	0x76DC4190, 0x01DB7106, 0x98D220BC, 0xEFD5102A,
	0x71B18589, 0x06B6B51F, 0x9FBFE4A5, 0xE8B8D433,
	0x7807C9A2, 0x0F00F934, 0x9609A88E, 0xE10E9818,
	0x7F6A0DBB, 0x086D3D2D, 0x91646C97, 0xE6635C01,
	0x6B6B51F4, 0x1C6C6162, 0x856530D8, 0xF262004E,
	0x6C0695ED, 0x1B01A57B, 0x8208F4C1, 0xF50FC457,
	0x65B0D9C6, 0x12B7E950, 0x8BBEB8EA, 0xFCB9887C,
	0x62DD1DDF, 0x15DA2D49, 0x8CD37CF3, 0xFBD44C65,
	0x4DB26158, 0x3AB551CE, 0xA3BC0074, 0xD4BB30E2,
	0x4ADFA541, 0x3DD895D7, 0xA4D1C46D, 0xD3D6F4FB,
	0x4369E96A, 0x346ED9FC, 0xAD678846, 0xDA60B8D0,
	0x44042D73, 0x33031DE5, 0xAA0A4C5F, 0xDD0D7CC9,
	0x5005713C, 0x270241AA, 0xBE0B1010, 0xC90C2086,
	0x5768B525, 0x206F85B3, 0xB966D409, 0xCE61E49F,
	0x5EDEF90E, 0x29D9C998, 0xB0D09822, 0xC7D7A8B4,
	0x59B33D17, 0x2EB40D81, 0xB7BD5C3B, 0xC0BA6CAD,
	0xEDB88320, 0x9ABFB3B6, 0x03B6E20C, 0x74B1D29A,
	0xEAD54739, 0x9DD277AF, 0x04DB2615, 0x73DC1683,
	0xE3630B12, 0x94643B84, 0x0D6D6A3E, 0x7A6A5AA8,
	0xE40ECF0B, 0x9309FF9D, 0x0A00AE27, 0x7D079EB1,
	0xF00F9344, 0x8708A3D2, 0x1E01F268, 0x6906C2FE,
	0xF762575D, 0x806567CB, 0x196C3671, 0x6E6B06E7,
	0xFED41B76, 0x89D32BE0, 0x10DA7A5A, 0x67DD4ACC,
	0xF9B9DF6F, 0x8EBEEFF9, 0x17B7BE43, 0x60B08ED5,
	0xD6D6A3E8, 0xA1D1937E, 0x38D8C2C4, 0x4FDFF252,
	0xD1BB67F1, 0xA6BC5767, 0x3FB506DD, 0x48B2364B,
	0xD80D2BDA, 0xAF0A1B4C, 0x36034AF6, 0x41047A60,
	0xDF60EFC3, 0xA867DF55, 0x316E8EEF, 0x4669BE79,
	0xCB61B38C, 0xBC66831A, 0x256FD2A0, 0x5268E236,
	0xCC0C7795, 0xBB0B4703, 0x220216B9, 0x5505262F,
	0xC5BA3BBE, 0xB2BD0B28, 0x2BB45A92, 0x5CB36A04,
	0xC2D7FFA7, 0xB5D0CF31, 0x2CD99E8B, 0x5BDEAE1D,
	0x9B64C2B0, 0xEC63F226, 0x756AA39C, 0x026D930A,
	0x9C0906A9, 0xEB0E363F, 0x72076785, 0x05005713,
	0x95BF4A82, 0xE2B87A14, 0x7BB12BAE, 0x0CB61B38,
	0x92D28E9B, 0xE5D5BE0D, 0x7CDCEFB7, 0x0BDBDF21,
	0x86D3D2D4, 0xF1D4E242, 0x68DDB3F8, 0x1FDA836E,
	0x81BE16CD, 0xF6B9265B, 0x6FB077E1, 0x18B74777,
	0x88085AE6, 0xFF0F6A70, 0x66063BCA, 0x11010B5C,
	0x8F659EFF, 0xF862AE69, 0x616BFFD3, 0x166CCF45,
	0xA00AE278, 0xD70DD2EE, 0x4E048354, 0x3903B3C2,
	0xA7672661, 0xD06016F7, 0x4969474D, 0x3E6E77DB,
	0xAED16A4A, 0xD9D65ADC, 0x40DF0B66, 0x37D83BF0,
	0xA9BCAE53, 0xDEBB9EC5, 0x47B2CF7F, 0x30B5FFE9,
	0xBDBDF21C, 0xCABAC28A, 0x53B39330, 0x24B4A3A6,
	0xBAD03605, 0xCDD70693, 0x54DE5729, 0x23D967BF,
	0xB3667A2E, 0xC4614AB8, 0x5D681B02, 0x2A6F2B94,
	0xB40BBE37, 0xC30C8EA1, 0x5A05DF1B, 0x2D02EF8D,
};

#define crc32_step(a,b) \
	a = (crc32_lookup_t1[(a & 0xFF) ^ ((unsigned char)b)] ^ (a >> 8))

static THREAD_T th_event_handler = THREAD_T_NULL;
struct collection listeners;
static mutex_t listener_mutex;
struct collection devices;
static mutex_t device_mutex;
#ifndef WIN32
#ifdef HAVE_IOKIT
static CFRunLoopRef iokit_runloop = NULL;
#else
static libusb_context* irecv_hotplug_ctx = NULL;
#endif
#endif

static void _irecv_init(void)
{
#ifndef USE_DUMMY
#ifndef WIN32
#ifndef HAVE_IOKIT
	libusb_init(&libirecovery_context);
#endif
#endif
	collection_init(&listeners);
	mutex_init(&listener_mutex);
#endif
}

static void _irecv_deinit(void)
{
#ifndef USE_DUMMY
#ifndef WIN32
#ifndef HAVE_IOKIT
	if (libirecovery_context != NULL) {
		libusb_exit(libirecovery_context);
		libirecovery_context = NULL;
	}
#endif
#endif
	collection_free(&listeners);
	mutex_destroy(&listener_mutex);
#endif
}

static thread_once_t init_once = THREAD_ONCE_INIT;
static thread_once_t deinit_once = THREAD_ONCE_INIT;

#ifdef WIN32
BOOL WINAPI DllMain(HINSTANCE hModule, DWORD dwReason, LPVOID lpReserved)
{
	switch (dwReason) {
	case DLL_PROCESS_ATTACH:
		thread_once(&init_once, _irecv_init);
		break;
	case DLL_PROCESS_DETACH:
		thread_once(&deinit_once, _irecv_deinit);
		break;
	default:
		break;
	}
	return 1;
}
#else
static void __attribute__((constructor)) libirecovery_initialize(void)
{
	thread_once(&init_once, _irecv_init);
}

static void __attribute__((destructor)) libirecovery_deinitialize(void)
{
	thread_once(&deinit_once, _irecv_deinit);
}
#endif

#ifdef HAVE_IOKIT
static int iokit_get_string_descriptor_ascii(irecv_client_t client, uint8_t desc_index, unsigned char * buffer, int size) {

	IOReturn result;
	IOUSBDevRequest request;
	unsigned char descriptor[256];

	request.bmRequestType = USBmakebmRequestType(kUSBIn, kUSBStandard, kUSBDevice);
	request.bRequest = kUSBRqGetDescriptor;
	request.wValue = (kUSBStringDesc << 8); // | desc_index;
	request.wIndex = 0; // All languages 0x409; // language
	request.wLength = sizeof(descriptor) - 1;
	request.pData = descriptor;
	request.wLenDone = 0;

	result = (*client->handle)->DeviceRequest(client->handle, &request);
	if (result == kIOReturnNoDevice)
		return IRECV_E_NO_DEVICE;
	if (result == kIOReturnNotOpen)
		return IRECV_E_USB_STATUS;
	if (result != kIOReturnSuccess)
		return IRECV_E_UNKNOWN_ERROR;

	if (descriptor[0] >= 4) { // && descriptor[2] == 0x9 && descriptor[3] == 0x4) {

		request.wValue = (kUSBStringDesc << 8) | desc_index;
		request.wIndex = descriptor[2] + (descriptor[3] << 8);
		request.wLenDone = 0;
		result = (*client->handle)->DeviceRequest(client->handle, &request);

		if (result == kIOReturnNoDevice)
			return IRECV_E_NO_DEVICE;
		if (result == kIOReturnNotOpen)
			return IRECV_E_USB_STATUS;
		if (result != kIOReturnSuccess)
			return IRECV_E_UNKNOWN_ERROR;

		int i = 2, j = 0;
		for ( ; i < descriptor[0]; i += 2, j += 1) {
			buffer[j] = descriptor[i];
		}
		buffer[j] = 0;

		return request.wLenDone;
	}
	return IRECV_E_UNKNOWN_ERROR;
}
#endif

static int irecv_get_string_descriptor_ascii(irecv_client_t client, uint8_t desc_index, unsigned char * buffer, int size) {
#ifndef WIN32
#ifdef HAVE_IOKIT
	return iokit_get_string_descriptor_ascii(client, desc_index, buffer, size);
#else
	return libusb_get_string_descriptor_ascii(client->handle, desc_index, buffer, size);
#endif
#else
	irecv_error_t ret;
	unsigned short langid = 0;
	unsigned char data[255];
	int di, si;
	memset(data, 0, sizeof(data));
	memset(buffer, 0, size);

	ret = irecv_usb_control_transfer(client, 0x80, 0x06, (0x03 << 8) | desc_index, langid, data, sizeof(data), USB_TIMEOUT);

	if (ret < 0) return ret;
	if (data[1] != 0x03) return IRECV_E_UNKNOWN_ERROR;
	if (data[0] > ret) return IRECV_E_UNKNOWN_ERROR; 

	for (di = 0, si = 2; si < data[0]; si += 2) {
		if (di >= (size - 1)) break;
		if (data[si + 1]) {
			/* high byte */
			buffer[di++] = '?';
		} else {
			buffer[di++] = data[si];
		}
	}
	buffer[di] = 0;

	return di;
#endif
}

static void irecv_load_device_info_from_iboot_string(irecv_client_t client, const char* iboot_string)
{
	if (!client || !iboot_string) {
		return;
	}

	memset(&client->device_info, '\0', sizeof(struct irecv_device_info));

	char* ptr;

	ptr = strstr(iboot_string, "CPID:");
	if (ptr != NULL) {
		sscanf(ptr, "CPID:%x", &client->device_info.cpid);
	}

	ptr = strstr(iboot_string, "CPRV:");
	if (ptr != NULL) {
		sscanf(ptr, "CPRV:%x", &client->device_info.cprv);
	}

	ptr = strstr(iboot_string, "CPFM:");
	if (ptr != NULL) {
		sscanf(ptr, "CPFM:%x", &client->device_info.cpfm);
	}

	ptr = strstr(iboot_string, "SCEP:");
	if (ptr != NULL) {
		sscanf(ptr, "SCEP:%x", &client->device_info.scep);
	}

	ptr = strstr(iboot_string, "BDID:");
	if (ptr != NULL) {
		sscanf(ptr, "BDID:%x", &client->device_info.bdid);
	}

	ptr = strstr(iboot_string, "ECID:");
	if (ptr != NULL) {
		sscanf(ptr, "ECID:" _FMT_qX, &client->device_info.ecid);
	}

	ptr = strstr(iboot_string, "IBFL:");
	if (ptr != NULL) {
		sscanf(ptr, "IBFL:%x", &client->device_info.ibfl);
	}

	char tmp[256];
	tmp[0] = '\0';
	ptr = strstr(iboot_string, "SRNM:[");
	if(ptr != NULL) {
		sscanf(ptr, "SRNM:[%s]", tmp);
		ptr = strrchr(tmp, ']');
		if(ptr != NULL) {
			*ptr = '\0';
		}
		client->device_info.srnm = strdup(tmp);
	}

	tmp[0] = '\0';
	ptr = strstr(iboot_string, "IMEI:[");
	if(ptr != NULL) {
		sscanf(ptr, "IMEI:[%s]", tmp);
		ptr = strrchr(tmp, ']');
		if(ptr != NULL) {
			*ptr = '\0';
		}
		client->device_info.imei = strdup(tmp);
	}
}	

static void irecv_copy_nonce_with_tag(irecv_client_t client, const char* tag, unsigned char** nonce, unsigned int* nonce_size)
{
	if (!client || !tag) {
		return;
	}

	char buf[255];
	int len;

