Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Submodule for ssh_rd

OS X build
  • Loading branch information...
commit 1bf8f5b53e2fd88b1a32082c040e2a091c5d2d5a 1 parent 6ef3cea
@msftguy authored
View
6 .gitignore
@@ -26,9 +26,9 @@ ipch/*
*.payload
# Binaries (OS X, Unix)
-/injectpois0n
-/tetheredboot
-/loadibec
+utilities/injectpois0n
+utilities/tetheredboot
+utilities/loadibec
.DS_Store
# Binaries (Win32 mingw)
View
60 _ide/msvc/syringe.vcxproj
@@ -1,22 +1,22 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
- <ProjectConfiguration Include="Debug-Dynlink|Win32">
- <Configuration>Debug-Dynlink</Configuration>
- <Platform>Win32</Platform>
- </ProjectConfiguration>
<ProjectConfiguration Include="Debug|Win32">
<Configuration>Debug</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
- <ProjectConfiguration Include="Release-Dynlink|Win32">
- <Configuration>Release-Dynlink</Configuration>
- <Platform>Win32</Platform>
+ <ProjectConfiguration Include="Debug|x64">
+ <Configuration>Debug</Configuration>
+ <Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
+ <ProjectConfiguration Include="Release|x64">
+ <Configuration>Release</Configuration>
+ <Platform>x64</Platform>
+ </ProjectConfiguration>
</ItemGroup>
<ItemGroup>
<ClInclude Include="..\..\include\common.h" />
@@ -48,8 +48,8 @@
<UseDebugLibraries>true</UseDebugLibraries>
<CharacterSet>MultiByte</CharacterSet>
</PropertyGroup>
- <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug-Dynlink|Win32'" Label="Configuration">
- <ConfigurationType>DynamicLibrary</ConfigurationType>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+ <ConfigurationType>StaticLibrary</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<CharacterSet>MultiByte</CharacterSet>
</PropertyGroup>
@@ -59,8 +59,8 @@
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
</PropertyGroup>
- <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release-Dynlink|Win32'" Label="Configuration">
- <ConfigurationType>DynamicLibrary</ConfigurationType>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+ <ConfigurationType>StaticLibrary</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
@@ -71,13 +71,13 @@
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
- <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug-Dynlink|Win32'" Label="PropertySheets">
+ <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
- <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release-Dynlink|Win32'" Label="PropertySheets">
+ <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<PropertyGroup Label="UserMacros" />
@@ -88,7 +88,7 @@
<AdditionalIncludeDirectories>../../include;../../include/resources;../../include/Win32;../../external/Win32;../../external/curl/include;../../external/zlib;$(ProjectDir)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
<CompileAs>CompileAsCpp</CompileAs>
- <PreprocessorDefinitions>CURL_STATICLIB=1;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <PreprocessorDefinitions>NO_PAYLOADS=1;CURL_STATICLIB=1;%(PreprocessorDefinitions)</PreprocessorDefinitions>
</ClCompile>
<Link>
<GenerateDebugInformation>true</GenerateDebugInformation>
@@ -101,18 +101,19 @@
<LinkLibraryDependencies>true</LinkLibraryDependencies>
</ProjectReference>
<Lib>
- <AdditionalDependencies>curl.lib;zlib.lib;ws2_32.lib</AdditionalDependencies>
+ <AdditionalDependencies>
+ </AdditionalDependencies>
<AdditionalLibraryDirectories>$(TargetDir);</AdditionalLibraryDirectories>
</Lib>
</ItemDefinitionGroup>
- <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug-Dynlink|Win32'">
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<ClCompile>
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<AdditionalIncludeDirectories>../../include;../../include/resources;../../include/Win32;../../external/Win32;../../external/curl/include;../../external/zlib;$(ProjectDir)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
<CompileAs>CompileAsCpp</CompileAs>
