Skip to content
Browse files

Lots of miscellaneous fixes merged from private branch

1 parent a0b9ad4 commit 345ea539bc305a072f2ba92a6dccca5fb7403cde @planetbeing committed
Showing with 1,454 additions and 510 deletions.
  1. +1 −1 CMakeLists.txt
  2. +16 −14 dfu-util/CMakeLists.txt
  3. +463 −455 hfs/rawfile.c
  4. +3 −0 includes/common.h
  5. +3 −0 includes/hfs/hfsplus.h
  6. +6 −0 includes/xpwn/pwnutil.h
  7. +38 −12 ipsw-patch/CMakeLists.txt
  8. BIN ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/018-4108-7-nowipe.patch
  9. BIN ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/018-4108-7.patch
  10. BIN ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/018-4118-1.patch
  11. BIN ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/DeviceTree.m68ap.patch
  12. +254 −0 ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/Info.plist
  13. BIN ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/LLB.m68ap.RELEASE.patch
  14. BIN ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/Services.patch
  15. BIN ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/WTF.m68ap.RELEASE.patch
  16. BIN ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/WTF.s5l8900xall.RELEASE.patch
  17. BIN ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/bbupdater.patch
  18. BIN ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/fstab.patch
  19. BIN ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/iBEC.m68ap.RELEASE.patch
  20. BIN ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/iBSS.m68ap.RELEASE.patch
  21. BIN ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/iBoot.m68ap.RELEASE.patch
  22. BIN ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/kernelcache.release.patch
  23. BIN ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/lockdownd.patch
  24. BIN ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/018-4118-1.patch
  25. BIN ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/018-4122-1-nowipe.patch
  26. BIN ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/018-4122-1.patch
  27. BIN ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/DeviceTree.n82ap.patch
  28. +218 −0 ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/Info.plist
  29. BIN ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/LLB.n82ap.RELEASE.patch
  30. BIN ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/Services.patch
  31. BIN ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/WTF.n82ap.RELEASE.patch
  32. BIN ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/WTF.s5l8900xall.RELEASE.patch
  33. BIN ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/fstab.patch
  34. BIN ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/iBEC.n82ap.RELEASE.patch
  35. BIN ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/iBSS.n82ap.RELEASE.patch
  36. BIN ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/iBoot.n82ap.RELEASE.patch
  37. BIN ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/kernelcache.release.patch
  38. BIN ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/lockdownd.patch
  39. BIN ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/018-4146-1.patch
  40. BIN ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/018-4149-1-nowipe.patch
  41. BIN ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/018-4149-1.patch
  42. BIN ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/DeviceTree.n45ap.patch
  43. +203 −0 ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/Info.plist
  44. BIN ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/LLB.n45ap.RELEASE.patch
  45. BIN ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/Services.patch
  46. BIN ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/WTF.n45ap.RELEASE.patch
  47. BIN ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/WTF.s5l8900xall.RELEASE.patch
  48. BIN ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/fstab.patch
  49. BIN ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/iBEC.n45ap.RELEASE.patch
  50. BIN ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/iBSS.n45ap.RELEASE.patch
  51. BIN ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/iBoot.n45ap.RELEASE.patch
  52. BIN ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/kernelcache.release.patch
  53. +92 −0 ipsw-patch/img3.c
  54. +7 −0 ipsw-patch/libxpwn.c
  55. +5 −3 ipsw-patch/outputstate.c
  56. +126 −8 ipsw-patch/pwnutil.c
  57. +19 −17 xpwn/CMakeLists.txt
View
2 CMakeLists.txt
@@ -41,7 +41,7 @@ SET(CPACK_RESOURCE_FILE_README "${PROJECT_SOURCE_DIR}/README.markdown")
SET(CPACK_RESOURCE_FILE_LICENSE "${PROJECT_SOURCE_DIR}/LICENSE")
SET(CPACK_PACKAGE_VERSION_MAJOR "0")
SET(CPACK_PACKAGE_VERSION_MINOR "5")
-SET(CPACK_PACKAGE_VERSION_PATCH "2")
+SET(CPACK_PACKAGE_VERSION_PATCH "3")
SET(CPACK_PACKAGE_EXECUTABLES "xpwn" "XPwn Pwner")
SET(CPACK_PACKAGE_EXECUTABLES "ipsw" "IPSW Tool")
SET(CPACK_PACKAGE_EXECUTABLES "hdutil" "Apple disk image utility")
View
30 dfu-util/CMakeLists.txt
@@ -1,21 +1,23 @@
INCLUDE(${PROJECT_SOURCE_DIR}/FindUSB.cmake)
-IF(NOT USB_FOUND)
- message(STATUS "libusb is required for dfu-util!")