	*nonce = NULL;
	*nonce_size = 0;

	len = irecv_get_string_descriptor_ascii(client, 1, (unsigned char*) buf, 255);
	if (len < 0) {
		debug("%s: got length: %d\n", __func__, len);
		return;
	}

	buf[len] = 0;

	int taglen = strlen(tag);
	int nlen = 0;
	char* nonce_string = NULL;
	char* p = buf;
	char* colon = NULL;
	do {
		colon = strchr(p, ':');
		if (!colon)
			break;
		if (colon-taglen < p) {
			break;
		}
		char *space = strchr(colon, ' ');
		if (strncmp(colon-taglen, tag, taglen) == 0) {
			p = colon+1;
			if (!space) {
				nlen = strlen(p);
			} else {
				nlen = space-p;
			}
			nonce_string = p;
			nlen/=2;
			break;
		} else {
			if (!space) {
				break;
			} else {
				p = space+1;
			}
		}
	} while (colon);

	if (nlen == 0) {
		debug("%s: WARNING: couldn't find tag %s in string %s\n", __func__, tag, buf);
		return;
	}

	unsigned char *nn = malloc(nlen);
	if (!nn) {
		return;
	}

	int i = 0;
	for (i = 0; i < nlen; i++) {
		int val = 0;
		if (sscanf(nonce_string+(i*2), "%02X", &val) == 1) {
			nn[i] = (unsigned char)val;
		} else {
			debug("%s: ERROR: unexpected data in nonce result (%2s)\n", __func__, nonce_string+(i*2));
			break;
		}
	}

	if (i != nlen) {
		debug("%s: ERROR: unable to parse nonce\n", __func__);
		free(nn);
		return;
	}

	*nonce = nn;
	*nonce_size = nlen;
}

#ifdef WIN32
static const GUID GUID_DEVINTERFACE_IBOOT = {0xED82A167L, 0xD61A, 0x4AF6, {0x9A, 0xB6, 0x11, 0xE5, 0x22, 0x36, 0xC5, 0x76}};
static const GUID GUID_DEVINTERFACE_DFU = {0xB8085869L, 0xFEB9, 0x404B, {0x8C, 0xB1, 0x1E, 0x5C, 0x14, 0xFA, 0x8C, 0x54}};

typedef struct usb_control_request {
	uint8_t bmRequestType;
	uint8_t bRequest;
	uint16_t wValue;
	uint16_t wIndex;
	uint16_t wLength;

	char data[];
} usb_control_request;

irecv_error_t mobiledevice_openpipes(irecv_client_t client);
void mobiledevice_closepipes(irecv_client_t client);
irecv_error_t mobiledevice_connect(irecv_client_t* client, unsigned long long ecid);

irecv_error_t mobiledevice_connect(irecv_client_t* client, unsigned long long ecid) {
	int found = 0;
	SP_DEVICE_INTERFACE_DATA currentInterface;
	HDEVINFO usbDevices;
	DWORD i;
	irecv_client_t _client = (irecv_client_t) malloc(sizeof(struct irecv_client_private));
	memset(_client, 0, sizeof(struct irecv_client_private));

	/* get DFU paths */
	usbDevices = SetupDiGetClassDevs(&GUID_DEVINTERFACE_DFU, NULL, NULL, DIGCF_PRESENT | DIGCF_DEVICEINTERFACE);
	memset(&currentInterface, '\0', sizeof(SP_DEVICE_INTERFACE_DATA));
	currentInterface.cbSize = sizeof(SP_DEVICE_INTERFACE_DATA);
	for(i = 0; usbDevices && SetupDiEnumDeviceInterfaces(usbDevices, NULL, &GUID_DEVINTERFACE_DFU, i, &currentInterface); i++) {
		free(_client->DfuPath);
		_client->DfuPath = NULL;
		_client->handle = NULL;
		DWORD requiredSize = 0;
		PSP_DEVICE_INTERFACE_DETAIL_DATA details;
		SetupDiGetDeviceInterfaceDetail(usbDevices, &currentInterface, NULL, 0, &requiredSize, NULL);
		details = (PSP_DEVICE_INTERFACE_DETAIL_DATA) malloc(requiredSize);
		details->cbSize = sizeof(SP_DEVICE_INTERFACE_DETAIL_DATA);
		if(!SetupDiGetDeviceInterfaceDetail(usbDevices, &currentInterface, details, requiredSize, NULL, NULL)) {
			free(details);
			continue;
		} else {
			LPSTR result = (LPSTR) malloc(requiredSize - sizeof(DWORD));
			memcpy((void*) result, details->DevicePath, requiredSize - sizeof(DWORD));
			free(details);

			_client->DfuPath = result;
			if (mobiledevice_openpipes(_client) != IRECV_E_SUCCESS) {
				mobiledevice_closepipes(_client);
				continue;
			}

			if (ecid == IRECV_K_WTF_MODE) {
				if (_client->mode != IRECV_K_WTF_MODE) {
					/* special ecid case, ignore !IRECV_K_WTF_MODE */
					continue;
				} else {
					ecid = 0;
				}
			}

			if ((ecid != 0) && (_client->mode == IRECV_K_WTF_MODE)) {
				/* we can't get ecid in WTF mode */
				mobiledevice_closepipes(_client);
				continue;
			}

			char serial_str[256];
			char *p = result + strlen(result) - 1;
			while (p-- && p > result) {
				if (*p == '\\' && (strncmp(p, "\\usb", 4) == 0)) {
					break;
				}
			}
			serial_str[0] = '\0';
			if (!p || (sscanf(p, "\\usb#vid_%*04x&pid_%*04x#%s", serial_str) != 1) || (serial_str[0] == '\0')) {
				mobiledevice_closepipes(_client);
				continue;
			}

			p = strchr(serial_str, '#');
			if (p) {
				*p = '\0';
			}

			unsigned int j;
			for (j = 0; j < strlen(serial_str); j++) {
				if (serial_str[j] == '_') {
					serial_str[j] = ' ';
				} else {
					serial_str[j] = toupper(serial_str[j]);
				}
			}

			irecv_load_device_info_from_iboot_string(_client, serial_str);
			irecv_copy_nonce_with_tag(_client, "NONC", &_client->device_info.ap_nonce, &_client->device_info.ap_nonce_size);
			irecv_copy_nonce_with_tag(_client, "SNON", &_client->device_info.sep_nonce, &_client->device_info.sep_nonce_size);

			if (ecid != 0) {
				if (_client->device_info.ecid != ecid) {
					mobiledevice_closepipes(_client);
					continue;
				}
				debug("found device with ECID " _FMT_016llx "\n", (unsigned long long)ecid);
			}
			found = 1;
			break;
		}
	}
	SetupDiDestroyDeviceInfoList(usbDevices);

	if (found) {
		*client = _client;
		return IRECV_E_SUCCESS;
	}

	/* get iBoot path */
	usbDevices = SetupDiGetClassDevs(&GUID_DEVINTERFACE_IBOOT, NULL, NULL, DIGCF_PRESENT | DIGCF_DEVICEINTERFACE);
	memset(&currentInterface, '\0', sizeof(SP_DEVICE_INTERFACE_DATA));
	currentInterface.cbSize = sizeof(SP_DEVICE_INTERFACE_DATA);
	for(i = 0; usbDevices && SetupDiEnumDeviceInterfaces(usbDevices, NULL, &GUID_DEVINTERFACE_IBOOT, i, &currentInterface); i++) {
		free(_client->iBootPath);
		_client->iBootPath = NULL;
		_client->handle = NULL;
		DWORD requiredSize = 0;
		PSP_DEVICE_INTERFACE_DETAIL_DATA details;
		SetupDiGetDeviceInterfaceDetail(usbDevices, &currentInterface, NULL, 0, &requiredSize, NULL);
		details = (PSP_DEVICE_INTERFACE_DETAIL_DATA) malloc(requiredSize);
		details->cbSize = sizeof(SP_DEVICE_INTERFACE_DETAIL_DATA);
		if(!SetupDiGetDeviceInterfaceDetail(usbDevices, &currentInterface, details, requiredSize, NULL, NULL)) {
			free(details);
			continue;
		} else {
			LPSTR result = (LPSTR) malloc(requiredSize - sizeof(DWORD));
			memcpy((void*) result, details->DevicePath, requiredSize - sizeof(DWORD));
			free(details);

			_client->iBootPath = result;
			if (mobiledevice_openpipes(_client) != IRECV_E_SUCCESS) {
				mobiledevice_closepipes(_client);
				continue;
			}

			if ((ecid != 0) && (_client->mode == IRECV_K_WTF_MODE)) {
				/* we can't get ecid in WTF mode */
				mobiledevice_closepipes(_client);
				continue;
			}

			char serial_str[256];
			char *p = result + strlen(result) - 1;
			while (p-- && p > result) {
				if (*p == '\\' && (strncmp(p, "\\usb", 4) == 0)) {
					break;
				}
			}
			serial_str[0] = '\0';
			if (!p || (sscanf(p, "\\usb#vid_%*04x&pid_%*04x#%s", serial_str) != 1) || (serial_str[0] == '\0')) {
				mobiledevice_closepipes(_client);
				continue;
			}

			p = strchr(serial_str, '#');
			if (p) {
				*p = '\0';
			}

			unsigned int j;
			for (j = 0; j < strlen(serial_str); j++) {
				if (serial_str[j] == '_') {
					serial_str[j] = ' ';
				} else {
					serial_str[j] = toupper(serial_str[j]);	
				}
			}

			irecv_load_device_info_from_iboot_string(_client, serial_str);
			irecv_copy_nonce_with_tag(_client, "NONC", &_client->device_info.ap_nonce, &_client->device_info.ap_nonce_size);
			irecv_copy_nonce_with_tag(_client, "SNON", &_client->device_info.sep_nonce, &_client->device_info.sep_nonce_size);

			if (ecid != 0) {
				if (_client->device_info.ecid != ecid) {
					mobiledevice_closepipes(_client);
					continue;
				}
				debug("found device with ECID " _FMT_016llx" \n", (unsigned long long)ecid);
			}
			found = 1;
			break;
		}
	}
	SetupDiDestroyDeviceInfoList(usbDevices);

	if (!found) {
		irecv_close(_client);
		return IRECV_E_UNABLE_TO_CONNECT;
	}

	*client = _client;

	return IRECV_E_SUCCESS;
}

irecv_error_t mobiledevice_openpipes(irecv_client_t client) {
	if (client->iBootPath && !(client->hIB = CreateFile(client->iBootPath, GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, FILE_FLAG_OVERLAPPED, NULL))) {
		irecv_close(client);
		return IRECV_E_UNABLE_TO_CONNECT;
	}

	if (client->DfuPath && !(client->hDFU = CreateFile(client->DfuPath, GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, FILE_FLAG_OVERLAPPED, NULL))) {
		irecv_close(client);
		return IRECV_E_UNABLE_TO_CONNECT;
	}

	client->mode = 0;
	if (client->iBootPath == NULL) {
		if (strncmp(client->DfuPath, "\\\\?\\usb#vid_05ac&pid_", 21) == 0) {
			sscanf(client->DfuPath+21, "%x#", &client->mode);
		}
		client->handle = client->hDFU;
	} else {
		if (strncmp(client->iBootPath, "\\\\?\\usb#vid_05ac&pid_", 21) == 0) {
			sscanf(client->iBootPath+21, "%x#", &client->mode);
		}
		client->handle = client->hIB;
	}

	if (client->mode == 0) {
		irecv_close(client);
		return IRECV_E_UNABLE_TO_CONNECT;
	}

	return IRECV_E_SUCCESS;
}

void mobiledevice_closepipes(irecv_client_t client) {
	if (client->hDFU!=NULL) {
		CloseHandle(client->hDFU);
		client->hDFU = NULL;
	}
	if (client->hIB!=NULL) {
		CloseHandle(client->hIB);
		client->hIB = NULL;
	}
}
#endif

#ifdef HAVE_IOKIT
static void iokit_cfdictionary_set_short(CFMutableDictionaryRef dict, const void *key, SInt16 value)
{
	CFNumberRef numberRef;

	numberRef = CFNumberCreate(kCFAllocatorDefault, kCFNumberShortType, &value);
	if (numberRef) {
		CFDictionarySetValue(dict, key, numberRef);
		CFRelease(numberRef);
	}
}
#endif

static int check_context(irecv_client_t client) {
	if (client == NULL || client->handle == NULL) {
		return IRECV_E_NO_DEVICE;
	}

	return IRECV_E_SUCCESS;
}
#endif

IRECV_API void irecv_init(void)
{
	thread_once(&init_once, _irecv_init);
}

IRECV_API void irecv_exit(void)
{
	thread_once(&deinit_once, _irecv_deinit);
}

#ifndef USE_DUMMY
#ifdef HAVE_IOKIT
static int iokit_usb_control_transfer(irecv_client_t client, uint8_t bm_request_type, uint8_t b_request, uint16_t w_value, uint16_t w_index, unsigned char *data, uint16_t w_length, unsigned int timeout)
{
	IOReturn result;
	IOUSBDevRequestTO req;

	bzero(&req, sizeof(req));
	req.bmRequestType     = bm_request_type;
	req.bRequest          = b_request;
	req.wValue            = OSSwapLittleToHostInt16(w_value);
	req.wIndex            = OSSwapLittleToHostInt16(w_index);
	req.wLength           = OSSwapLittleToHostInt16(w_length);
	req.pData             = data;
	req.noDataTimeout     = timeout;
	req.completionTimeout = timeout;

	result = (*client->handle)->DeviceRequestTO(client->handle, &req);
	switch (result) {
		case kIOReturnSuccess:         return req.wLenDone;
		case kIOReturnTimeout:         return IRECV_E_TIMEOUT;
		case kIOUSBTransactionTimeout: return IRECV_E_TIMEOUT;
		case kIOReturnNotResponding:   return IRECV_E_NO_DEVICE;
		case kIOReturnNoDevice:	       return IRECV_E_NO_DEVICE;
		default:
			return IRECV_E_UNKNOWN_ERROR;
	}
}
#else
#ifdef __APPLE__
	void dummy_callback(void) { }
#endif
#endif
#endif