- <PreprocessorDefinitions>CURL_STATICLIB=1;LIBSYRINGE_DYNAMIC=1;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <PreprocessorDefinitions>NO_PAYLOADS=1;CURL_STATICLIB=1;%(PreprocessorDefinitions)</PreprocessorDefinitions>
</ClCompile>
<Link>
<GenerateDebugInformation>true</GenerateDebugInformation>
@@ -121,6 +122,14 @@
<ModuleDefinitionFile>
</ModuleDefinitionFile>
</Link>
+ <ProjectReference>
+ <LinkLibraryDependencies>true</LinkLibraryDependencies>
+ </ProjectReference>
+ <Lib>
+ <AdditionalDependencies>
+ </AdditionalDependencies>
+ <AdditionalLibraryDirectories>$(TargetDir);</AdditionalLibraryDirectories>
+ </Lib>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<ClCompile>
@@ -131,7 +140,7 @@
<AdditionalIncludeDirectories>../../include;../../include/resources;../../include/Win32;../../external/Win32;../../external/curl/include;../../external/zlib;$(ProjectDir)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<CompileAs>CompileAsCpp</CompileAs>
- <PreprocessorDefinitions>CURL_STATICLIB=1;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <PreprocessorDefinitions>NO_PAYLOADS=1;CURL_STATICLIB=1;%(PreprocessorDefinitions)</PreprocessorDefinitions>
</ClCompile>
<Link>
<GenerateDebugInformation>true</GenerateDebugInformation>
@@ -146,11 +155,12 @@
<LinkLibraryDependencies>true</LinkLibraryDependencies>
</ProjectReference>
<Lib>
- <AdditionalDependencies>curl.lib;zlib.lib;ws2_32.lib</AdditionalDependencies>
+ <AdditionalDependencies>
+ </AdditionalDependencies>
<AdditionalLibraryDirectories>$(TargetDir);</AdditionalLibraryDirectories>
</Lib>
</ItemDefinitionGroup>
- <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release-Dynlink|Win32'">
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<ClCompile>
<WarningLevel>Level3</WarningLevel>
<Optimization>MaxSpeed</Optimization>
@@ -159,7 +169,7 @@
<AdditionalIncludeDirectories>../../include;../../include/resources;../../include/Win32;../../external/Win32;../../external/curl/include;../../external/zlib;$(ProjectDir)</AdditionalIncludeDirectories>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<CompileAs>CompileAsCpp</CompileAs>
- <PreprocessorDefinitions>CURL_STATICLIB=1;LIBSYRINGE_DYNAMIC=1;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <PreprocessorDefinitions>NO_PAYLOADS=1;CURL_STATICLIB=1;%(PreprocessorDefinitions)</PreprocessorDefinitions>
</ClCompile>
<Link>
<GenerateDebugInformation>true</GenerateDebugInformation>
@@ -170,6 +180,14 @@
<ModuleDefinitionFile>
</ModuleDefinitionFile>
</Link>
+ <ProjectReference>
+ <LinkLibraryDependencies>true</LinkLibraryDependencies>
+ </ProjectReference>
+ <Lib>
+ <AdditionalDependencies>
+ </AdditionalDependencies>
+ <AdditionalLibraryDirectories>$(TargetDir);</AdditionalLibraryDirectories>
+ </Lib>
</ItemDefinitionGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
View
2  edam.mk
@@ -281,7 +281,7 @@ endif
endif
%.o %_d.o %_p.o: %.c
- $(CC) -c $(CPPFLAGS) $(DEPFLAGS) $(CFLAGS) -o $@ $<
+ $(CC) -c $(CPPFLAGS) $(DEPFLAGS) $(CFLAGS) $(EXTRA_CFLAGS) -o $@ $<
%.o %_d.o %_p.o: %.cc
$(CXX) -c $(CPPFLAGS) $(DEPFLAGS) $(CXXFLAGS) -o $@ $<
View
4 include/common.h
@@ -59,8 +59,8 @@ extern "C" {
#define debug(...) if(libpois0n_debug) fprintf(stderr, __VA_ARGS__)
LIBSYRINGE_EXPORT int libpois0n_debug;
-LIBSYRINGE_EXPORT irecv_client_t client;
-LIBSYRINGE_EXPORT irecv_device_t device;
+LIBSYRINGE_EXPORT irecv_client_t g_syringe_client;
+LIBSYRINGE_EXPORT irecv_device_t g_syringe_device;
#ifdef __cplusplus
}
View
6 include/libirecovery.h
@@ -145,7 +145,7 @@ typedef int(*irecv_event_cb_t)(irecv_client_t client, const irecv_event_t* event
struct irecv_client {
int debug;
int config;
- int interface;
+ int main_interface;
int alt_interface;
unsigned short mode;
char serial[256];
@@ -207,7 +207,7 @@ LIBIRECOVERY_EXPORT const char* irecv_strerror(irecv_error_t error);
LIBIRECOVERY_EXPORT irecv_error_t irecv_open_attempts(irecv_client_t* pclient, int attempts);
LIBIRECOVERY_EXPORT irecv_error_t irecv_open(irecv_client_t* client);
LIBIRECOVERY_EXPORT irecv_error_t irecv_reset(irecv_client_t client);
-LIBIRECOVERY_EXPORT irecv_error_t irecv_close(irecv_client_t client);