-ELSE(NOT USB_FOUND)
- include_directories(${USB_INCLUDE_DIR})
- link_directories(${USB_LIBRARIES})
+IF(NOT APPLE OR NOT BUILD_STATIC)
+ IF(NOT USB_FOUND)
+ message(STATUS "libusb is required for dfu-util!")
+ ELSE(NOT USB_FOUND)
+ include_directories(${USB_INCLUDE_DIR})
+ link_directories(${USB_LIBRARIES})
- add_executable(dfu-util dfu.c sam7dfu.c main.c)
+ add_executable(dfu-util dfu.c sam7dfu.c main.c)
- link_directories(${PROJECT_BINARY_DIR}/common ${PROJECT_BINARY_DIR}/hfs ${PROJECT_BINARY_DIR}/ipsw-patch)
+ link_directories(${PROJECT_BINARY_DIR}/common ${PROJECT_BINARY_DIR}/hfs ${PROJECT_BINARY_DIR}/ipsw-patch)
- IF(APPLE)
- SET_TARGET_PROPERTIES(dfu-util PROPERTIES LINK_FLAGS "-framework CoreFoundation -framework IOKit")
- ENDIF(APPLE)
+ IF(APPLE)
+ SET_TARGET_PROPERTIES(dfu-util PROPERTIES LINK_FLAGS "-framework CoreFoundation -framework IOKit")
+ ENDIF(APPLE)
- target_link_libraries(dfu-util xpwn)
- target_link_libraries(dfu-util ${USB_LIBRARIES})
+ target_link_libraries(dfu-util xpwn)
+ target_link_libraries(dfu-util ${USB_LIBRARIES})
- install(TARGETS dfu-util DESTINATION .)
-ENDIF(NOT USB_FOUND)
+ install(TARGETS dfu-util DESTINATION .)
+ ENDIF(NOT USB_FOUND)
+ENDIF(NOT APPLE OR NOT BUILD_STATIC)
View
918 hfs/rawfile.c
@@ -6,486 +6,494 @@ int writeExtents(RawFile* rawFile);
int isBlockUsed(Volume* volume, uint32_t block)
{
- unsigned char byte;
-
- READ(volume->allocationFile, block / 8, 1, &byte);
- return (byte & (1 << (7 - (block % 8)))) != 0;
+ unsigned char byte;
+
+ READ(volume->allocationFile, block / 8, 1, &byte);
+ return (byte & (1 << (7 - (block % 8)))) != 0;
}
int setBlockUsed(Volume* volume, uint32_t block, int used) {
- unsigned char byte;
-
- READ(volume->allocationFile, block / 8, 1, &byte);
- if(used) {
- byte |= (1 << (7 - (block % 8)));
- } else {
- byte &= ~(1 << (7 - (block % 8)));
- }
- ASSERT(WRITE(volume->allocationFile, block / 8, 1, &byte), "WRITE");
-
- return TRUE;
+ unsigned char byte;
+
+ READ(volume->allocationFile, block / 8, 1, &byte);
+ if(used) {
+ byte |= (1 << (7 - (block % 8)));
+ } else {
+ byte &= ~(1 << (7 - (block % 8)));
+ }
+ ASSERT(WRITE(volume->allocationFile, block / 8, 1, &byte), "WRITE");
+
+ return TRUE;
}
int allocate(RawFile* rawFile, off_t size) {
- unsigned char* zeros;
- Volume* volume;
- HFSPlusForkData* forkData;
- uint32_t blocksNeeded;
- uint32_t blocksToAllocate;
- Extent* extent;
- Extent* lastExtent;
-
- uint32_t curBlock;
-
- volume = rawFile->volume;
- forkData = rawFile->forkData;
- extent = rawFile->extents;
-
- blocksNeeded = ((uint64_t)size / (uint64_t)volume->volumeHeader->blockSize) + (((size % volume->volumeHeader->blockSize) == 0) ? 0 : 1);
-
- if(blocksNeeded > forkData->totalBlocks) {
- zeros = (unsigned char*) malloc(volume->volumeHeader->blockSize);
- memset(zeros, 0, volume->volumeHeader->blockSize);