IRECV_API int irecv_usb_control_transfer(irecv_client_t client, uint8_t bm_request_type, uint8_t b_request, uint16_t w_value, uint16_t w_index, unsigned char *data, uint16_t w_length, unsigned int timeout) {
#ifdef USE_DUMMY
	return IRECV_E_UNSUPPORTED;
#else
#ifndef WIN32
#ifdef HAVE_IOKIT
	return iokit_usb_control_transfer(client, bm_request_type, b_request, w_value, w_index, data, w_length, timeout);
#else
	return libusb_control_transfer(client->handle, bm_request_type, b_request, w_value, w_index, data, w_length, timeout);
#endif
#else
	DWORD count = 0;
	BOOL bRet;
	OVERLAPPED overlapped;

	if (data == NULL)
		w_length = 0;

	usb_control_request* packet = (usb_control_request*) malloc(sizeof(usb_control_request) + w_length);
	packet->bmRequestType = bm_request_type;
	packet->bRequest = b_request;
	packet->wValue = w_value;
	packet->wIndex = w_index;
	packet->wLength = w_length;
	
	if (bm_request_type < 0x80 && w_length > 0) {
		memcpy(packet->data, data, w_length);
	}

	memset(&overlapped, 0, sizeof(overlapped));
	overlapped.hEvent = CreateEvent(NULL, TRUE, FALSE, NULL);
	DeviceIoControl(client->handle, 0x2200A0, packet, sizeof(usb_control_request) + w_length, packet, sizeof(usb_control_request) + w_length, NULL, &overlapped);
	WaitForSingleObject(overlapped.hEvent, timeout);
	bRet = GetOverlappedResult(client->handle, &overlapped, &count, FALSE);
	CloseHandle(overlapped.hEvent);
	if (!bRet) {
		CancelIo(client->handle);
		free(packet);
		return -1;
	}

	count -= sizeof(usb_control_request);
	if (count > 0) {
		if (bm_request_type >= 0x80) {
			memcpy(data, packet->data, count);
		}
	}
	free(packet);

	return count;
#endif
#endif
}

#ifndef USE_DUMMY
#ifdef HAVE_IOKIT
static int iokit_usb_bulk_transfer(irecv_client_t client,
						unsigned char endpoint,
						unsigned char *data,
						int length,
						int *transferred,
						unsigned int timeout) {

	IOReturn result;
	IOUSBInterfaceInterface300 **intf = client->usbInterface;
	UInt32 size = length;
	UInt8 transferDirection = endpoint & kUSBbEndpointDirectionMask;
	UInt8 numEndpoints;
	UInt8 pipeRef = 1;

	if (!intf) return IRECV_E_USB_INTERFACE;

	result = (*intf)->GetNumEndpoints(intf, &numEndpoints);

	if (result != kIOReturnSuccess || pipeRef > numEndpoints)
		return IRECV_E_USB_INTERFACE;

	// Just because
	result = (*intf)->GetPipeStatus(intf, pipeRef);
	switch (result) {
		case kIOReturnSuccess:  break;
		case kIOReturnNoDevice: return IRECV_E_NO_DEVICE;
		case kIOReturnNotOpen:  return IRECV_E_UNABLE_TO_CONNECT;
		default:                return IRECV_E_USB_STATUS;
	}

	// Do the transfer
	if (transferDirection == kUSBEndpointDirectionIn) {
		result = (*intf)->ReadPipeTO(intf, pipeRef, data, &size, timeout, timeout);
		if (result != kIOReturnSuccess)
			return IRECV_E_PIPE;
		*transferred = size;

		return IRECV_E_SUCCESS;
	}
	else {
		// IOUSBInterfaceClass::interfaceWritePipe (intf?, pipeRef==1, data, size=0x8000)
		result = (*intf)->WritePipeTO(intf, pipeRef, data, size, timeout, timeout);
		if (result != kIOReturnSuccess)
			return IRECV_E_PIPE;
		*transferred = size;

		return IRECV_E_SUCCESS;
	}

	return IRECV_E_USB_INTERFACE;
}
#endif
#endif

IRECV_API int irecv_usb_bulk_transfer(irecv_client_t client,
							unsigned char endpoint,
							unsigned char *data,
							int length,
							int *transferred,
							unsigned int timeout) {
#ifdef USE_DUMMY
	return IRECV_E_UNSUPPORTED;
#else
	int ret;

#ifndef WIN32
#ifdef HAVE_IOKIT
	return iokit_usb_bulk_transfer(client, endpoint, data, length, transferred, timeout);
#else
	ret = libusb_bulk_transfer(client->handle, endpoint, data, length, transferred, timeout);
	if (ret < 0) {
		libusb_clear_halt(client->handle, endpoint);
	}
#endif
#else
	if (endpoint==0x4) {
		ret = DeviceIoControl(client->handle, 0x220195, data, length, data, length, (PDWORD) transferred, NULL);
	} else {
		ret = 0;
	}
	ret = (ret==0) ? -1 : 0;
#endif

	return ret;
#endif
}

#ifndef USE_DUMMY
#ifdef HAVE_IOKIT
static irecv_error_t iokit_usb_open_service(irecv_client_t *pclient, io_service_t service) {

	IOReturn result;
	irecv_error_t error;
	irecv_client_t client;
	SInt32 score;
	UInt16 mode;
	UInt32 locationID;
	IOCFPlugInInterface **plug = NULL;
	CFStringRef serialString;

	client = (irecv_client_t) calloc( 1, sizeof(struct irecv_client_private));

	// Create the plug-in
	result = IOCreatePlugInInterfaceForService(service, kIOUSBDeviceUserClientTypeID, kIOCFPlugInInterfaceID, &plug, &score);
	if (result != kIOReturnSuccess) {
		IOObjectRelease(service);
		free(client);
		return IRECV_E_UNKNOWN_ERROR;
	}

	// Cache the serial string before discarding the service. The service object
	// has a cached copy, so a request to the hardware device is not required.
	char serial_str[256];
	serial_str[0] = '\0';
	serialString = IORegistryEntryCreateCFProperty(service, CFSTR(kUSBSerialNumberString), kCFAllocatorDefault, 0);
	if (serialString) {
		CFStringGetCString(serialString, serial_str, sizeof(serial_str), kCFStringEncodingUTF8);
		CFRelease(serialString);
	}
	irecv_load_device_info_from_iboot_string(client, serial_str);

	IOObjectRelease(service);

	// Create the device interface
	result = (*plug)->QueryInterface(plug, CFUUIDGetUUIDBytes(kIOUSBDeviceInterfaceID320), (LPVOID *)&(client->handle));
	IODestroyPlugInInterface(plug);
	if (result != kIOReturnSuccess) {
		free(client);
		return IRECV_E_UNKNOWN_ERROR;
	}

	(*client->handle)->GetDeviceProduct(client->handle, &mode);
	(*client->handle)->GetLocationID(client->handle, &locationID);
	client->mode = mode;
	debug("opening device %04x:%04x @ %#010x...\n", kAppleVendorID, client->mode, locationID);

	result = (*client->handle)->USBDeviceOpenSeize(client->handle);
	if (result != kIOReturnSuccess) {
		(*client->handle)->Release(client->handle);
		free(client);
		return IRECV_E_UNABLE_TO_CONNECT;
	}

	irecv_copy_nonce_with_tag(client, "NONC", &client->device_info.ap_nonce, &client->device_info.ap_nonce_size);
	irecv_copy_nonce_with_tag(client, "SNON", &client->device_info.sep_nonce, &client->device_info.sep_nonce_size);

	error = irecv_usb_set_configuration(client, 1);
	if (error != IRECV_E_SUCCESS) {
		free(client);
		return error;
	}

	// DFU mode has no endpoints, so no need to open the interface
	if (client->mode == IRECV_K_DFU_MODE || client->mode == IRECV_K_WTF_MODE) {

		error = irecv_usb_set_interface(client, 0, 0);
		if (error != IRECV_E_SUCCESS) {
			free(client);
			return error;
		}
	}
	else {
		error = irecv_usb_set_interface(client, 0, 0);
		if (error != IRECV_E_SUCCESS) {
			free(client);
			return error;
		}
		if (client->mode > IRECV_K_RECOVERY_MODE_2) {
			error = irecv_usb_set_interface(client, 1, 1);
			if (error != IRECV_E_SUCCESS) {
				free(client);
				return error;
			}
		}
	}

	*pclient = client;
	return IRECV_E_SUCCESS;
}

static io_iterator_t iokit_usb_get_iterator_for_pid(UInt16 pid) {

	IOReturn result;
	io_iterator_t iterator;
	CFMutableDictionaryRef matchingDict;

	matchingDict = IOServiceMatching(kIOUSBDeviceClassName);
	iokit_cfdictionary_set_short(matchingDict, CFSTR(kUSBVendorID), kAppleVendorID);
	iokit_cfdictionary_set_short(matchingDict, CFSTR(kUSBProductID), pid);

	result = IOServiceGetMatchingServices(kIOMasterPortDefault, matchingDict, &iterator);
	if (result != kIOReturnSuccess)
		return IO_OBJECT_NULL;

	return iterator;
}

static irecv_error_t iokit_open_with_ecid(irecv_client_t* pclient, unsigned long long ecid) {

	io_service_t service, ret_service;
	io_iterator_t iterator;
	CFStringRef usbSerial = NULL;
	CFStringRef ecidString = NULL;
	CFRange range;

	UInt16 wtf_pids[] = { IRECV_K_WTF_MODE, 0};
	UInt16 all_pids[] = { IRECV_K_WTF_MODE, IRECV_K_DFU_MODE, IRECV_K_RECOVERY_MODE_1, IRECV_K_RECOVERY_MODE_2, IRECV_K_RECOVERY_MODE_3, IRECV_K_RECOVERY_MODE_4, 0 };
	UInt16 *pids = all_pids;
	int i;

	if (pclient == NULL) {
		debug("%s: pclient parameter is null\n", __func__);
		return IRECV_E_INVALID_INPUT;
	}
	if (ecid == IRECV_K_WTF_MODE) {
		/* special ecid case, ignore !IRECV_K_WTF_MODE */
		pids = wtf_pids;
		ecid = 0;
	}

	if (ecid > 0) {
		ecidString = CFStringCreateWithFormat(kCFAllocatorDefault, NULL, CFSTR("%llX"), ecid);
		if (ecidString == NULL) {
			debug("%s: failed to create ECID string\n", __func__);
			return IRECV_E_UNABLE_TO_CONNECT;
		}
	}

	*pclient = NULL;
	ret_service = IO_OBJECT_NULL;

	for (i = 0; (pids[i] > 0 && ret_service == IO_OBJECT_NULL) ; i++) {

		iterator = iokit_usb_get_iterator_for_pid(pids[i]);
		if (iterator) {
			while ((service = IOIteratorNext(iterator))) {

				if (ecid == 0) {
					ret_service = service;
					break;
				}
				usbSerial = IORegistryEntryCreateCFProperty(service, CFSTR(kUSBSerialNumberString), kCFAllocatorDefault, 0);
				if (usbSerial == NULL) {
					debug("%s: failed to create USB serial string property\n", __func__);
					IOObjectRelease(service);
					continue;
				}

				range = CFStringFind(usbSerial, ecidString, kCFCompareCaseInsensitive);
				if (range.location == kCFNotFound) {
					IOObjectRelease(service);
				} else {
					ret_service = service;
					break;
				}
			}
			if (usbSerial) {
				CFRelease(usbSerial);
				usbSerial = NULL;
			}
			IOObjectRelease(iterator);
		}
	}

	if (ecidString)
		CFRelease(ecidString);

	if (ret_service == IO_OBJECT_NULL)
		return IRECV_E_UNABLE_TO_CONNECT;

	return iokit_usb_open_service(pclient, ret_service);
}
#endif
#endif

IRECV_API irecv_error_t irecv_open_with_ecid(irecv_client_t* pclient, unsigned long long ecid) {
#ifdef USE_DUMMY
	return IRECV_E_UNSUPPORTED;
#else
	int ret = IRECV_E_UNABLE_TO_CONNECT;

	if(libirecovery_debug) {
		irecv_set_debug_level(libirecovery_debug);
	}
#ifndef WIN32
#ifdef HAVE_IOKIT
	ret = iokit_open_with_ecid(pclient, ecid);
#else
	int i = 0;
	struct libusb_device* usb_device = NULL;
	struct libusb_device** usb_device_list = NULL;
	struct libusb_device_descriptor usb_descriptor;