+LIBIRECOVERY_EXPORT irecv_error_t irecv_close(irecv_client_t* client);
LIBIRECOVERY_EXPORT irecv_error_t irecv_receive(irecv_client_t client);
LIBIRECOVERY_EXPORT irecv_error_t irecv_send_exploit(irecv_client_t client);
LIBIRECOVERY_EXPORT irecv_error_t irecv_execute_script(irecv_client_t client, const char* filename);
@@ -224,7 +224,7 @@ LIBIRECOVERY_EXPORT irecv_error_t irecv_saveenv(irecv_client_t client);
LIBIRECOVERY_EXPORT irecv_error_t irecv_getret(irecv_client_t client, unsigned int* value);
LIBIRECOVERY_EXPORT irecv_error_t irecv_getenv(irecv_client_t client, const char* variable, char** value);
LIBIRECOVERY_EXPORT irecv_error_t irecv_setenv(irecv_client_t client, const char* variable, const char* value);
-LIBIRECOVERY_EXPORT irecv_error_t irecv_set_interface(irecv_client_t client, int interface, int alt_interface);
+LIBIRECOVERY_EXPORT irecv_error_t irecv_set_interface(irecv_client_t client, int main_interface, int alt_interface);
LIBIRECOVERY_EXPORT irecv_error_t irecv_get_cpid(irecv_client_t client, unsigned int* cpid);
LIBIRECOVERY_EXPORT irecv_error_t irecv_get_bdid(irecv_client_t client, unsigned int* bdid);
LIBIRECOVERY_EXPORT irecv_error_t irecv_get_ecid(irecv_client_t client, unsigned long long* ecid);
View
7 platform.mk
@@ -3,7 +3,12 @@ ifeq ($(UNAME),Darwin)
OS_SHARED_EXT = .dylib
OS_STATIC_EXT = .a
OS_EXEC_EXT =
+ # Universal bin (except PPC, cause XCode4 doesn't build that)
+ AR_RCS = libtool -static -o
+ EXTRA_CFLAGS = -force_cpusubtype_ALL -arch i386 -arch x86_64
+ # end Universal
LIBRARIES = $(COMMON_LIBRARIES) $(OSX_LIBRARIES)
+ PREBUILT_DIR := $(BASE_DIR)/external/Win32
else
ifeq ($(findstring MINGW,$(UNAME)),MINGW)
OS_SHARED_EXT = .dll
@@ -18,4 +23,4 @@ else
OS_EXEC_EXT =
LIBRARIES = $(COMMON_LIBRARIES) $(LINUX_LIBRARIES)
endif
-endif
+endif
View
2  syringe/Makefile
@@ -17,7 +17,7 @@ PREMADE_OBJECTS = exploits/limera1n.o exploits/steaks4uce.o
OSX_LIBRARIES = usb-1.0
COMMON_LIBRARIES = curl z
LDFLAGS = -L/opt/local/lib
-CFLAGS = -DCURL_STATICLIB=1
+CFLAGS = -DNO_PAYLOADS=1 -DCURL_STATICLIB=1
TARGET = syringe
View
4 syringe/common.c
@@ -21,5 +21,5 @@
#include "libirecovery.h"
int libpois0n_debug = 1;
-irecv_client_t client = NULL;
-irecv_device_t device = NULL;
+irecv_client_t g_syringe_client = NULL;
+irecv_device_t g_syringe_device = NULL;
View
1  syringe/exploits/limera1n/Makefile
@@ -5,6 +5,7 @@ SUBPROJS = payload
INCLUDES = ../../../include
SOURCES = limera1n.c
+CFLAGS = -DNO_PAYLOADS=1
NOLINK = 1
TARGET = limera1n
View
8 syringe/exploits/limera1n/limera1n.c
@@ -39,6 +39,8 @@ int limera1n_exploit() {
unsigned int shellcode_address = 0x84023001;
unsigned int shellcode_length = 0;
+ irecv_device_t device = g_syringe_device;
+ irecv_client_t client = g_syringe_client;
if (device->chip_id == 8930) {
max_size = 0x2C000;
@@ -56,7 +58,7 @@ int limera1n_exploit() {
memcpy(shellcode, limera1n_payload, sizeof(limera1n_payload));
debug("Resetting device counters\n");
- error = irecv_reset_counters(client);
+ error = irecv_reset_counters(g_syringe_client);
if (error != IRECV_E_SUCCESS) {
error("%s\n", irecv_strerror(error));
return -1;
@@ -95,8 +97,8 @@ int limera1n_exploit() {
debug("Exploit sent\n");
debug("Reconnecting to device\n");
- client = irecv_reconnect(client, 2);
- if (client == NULL) {
+ client = g_syringe_client = irecv_reconnect(client, 2);
+ if (g_syringe_client == NULL) {
debug("%s\n", irecv_strerror(error));
error("Unable to reconnect\n");
return -1;
View
1  syringe/exploits/steaks4uce/Makefile
@@ -5,6 +5,7 @@ SUBPROJS = payload
INCLUDES = ../../../include
SOURCES = steaks4uce.c
+CFLAGS = -DNO_PAYLOADS=1
NOLINK = 1
TARGET = IGNORED
View
7 syringe/exploits/steaks4uce/steaks4uce.c
@@ -53,6 +53,9 @@ int steaks4uce_exploit() {
0xfc, 0xd7, 0x02, 0x22, // 0x34: BK : exception_irq() LR in stack
};
+
+ irecv_client_t client = g_syringe_client;
+
info("Executing steaks4uce exploit ...\n");
debug("Reseting usb counters.\n");
ret = irecv_control_transfer(client, 0x21, 4, 0, 0, 0, 0, 1000);
@@ -104,8 +107,8 @@ int steaks4uce_exploit() {
