/*
 * irecovery.c
 * Software frontend for iBoot/iBSS communication with iOS devices
 *
 * Copyright (c) 2012-2020 Nikias Bassen <nikias@gmx.li>
 * Copyright (c) 2012-2015 Martin Szulecki <martin.szulecki@libimobiledevice.org>
 * Copyright (c) 2010-2011 Chronic-Dev Team
 * Copyright (c) 2010-2011 Joshua Hill
 * Copyright (c) 2008-2011 Nicolas Haunold
 *
 * All rights reserved. This program and the accompanying materials
 * are made available under the terms of the GNU Lesser General Public License
 * (LGPL) version 2.1 which accompanies this distribution, and is available at
 * http://www.gnu.org/licenses/lgpl-2.1.html
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * Lesser General Public License for more details.
 */

#ifdef HAVE_CONFIG_H
#include "config.h"
#endif

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <inttypes.h>
#include <libirecovery.h>
#include <readline/readline.h>
#include <readline/history.h>

#ifdef WIN32
#include <windows.h>
#ifndef sleep
#define sleep(n) Sleep(1000 * n)
#endif
#endif

#define FILE_HISTORY_PATH ".irecovery"
#define debug(...) if(verbose) fprintf(stderr, __VA_ARGS__)

enum {
	kResetDevice,
	kStartShell,
	kSendCommand,
	kSendFile,
	kSendExploit,
	kSendScript,
	kShowMode,
	kRebootToNormalMode,
	kQueryInfo
};

static unsigned int quit = 0;
static unsigned int verbose = 0;

void print_progress_bar(double progress);
int received_cb(irecv_client_t client, const irecv_event_t* event);
int progress_cb(irecv_client_t client, const irecv_event_t* event);
int precommand_cb(irecv_client_t client, const irecv_event_t* event);
int postcommand_cb(irecv_client_t client, const irecv_event_t* event);

static void shell_usage() {
	printf("Usage:\n");
	printf("  /upload FILE\t\tsend FILE to device\n");
	printf("  /limera1n [FILE]\trun limera1n exploit and send optional payload from FILE\n");
	printf("  /deviceinfo\t\tprint device information (ECID, IMEI, etc.)\n");
	printf("  /help\t\t\tshow this help\n");
	printf("  /exit\t\t\texit interactive shell\n");
}

static const char* mode_to_str(int mode) {
	switch (mode) {
		case IRECV_K_RECOVERY_MODE_1:
		case IRECV_K_RECOVERY_MODE_2:
		case IRECV_K_RECOVERY_MODE_3:
		case IRECV_K_RECOVERY_MODE_4:
			return "Recovery";
			break;
		case IRECV_K_DFU_MODE:
			return "DFU";
			break;
		case IRECV_K_WTF_MODE:
			return "WTF";
			break;
		default:
			return "Unknown";
			break;
	}
}

static void buffer_read_from_filename(const char *filename, char **buffer, uint64_t *length) {
	FILE *f;
	uint64_t size;

	*length = 0;

	f = fopen(filename, "rb");
	if (!f) {
		return;
	}

	fseek(f, 0, SEEK_END);
	size = ftell(f);
	rewind(f);

	if (size == 0) {
		fclose(f);
		return;
	}

	*buffer = (char*)malloc(sizeof(char)*(size+1));
	fread(*buffer, sizeof(char), size, f);
	fclose(f);

	*length = size;
}

static void print_hex(unsigned char *buf, size_t len)
{
	size_t i;
	for (i = 0; i < len; i++) {
		printf("%02x", buf[i]);
	}
}