	*pclient = NULL;
	irecv_error_t error = IRECV_E_SUCCESS;
	int usb_device_count = libusb_get_device_list(libirecovery_context, &usb_device_list);
	for (i = 0; i < usb_device_count; i++) {
		usb_device = usb_device_list[i];
		libusb_get_device_descriptor(usb_device, &usb_descriptor);
		if (usb_descriptor.idVendor == APPLE_VENDOR_ID) {
			/* verify this device is in a mode we understand */
			if (usb_descriptor.idProduct == IRECV_K_RECOVERY_MODE_1 ||
				usb_descriptor.idProduct == IRECV_K_RECOVERY_MODE_2 ||
				usb_descriptor.idProduct == IRECV_K_RECOVERY_MODE_3 ||
				usb_descriptor.idProduct == IRECV_K_RECOVERY_MODE_4 ||
				usb_descriptor.idProduct == IRECV_K_WTF_MODE ||
				usb_descriptor.idProduct == IRECV_K_DFU_MODE) {

				if (ecid == IRECV_K_WTF_MODE) {
					if (usb_descriptor.idProduct != IRECV_K_WTF_MODE) {
						/* special ecid case, ignore !IRECV_K_WTF_MODE */
						continue;
					} else {
						ecid = 0;
					}
				}

				if ((ecid != 0) && (usb_descriptor.idProduct == IRECV_K_WTF_MODE)) {
					/* we can't get ecid in WTF mode */
					continue;
				}

				debug("opening device %04x:%04x...\n", usb_descriptor.idVendor, usb_descriptor.idProduct);

				struct libusb_device_handle* usb_handle = NULL;
				int libusb_error = libusb_open(usb_device, &usb_handle);
				if (usb_handle == NULL || libusb_error != 0) {
					debug("%s: can't connect to device: %s\n", __func__, libusb_error_name(libusb_error));

					libusb_close(usb_handle);
					if (ecid != 0) {
						continue;
					}
					libusb_free_device_list(usb_device_list, 1);
					return IRECV_E_UNABLE_TO_CONNECT;
				}

				irecv_client_t client = (irecv_client_t) malloc(sizeof(struct irecv_client_private));
				if (client == NULL) {
					libusb_free_device_list(usb_device_list, 1);
					libusb_close(usb_handle);
					return IRECV_E_OUT_OF_MEMORY;
				}

				memset(client, '\0', sizeof(struct irecv_client_private));
				client->usb_interface = 0;
				client->handle = usb_handle;
				client->mode = usb_descriptor.idProduct;

				char serial_str[256];
				irecv_get_string_descriptor_ascii(client, usb_descriptor.iSerialNumber, (unsigned char*)serial_str, 255);

				irecv_load_device_info_from_iboot_string(client, serial_str);

				irecv_copy_nonce_with_tag(client, "NONC", &client->device_info.ap_nonce, &client->device_info.ap_nonce_size);
				irecv_copy_nonce_with_tag(client, "SNON", &client->device_info.sep_nonce, &client->device_info.sep_nonce_size);

				if (ecid != 0) {
					if (client->device_info.ecid != ecid) {
						irecv_close(client);
						continue;
					}
					debug("found device with ECID " _FMT_016llx "\n", (unsigned long long)ecid);
				}

				error = irecv_usb_set_configuration(client, 1);
				if (error != IRECV_E_SUCCESS) {
					libusb_free_device_list(usb_device_list, 1);
					irecv_close(client);
					return error;
				}

				if ((client->mode != IRECV_K_DFU_MODE) && (client->mode != IRECV_K_WTF_MODE)) {
					error = irecv_usb_set_interface(client, 0, 0);
					if (client->mode > IRECV_K_RECOVERY_MODE_2) {
						error = irecv_usb_set_interface(client, 1, 1);
					}
				} else {
					error = irecv_usb_set_interface(client, 0, 0);
				}

				if (error != IRECV_E_SUCCESS) {
					libusb_free_device_list(usb_device_list, 1);
					irecv_close(client);
					return error;
				}

				*pclient = client;

				libusb_free_device_list(usb_device_list, 1);

				ret = IRECV_E_SUCCESS;
			}
		}
	}
#endif
#else
	ret = mobiledevice_connect(pclient, ecid);
	if (ret == IRECV_E_SUCCESS) {
		irecv_client_t client = *pclient;
		int error = IRECV_E_SUCCESS;
		if ((client->mode != IRECV_K_DFU_MODE) && (client->mode != IRECV_K_WTF_MODE)) {
			error = irecv_usb_set_interface(client, 0, 0);
			if (client->mode > IRECV_K_RECOVERY_MODE_2) {
				error = irecv_usb_set_interface(client, 1, 1);
			}
		} else {
			error = irecv_usb_set_interface(client, 0, 0);
		}
		if (error != IRECV_E_SUCCESS) {
			debug("WARNING: set interface failed, error %d\n", error);
		}
	}
#endif
	if (ret == IRECV_E_SUCCESS) {
		if ((*pclient)->connected_callback != NULL) {
			irecv_event_t event;
			event.size = 0;
			event.data = NULL;
			event.progress = 0;
			event.type = IRECV_CONNECTED;
			(*pclient)->connected_callback(*pclient, &event);
		}
	}
	return ret;
#endif
}

IRECV_API irecv_error_t irecv_usb_set_configuration(irecv_client_t client, int configuration) {
#ifdef USE_DUMMY
	return IRECV_E_UNSUPPORTED;
#else
	if (check_context(client) != IRECV_E_SUCCESS)
		return IRECV_E_NO_DEVICE;

#ifndef WIN32
	debug("Setting to configuration %d\n", configuration);

#ifdef HAVE_IOKIT
	IOReturn result;

	result = (*client->handle)->SetConfiguration(client->handle, configuration);
	if (result != kIOReturnSuccess) {
		debug("error setting configuration: %#x\n", result);
		return IRECV_E_USB_CONFIGURATION;
	}
#else
	int current = 0;
	libusb_get_configuration(client->handle, &current);
	if (current != configuration) {
		if (libusb_set_configuration(client->handle, configuration) < 0) {
			return IRECV_E_USB_CONFIGURATION;
		}
	}
#endif
	client->usb_config = configuration;
#endif

	return IRECV_E_SUCCESS;
#endif
}

#ifndef USE_DUMMY
#ifdef HAVE_IOKIT
static IOReturn iokit_usb_get_interface(IOUSBDeviceInterface320 **device, uint8_t ifc, io_service_t *usbInterfacep) {

	IOUSBFindInterfaceRequest request;
	uint8_t                   current_interface;
	kern_return_t             kresult;
	io_iterator_t             interface_iterator;

	*usbInterfacep = IO_OBJECT_NULL;

	request.bInterfaceClass    = kIOUSBFindInterfaceDontCare;
	request.bInterfaceSubClass = kIOUSBFindInterfaceDontCare;
	request.bInterfaceProtocol = kIOUSBFindInterfaceDontCare;
	request.bAlternateSetting  = kIOUSBFindInterfaceDontCare;

	kresult = (*device)->CreateInterfaceIterator(device, &request, &interface_iterator);
	if (kresult)
		return kresult;

	for ( current_interface = 0 ; current_interface <= ifc ; current_interface++ ) {
		*usbInterfacep = IOIteratorNext(interface_iterator);
		if (current_interface != ifc)
			(void) IOObjectRelease (*usbInterfacep);
	}
	IOObjectRelease(interface_iterator);

	return kIOReturnSuccess;
}

static irecv_error_t iokit_usb_set_interface(irecv_client_t client, int usb_interface, int usb_alt_interface) {
	IOReturn result;
	io_service_t interface_service = IO_OBJECT_NULL;
	IOCFPlugInInterface **plugInInterface = NULL;
	SInt32 score;

	// Close current interface
	if (client->usbInterface) {
		result = (*client->usbInterface)->USBInterfaceClose(client->usbInterface);
		result = (*client->usbInterface)->Release(client->usbInterface);
		client->usbInterface = NULL;
	}

	result = iokit_usb_get_interface(client->handle, usb_interface, &interface_service);
	if (result != kIOReturnSuccess) {
		debug("failed to find requested interface: %d\n", usb_interface);
		return IRECV_E_USB_INTERFACE;
	}

	result = IOCreatePlugInInterfaceForService(interface_service, kIOUSBInterfaceUserClientTypeID, kIOCFPlugInInterfaceID, &plugInInterface, &score);
	IOObjectRelease(interface_service);
	if (result != kIOReturnSuccess) {
		debug("error creating plug-in interface: %#x\n", result);
		return IRECV_E_USB_INTERFACE;
	}

	result = (*plugInInterface)->QueryInterface(plugInInterface, CFUUIDGetUUIDBytes(kIOUSBInterfaceInterfaceID300), (LPVOID)&client->usbInterface);
	IODestroyPlugInInterface(plugInInterface);
	if (result != kIOReturnSuccess) {
		debug("error creating interface interface: %#x\n", result);
		return IRECV_E_USB_INTERFACE;
	}

	result = (*client->usbInterface)->USBInterfaceOpen(client->usbInterface);
	if (result != kIOReturnSuccess) {
		debug("error opening interface: %#x\n", result);
		return IRECV_E_USB_INTERFACE;
	}

	if (usb_interface == 1) {
		result = (*client->usbInterface)->SetAlternateInterface(client->usbInterface, usb_alt_interface);
		if (result != kIOReturnSuccess) {
			debug("error setting alternate interface: %#x\n", result);
			return IRECV_E_USB_INTERFACE;
		}
	}

	return IRECV_E_SUCCESS;
}
#endif
#endif

IRECV_API irecv_error_t irecv_usb_set_interface(irecv_client_t client, int usb_interface, int usb_alt_interface) {
#ifdef USE_DUMMY
	return IRECV_E_UNSUPPORTED;
#else
	if (check_context(client) != IRECV_E_SUCCESS)
		return IRECV_E_NO_DEVICE;

	debug("Setting to interface %d:%d\n", usb_interface, usb_alt_interface);
#ifndef WIN32
#ifdef HAVE_IOKIT
	if (iokit_usb_set_interface(client, usb_interface, usb_alt_interface) < 0) {
		return IRECV_E_USB_INTERFACE;
	}
#else
	if (libusb_claim_interface(client->handle, usb_interface) < 0) {
		return IRECV_E_USB_INTERFACE;
	}

	if (usb_interface == 1) {
		if (libusb_set_interface_alt_setting(client->handle, usb_interface, usb_alt_interface) < 0) {
			return IRECV_E_USB_INTERFACE;
		}
	}
#endif
#else
	if (irecv_usb_control_transfer(client, 0, 0x0B, usb_alt_interface, usb_interface, NULL, 0, USB_TIMEOUT) < 0) {
		return IRECV_E_USB_INTERFACE;
	}
#endif
	client->usb_interface = usb_interface;
	client->usb_alt_interface = usb_alt_interface;

	return IRECV_E_SUCCESS;
#endif
}

IRECV_API irecv_error_t irecv_reset(irecv_client_t client) {
#ifdef USE_DUMMY
	return IRECV_E_UNSUPPORTED;
#else
	if (check_context(client) != IRECV_E_SUCCESS)
		return IRECV_E_NO_DEVICE;