info("steaks4uce sent & executed successfully.\n");
debug("Reconnecting to device\n");
- client = irecv_reconnect(client, 2);
- if (client == NULL) {
+ client = g_syringe_client = irecv_reconnect(client, 2);
+ if (g_syringe_client == NULL) {
debug("%s\n", irecv_strerror(error));
error("Unable to reconnect\n");
return -1;
View
45 syringe/libirecovery.c
@@ -48,7 +48,7 @@ int irecv_write_file(const char* filename, const void* data, size_t size);
int irecv_read_file(const char* filename, char** data, uint32_t* size);
#undef debug
-#define debug(...) if(libirecovery_debug) fprintf(stderr, __VA_ARGS__)
+#define debug(...) if(libirecovery_debug) {fprintf(stderr, __VA_ARGS__); fflush(stderr);}
#ifdef _WIN32
static const GUID GUID_DEVINTERFACE_IBOOT = {0xED82A167L, 0xD61A, 0x4AF6, {0x9A, 0xB6, 0x11, 0xE5, 0x22, 0x36, 0xC5, 0x76}};
@@ -90,7 +90,7 @@ irecv_error_t mobiledevice_connect(irecv_client_t* client) {
details = (PSP_DEVICE_INTERFACE_DETAIL_DATA) malloc(requiredSize);
details->cbSize = sizeof(SP_DEVICE_INTERFACE_DETAIL_DATA);
if(!SetupDiGetDeviceInterfaceDetail(usbDevices, &currentInterface, details, requiredSize, NULL, NULL)) {
- irecv_close(_client);
+ irecv_close(&_client);
free(details);
SetupDiDestroyDeviceInfoList(usbDevices);
return IRECV_E_UNABLE_TO_CONNECT;
@@ -114,7 +114,7 @@ irecv_error_t mobiledevice_connect(irecv_client_t* client) {
// Get iBoot path
usbDevices = SetupDiGetClassDevs(&GUID_DEVINTERFACE_IBOOT, NULL, NULL, DIGCF_PRESENT | DIGCF_DEVICEINTERFACE);
if(!usbDevices) {
- irecv_close(_client);
+ irecv_close(&_client);
return IRECV_E_UNABLE_TO_CONNECT;
}
currentInterface.cbSize = sizeof(SP_DEVICE_INTERFACE_DATA);
@@ -125,7 +125,7 @@ irecv_error_t mobiledevice_connect(irecv_client_t* client) {
details = (PSP_DEVICE_INTERFACE_DETAIL_DATA) malloc(requiredSize);
details->cbSize = sizeof(SP_DEVICE_INTERFACE_DETAIL_DATA);
if(!SetupDiGetDeviceInterfaceDetail(usbDevices, &currentInterface, details, requiredSize, NULL, NULL)) {
- irecv_close(_client);
+ irecv_close(&_client);
free(details);
SetupDiDestroyDeviceInfoList(usbDevices);
return IRECV_E_UNABLE_TO_CONNECT;
@@ -156,11 +156,11 @@ irecv_error_t mobiledevice_connect(irecv_client_t* client) {
irecv_error_t mobiledevice_openpipes(irecv_client_t client) {
if (client->iBootPath && !(client->hIB = CreateFile(client->iBootPath, GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, FILE_FLAG_OVERLAPPED, NULL))) {
- irecv_close(client);
+ irecv_close(&client);
return IRECV_E_UNABLE_TO_CONNECT;
}
if (client->DfuPath && !(client->hDFU = CreateFile(client->DfuPath, GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, FILE_FLAG_OVERLAPPED, NULL))) {
- irecv_close(client);
+ irecv_close(&client);
return IRECV_E_UNABLE_TO_CONNECT;
}
@@ -342,7 +342,7 @@ int irecv_get_string_descriptor_ascii(irecv_client_t client, uint8_t desc_index,
#endif
}
-irecv_error_t irecv_open(irecv_client_t* pclient) {
+irecv_error_t irecv_open(irecv_client_t* pClient) {
#ifndef _WIN32
int i = 0;
struct libusb_device* usb_device = NULL;
@@ -350,7 +350,7 @@ irecv_error_t irecv_open(irecv_client_t* pclient) {
struct libusb_device_handle* usb_handle = NULL;
struct libusb_device_descriptor usb_descriptor;
- *pclient = NULL;
+ *pClient = NULL;
if(libirecovery_debug) {
irecv_set_debug_level(libirecovery_debug);
}
@@ -387,7 +387,7 @@ irecv_error_t irecv_open(irecv_client_t* pclient) {
}
memset(client, '\0', sizeof(struct irecv_client));
- client->interface = 0;
+ client->main_interface = 0;
client->handle = usb_handle;
client->mode = usb_descriptor.idProduct;
if (client->mode != kDfuMode) {
@@ -405,7 +405,7 @@ irecv_error_t irecv_open(irecv_client_t* pclient) {
/* cache usb serial */
irecv_get_string_descriptor_ascii(client, usb_descriptor.iSerialNumber, (unsigned char*) client->serial, 255);
- *pclient = client;
+ *pClient = client;
return IRECV_E_SUCCESS;
}
}
@@ -413,9 +413,9 @@ irecv_error_t irecv_open(irecv_client_t* pclient) {
return IRECV_E_UNABLE_TO_CONNECT;
#else
- irecv_error_t ret = mobiledevice_connect(pclient);
+ irecv_error_t ret = mobiledevice_connect(pClient);