static void print_device_info(irecv_client_t client)
{
	int ret, mode;
	const struct irecv_device_info *devinfo = irecv_get_device_info(client);
	if (devinfo) {
		printf("CPID: 0x%04x\n", devinfo->cpid);
		printf("CPRV: 0x%02x\n", devinfo->cprv);
		printf("BDID: 0x%02x\n", devinfo->bdid);
		printf("ECID: 0x%016" PRIx64 "\n", devinfo->ecid);
		printf("CPFM: 0x%02x\n", devinfo->cpfm);
		printf("SCEP: 0x%02x\n", devinfo->scep);
		printf("IBFL: 0x%02x\n", devinfo->ibfl);
		printf("SRTG: %s\n", (devinfo->srtg) ? devinfo->srtg : "N/A");
		printf("SRNM: %s\n", (devinfo->srnm) ? devinfo->srnm : "N/A");
		printf("IMEI: %s\n", (devinfo->imei) ? devinfo->imei : "N/A");
		printf("NONC: ");
		if (devinfo->ap_nonce) {
			print_hex(devinfo->ap_nonce, devinfo->ap_nonce_size);
		} else {
			printf("N/A");
		}
		printf("\n");
		printf("SNON: ");
		if (devinfo->sep_nonce) {
			print_hex(devinfo->sep_nonce, devinfo->sep_nonce_size);
		} else {
			printf("N/A");
		}
		printf("\n");
		char* p = strstr(devinfo->serial_string, "PWND:[");
		if (p) {
			p+=6;
			char* pend = strchr(p, ']');
			if (pend) {
				printf("PWND: %.*s\n", (int)(pend-p), p);
			}
		}
	} else {
		printf("Could not get device info?!\n");
	}

	ret = irecv_get_mode(client, &mode);
	if (ret == IRECV_E_SUCCESS) {
		printf("MODE: %s\n", mode_to_str(mode));
	}
}

static void parse_command(irecv_client_t client, unsigned char* command, unsigned int size) {
	char* cmd = strdup((char*)command);
	char* action = strtok(cmd, " ");

	if (!strcmp(cmd, "/exit")) {
		quit = 1;
	} else if (!strcmp(cmd, "/help")) {
		shell_usage();
	} else if (!strcmp(cmd, "/upload")) {
		char* filename = strtok(NULL, " ");
		debug("Uploading file %s\n", filename);
		if (filename != NULL) {
			irecv_send_file(client, filename, 0);
		}
	} else if (!strcmp(cmd, "/deviceinfo")) {
		print_device_info(client);
	} else if (!strcmp(cmd, "/limera1n")) {
		char* filename = strtok(NULL, " ");
		debug("Sending limera1n payload %s\n", filename);
		if (filename != NULL) {
			irecv_send_file(client, filename, 0);
		}
		irecv_trigger_limera1n_exploit(client);
	} else if (!strcmp(cmd, "/execute")) {
		char* filename = strtok(NULL, " ");
		debug("Executing script %s\n", filename);
		if (filename != NULL) {
			char* buffer = NULL;
			uint64_t buffer_length = 0;
			buffer_read_from_filename(filename, &buffer, &buffer_length);
			if (buffer) {
				buffer[buffer_length] = '\0';
				irecv_execute_script(client, buffer);
				free(buffer);
			} else {
				printf("Could not read file '%s'\n", filename);
			}
		}
	} else {
		printf("Unsupported command %s. Use /help to get a list of available commands.\n", cmd);
	}

	free(action);
}

static void load_command_history() {
	read_history(FILE_HISTORY_PATH);
}

static void append_command_to_history(char* cmd) {
	add_history(cmd);
	write_history(FILE_HISTORY_PATH);
}

static void init_shell(irecv_client_t client) {
	irecv_error_t error = 0;
	load_command_history();
	irecv_event_subscribe(client, IRECV_PROGRESS, &progress_cb, NULL);
	irecv_event_subscribe(client, IRECV_RECEIVED, &received_cb, NULL);
	irecv_event_subscribe(client, IRECV_PRECOMMAND, &precommand_cb, NULL);
	irecv_event_subscribe(client, IRECV_POSTCOMMAND, &postcommand_cb, NULL);
	while (!quit) {
		error = irecv_receive(client);
		if (error != IRECV_E_SUCCESS) {
			debug("%s\n", irecv_strerror(error));
			break;
		}

		char* cmd = readline("> ");
		if (cmd && *cmd) {
			error = irecv_send_command(client, cmd);
			if (error != IRECV_E_SUCCESS) {
				quit = 1;
			}