-
- blocksToAllocate = blocksNeeded - forkData->totalBlocks;
-
- if(blocksToAllocate > volume->volumeHeader->freeBlocks) {
- return FALSE;
- }
-
- lastExtent = NULL;
- while(extent != NULL) {
- lastExtent = extent;
- extent = extent->next;
- }
-
- if(lastExtent == NULL) {
- rawFile->extents = (Extent*) malloc(sizeof(Extent));
- lastExtent = rawFile->extents;
- lastExtent->blockCount = 0;
- lastExtent->next = NULL;
- curBlock = volume->volumeHeader->nextAllocation;
- } else {
- curBlock = lastExtent->startBlock + lastExtent->blockCount;
- }
-
- while(blocksToAllocate > 0) {
- if(isBlockUsed(volume, curBlock)) {
- if(lastExtent->blockCount > 0) {
- lastExtent->next = (Extent*) malloc(sizeof(Extent));
- lastExtent = lastExtent->next;
- lastExtent->blockCount = 0;
- lastExtent->next = NULL;
- }
- curBlock = volume->volumeHeader->nextAllocation;
- volume->volumeHeader->nextAllocation++;
- if(volume->volumeHeader->nextAllocation >= volume->volumeHeader->totalBlocks) {
- volume->volumeHeader->nextAllocation = 0;
- }
- } else {
- if(lastExtent->blockCount == 0) {
- lastExtent->startBlock = curBlock;
- }
-
- /* zero out allocated block */
- ASSERT(WRITE(volume->image, curBlock * volume->volumeHeader->blockSize, volume->volumeHeader->blockSize, zeros), "WRITE");
-
- setBlockUsed(volume, curBlock, TRUE);
- volume->volumeHeader->freeBlocks--;
- blocksToAllocate--;
- curBlock++;
- lastExtent->blockCount++;
-
- if(curBlock >= volume->volumeHeader->totalBlocks) {
- curBlock = volume->volumeHeader->nextAllocation;
- }
- }
- }
-
- free(zeros);
- } else if(blocksNeeded < forkData->totalBlocks) {
- blocksToAllocate = blocksNeeded;
-
- lastExtent = NULL;
-
- while(blocksToAllocate > 0) {
- if(blocksToAllocate > extent->blockCount) {
- blocksToAllocate -= extent->blockCount;
- lastExtent = extent;
- extent = extent->next;
- } else {
- break;
- }
- }
-
-
- if(blocksToAllocate == 0 && lastExtent != NULL) {
- lastExtent->next = NULL;
- } else {
- rawFile->extents = NULL;
- }
-
- do {
- for(curBlock = (extent->startBlock + blocksToAllocate); curBlock < (extent->startBlock + extent->blockCount); curBlock++) {
- setBlockUsed(volume, curBlock, FALSE);
- volume->volumeHeader->freeBlocks++;
- }
- blocksToAllocate = 0;
- lastExtent = extent;
- extent = extent->next;
- free(lastExtent);
-
- } while(extent != NULL);
- }
-
- writeExtents(rawFile);
-
- forkData->logicalSize = size;
- forkData->totalBlocks = blocksNeeded;
-
- updateVolume(rawFile->volume);
-
- if(rawFile->catalogRecord != NULL) {
- updateCatalog(rawFile->volume, rawFile->catalogRecord);
- }
-
- return TRUE;
+ unsigned char* zeros;
+ Volume* volume;
+ HFSPlusForkData* forkData;
+ uint32_t blocksNeeded;
+ uint32_t blocksToAllocate;
+ Extent* extent;
+ Extent* lastExtent;
+
+ uint32_t curBlock;
+
+ volume = rawFile->volume;
+ forkData = rawFile->forkData;