if (ret == IRECV_E_SUCCESS) {
- irecv_get_string_descriptor_ascii(*pclient, 3, (unsigned char*) (*pclient)->serial, 255);
+ irecv_get_string_descriptor_ascii(*pClient, 3, (unsigned char*) (*pClient)->serial, 255);
}
return ret;
#endif
@@ -441,22 +441,22 @@ irecv_error_t irecv_set_configuration(irecv_client_t client, int configuration)
return IRECV_E_SUCCESS;
}
-irecv_error_t irecv_set_interface(irecv_client_t client, int interface, int alt_interface) {
+irecv_error_t irecv_set_interface(irecv_client_t client, int main_interface, int alt_interface) {
if (check_context(client) != IRECV_E_SUCCESS) return IRECV_E_NO_DEVICE;
#ifndef _WIN32
- libusb_release_interface(client->handle, client->interface);
+ libusb_release_interface(client->handle, client->main_interface);
- debug("Setting to interface %d:%d\n", interface, alt_interface);
- if (libusb_claim_interface(client->handle, interface) < 0) {
+ debug("Setting to interface %d:%d\n", main_interface, alt_interface);
+ if (libusb_claim_interface(client->handle, main_interface) < 0) {
return IRECV_E_USB_INTERFACE;
}
- if (libusb_set_interface_alt_setting(client->handle, interface, alt_interface) < 0) {
+ if (libusb_set_interface_alt_setting(client->handle, main_interface, alt_interface) < 0) {
return IRECV_E_USB_INTERFACE;
}
- client->interface = interface;
+ client->main_interface = main_interface;
client->alt_interface = alt_interface;
#endif
@@ -552,7 +552,8 @@ irecv_error_t irecv_event_unsubscribe(irecv_client_t client, irecv_event_type ty
return IRECV_E_SUCCESS;
}
-irecv_error_t irecv_close(irecv_client_t client) {
+irecv_error_t irecv_close(irecv_client_t* pClient) {
+ irecv_client_t client = *pClient;
if (client != NULL) {
if(client->disconnected_callback != NULL) {
irecv_event_t event;
@@ -565,7 +566,7 @@ irecv_error_t irecv_close(irecv_client_t client) {
#ifndef _WIN32
if (client->handle != NULL) {
if (client->mode != kDfuMode) {
- libusb_release_interface(client->handle, client->interface);
+ libusb_release_interface(client->handle, client->main_interface);
}
libusb_close(client->handle);
client->handle = NULL;
@@ -582,7 +583,7 @@ irecv_error_t irecv_close(irecv_client_t client) {
mobiledevice_closepipes(client);
#endif
free(client);
- client = NULL;
+ *pClient = NULL;
}
return IRECV_E_SUCCESS;
@@ -1221,7 +1222,7 @@ irecv_client_t irecv_reconnect(irecv_client_t client, int initial_pause) {
irecv_event_cb_t progress_callback = client->progress_callback;
if (check_context(client) == IRECV_E_SUCCESS) {
- irecv_close(client);
+ irecv_close(&client);
}
if (initial_pause > 0) {
View
82 syringe/libpois0n.c
@@ -27,9 +27,12 @@
#include "libirecovery.h"
#include "common.h"
-#include "ramdisk.h"
#include "exploits.h"
+
+#ifndef NO_PAYLOADS
+#include "ramdisk.h"
#include "payloads.h"
+#endif //NO_PAYLOADS
#define LIMERA1N
#define STEAKS4UCE
@@ -39,17 +42,23 @@ static pois0n_callback progress_callback = NULL;
static void* user_object = NULL;
int recovery_callback(irecv_client_t client, const irecv_event_t* event) {
- progress_callback(event->progress, user_object);
+ if (progress_callback != NULL) {
+ progress_callback(event->progress, user_object);
+ }
return 0;
}
void download_callback(ZipInfo* info, CDFile* file, size_t progress) {
- progress_callback(progress, user_object);
+ if (progress_callback != NULL) {
+ progress_callback(progress, user_object);
+ }
}
int send_command(char* command) {
unsigned int ret = 0;
irecv_error_t error = IRECV_E_SUCCESS;
+ irecv_client_t client = g_syringe_client;
+
error = irecv_send_command(client, command);
if (error != IRECV_E_SUCCESS) {
printf("Unable to send command\n");
@@ -67,6 +76,7 @@ int send_command(char* command) {
int fetch_image(const char* path, const char* output) {
debug("Fetching %s...\n", path);
+ irecv_device_t device = g_syringe_device;
if (download_file_from_zip(device->url, path, output, &download_callback)
!= 0) {
error("Unable to fetch %s\n", path);
@@ -80,6 +90,8 @@ int fetch_dfu_image(const char* type, const char* output) {
char name[64];
char path[255];