			append_command_to_history(cmd);
			free(cmd);
		}
	}
}

int received_cb(irecv_client_t client, const irecv_event_t* event) {
	if (event->type == IRECV_RECEIVED) {
		int i = 0;
		int size = event->size;
		const char* data = event->data;
		for (i = 0; i < size; i++) {
			printf("%c", data[i]);
		}
	}

	return 0;
}

int precommand_cb(irecv_client_t client, const irecv_event_t* event) {
	if (event->type == IRECV_PRECOMMAND) {
		if (event->data[0] == '/') {
			parse_command(client, (unsigned char*)event->data, event->size);
			return -1;
		}
	}

	return 0;
}

int postcommand_cb(irecv_client_t client, const irecv_event_t* event) {
	char* value = NULL;
	char* action = NULL;
	char* command = NULL;
	char* argument = NULL;
	irecv_error_t error = IRECV_E_SUCCESS;

	if (event->type == IRECV_POSTCOMMAND) {
		command = strdup(event->data);
		action = strtok(command, " ");
		if (!strcmp(action, "getenv")) {
			argument = strtok(NULL, " ");
			error = irecv_getenv(client, argument, &value);
			if (error != IRECV_E_SUCCESS) {
				debug("%s\n", irecv_strerror(error));
				free(command);
				return error;
			}
			printf("%s\n", value);
			free(value);
		}

		if (!strcmp(action, "reboot")) {
			quit = 1;
		}
	}

	free(command);

	return 0;
}

int progress_cb(irecv_client_t client, const irecv_event_t* event) {
	if (event->type == IRECV_PROGRESS) {
		print_progress_bar(event->progress);
	}

	return 0;
}

void print_progress_bar(double progress) {
	int i = 0;

	if(progress < 0) {
		return;
	}

	if(progress > 100) {
		progress = 100;
	}

	printf("\r[");

	for(i = 0; i < 50; i++) {
		if(i < progress / 2) {
			printf("=");
		} else {
			printf(" ");
		}
	}

	printf("] %3.1f%%", progress);

	fflush(stdout);

	if(progress == 100) {
		printf("\n");
	}
}

static void print_usage(int argc, char **argv) {
	char *name = NULL;
	name = strrchr(argv[0], '/');
	printf("Usage: %s [OPTIONS]\n", (name ? name + 1: argv[0]));
	printf("\n");
	printf("Interact with an iOS device in DFU or recovery mode.\n");
	printf("\n");
	printf("OPTIONS:\n");
	printf("  -i ECID\tconnect to specific device by its ECID\n");
	printf("  -c CMD\trun CMD on device\n");
	printf("  -m\t\tprint current device mode\n");
	printf("  -f FILE\tsend file to device\n");
	printf("  -k FILE\tsend limera1n usb exploit payload from FILE\n");
	printf("  -r\t\treset client\n");
	printf("  -n\t\treboot device into normal mode (exit recovery loop)\n");
	printf("  -e FILE\texecutes recovery script from FILE\n");
	printf("  -s\t\tstart an interactive shell\n");
	printf("  -q\t\tquery device info\n");
	printf("  -v\t\tenable verbose output, repeat for higher verbosity\n");
	printf("  -h\t\tprints this usage information\n");
	printf("\n");
	printf("Homepage:    <" PACKAGE_URL ">\n");
	printf("Bug Reports: <" PACKAGE_BUGREPORT ">\n");
}

int main(int argc, char* argv[]) {
	int i = 0;
	int opt = 0;
	int action = 0;
	unsigned long long ecid = 0;
	int mode = -1;
	char* argument = NULL;
	irecv_error_t error = 0;

	char* buffer = NULL;
	uint64_t buffer_length = 0;

	if (argc == 1) {
		print_usage(argc, argv);
		return 0;
	}

	while ((opt = getopt(argc, argv, "i:vhrsmnc:f:e:k::q")) > 0) {
		switch (opt) {
			case 'i':
				if (optarg) {
					char* tail = NULL;
					ecid = strtoull(optarg, &tail, 0);
					if (tail && (tail[0] != '\0')) {
						ecid = 0;
					}
					if (ecid == 0) {
						fprintf(stderr, "ERROR: Could not parse ECID from argument '%s'\n", optarg);
						return -1;
					}
				}
				break;