+ extent = rawFile->extents;
+
+ blocksNeeded = ((uint64_t)size / (uint64_t)volume->volumeHeader->blockSize) + (((size % volume->volumeHeader->blockSize) == 0) ? 0 : 1);
+
+ if(blocksNeeded > forkData->totalBlocks) {
+ zeros = (unsigned char*) malloc(volume->volumeHeader->blockSize);
+ memset(zeros, 0, volume->volumeHeader->blockSize);
+
+ blocksToAllocate = blocksNeeded - forkData->totalBlocks;
+
+ if(blocksToAllocate > volume->volumeHeader->freeBlocks) {
+ return FALSE;
+ }
+
+ lastExtent = NULL;
+ while(extent != NULL) {
+ lastExtent = extent;
+ extent = extent->next;
+ }
+
+ if(lastExtent == NULL) {
+ rawFile->extents = (Extent*) malloc(sizeof(Extent));
+ lastExtent = rawFile->extents;
+ lastExtent->blockCount = 0;
+ lastExtent->next = NULL;
+ curBlock = volume->volumeHeader->nextAllocation;
+ } else {
+ curBlock = lastExtent->startBlock + lastExtent->blockCount;
+ }
+
+ while(blocksToAllocate > 0) {
+ if(isBlockUsed(volume, curBlock)) {
+ if(lastExtent->blockCount > 0) {
+ lastExtent->next = (Extent*) malloc(sizeof(Extent));
+ lastExtent = lastExtent->next;
+ lastExtent->blockCount = 0;
+ lastExtent->next = NULL;
+ }
+ curBlock = volume->volumeHeader->nextAllocation;
+ volume->volumeHeader->nextAllocation++;
+ if(volume->volumeHeader->nextAllocation >= volume->volumeHeader->totalBlocks) {
+ volume->volumeHeader->nextAllocation = 0;
+ }
+ } else {
+ if(lastExtent->blockCount == 0) {
+ lastExtent->startBlock = curBlock;
+ }
+
+ /* zero out allocated block */
+ ASSERT(WRITE(volume->image, curBlock * volume->volumeHeader->blockSize, volume->volumeHeader->blockSize, zeros), "WRITE");
+
+ setBlockUsed(volume, curBlock, TRUE);
+ volume->volumeHeader->freeBlocks--;
+ blocksToAllocate--;
+ curBlock++;
+ lastExtent->blockCount++;
+
+ if(curBlock >= volume->volumeHeader->totalBlocks) {
+ curBlock = volume->volumeHeader->nextAllocation;
+ }
+ }
+ }
+
+ free(zeros);
+ } else if(blocksNeeded < forkData->totalBlocks) {
+ blocksToAllocate = blocksNeeded;
+
+ lastExtent = NULL;
+
+ while(blocksToAllocate > 0) {
+ if(blocksToAllocate > extent->blockCount) {
+ blocksToAllocate -= extent->blockCount;
+ lastExtent = extent;
+ extent = extent->next;
+ } else {
+ break;
+ }
+ }
+
+
+ if(blocksToAllocate == 0 && lastExtent != NULL) {
+ // snip the extent list here, since we don't need the rest
+ lastExtent->next = NULL;
+ } else if(blocksNeeded == 0) {
+ rawFile->extents = NULL;
+ }
+
+ do {
+ for(curBlock = (extent->startBlock + blocksToAllocate); curBlock < (extent->startBlock + extent->blockCount); curBlock++) {
+ setBlockUsed(volume, curBlock, FALSE);
+ volume->volumeHeader->freeBlocks++;
+ }
+ lastExtent = extent;
+ extent = extent->next;
+
+ if(blocksToAllocate == 0)
+ {
+ free(lastExtent);
+ } else {
+ lastExtent->next = NULL;
+ lastExtent->blockCount = blocksToAllocate;
+ }
+
+ blocksToAllocate = 0;