#ifndef WIN32
#ifdef HAVE_IOKIT
	IOReturn result;

	result = (*client->handle)->ResetDevice(client->handle);
	if (result != kIOReturnSuccess && result != kIOReturnNotResponding) {
		debug("error sending device reset: %#x\n", result);
		return IRECV_E_UNKNOWN_ERROR;
	}

	result = (*client->handle)->USBDeviceReEnumerate(client->handle, 0);
	if (result != kIOReturnSuccess && result != kIOReturnNotResponding) {
		debug("error re-enumerating device: %#x (ignored)\n", result);
	}
#else
	libusb_reset_device(client->handle);
#endif
#else
	DWORD count;
	DeviceIoControl(client->handle, 0x22000C, NULL, 0, NULL, 0, &count, NULL);
#endif

	return IRECV_E_SUCCESS;
#endif
}

IRECV_API irecv_error_t irecv_open_with_ecid_and_attempts(irecv_client_t* pclient, unsigned long long ecid, int attempts) {
#ifdef USE_DUMMY
	return IRECV_E_UNSUPPORTED;
#else
	int i;

	for (i = 0; i < attempts; i++) {
		if(*pclient) {
			irecv_close(*pclient);
			*pclient = NULL;
		}
		if (irecv_open_with_ecid(pclient, ecid) != IRECV_E_SUCCESS) {
			debug("Connection failed. Waiting 1 sec before retry.\n");
			sleep(1);
		} else {
			return IRECV_E_SUCCESS;
		}
	}

	return IRECV_E_UNABLE_TO_CONNECT;
#endif
}

IRECV_API irecv_error_t irecv_event_subscribe(irecv_client_t client, irecv_event_type type, irecv_event_cb_t callback, void* user_data) {
#ifdef USE_DUMMY
	return IRECV_E_UNSUPPORTED;
#else
	switch(type) {
	case IRECV_RECEIVED:
		client->received_callback = callback;
		break;

	case IRECV_PROGRESS:
		client->progress_callback = callback;
		break;

	case IRECV_CONNECTED:
		client->connected_callback = callback;
		break;

	case IRECV_PRECOMMAND:
		client->precommand_callback = callback;
		break;

	case IRECV_POSTCOMMAND:
		client->postcommand_callback = callback;
		break;

	case IRECV_DISCONNECTED:
		client->disconnected_callback = callback;
		break;

	default:
		return IRECV_E_UNKNOWN_ERROR;
	}

	return IRECV_E_SUCCESS;
#endif
}

IRECV_API irecv_error_t irecv_event_unsubscribe(irecv_client_t client, irecv_event_type type) {
#ifdef USE_DUMMY
	return IRECV_E_UNSUPPORTED;
#else
	switch(type) {
	case IRECV_RECEIVED:
		client->received_callback = NULL;
		break;

	case IRECV_PROGRESS:
		client->progress_callback = NULL;
		break;

	case IRECV_CONNECTED:
		client->connected_callback = NULL;
		break;

	case IRECV_PRECOMMAND:
		client->precommand_callback = NULL;
		break;

	case IRECV_POSTCOMMAND:
		client->postcommand_callback = NULL;
		break;

	case IRECV_DISCONNECTED:
		client->disconnected_callback = NULL;
		break;

	default:
		return IRECV_E_UNKNOWN_ERROR;
	}

	return IRECV_E_SUCCESS;
#endif
}

#ifndef USE_DUMMY
struct irecv_device_event_context {
	irecv_device_event_cb_t callback;
	void *user_data;
};

struct irecv_usb_device_info {
	struct irecv_device_info device_info;
	uint32_t location;
	int alive;
};

#ifdef WIN32
struct irecv_win_dev_ctx {
	PSP_DEVICE_INTERFACE_DETAIL_DATA details;
	uint32_t location;
};
#else
#ifdef HAVE_IOKIT
struct irecv_iokit_dev_ctx {
	io_service_t device;
	IOUSBDeviceInterface **dev;
};
#endif
#endif

static int _irecv_is_recovery_device(void *device)
{
	uint16_t vendor_id = 0;
	uint16_t product_id = 0;
#ifdef WIN32
	const char *path = (const char*)device;
	unsigned int vendor = 0;
	unsigned int product = 0;
	if (sscanf(path, "\\usb#vid_%04x&pid_%04x#", &vendor, &product) != 2) {
		return 0;
	}
	vendor_id = (uint16_t)vendor;
	product_id = (uint16_t)product;
#else
#ifdef HAVE_IOKIT
	kern_return_t kr;
	IOUSBDeviceInterface **dev = device;
	kr = (*dev)->GetDeviceVendor(dev, &vendor_id);
	kr = (*dev)->GetDeviceProduct(dev, &product_id);
#else
	libusb_device *device_ = (libusb_device*)device;
	struct libusb_device_descriptor devdesc;
	int libusb_error;

	libusb_error = libusb_get_device_descriptor(device_, &devdesc);
	if (libusb_error != 0) {
		debug("%s: failed to get device descriptor: %s\n", __func__, libusb_error_name(libusb_error));
		return 0;
	}
	vendor_id = devdesc.idVendor;
	product_id = devdesc.idProduct;
#endif
#endif

	if (vendor_id != APPLE_VENDOR_ID) {
		return 0;
	}

	switch (product_id) {
		case IRECV_K_DFU_MODE:
		case IRECV_K_WTF_MODE:
		case IRECV_K_RECOVERY_MODE_1:
		case IRECV_K_RECOVERY_MODE_2:
		case IRECV_K_RECOVERY_MODE_3:
		case IRECV_K_RECOVERY_MODE_4:
			break;
		default:
			return 0;
	}
	return 1;
}

static void* _irecv_handle_device_add(void *userdata)
{
	struct irecv_client_private client_loc;
	char serial_str[256];
	uint32_t location = 0;
	uint16_t product_id = 0;

	serial_str[0] = '\0';
#ifdef WIN32
	struct irecv_win_dev_ctx *win_ctx = (struct irecv_win_dev_ctx*)userdata;
	PSP_DEVICE_INTERFACE_DETAIL_DATA details = win_ctx->details;
	LPSTR result = (LPSTR)details->DevicePath;
	location = win_ctx->location;

	char *p = result + strlen(result) - 1;
	while (p-- && p > result) {
		if (*p == '\\' && (strncmp(p, "\\usb", 4) == 0)) {
			break;
		}
	}

	unsigned int pid = 0;
	if (!p || (sscanf(p, "\\usb#vid_%*04x&pid_%04x#%s", &pid, serial_str) != 2) || (serial_str[0] == '\0')) {
		fprintf(stderr, "%s: ERROR: failed to parse DevicePath?!\n", __func__);
		return NULL;
	}
	if (!_irecv_is_recovery_device(p)) {
		return NULL;
	}

	p = strchr(serial_str, '#');
	if (p) {
		*p = '\0';
	}

	unsigned int j;
	for (j = 0; j < strlen(serial_str); j++) {
		if (serial_str[j] == '_') {
			serial_str[j] = ' ';
		} else {
			serial_str[j] = toupper(serial_str[j]);
		}
	}
	product_id = (uint16_t)pid;

#else /* !WIN32 */
#ifdef HAVE_IOKIT
	struct irecv_iokit_dev_ctx* iokit_ctx = (struct irecv_iokit_dev_ctx*)userdata;
	io_service_t device = iokit_ctx->device;
	IOUSBDeviceInterface **dev = iokit_ctx->dev;

	if (!device) {
		fprintf(stderr, "%s: ERROR: no device?!\n", __func__);
		return NULL;
	}
	if (!dev) {
		fprintf(stderr, "%s: ERROR: no device interface?!\n", __func__);
		return NULL;
	}

	(*dev)->GetDeviceProduct(dev, &product_id);
	if (!product_id) {
		fprintf(stderr, "%s: ERROR: could not get product id?!\n", __func__);
		return NULL;
	}
	CFNumberRef locationNum = (CFNumberRef)IORegistryEntryCreateCFProperty(device, CFSTR(kUSBDevicePropertyLocationID), kCFAllocatorDefault, 0);
	if (locationNum) {
		CFNumberGetValue(locationNum, kCFNumberSInt32Type, &location);
		CFRelease(locationNum);
	}
	if (!location) {
		fprintf(stderr, "%s: ERROR: could not get locationID?!\n", __func__);
		return NULL;
	}
	CFStringRef serialString = (CFStringRef)IORegistryEntryCreateCFProperty(device, CFSTR(kUSBSerialNumberString), kCFAllocatorDefault, 0);
	if (serialString) {
		CFStringGetCString(serialString, serial_str, sizeof(serial_str), kCFStringEncodingUTF8);
		CFRelease(serialString);
	}
#else /* !HAVE_IOKIT */
	libusb_device *device = (libusb_device*)userdata;
	struct libusb_device_descriptor devdesc;
	struct libusb_device_handle* usb_handle = NULL;
	int libusb_error;

	libusb_error = libusb_get_device_descriptor(device, &devdesc);
	if (libusb_error != 0) {
		fprintf(stderr, "%s: ERROR: failed to get device descriptor: %s\n", __func__, libusb_error_name(libusb_error));
		return NULL;
	}
	product_id = devdesc.idProduct;

	uint8_t bus = libusb_get_bus_number(device);
	uint8_t address = libusb_get_device_address(device);
	location = (bus << 16) | address;

	libusb_error = libusb_open(device, &usb_handle);
	if (usb_handle == NULL || libusb_error != 0) {
		fprintf(stderr, "%s: ERROR: can't connect to device: %s\n", __func__, libusb_error_name(libusb_error));
		libusb_close(usb_handle);
		return 0;
	}

	libusb_error = libusb_get_string_descriptor_ascii(usb_handle, devdesc.iSerialNumber, (unsigned char*)serial_str, 255);
	if (libusb_error < 0) {
		fprintf(stderr, "%s: Failed to get string descriptor: %s\n", __func__, libusb_error_name(libusb_error));
		return 0;
	}
	libusb_close(usb_handle);
#endif /* !HAVE_IOKIT */
#endif /* !WIN32 */
	memset(&client_loc, '\0', sizeof(client_loc));
	irecv_load_device_info_from_iboot_string(&client_loc, serial_str);
	client_loc.mode = product_id;

	struct irecv_usb_device_info *usb_dev_info = (struct irecv_usb_device_info*)malloc(sizeof(struct irecv_usb_device_info));
	memcpy(&(usb_dev_info->device_info), &(client_loc.device_info), sizeof(struct irecv_device_info));
	usb_dev_info->location = location;
	usb_dev_info->alive = 1;

	collection_add(&devices, usb_dev_info);

	irecv_device_event_t dev_event;
	dev_event.type = IRECV_DEVICE_ADD;
	dev_event.mode = client_loc.mode;
	dev_event.device_info = &(usb_dev_info->device_info);

	mutex_lock(&listener_mutex);
	FOREACH(struct irecv_device_event_context* context, &listeners) {
		context->callback(&dev_event, context->user_data);
	} ENDFOREACH
	mutex_unlock(&listener_mutex);

	return NULL;
}

static void _irecv_handle_device_remove(struct irecv_usb_device_info *devinfo)
{
	irecv_device_event_t dev_event;
	dev_event.type = IRECV_DEVICE_REMOVE;
	dev_event.mode = 0;
	dev_event.device_info = &(devinfo->device_info);
	mutex_lock(&listener_mutex);
	FOREACH(struct irecv_device_event_context* context, &listeners) {
		context->callback(&dev_event, context->user_data);
	} ENDFOREACH
	mutex_unlock(&listener_mutex);
	free(devinfo->device_info.srnm);
	free(devinfo->device_info.imei);
	devinfo->device_info.srnm = NULL;
	devinfo->device_info.imei = NULL;
	devinfo->alive = 0;
	collection_remove(&devices, devinfo);
	free(devinfo);
}

#ifndef WIN32
#ifdef HAVE_IOKIT
static void iokit_device_added(void *refcon, io_iterator_t iterator)
{
	kern_return_t kr;
	io_service_t device;
	IOCFPlugInInterface **plugInInterface = NULL;
	IOUSBDeviceInterface **dev = NULL;
	HRESULT result;
	SInt32 score;

	while ((device = IOIteratorNext(iterator))) {
		kr = IOCreatePlugInInterfaceForService(device, kIOUSBDeviceUserClientTypeID, kIOCFPlugInInterfaceID, &plugInInterface, &score);
		if ((kIOReturnSuccess != kr) || !plugInInterface) {
			fprintf(stderr, "%s: ERROR: Unable to create a plug-in (%08x)\n", __func__, kr);
			kr = IOObjectRelease(device);
			continue;
		}
		result = (*plugInInterface)->QueryInterface(plugInInterface, CFUUIDGetUUIDBytes(kIOUSBDeviceInterfaceID), (LPVOID *)&dev);
		(*plugInInterface)->Release(plugInInterface);

		if (result || !dev) {
			fprintf(stderr, "%s: ERROR: Couldn't create a device interface (%08x)\n", __func__, (int)result);
			kr = IOObjectRelease(device);
			continue;
		}

		if (!_irecv_is_recovery_device(dev)) {
			(void) (*dev)->Release(dev);
			kr = IOObjectRelease(device);
			continue;
		}

		struct irecv_iokit_dev_ctx idev;
		idev.device = device;
		idev.dev = dev;
		_irecv_handle_device_add(&idev);
		(void) (*dev)->Release(dev);
		kr = IOObjectRelease(device);
	}
}

static void iokit_device_removed(void *refcon, io_iterator_t iterator)
{
	io_service_t device;

	while ((device = IOIteratorNext(iterator))) {
		uint32_t location = 0;
		CFNumberRef locationNum = (CFNumberRef)IORegistryEntryCreateCFProperty(device, CFSTR(kUSBDevicePropertyLocationID), kCFAllocatorDefault, 0);
		if (locationNum) {
			CFNumberGetValue(locationNum, kCFNumberSInt32Type, &location);
			CFRelease(locationNum);
		}
		IOObjectRelease(device);

		if (!location) {
			continue;
		}

		FOREACH(struct irecv_usb_device_info *devinfo, &devices) {
			if (devinfo->location == location) {
				_irecv_handle_device_remove(devinfo);
				break;
			}
		} ENDFOREACH
	}
}
#else /* !HAVE_IOKIT */
#ifdef HAVE_LIBUSB_HOTPLUG_API
static int _irecv_usb_hotplug_cb(libusb_context *ctx, libusb_device *device, libusb_hotplug_event event, void *user_data)
{
	if (!_irecv_is_recovery_device(device)) {
		return 0;
	}
	if (event == LIBUSB_HOTPLUG_EVENT_DEVICE_ARRIVED) {
		THREAD_T th_device;
		if (thread_new(&th_device, _irecv_handle_device_add, device) != 0) {
			fprintf(stderr, "%s: FATAL: failed to create thread to handle device add\n", __func__);
			return 0;
		}
		thread_detach(th_device);
	} else if (event == LIBUSB_HOTPLUG_EVENT_DEVICE_LEFT) {
		uint8_t bus = libusb_get_bus_number(device);
		uint8_t address = libusb_get_device_address(device);
		uint32_t location = (bus << 16) | address;
		FOREACH(struct irecv_usb_device_info *devinfo, &devices) {
			if (devinfo->location == location) {
				_irecv_handle_device_remove(devinfo);
				break;
			}
		} ENDFOREACH
	}

	return 0;
}
#endif /* HAVE_LIBUSB_HOTPLUG_API */
#endif /* !HAVE_IOKIT */
#endif /* !WIN32 */

static void *_irecv_event_handler(void* unused)
{
#ifdef WIN32
	const GUID *guids[] = { &GUID_DEVINTERFACE_DFU, &GUID_DEVINTERFACE_IBOOT, NULL };
	int running = 1;
	do {
		SP_DEVICE_INTERFACE_DATA currentInterface;
		HDEVINFO usbDevices;
		DWORD i;
		int k;
		for (k = 0; guids[k]; k++) {
			usbDevices = SetupDiGetClassDevs(guids[k], NULL, NULL, DIGCF_PRESENT | DIGCF_DEVICEINTERFACE);
			if (!usbDevices) {
				fprintf(stderr, "%s: ERROR: SetupDiGetClassDevs failed\n", __func__);
				return NULL;
			}