			case 'v':
				verbose += 1;
				break;

			case 'h':
				print_usage(argc, argv);
				return 0;

			case 'm':
				action = kShowMode;
				break;

			case 'n':
				action = kRebootToNormalMode;
				break;

			case 'r':
				action = kResetDevice;
				break;

			case 's':
				action = kStartShell;
				break;

			case 'f':
				action = kSendFile;
				argument = optarg;
				break;

			case 'c':
				action = kSendCommand;
				argument = optarg;
				break;

			case 'k':
				action = kSendExploit;
				argument = optarg;
				break;

			case 'e':
				action = kSendScript;
				argument = optarg;
				break;

			case 'q':
				action = kQueryInfo;
				break;

			default:
				fprintf(stderr, "Unknown argument\n");
				return -1;
		}
	}

	if (verbose)
		irecv_set_debug_level(verbose);

	irecv_client_t client = NULL;
	for (i = 0; i <= 5; i++) {
		debug("Attempting to connect... \n");

		irecv_error_t err = irecv_open_with_ecid(&client, ecid);
		if (err == IRECV_E_UNSUPPORTED) {
			fprintf(stderr, "ERROR: %s\n", irecv_strerror(err));
			return -1;
		}
		else if (err != IRECV_E_SUCCESS)
			sleep(1);
		else
			break;

		if (i == 5) {
			fprintf(stderr, "ERROR: %s\n", irecv_strerror(err));
			return -1;
		}
	}

	irecv_device_t device = NULL;
	irecv_devices_get_device_by_client(client, &device);
	if (device)
		debug("Connected to %s, model %s, cpid 0x%04x, bdid 0x%02x\n", device->product_type, device->hardware_model, device->chip_id, device->board_id);

	switch (action) {
		case kResetDevice:
			irecv_reset(client);
			break;

		case kSendFile:
			irecv_event_subscribe(client, IRECV_PROGRESS, &progress_cb, NULL);
			error = irecv_send_file(client, argument, 1);
			debug("%s\n", irecv_strerror(error));
			break;

		case kSendCommand:
			error = irecv_send_command(client, argument);
			debug("%s\n", irecv_strerror(error));
			break;

		case kSendExploit:
			if (argument != NULL) {
				irecv_event_subscribe(client, IRECV_PROGRESS, &progress_cb, NULL);
				error = irecv_send_file(client, argument, 0);
				if (error != IRECV_E_SUCCESS) {
					debug("%s\n", irecv_strerror(error));
					break;
				}
			}
			error = irecv_trigger_limera1n_exploit(client);
			debug("%s\n", irecv_strerror(error));
			break;

		case kStartShell:
			init_shell(client);
			break;

		case kSendScript:
			buffer_read_from_filename(argument, &buffer, &buffer_length);
			if (buffer) {
				buffer[buffer_length] = '\0';

				error = irecv_execute_script(client, buffer);
				if(error != IRECV_E_SUCCESS) {
					debug("%s\n", irecv_strerror(error));
				}

				free(buffer);
			} else {
				fprintf(stderr, "Could not read file '%s'\n", argument);
			}
			break;

		case kShowMode:
			irecv_get_mode(client, &mode);
			printf("%s Mode\n", mode_to_str(mode));
			break;

		case kRebootToNormalMode:
			error = irecv_setenv(client, "auto-boot", "true");
			if (error != IRECV_E_SUCCESS) {
				debug("%s\n", irecv_strerror(error));
				break;
			}

			error = irecv_saveenv(client);
			if (error != IRECV_E_SUCCESS) {
				debug("%s\n", irecv_strerror(error));
				break;
			}

			error = irecv_reboot(client);
			if (error != IRECV_E_SUCCESS) {
				debug("%s\n", irecv_strerror(error));
			} else {
				debug("%s\n", irecv_strerror(error));
			}
			break;

		case kQueryInfo:
			print_device_info(client);
			break;

		default:
			fprintf(stderr, "Unknown action\n");
			break;
	}

	irecv_close(client);

	return 0;
}