+ } while(extent != NULL);
+ }
+
+ writeExtents(rawFile);
+
+ forkData->logicalSize = size;
+ forkData->totalBlocks = blocksNeeded;
+
+ updateVolume(rawFile->volume);
+
+ if(rawFile->catalogRecord != NULL) {
+ updateCatalog(rawFile->volume, rawFile->catalogRecord);
+ }
+
+ return TRUE;
}
static int rawFileRead(io_func* io,off_t location, size_t size, void *buffer) {
- RawFile* rawFile;
- Volume* volume;
- Extent* extent;
-
- size_t blockSize;
- off_t fileLoc;
- off_t locationInBlock;
- size_t possible;
-
- rawFile = (RawFile*) io->data;
- volume = rawFile->volume;
- blockSize = volume->volumeHeader->blockSize;
-
- extent = rawFile->extents;
- fileLoc = 0;
-
- locationInBlock = location;
- while(TRUE) {
- fileLoc += extent->blockCount * blockSize;
- if(fileLoc <= location) {
- locationInBlock -= extent->blockCount * blockSize;
- extent = extent->next;
- if(extent == NULL)
- break;
- } else {
- break;
- }
- }
-
- while(size > 0) {
- if(extent == NULL)
- return FALSE;
-
- possible = extent->blockCount * blockSize - locationInBlock;
-
- if(size > possible) {
- ASSERT(READ(volume->image, extent->startBlock * blockSize + locationInBlock, possible, buffer), "READ");
- size -= possible;
- buffer = (void*)(((size_t)buffer) + possible);
- extent = extent->next;
- } else {
- ASSERT(READ(volume->image, extent->startBlock * blockSize + locationInBlock, size, buffer), "READ");
- break;
- }
-
- locationInBlock = 0;
- }
-
- return TRUE;
+ RawFile* rawFile;
+ Volume* volume;
+ Extent* extent;
+
+ size_t blockSize;
+ off_t fileLoc;
+ off_t locationInBlock;
+ size_t possible;
+
+ rawFile = (RawFile*) io->data;
+ volume = rawFile->volume;
+ blockSize = volume->volumeHeader->blockSize;
+
+ extent = rawFile->extents;
+ fileLoc = 0;
+
+ locationInBlock = location;
+ while(TRUE) {
+ fileLoc += extent->blockCount * blockSize;
+ if(fileLoc <= location) {
+ locationInBlock -= extent->blockCount * blockSize;
+ extent = extent->next;
+ if(extent == NULL)
+ break;
+ } else {
+ break;
+ }
+ }
+
+ while(size > 0) {
+ if(extent == NULL)
+ return FALSE;
+
+ possible = extent->blockCount * blockSize - locationInBlock;
+
+ if(size > possible) {
+ ASSERT(READ(volume->image, extent->startBlock * blockSize + locationInBlock, possible, buffer), "READ");
+ size -= possible;
+ buffer = (void*)(((size_t)buffer) + possible);
+ extent = extent->next;
+ } else {
+ ASSERT(READ(volume->image, extent->startBlock * blockSize + locationInBlock, size, buffer), "READ");
+ break;
+ }
+
+ locationInBlock = 0;
+ }
+
+ return TRUE;
}
static int rawFileWrite(io_func* io,off_t location, size_t size, void *buffer) {
- RawFile* rawFile;
- Volume* volume;
- Extent* extent;
-
- size_t blockSize;
- off_t fileLoc;
- off_t locationInBlock;
- size_t possible;
-
- rawFile = (RawFile*) io->data;
- volume = rawFile->volume;