			FOREACH(struct irecv_usb_device_info *devinfo, &devices) {
				devinfo->alive = 0;
			} ENDFOREACH

			memset(&currentInterface, '\0', sizeof(SP_DEVICE_INTERFACE_DATA));
			currentInterface.cbSize = sizeof(SP_DEVICE_INTERFACE_DATA);
			for (i = 0; usbDevices && SetupDiEnumDeviceInterfaces(usbDevices, NULL, guids[k], i, &currentInterface); i++) {
				DWORD requiredSize = 0;
				PSP_DEVICE_INTERFACE_DETAIL_DATA details;
				SetupDiGetDeviceInterfaceDetail(usbDevices, &currentInterface, NULL, 0, &requiredSize, NULL);
				details = (PSP_DEVICE_INTERFACE_DETAIL_DATA) malloc(requiredSize);
				details->cbSize = sizeof(SP_DEVICE_INTERFACE_DETAIL_DATA);
				SP_DEVINFO_DATA devinfodata;
				devinfodata.cbSize = sizeof(SP_DEVINFO_DATA);
				if(!SetupDiGetDeviceInterfaceDetail(usbDevices, &currentInterface, details, requiredSize, NULL, &devinfodata)) {
					free(details);
					continue;
				}

				DWORD sz = REG_SZ;
				char driver[256];
				driver[0] = '\0';
				if (!SetupDiGetDeviceRegistryProperty(usbDevices, &devinfodata, SPDRP_DRIVER, &sz, (PBYTE)driver, sizeof(driver), NULL)) {
					fprintf(stderr, "%s: ERROR: Failed to get driver key\n", __func__);
					free(details);
					continue;
				}
				char *p = strrchr(driver, '\\');
				if (!p) {
					fprintf(stderr, "%s: ERROR: Failed to parse device location\n", __func__);
					free(details);
					continue;
				}
				uint32_t location = strtoul(p+1, NULL, 10);
				int found = 0;

				FOREACH(struct irecv_usb_device_info *devinfo, &devices) {
					if (devinfo->location == location) {
						devinfo->alive = 1;
						found = 1;
						break;
					}
				} ENDFOREACH

				if (!found) {
					struct irecv_win_dev_ctx win_ctx;
					win_ctx.details = details;
					win_ctx.location = location;
					_irecv_handle_device_add(&win_ctx);
				}
				free(details);
			}
			SetupDiDestroyDeviceInfoList(usbDevices);
		}

		FOREACH(struct irecv_usb_device_info *devinfo, &devices) {
			if (!devinfo->alive) {
				_irecv_handle_device_remove(devinfo);
			}
		} ENDFOREACH

		mutex_lock(&listener_mutex);
		if (collection_count(&listeners) == 0) {
			running = 0;
		}
		mutex_unlock(&listener_mutex);

		Sleep(500);
	} while (running);

#else /* !WIN32 */
#ifdef HAVE_IOKIT
	kern_return_t kr;

	IONotificationPortRef notifyPort = IONotificationPortCreate(kIOMasterPortDefault);
	CFRunLoopSourceRef runLoopSource = IONotificationPortGetRunLoopSource(notifyPort);
	iokit_runloop = CFRunLoopGetCurrent();
	CFRunLoopAddSource(iokit_runloop, runLoopSource, kCFRunLoopDefaultMode);

	uint16_t pids[7] = { IRECV_K_WTF_MODE, IRECV_K_DFU_MODE, IRECV_K_RECOVERY_MODE_1, IRECV_K_RECOVERY_MODE_2, IRECV_K_RECOVERY_MODE_3, IRECV_K_RECOVERY_MODE_4, 0 };
	int i = 0;
	while (pids[i] > 0) {
		CFMutableDictionaryRef matchingDict = IOServiceMatching(kIOUSBDeviceClassName);
		iokit_cfdictionary_set_short(matchingDict, CFSTR(kUSBVendorID), kAppleVendorID);
		iokit_cfdictionary_set_short(matchingDict, CFSTR(kUSBProductID), pids[i]);

		matchingDict = (CFMutableDictionaryRef)CFRetain(matchingDict);

		io_iterator_t devAddedIter;
		kr = IOServiceAddMatchingNotification(notifyPort, kIOFirstMatchNotification, matchingDict, iokit_device_added, NULL, &devAddedIter);
		iokit_device_added(NULL, devAddedIter);

		io_iterator_t devRemovedIter;
		kr = IOServiceAddMatchingNotification(notifyPort, kIOTerminatedNotification, matchingDict, iokit_device_removed, NULL, &devRemovedIter);
		iokit_device_removed(NULL, devRemovedIter);

		i++;
	}

	CFRunLoopRun();

#else /* !HAVE_IOKIT */
#ifdef HAVE_LIBUSB_HOTPLUG_API
	static libusb_hotplug_callback_handle usb_hotplug_cb_handle;
	libusb_hotplug_register_callback(irecv_hotplug_ctx, LIBUSB_HOTPLUG_EVENT_DEVICE_ARRIVED | LIBUSB_HOTPLUG_EVENT_DEVICE_LEFT, LIBUSB_HOTPLUG_ENUMERATE, APPLE_VENDOR_ID, LIBUSB_HOTPLUG_MATCH_ANY, 0, _irecv_usb_hotplug_cb, NULL, &usb_hotplug_cb_handle);
	int running = 1;
	do {
		struct timeval tv;
		tv.tv_sec = tv.tv_usec = 0;
		libusb_handle_events_timeout(irecv_hotplug_ctx, &tv);

		mutex_lock(&listener_mutex);
		if (collection_count(&listeners) == 0) {
			running = 0;
		}
		mutex_unlock(&listener_mutex);

		usleep(100000);
	} while (running);
	libusb_hotplug_deregister_callback(irecv_hotplug_ctx, usb_hotplug_cb_handle);
#else /* !HAVE_LIBUSB_HOTPLUG_API */
	int i, cnt;
	libusb_device **devs;
	int running = 1;

	do {
		cnt = libusb_get_device_list(irecv_hotplug_ctx, &devs);
		if (cnt < 0) {
			fprintf(stderr, "%s: FATAL: Failed to get device list: %s\n", __func__, libusb_error_name(cnt));
			return NULL;
		}

		FOREACH(struct irecv_usb_device_info *devinfo, &devices) {
			devinfo->alive = 0;
		} ENDFOREACH

		for (i = 0; i < cnt; i++) {
			libusb_device *dev = devs[i];
			if (!_irecv_is_recovery_device(dev)) {
				continue;
			}
			uint8_t bus = libusb_get_bus_number(dev);
			uint8_t address = libusb_get_device_address(dev);
			uint32_t location = (bus << 16) | address;
			int found = 0;
			FOREACH(struct irecv_usb_device_info *devinfo, &devices) {
				if (devinfo->location == location) {
					devinfo->alive = 1;
					found = 1;
					break;
				}
			} ENDFOREACH
			if (!found) {
				_irecv_handle_device_add(dev);
			}
		}

		FOREACH(struct irecv_usb_device_info *devinfo, &devices) {
			if (!devinfo->alive) {
				_irecv_handle_device_remove(devinfo);
			}
		} ENDFOREACH

		libusb_free_device_list(devs, 1);

		mutex_lock(&listener_mutex);
		if (collection_count(&listeners) == 0) {
			running = 0;
		}
		mutex_unlock(&listener_mutex);
		if (!running)
			break;
		usleep(500000);
	} while (running);
#endif /* !HAVE_LIBUSB_HOTPLUG_API */
#endif /* !HAVE_IOKIT */
#endif /* !WIN32 */
	return NULL;
}
#endif /* !USE_DUMMY */

IRECV_API irecv_error_t irecv_device_event_subscribe(irecv_device_event_context_t *context, irecv_device_event_cb_t callback, void *user_data)
{
#ifdef USE_DUMMY
	return IRECV_E_UNSUPPORTED;
#else
	if (!context || !callback)
		return IRECV_E_INVALID_INPUT;

	struct irecv_device_event_context* _context = malloc(sizeof(struct irecv_device_event_context));
	if (!_context) {
		return IRECV_E_OUT_OF_MEMORY;
	}

	_context->callback = callback;
	_context->user_data = user_data;

	mutex_lock(&listener_mutex);
	collection_add(&listeners, _context);
	mutex_unlock(&listener_mutex);

	if (th_event_handler == THREAD_T_NULL || !thread_alive(th_event_handler)) {
#ifndef WIN32
#ifndef HAVE_IOKIT
		libusb_init(&irecv_hotplug_ctx);
#endif
#endif
		collection_init(&devices);
		mutex_init(&device_mutex);
		thread_new(&th_event_handler, _irecv_event_handler, NULL);
	}

	*context = _context;

	return IRECV_E_SUCCESS;
#endif
}

IRECV_API irecv_error_t irecv_device_event_unsubscribe(irecv_device_event_context_t context)
{
#ifdef USE_DUMMY
	return IRECV_E_UNSUPPORTED;
#else
	if (!context)
		return IRECV_E_INVALID_INPUT;

	mutex_lock(&listener_mutex);
	collection_remove(&listeners, context);
	int num = collection_count(&listeners);
	mutex_unlock(&listener_mutex);

	if (num == 0) {
#ifdef HAVE_IOKIT
		if (iokit_runloop) {
			CFRunLoopStop(iokit_runloop);
		}
#endif
		thread_join(th_event_handler);
		thread_free(th_event_handler);
		th_event_handler = THREAD_T_NULL;
		mutex_lock(&device_mutex);
		FOREACH(struct irecv_usb_device_info *devinfo, &devices) {
			free(devinfo->device_info.srnm);
			free(devinfo->device_info.imei);
			devinfo->device_info.srnm = NULL;
			devinfo->device_info.imei = NULL;
			free(devinfo);
		} ENDFOREACH
		collection_free(&devices);
		mutex_unlock(&device_mutex);
		mutex_destroy(&device_mutex);
#ifndef WIN32
#ifndef HAVE_IOKIT
		libusb_exit(irecv_hotplug_ctx);
		irecv_hotplug_ctx = NULL;
#endif
#endif
	}

	free(context);

	return IRECV_E_SUCCESS;
#endif
}

IRECV_API irecv_error_t irecv_close(irecv_client_t client) {
#ifdef USE_DUMMY
	return IRECV_E_UNSUPPORTED;
#else
	if (client != NULL) {
		if(client->disconnected_callback != NULL) {
			irecv_event_t event;
			event.size = 0;
			event.data = NULL;
			event.progress = 0;
			event.type = IRECV_DISCONNECTED;
			client->disconnected_callback(client, &event);
		}
#ifndef WIN32
#ifdef HAVE_IOKIT
		if (client->usbInterface) {
			(*client->usbInterface)->USBInterfaceClose(client->usbInterface);
			(*client->usbInterface)->Release(client->usbInterface);
			client->usbInterface = NULL;
		}
		if (client->handle) {
			(*client->handle)->USBDeviceClose(client->handle);
			(*client->handle)->Release(client->handle);
			client->handle = NULL;
		}
#else
		if (client->handle != NULL) {
			if ((client->mode != IRECV_K_DFU_MODE) && (client->mode != IRECV_K_WTF_MODE)) {
				libusb_release_interface(client->handle, client->usb_interface);
			}
			libusb_close(client->handle);
			client->handle = NULL;
		}
#endif
#else
		free(client->iBootPath);
		client->iBootPath = NULL;
		free(client->DfuPath);
		client->DfuPath = NULL;
		mobiledevice_closepipes(client);
#endif
		free(client->device_info.srnm);
		free(client->device_info.imei);
		free(client->device_info.ap_nonce);
		free(client->device_info.sep_nonce);

		free(client);
		client = NULL;
	}

	return IRECV_E_SUCCESS;
#endif
}

IRECV_API void irecv_set_debug_level(int level) {
	libirecovery_debug = level;
#ifndef USE_DUMMY
#ifndef WIN32
#ifndef HAVE_IOKIT
	if(libirecovery_context) {
#if LIBUSB_API_VERSION >= 0x01000106
		libusb_set_option(libirecovery_context, LIBUSB_OPTION_LOG_LEVEL, libirecovery_debug > 2 ? 1: 0);
#else
		libusb_set_debug(libirecovery_context, libirecovery_debug > 2 ? 1: 0);
#endif
	}
#endif
#endif
#endif
}