+ irecv_device_t device = g_syringe_device;
+
memset(name, '\0', 64);
memset(path, '\0', 255);
snprintf(name, 63, "%s.%s.RELEASE.dfu", type, device->model);
@@ -98,6 +110,8 @@ int fetch_firmware_image(const char* type, const char* output) {
char name[64];
char path[255];
+ irecv_device_t device = g_syringe_device;
+
memset(name, '\0', 64);
memset(path, '\0', 255);
snprintf(name, 63, "%s.%s.img3", type, device->model);
@@ -115,6 +129,8 @@ int upload_dfu_image(const char* type) {
char image[255];
struct stat buf;
irecv_error_t error = IRECV_E_SUCCESS;
+ irecv_device_t device = g_syringe_device;
+ irecv_client_t client = g_syringe_client;
memset(image, '\0', 255);
snprintf(image, 254, "%s.%s", type, device->model);
@@ -149,6 +165,8 @@ int upload_firmware_image(const char* type) {
char image[255];
struct stat buf;
irecv_error_t error = IRECV_E_SUCCESS;
+ irecv_device_t device = g_syringe_device;
+ irecv_client_t client = g_syringe_client;
memset(image, '\0', 255);
snprintf(image, 254, "%s.%s", type, device->model);
@@ -179,11 +197,16 @@ int upload_firmware_image(const char* type) {
return 0;
}
+#ifndef NO_PAYLOADS
+
int upload_firmware_payload(const char* type) {
int size = 0;
const unsigned char* payload = NULL;
irecv_error_t error = IRECV_E_SUCCESS;
+ irecv_device_t device = g_syringe_device;
+ irecv_client_t client = g_syringe_client;
+
switch (device->index) {
case DEVICE_APPLETV2:
if (!strcmp(type, "iBSS")) {
@@ -349,6 +372,8 @@ int upload_firmware_payload(const char* type) {
return 0;
}
+#endif //NO_PAYLOADS
+
int upload_ibss() {
if (upload_dfu_image("iBSS") < 0) {
error("Unable upload iBSS\n");
@@ -372,21 +397,24 @@ int upload_devicetree() {
}
return 0;
}
-
+#ifndef NO_PAYLOADS
int upload_ramdisk() {
- if (irecv_send_buffer(client, (unsigned char*) ramdisk, sizeof(ramdisk), 0)
+ if (irecv_send_buffer(g_syringe_client, (unsigned char*) ramdisk, sizeof(ramdisk), 0)
< 0) {
error("Unable upload ramdisk\n");
return -1;
}
return 0;
}
+#endif //NO_PAYLOADS
int upload_kernelcache() {
struct stat buf;
char kernelcache[255];
irecv_error_t error = IRECV_E_SUCCESS;
-
+ irecv_device_t device = g_syringe_device;
+ irecv_client_t client = g_syringe_client;
+
memset(kernelcache, '\0', 255);
memset(&buf, '\0', sizeof(buf));
snprintf(kernelcache, 254, "kernelcache.release.%c%c%c", device->model[0], device->model[1], device->model[2]);
@@ -416,6 +444,8 @@ int upload_kernelcache() {
return 0;
}
+#ifndef NO_PAYLOADS
+
int upload_ibss_payload() {
if (upload_firmware_payload("iBSS") < 0) {
error("Unable to upload iBSS payload\n");
@@ -434,6 +464,7 @@ int upload_ibec_payload() {
int boot_ramdisk() {
irecv_error_t error = IRECV_E_SUCCESS;
+ irecv_client_t client = g_syringe_client;
// Add an exception for this since it's very different
debug("Preparing to upload ramdisk\n");
@@ -474,6 +505,8 @@ int boot_ramdisk() {
int boot_tethered() {
irecv_error_t error = IRECV_E_SUCCESS;
+ irecv_device_t device = g_syringe_device;
+ irecv_client_t client = g_syringe_client;
debug("Initializing greenpois0n in iBoot\n");
irecv_send_command(client, "go");
@@ -545,6 +578,8 @@ int boot_tethered() {
int boot_iboot() {
irecv_error_t error = IRECV_E_SUCCESS;
+ irecv_device_t device = g_syringe_device;
+ irecv_client_t client = g_syringe_client;
debug("Loading iBoot\n");
if (device->chip_id == 8720) {
@@ -599,7 +634,7 @@ int boot_iboot() {
}
debug("Reconnecting to device\n");
- client = irecv_reconnect(client, 10);
+ client = g_syringe_client = irecv_reconnect(client, 10);
if (client == NULL) {
error("Unable to boot the device tethered\n");
return -1;
@@ -623,6 +658,7 @@ int execute_ibss_payload() {
//int i = 0;
char* bootargs = NULL;
irecv_error_t error = IRECV_E_SUCCESS;
+ irecv_client_t client = g_syringe_client;
debug("Initializing greenpois0n in iBSS\n");
irecv_send_command(client, "go");
@@ -669,6 +705,8 @@ int execute_ibss_payload() {
return 0;
}
+#endif //NO_PAYLOADS
+
void pois0n_init() {
irecv_init();
irecv_set_debug_level(libpois0n_debug);
@@ -691,15 +729,17 @@ void pois0n_set_callback(pois0n_callback callback, void* object) {