- blockSize = volume->volumeHeader->blockSize;
-
- if(rawFile->forkData->logicalSize < (location + size)) {
- ASSERT(allocate(rawFile, location + size), "allocate");
- }
-
- extent = rawFile->extents;
- fileLoc = 0;
-
- locationInBlock = location;
- while(TRUE) {
- fileLoc += extent->blockCount * blockSize;
- if(fileLoc <= location) {
- locationInBlock -= extent->blockCount * blockSize;
- extent = extent->next;
- if(extent == NULL)
- break;
- } else {
- break;
- }
- }
-
- while(size > 0) {
- if(extent == NULL)
- return FALSE;
-
- possible = extent->blockCount * blockSize - locationInBlock;
-
- if(size > possible) {
- ASSERT(WRITE(volume->image, extent->startBlock * blockSize + locationInBlock, possible, buffer), "WRITE");
- size -= possible;
- buffer = (void*)(((size_t)buffer) + possible);
- extent = extent->next;
- } else {
- ASSERT(WRITE(volume->image, extent->startBlock * blockSize + locationInBlock, size, buffer), "WRITE");
- break;
- }
-
- locationInBlock = 0;
- }
-
- return TRUE;
+ RawFile* rawFile;
+ Volume* volume;
+ Extent* extent;
+
+ size_t blockSize;
+ off_t fileLoc;
+ off_t locationInBlock;
+ size_t possible;
+
+ rawFile = (RawFile*) io->data;
+ volume = rawFile->volume;
+ blockSize = volume->volumeHeader->blockSize;
+
+ if(rawFile->forkData->logicalSize < (location + size)) {
+ ASSERT(allocate(rawFile, location + size), "allocate");
+ }
+
+ extent = rawFile->extents;
+ fileLoc = 0;
+
+ locationInBlock = location;
+ while(TRUE) {
+ fileLoc += extent->blockCount * blockSize;
+ if(fileLoc <= location) {
+ locationInBlock -= extent->blockCount * blockSize;
+ extent = extent->next;
+ if(extent == NULL)
+ break;
+ } else {
+ break;
+ }
+ }
+
+ while(size > 0) {
+ if(extent == NULL)
+ return FALSE;
+
+ possible = extent->blockCount * blockSize - locationInBlock;
+
+ if(size > possible) {
+ ASSERT(WRITE(volume->image, extent->startBlock * blockSize + locationInBlock, possible, buffer), "WRITE");
+ size -= possible;
+ buffer = (void*)(((size_t)buffer) + possible);
+ extent = extent->next;
+ } else {
+ ASSERT(WRITE(volume->image, extent->startBlock * blockSize + locationInBlock, size, buffer), "WRITE");
+ break;
+ }
+
+ locationInBlock = 0;
+ }
+
+ return TRUE;
}
static void closeRawFile(io_func* io) {
- RawFile* rawFile;
- Extent* extent;
- Extent* toRemove;
-
- rawFile = (RawFile*) io->data;
- extent = rawFile->extents;
-
- while(extent != NULL) {
- toRemove = extent;
- extent = extent->next;
- free(toRemove);
- }
-
- free(rawFile);
- free(io);
+ RawFile* rawFile;
+ Extent* extent;
+ Extent* toRemove;
+
+ rawFile = (RawFile*) io->data;
+ extent = rawFile->extents;
+
+ while(extent != NULL) {
+ toRemove = extent;
+ extent = extent->next;
+ free(toRemove);
+ }
+
+ free(rawFile);
+ free(io);
}
int removeExtents(RawFile* rawFile) {
- uint32_t blocksLeft;
- HFSPlusForkData* forkData;
- uint32_t currentBlock;