#ifndef USE_DUMMY
static irecv_error_t irecv_send_command_raw(irecv_client_t client, const char* command) {
	unsigned int length = strlen(command);
	if (length >= 0x100) {
		length = 0xFF;
	}

	if (length > 0) {
		irecv_usb_control_transfer(client, 0x40, 0, 0, 0, (unsigned char*) command, length + 1, USB_TIMEOUT);
	}

	return IRECV_E_SUCCESS;
}
#endif

IRECV_API irecv_error_t irecv_send_command(irecv_client_t client, const char* command) {
#ifdef USE_DUMMY
	return IRECV_E_UNSUPPORTED;
#else
	irecv_error_t error = 0;

	if (check_context(client) != IRECV_E_SUCCESS)
		return IRECV_E_NO_DEVICE;

	unsigned int length = strlen(command);
	if (length >= 0x100) {
		length = 0xFF;
	}

	irecv_event_t event;
	if(client->precommand_callback != NULL) {
		event.size = length;
		event.data = command;
		event.type = IRECV_PRECOMMAND;
		if(client->precommand_callback(client, &event)) {
			return IRECV_E_SUCCESS;
		}
	}

	error = irecv_send_command_raw(client, command);
	if (error != IRECV_E_SUCCESS) {
		debug("Failed to send command %s\n", command);
		if (error != IRECV_E_PIPE)
			return error;
	}

	if(client->postcommand_callback != NULL) {
		event.size = length;
		event.data = command;
		event.type = IRECV_POSTCOMMAND;
		if(client->postcommand_callback(client, &event)) {
			return IRECV_E_SUCCESS;
		}
	}

	return IRECV_E_SUCCESS;
#endif
}

IRECV_API irecv_error_t irecv_send_file(irecv_client_t client, const char* filename, int dfu_notify_finished) {
#ifdef USE_DUMMY
	return IRECV_E_UNSUPPORTED;
#else
	if (check_context(client) != IRECV_E_SUCCESS)
		return IRECV_E_NO_DEVICE;

	FILE* file = fopen(filename, "rb");
	if (file == NULL) {
		return IRECV_E_FILE_NOT_FOUND;
	}

	struct stat fst;
	if (fstat(fileno(file), &fst) < 0) {
		return IRECV_E_UNKNOWN_ERROR;
	}
	size_t length = fst.st_size;

	char* buffer = (char*)malloc(length);
	if (buffer == NULL) {
		fclose(file);
		return IRECV_E_OUT_OF_MEMORY;
	}

	size_t bytes = fread(buffer, 1, length, file);
	fclose(file);

	if (bytes != length) {
		free(buffer);
		return IRECV_E_UNKNOWN_ERROR;
	}

	irecv_error_t error = irecv_send_buffer(client, (unsigned char*)buffer, length, dfu_notify_finished);
	free(buffer);

	return error;
#endif
}

#ifndef USE_DUMMY
static irecv_error_t irecv_get_status(irecv_client_t client, unsigned int* status) {
	if (check_context(client) != IRECV_E_SUCCESS) {
		*status = 0;
		return IRECV_E_NO_DEVICE;
	}

	unsigned char buffer[6];
	memset(buffer, '\0', 6);
	if (irecv_usb_control_transfer(client, 0xA1, 3, 0, 0, buffer, 6, USB_TIMEOUT) != 6) {
		*status = 0;
		return IRECV_E_USB_STATUS;
	}

	*status = (unsigned int) buffer[4];

	return IRECV_E_SUCCESS;
}
#endif

IRECV_API irecv_error_t irecv_send_buffer(irecv_client_t client, unsigned char* buffer, unsigned long length, int dfu_notify_finished) {
#ifdef USE_DUMMY
	return IRECV_E_UNSUPPORTED;
#else
	irecv_error_t error = 0;
	int recovery_mode = ((client->mode != IRECV_K_DFU_MODE) && (client->mode != IRECV_K_WTF_MODE));

	if (check_context(client) != IRECV_E_SUCCESS)
		return IRECV_E_NO_DEVICE;

	unsigned int h1 = 0xFFFFFFFF;
	unsigned char dfu_xbuf[12] = {0xff, 0xff, 0xff, 0xff, 0xac, 0x05, 0x00, 0x01, 0x55, 0x46, 0x44, 0x10};
	int packet_size = recovery_mode ? 0x8000 : 0x800;
	int last = length % packet_size;
	int packets = length / packet_size;

	if (last != 0) {
		packets++;
	} else {
		last = packet_size;
	}

	/* initiate transfer */
	if (recovery_mode) {
		error = irecv_usb_control_transfer(client, 0x41, 0, 0, 0, NULL, 0, USB_TIMEOUT);
	} else {
		uint8_t state = 0;
		if (irecv_usb_control_transfer(client, 0xa1, 5, 0, 0, (unsigned char*)&state, 1, USB_TIMEOUT) == 1) {
			error = IRECV_E_SUCCESS;
		} else {
			return IRECV_E_USB_UPLOAD;
		}
		switch (state) {
		case 2:
			/* DFU IDLE */
			break;
		case 10:
			debug("DFU ERROR, issuing CLRSTATUS\n");
			irecv_usb_control_transfer(client, 0x21, 4, 0, 0, NULL, 0, USB_TIMEOUT);
			error = IRECV_E_USB_UPLOAD;
			break;
		default:
			debug("Unexpected state %d, issuing ABORT\n", state);
			irecv_usb_control_transfer(client, 0x21, 6, 0, 0, NULL, 0, USB_TIMEOUT);
			error = IRECV_E_USB_UPLOAD;
			break;
		}
	}

	if (error != IRECV_E_SUCCESS) {
		return error;
	}

	int i = 0;
	unsigned long count = 0;
	unsigned int status = 0;
	int bytes = 0;
	for (i = 0; i < packets; i++) {
		int size = (i + 1) < packets ? packet_size : last;

		/* Use bulk transfer for recovery mode and control transfer for DFU and WTF mode */
		if (recovery_mode) {
			error = irecv_usb_bulk_transfer(client, 0x04, &buffer[i * packet_size], size, &bytes, USB_TIMEOUT);
		} else {
			int j;
			for (j = 0; j < size; j++) {
				crc32_step(h1, buffer[i*packet_size + j]);
			}
			if (i+1 == packets) {
				if (size+16 > packet_size) {
					bytes = irecv_usb_control_transfer(client, 0x21, 1, i, 0, &buffer[i * packet_size], size, USB_TIMEOUT);
					if (bytes != size) {
						return IRECV_E_USB_UPLOAD;
					}
					count += size;
					size = 0;
				}

				for (j = 0; j < 2; j++) {
					crc32_step(h1, dfu_xbuf[j*6 + 0]);
					crc32_step(h1, dfu_xbuf[j*6 + 1]);
					crc32_step(h1, dfu_xbuf[j*6 + 2]);
					crc32_step(h1, dfu_xbuf[j*6 + 3]);
					crc32_step(h1, dfu_xbuf[j*6 + 4]);
					crc32_step(h1, dfu_xbuf[j*6 + 5]);
				}

				char* newbuf = (char*)malloc(size + 16);
				if (size > 0) {
					memcpy(newbuf, &buffer[i * packet_size], size);
				}
				memcpy(newbuf+size, dfu_xbuf, 12);
				newbuf[size+12] = h1 & 0xFF;
				newbuf[size+13] = (h1 >> 8) & 0xFF;
				newbuf[size+14] = (h1 >> 16) & 0xFF;
				newbuf[size+15] = (h1 >> 24) & 0xFF;
				size += 16;
				bytes = irecv_usb_control_transfer(client, 0x21, 1, i, 0, (unsigned char*)newbuf, size, USB_TIMEOUT);
				free(newbuf);
			} else {
				bytes = irecv_usb_control_transfer(client, 0x21, 1, i, 0, &buffer[i * packet_size], size, USB_TIMEOUT);
			}
		}

		if (bytes != size) {
			return IRECV_E_USB_UPLOAD;
		}

		if (!recovery_mode) {
			error = irecv_get_status(client, &status);
		}

		if (error != IRECV_E_SUCCESS) {
			return error;
		}

		if (!recovery_mode && status != 5) {
			int retry = 0;

			while (retry++ < 20) {
				irecv_get_status(client, &status);
				if (status == 5) {
					break;
				}
				sleep(1);
			}

			if (status != 5) {
				return IRECV_E_USB_UPLOAD;
			}
		}

		count += size;
		if(client->progress_callback != NULL) {
			irecv_event_t event;
			event.progress = ((double) count/ (double) length) * 100.0;
			event.type = IRECV_PROGRESS;
			event.data = (char*)"Uploading";
			event.size = count;
			client->progress_callback(client, &event);
		} else {
			debug("Sent: %d bytes - %lu of %lu\n", bytes, count, length);
		}
	}

	if (dfu_notify_finished && !recovery_mode) {
		irecv_usb_control_transfer(client, 0x21, 1, packets, 0, (unsigned char*) buffer, 0, USB_TIMEOUT);

		for (i = 0; i < 2; i++) {
			error = irecv_get_status(client, &status);
			if (error != IRECV_E_SUCCESS) {
				return error;
			}
		}

		if (dfu_notify_finished == 2) {
			/* we send a pseudo ZLP here just in case */
			irecv_usb_control_transfer(client, 0x21, 1, 0, 0, 0, 0, USB_TIMEOUT);
		}

		irecv_reset(client);
	}

	return IRECV_E_SUCCESS;
#endif
}

IRECV_API irecv_error_t irecv_receive(irecv_client_t client) {
#ifdef USE_DUMMY
	return IRECV_E_UNSUPPORTED;
#else
	char buffer[BUFFER_SIZE];
	memset(buffer, '\0', BUFFER_SIZE);

	if (check_context(client) != IRECV_E_SUCCESS)
		return IRECV_E_NO_DEVICE;

	int bytes = 0;
	while (irecv_usb_bulk_transfer(client, 0x81, (unsigned char*) buffer, BUFFER_SIZE, &bytes, 500) == 0) {
		if (bytes > 0) {
			if (client->received_callback != NULL) {
				irecv_event_t event;
				event.size = bytes;
				event.data = buffer;
				event.type = IRECV_RECEIVED;
				if (client->received_callback(client, &event) != 0) {
					return IRECV_E_SUCCESS;
				}
			}
		} else break;
	}

	return IRECV_E_SUCCESS;
#endif
}

IRECV_API irecv_error_t irecv_getenv(irecv_client_t client, const char* variable, char** value) {
#ifdef USE_DUMMY
	return IRECV_E_UNSUPPORTED;
#else
	char command[256];

	if (check_context(client) != IRECV_E_SUCCESS)
		return IRECV_E_NO_DEVICE;

	*value = NULL;

	if(variable == NULL) {
		return IRECV_E_INVALID_INPUT;
	}

	memset(command, '\0', sizeof(command));
	snprintf(command, sizeof(command)-1, "getenv %s", variable);
	irecv_error_t error = irecv_send_command_raw(client, command);
	if(error == IRECV_E_PIPE) {
		return IRECV_E_SUCCESS;
	}

	if(error != IRECV_E_SUCCESS) {
		return error;
	}

	char* response = (char*) malloc(256);
	if (response == NULL) {
		return IRECV_E_OUT_OF_MEMORY;
	}

	memset(response, '\0', 256);
	irecv_usb_control_transfer(client, 0xC0, 0, 0, 0, (unsigned char*) response, 255, USB_TIMEOUT);

	*value = response;

	return IRECV_E_SUCCESS;
#endif
}

IRECV_API irecv_error_t irecv_getret(irecv_client_t client, unsigned int* value) {
#ifdef USE_DUMMY
	return IRECV_E_UNSUPPORTED;
#else
	if (check_context(client) != IRECV_E_SUCCESS)
		return IRECV_E_NO_DEVICE;

	*value = 0;

	char* response = (char*) malloc(256);
	if (response == NULL) {
		return IRECV_E_OUT_OF_MEMORY;
	}

	memset(response, '\0', 256);
	irecv_usb_control_transfer(client, 0xC0, 0, 0, 0, (unsigned char*) response, 255, USB_TIMEOUT);