int pois0n_is_ready() {
irecv_error_t error = IRECV_E_SUCCESS;
-
+ irecv_client_t client = g_syringe_client;
+
//////////////////////////////////////
// Begin
// debug("Connecting to device\n");
- error = irecv_open(&client);
+ error = irecv_open(&g_syringe_client);
if (error != IRECV_E_SUCCESS) {
debug("Device must be in DFU mode to continue\n");
return -1;
}
+ client = g_syringe_client;
irecv_event_subscribe(client, IRECV_PROGRESS, &recovery_callback, NULL);
//////////////////////////////////////
@@ -707,7 +747,7 @@ int pois0n_is_ready() {
// debug("Checking the device mode\n");
if (client->mode != kDfuMode) {
error("Device must be in DFU mode to continue\n");
- irecv_close(client);
+ irecv_close(&g_syringe_client);
return -1;
}
@@ -717,9 +757,13 @@ int pois0n_is_ready() {
int pois0n_is_compatible() {
irecv_error_t error = IRECV_E_SUCCESS;
info("Checking if device is compatible with this jailbreak\n");
+ irecv_device_t device = g_syringe_device;
+ irecv_client_t client = g_syringe_client;
debug("Checking the device type\n");
- error = irecv_get_device(client, &device);
+ error = irecv_get_device(client, &g_syringe_device);
+ device = g_syringe_device;
+
if (device == NULL || device->index == DEVICE_UNKNOWN) {
error("Sorry device is not compatible with this jailbreak\n");
return -1;
@@ -743,11 +787,13 @@ int pois0n_is_compatible() {
void pois0n_exit() {
debug("Exiting libpois0n\n");
- irecv_close(client);
+ irecv_close(&g_syringe_client);
irecv_exit();
}
int pois0n_injectonly() {
+ irecv_device_t device = g_syringe_device;
+
//////////////////////////////////////
// Send exploit
if (device->chip_id == 8930) {
@@ -833,13 +879,19 @@ int pois0n_injectonly() {
return 0;
}
+#ifndef NO_PAYLOADS
+
int pois0n_inject() {
int result = 0;
+ irecv_client_t client = g_syringe_client;
+
result = pois0n_injectonly();
if (result < 0) {
error("DFU Exploit injection failed (%u)\n", result);
return result;
}
+ client = g_syringe_client;
+
//////////////////////////////////////
// Send iBSS
debug("Preparing to upload iBSS\n");
@@ -849,8 +901,8 @@ int pois0n_inject() {
}
debug("Reconnecting to device\n");
- client = irecv_reconnect(client, 10);
- if (client == NULL) {
+ client = g_syringe_client = irecv_reconnect(client, 10);
+ if (g_syringe_client == NULL) {
error("Unable to reconnect\n");
return -1;
}
@@ -869,3 +921,5 @@ int pois0n_inject() {
return 0;
}
+
+#endif //NO_PAYLOADS
View
2  utilities/Makefile
@@ -1,5 +1,5 @@
# /syringe/Makefile
-SUBPROJS = injectpois0n tetheredboot loadibec
+SUBPROJS = tetheredboot
include ../common.mk
View
24 utilities/loadibec.c
@@ -85,24 +85,24 @@ int main(int argc, char* argv[])
printf("Connecting to iDevice...\n");
- error = irecv_open_attempts(&client, 10);
+ error = irecv_open_attempts(&g_syringe_client, 10);
if(error != IRECV_E_SUCCESS)
{
fprintf(stderr, "Failed to connect to iBoot, error %d.\n", error);
return -error;
}
- if(irecv_get_cpid(client, &cpid) == IRECV_E_SUCCESS)
+ if(irecv_get_cpid(g_syringe_client, &cpid) == IRECV_E_SUCCESS)
{
if(cpid > 8900)
can_ra1n = 1;
}
- if(client->mode == kDfuMode && can_ra1n)
+ if(g_syringe_client->mode == kDfuMode && can_ra1n)
{
int ret;
printf("linera1n compatible device detected, injecting limera1n.\n");
- irecv_close(client);
+ irecv_close(&g_syringe_client);
irecv_exit();
pois0n_init();
@@ -117,13 +117,13 @@ int main(int argc, char* argv[])
pois0n_inject();
- irecv_close(client);
- client = NULL;
+ irecv_close(&g_syringe_client);
+ g_syringe_client = NULL;
printf("limera1ned, reconnecting...\n");
- client = irecv_reconnect(client, 10);
- if(!client)
+ g_syringe_client = irecv_reconnect(g_syringe_client, 10);
+ if(!g_syringe_client)
{
fprintf(stderr, "Failed to reconnect.\n");
return 4;
@@ -134,23 +134,23 @@ int main(int argc, char* argv[])
printf("Starting transfer of '%s'.\n", argv[1]);
- irecv_event_subscribe(client, IRECV_PROGRESS, &progress_cb, NULL);
+ irecv_event_subscribe(g_syringe_client, IRECV_PROGRESS, &progress_cb, NULL);
- error = irecv_send_file(client, argv[1], 0);