	*value = (unsigned int) *response;

	return IRECV_E_SUCCESS;
#endif
}

IRECV_API irecv_error_t irecv_get_mode(irecv_client_t client, int* mode) {
#ifdef USE_DUMMY
	return IRECV_E_UNSUPPORTED;
#else
	if (check_context(client) != IRECV_E_SUCCESS)
		return IRECV_E_NO_DEVICE;

	*mode = client->mode;

	return IRECV_E_SUCCESS;
#endif
}

IRECV_API const struct irecv_device_info* irecv_get_device_info(irecv_client_t client)
{
#ifdef USE_DUMMY
	return NULL;
#else
	if (check_context(client) != IRECV_E_SUCCESS)
		return NULL;

	return &client->device_info;
#endif
}

#ifndef USE_DUMMY
#ifdef HAVE_IOKIT
static void *iokit_limera1n_usb_submit_request(void *argv) {
	void **args = argv;
	IOUSBDeviceInterface320 **dev = args[0];
	IOUSBDevRequest *req = args[1];

	IOReturn result = (*dev)->DeviceRequest(dev, req);
	if (result != kIOReturnSuccess)
		debug("%s result: %#x\n", __func__, result);

	return NULL;
}
#endif
#endif

IRECV_API irecv_error_t irecv_trigger_limera1n_exploit(irecv_client_t client) {
#ifdef USE_DUMMY
	return IRECV_E_UNSUPPORTED;
#else
	if (check_context(client) != IRECV_E_SUCCESS)
		return IRECV_E_NO_DEVICE;

#ifdef HAVE_IOKIT
	IOReturn result;
	IOUSBDevRequestTO req;
	bzero(&req, sizeof(req));

	req.bmRequestType     = 0x21;
	req.bRequest          = 2;
	req.wValue            = 0;
	req.wIndex            = 0;
	req.wLength           = 0;
	req.pData             = NULL;
	req.noDataTimeout     = USB_TIMEOUT;
	req.completionTimeout = USB_TIMEOUT;

	// The original version uses an async request, but we don't have an async event
	// source set up. The hack relies on aborting the transaction before it times out,
	// which can be accomplished by sending on another thread.

	void *args[2] = { client->handle, &req };
	pthread_t thread;
	pthread_create(&thread, NULL, iokit_limera1n_usb_submit_request, args);

	usleep(5 * 1000);
	result = (*client->handle)->USBDeviceAbortPipeZero(client->handle);
	if (result != kIOReturnSuccess)
		debug("USBDeviceAbortPipeZero returned %#x\n", result);

	switch (result) {
		case kIOReturnSuccess:         return req.wLenDone;
		case kIOReturnTimeout:         return IRECV_E_TIMEOUT;
		case kIOUSBTransactionTimeout: return IRECV_E_TIMEOUT;
		case kIOReturnNotResponding:   return IRECV_E_NO_DEVICE;
		case kIOReturnNoDevice:	       return IRECV_E_NO_DEVICE;
		default:
			return IRECV_E_UNKNOWN_ERROR;
	}
#else
	irecv_usb_control_transfer(client, 0x21, 2, 0, 0, NULL, 0, USB_TIMEOUT);
#endif

	return IRECV_E_SUCCESS;
#endif
}

IRECV_API irecv_error_t irecv_execute_script(irecv_client_t client, const char* script) {
#ifdef USE_DUMMY
	return IRECV_E_UNSUPPORTED;
#else
	irecv_error_t error = IRECV_E_SUCCESS;
	if (check_context(client) != IRECV_E_SUCCESS)
		return IRECV_E_NO_DEVICE;

	char* body = strdup(script);
	char* line = strtok(body, "\n");

	while(line != NULL) {
		if(line[0] != '#') {
			error = irecv_send_command(client, line);
			if(error != IRECV_E_SUCCESS) {
				break;
			}

			error = irecv_receive(client);
			if(error != IRECV_E_SUCCESS) {
				break;
			}
		}
		line = strtok(NULL, "\n");
	}

	free(body);

	return error;
#endif
}

IRECV_API irecv_error_t irecv_saveenv(irecv_client_t client) {
#ifdef USE_DUMMY
	return IRECV_E_UNSUPPORTED;
#else
	irecv_error_t error = irecv_send_command_raw(client, "saveenv");
	if(error != IRECV_E_SUCCESS) {
		return error;
	}

	return IRECV_E_SUCCESS;
#endif
}

IRECV_API irecv_error_t irecv_setenv(irecv_client_t client, const char* variable, const char* value) {
#ifdef USE_DUMMY
	return IRECV_E_UNSUPPORTED;
#else
	char command[256];

	if (check_context(client) != IRECV_E_SUCCESS)
		return IRECV_E_NO_DEVICE;

	if(variable == NULL || value == NULL) {
		return IRECV_E_UNKNOWN_ERROR;
	}

	memset(command, '\0', sizeof(command));
	snprintf(command, sizeof(command)-1, "setenv %s %s", variable, value);
	irecv_error_t error = irecv_send_command_raw(client, command);
	if(error != IRECV_E_SUCCESS) {
		return error;
	}

	return IRECV_E_SUCCESS;
#endif
}

IRECV_API irecv_error_t irecv_reboot(irecv_client_t client) {
#ifdef USE_DUMMY
	return IRECV_E_UNSUPPORTED;
#else
	irecv_error_t error = irecv_send_command_raw(client, "reboot");
	if(error != IRECV_E_SUCCESS) {
		return error;
	}

	return IRECV_E_SUCCESS;
#endif
}

IRECV_API const char* irecv_strerror(irecv_error_t error) {
	switch (error) {
	case IRECV_E_SUCCESS:
		return "Command completed successfully";

	case IRECV_E_NO_DEVICE:
		return "Unable to find device";

	case IRECV_E_OUT_OF_MEMORY:
		return "Out of memory";

	case IRECV_E_UNABLE_TO_CONNECT:
		return "Unable to connect to device";

	case IRECV_E_INVALID_INPUT:
		return "Invalid input";

	case IRECV_E_FILE_NOT_FOUND:
		return "File not found";

	case IRECV_E_USB_UPLOAD:
		return "Unable to upload data to device";

	case IRECV_E_USB_STATUS:
		return "Unable to get device status";

	case IRECV_E_USB_INTERFACE:
		return "Unable to set device interface";

	case IRECV_E_USB_CONFIGURATION:
		return "Unable to set device configuration";

	case IRECV_E_PIPE:
		return "Broken pipe";

	case IRECV_E_TIMEOUT:
		return "Timeout talking to device";

	case IRECV_E_UNSUPPORTED:
		return "Operation unsupported by driver";

	default:
		return "Unknown error";
	}

	return NULL;
}

IRECV_API irecv_error_t irecv_reset_counters(irecv_client_t client) {
#ifdef USE_DUMMY
	return IRECV_E_UNSUPPORTED;
#else
	if (check_context(client) != IRECV_E_SUCCESS)
		return IRECV_E_NO_DEVICE;

	if ((client->mode == IRECV_K_DFU_MODE) || (client->mode == IRECV_K_WTF_MODE)) {
		irecv_usb_control_transfer(client, 0x21, 4, 0, 0, 0, 0, USB_TIMEOUT);
	}

	return IRECV_E_SUCCESS;
#endif
}

IRECV_API irecv_error_t irecv_recv_buffer(irecv_client_t client, char* buffer, unsigned long length) {
#ifdef USE_DUMMY
	return IRECV_E_UNSUPPORTED;
#else
	int recovery_mode = ((client->mode != IRECV_K_DFU_MODE) && (client->mode != IRECV_K_WTF_MODE));

	if (check_context(client) != IRECV_E_SUCCESS)
		return IRECV_E_NO_DEVICE;

	int packet_size = recovery_mode ? 0x2000: 0x800;
	int last = length % packet_size;
	int packets = length / packet_size;
	if (last != 0) {
		packets++;
	} else {
		last = packet_size;
	}

	int i = 0;
	int bytes = 0;
	unsigned long count = 0;
	for (i = 0; i < packets; i++) {
		unsigned short size = (i+1) < packets ? packet_size : last;
		bytes = irecv_usb_control_transfer(client, 0xA1, 2, 0, 0, (unsigned char*)&buffer[i * packet_size], size, USB_TIMEOUT);

		if (bytes != size) {
			return IRECV_E_USB_UPLOAD;
		}

		count += size;
		if(client->progress_callback != NULL) {
			irecv_event_t event;
			event.progress = ((double) count/ (double) length) * 100.0;
			event.type = IRECV_PROGRESS;
			event.data = (char*)"Downloading";
			event.size = count;
			client->progress_callback(client, &event);
		} else {
			debug("Sent: %d bytes - %lu of %lu\n", bytes, count, length);
		}
	}

	return IRECV_E_SUCCESS;
#endif
}

IRECV_API irecv_error_t irecv_finish_transfer(irecv_client_t client) {
#ifdef USE_DUMMY
	return IRECV_E_UNSUPPORTED;
#else
	int i = 0;
	unsigned int status = 0;

	if (check_context(client) != IRECV_E_SUCCESS)
		return IRECV_E_NO_DEVICE;

	irecv_usb_control_transfer(client, 0x21, 1, 0, 0, 0, 0, USB_TIMEOUT);

	for(i = 0; i < 3; i++){
		irecv_get_status(client, &status);
	}

	irecv_reset(client);

	return IRECV_E_SUCCESS;
#endif
}

IRECV_API irecv_device_t irecv_devices_get_all(void) {
	return irecv_devices;
}

IRECV_API irecv_error_t irecv_devices_get_device_by_client(irecv_client_t client, irecv_device_t* device) {
#ifdef USE_DUMMY
	return IRECV_E_UNSUPPORTED;
#else
	int i = 0;

	*device = NULL;

	if (client->device_info.cpid == 0) {
		return IRECV_E_UNKNOWN_ERROR;
	}

	for (i = 0; irecv_devices[i].hardware_model != NULL; i++) {
		if (irecv_devices[i].chip_id == client->device_info.cpid && irecv_devices[i].board_id == client->device_info.bdid) {
			*device = &irecv_devices[i];
			return IRECV_E_SUCCESS;
		}
	}

	return IRECV_E_NO_DEVICE;
#endif
}

IRECV_API irecv_error_t irecv_devices_get_device_by_product_type(const char* product_type, irecv_device_t* device) {
	int i = 0;

	*device = NULL;

	for (i = 0; irecv_devices[i].product_type != NULL; i++) {
		if (!strcmp(product_type, irecv_devices[i].product_type)) {
			*device = &irecv_devices[i];
			return IRECV_E_SUCCESS;
		}
	}

	return IRECV_E_NO_DEVICE;
}

IRECV_API irecv_error_t irecv_devices_get_device_by_hardware_model(const char* hardware_model, irecv_device_t* device) {
	int i = 0;

	*device = NULL;

	/* lowercase hardware_model string for proper lookup */
	char model[8];
	strcpy(model, hardware_model);
	char *p = model;
	for (; *p; ++p) *p = tolower(*p);

	for (i = 0; irecv_devices[i].hardware_model != NULL; i++) {
		if (!strcmp(model, irecv_devices[i].hardware_model)) {
			*device = &irecv_devices[i];
			return IRECV_E_SUCCESS;
		}
	}

	return IRECV_E_NO_DEVICE;
}

IRECV_API irecv_client_t irecv_reconnect(irecv_client_t client, int initial_pause) {
#ifdef USE_DUMMY
	return NULL;
#else
	irecv_error_t error = 0;
	irecv_client_t new_client = NULL;
	irecv_event_cb_t progress_callback = client->progress_callback;
	irecv_event_cb_t received_callback = client->received_callback;
	irecv_event_cb_t connected_callback = client->connected_callback;
	irecv_event_cb_t precommand_callback = client->precommand_callback;
	irecv_event_cb_t postcommand_callback = client->postcommand_callback;
	irecv_event_cb_t disconnected_callback = client->disconnected_callback;

	unsigned long long ecid = client->device_info.ecid;

	if (check_context(client) == IRECV_E_SUCCESS) {
		irecv_close(client);
	}

	if (initial_pause > 0) {
		debug("Waiting %d seconds for the device to pop up...\n", initial_pause);
		sleep(initial_pause);
	}
	
	error = irecv_open_with_ecid_and_attempts(&new_client, ecid, 10);
	if(error != IRECV_E_SUCCESS) {
		return NULL;
	}

	new_client->progress_callback = progress_callback;
	new_client->received_callback = received_callback;
	new_client->connected_callback = connected_callback;
	new_client->precommand_callback = precommand_callback;
	new_client->postcommand_callback = postcommand_callback;
	new_client->disconnected_callback = disconnected_callback;

	if (new_client->connected_callback != NULL) {
		irecv_event_t event;
		event.size = 0;
		event.data = NULL;
		event.progress = 0;
		event.type = IRECV_CONNECTED;
		new_client->connected_callback(new_client, &event);
	}

	return new_client;
#endif
}