+ error = irecv_send_file(g_syringe_client, argv[1], 0);
if(error != IRECV_E_SUCCESS)
{
fprintf(stderr, "Failed to upload '%s', error %d.\n", argv[1], error);
return 2;
}
- error = irecv_send_command(client, "go");
+ error = irecv_send_command(g_syringe_client, "go");
if(error != IRECV_E_SUCCESS)
{
fprintf(stderr, "Failed to jump to uploaded file, error %d.\n", error);
return 3;
}
- irecv_send_command(client, "go jump 0x41000000");
+ irecv_send_command(g_syringe_client, "go jump 0x41000000");
printf("Uploaded Successfully.\n");
View
31 utilities/tetheredboot.c
@@ -156,7 +156,7 @@ int main(int argc, char* argv[]) {
if (ibssFile != NULL) {
debug("Uploading %s to device\n", ibssFile);
- ir_error = irecv_send_file(client, ibssFile, 1);
+ ir_error = irecv_send_file(g_syringe_client, ibssFile, 1);
if(ir_error != IRECV_E_SUCCESS) {
error("Unable to upload iBSS\n");
debug("%s\n", irecv_strerror(ir_error));
@@ -170,10 +170,10 @@ int main(int argc, char* argv[]) {
}
if (ibecFile != NULL) {
- client = irecv_reconnect(client, 10);
+ g_syringe_client = irecv_reconnect(g_syringe_client, 10);
debug("Uploading iBEC %s to device\n", ibecFile);
- ir_error = irecv_send_file(client, ibecFile, 1);
+ ir_error = irecv_send_file(g_syringe_client, ibecFile, 1);
if(ir_error != IRECV_E_SUCCESS) {
error("Unable to upload iBEC\n");
debug("%s\n", irecv_strerror(ir_error));
@@ -182,20 +182,13 @@ int main(int argc, char* argv[]) {
sleep(5);
- ir_error = irecv_send_command(client, "go");
- if(ir_error != IRECV_E_SUCCESS) {
- error("Unable send the go command\n");
- return -1;
- }
-
- sleep(5);
}
- client = irecv_reconnect(client, 10);
+ g_syringe_client = irecv_reconnect(g_syringe_client, 10);
if (ramdiskFile != NULL) {
debug("Uploading ramdisk %s to device\n", ramdiskFile);
- ir_error = irecv_send_file(client, ramdiskFile, 1);
+ ir_error = irecv_send_file(g_syringe_client, ramdiskFile, 1);
if(ir_error != IRECV_E_SUCCESS) {
error("Unable to upload ramdisk\n");
debug("%s\n", irecv_strerror(ir_error));
@@ -204,7 +197,7 @@ int main(int argc, char* argv[]) {
sleep(5);
- ir_error = irecv_send_command(client, "ramdisk");
+ ir_error = irecv_send_command(g_syringe_client, "ramdisk");
if(ir_error != IRECV_E_SUCCESS) {
error("Unable send the ramdisk command\n");
return -1;
@@ -213,20 +206,20 @@ int main(int argc, char* argv[]) {
if (bootlogo != NULL) {
debug("Uploading boot logo %s to device\n", bootlogo);
- ir_error = irecv_send_file(client, bootlogo, 1);
+ ir_error = irecv_send_file(g_syringe_client, bootlogo, 1);
if(ir_error != IRECV_E_SUCCESS) {
error("Unable to upload bootlogo\n");
debug("%s\n", irecv_strerror(ir_error));
return -1;
}
- ir_error = irecv_send_command(client, "setpicture 1");
+ ir_error = irecv_send_command(g_syringe_client, "setpicture 1");
if(ir_error != IRECV_E_SUCCESS) {
error("Unable to set picture\n");
return -1;
}
- ir_error = irecv_send_command(client, "bgcolor 0 0 0");
+ ir_error = irecv_send_command(g_syringe_client, "bgcolor 0 0 0");
if(ir_error != IRECV_E_SUCCESS) {
error("Unable to set picture\n");
return -1;
@@ -236,7 +229,7 @@ int main(int argc, char* argv[]) {
if (bgcolor != NULL) {
char finalbgcolor[255];
sprintf(finalbgcolor, "bgcolor %s", bgcolor);
- ir_error = irecv_send_command(client, finalbgcolor);
+ ir_error = irecv_send_command(g_syringe_client, finalbgcolor);
if(ir_error != IRECV_E_SUCCESS) {
error("Unable set bgcolor\n");
return -1;
@@ -245,14 +238,14 @@ int main(int argc, char* argv[]) {
if (kernelcacheFile != NULL) {
debug("Uploading %s to device\n", kernelcacheFile);
- ir_error = irecv_send_file(client, kernelcacheFile, 1);
+ ir_error = irecv_send_file(g_syringe_client, kernelcacheFile, 1);
if(ir_error != IRECV_E_SUCCESS) {
error("Unable to upload kernelcache\n");
debug("%s\n", irecv_strerror(ir_error));
return -1;
}
- ir_error = irecv_send_command(client, "bootx");
+ ir_error = irecv_send_command(g_syringe_client, "bootx");
if(ir_error != IRECV_E_SUCCESS) {
error("Unable send the bootx command\n");
return -1;
Please sign in to comment.
Something went wrong with that request. Please try again.