-
- uint32_t startBlock;
- uint32_t blockCount;
-
- HFSPlusExtentDescriptor* descriptor;
- int currentExtent;
- HFSPlusExtentKey extentKey;
- int exact;
-
- extentKey.keyLength = sizeof(HFSPlusExtentKey) - sizeof(extentKey.keyLength);
- extentKey.forkType = 0;
- extentKey.fileID = rawFile->id;
-
- forkData = rawFile->forkData;
- blocksLeft = forkData->totalBlocks;
- currentExtent = 0;
- currentBlock = 0;
- descriptor = (HFSPlusExtentDescriptor*) forkData->extents;
-
- while(blocksLeft > 0) {
- if(currentExtent == 8) {
- if(rawFile->volume->extentsTree == NULL) {
- hfs_panic("no extents overflow file loaded yet!");
- return FALSE;
- }
-
- if(descriptor != ((HFSPlusExtentDescriptor*) forkData->extents)) {
- free(descriptor);
- }
-
- extentKey.startBlock = currentBlock;
- descriptor = (HFSPlusExtentDescriptor*) search(rawFile->volume->extentsTree, (BTKey*)(&extentKey), &exact, NULL, NULL);
- if(descriptor == NULL || exact == FALSE) {
- hfs_panic("inconsistent extents information!");
- return FALSE;
- } else {
- removeFromBTree(rawFile->volume->extentsTree, (BTKey*)(&extentKey));
- currentExtent = 0;
- continue;
- }
- }
-
- startBlock = descriptor[currentExtent].startBlock;
- blockCount = descriptor[currentExtent].blockCount;
-
- currentBlock += blockCount;
- blocksLeft -= blockCount;
- currentExtent++;
- }
-
- if(descriptor != ((HFSPlusExtentDescriptor*) forkData->extents)) {
- free(descriptor);
- }
-
- return TRUE;
+ uint32_t blocksLeft;
+ HFSPlusForkData* forkData;
+ uint32_t currentBlock;
+
+ uint32_t startBlock;
+ uint32_t blockCount;
+
+ HFSPlusExtentDescriptor* descriptor;
+ int currentExtent;
+ HFSPlusExtentKey extentKey;
+ int exact;
+
+ extentKey.keyLength = sizeof(HFSPlusExtentKey) - sizeof(extentKey.keyLength);
+ extentKey.forkType = 0;
+ extentKey.fileID = rawFile->id;
+
+ forkData = rawFile->forkData;
+ blocksLeft = forkData->totalBlocks;
+ currentExtent = 0;
+ currentBlock = 0;
+ descriptor = (HFSPlusExtentDescriptor*) forkData->extents;
+
+ while(blocksLeft > 0) {
+ if(currentExtent == 8) {
+ if(rawFile->volume->extentsTree == NULL) {
+ hfs_panic("no extents overflow file loaded yet!");
+ return FALSE;
+ }
+
+ if(descriptor != ((HFSPlusExtentDescriptor*) forkData->extents)) {
+ free(descriptor);
+ }
+
+ extentKey.startBlock = currentBlock;
+ descriptor = (HFSPlusExtentDescriptor*) search(rawFile->volume->extentsTree, (BTKey*)(&extentKey), &exact, NULL, NULL);
+ if(descriptor == NULL || exact == FALSE) {
+ hfs_panic("inconsistent extents information!");
+ return FALSE;
+ } else {
+ removeFromBTree(rawFile->volume->extentsTree, (BTKey*)(&extentKey));
+ currentExtent = 0;
+ continue;
+ }
+ }
+
+ startBlock = descriptor[currentExtent].startBlock;
+ blockCount = descriptor[currentExtent].blockCount;
+
+ currentBlock += blockCount;
+ blocksLeft -= blockCount;
+ currentExtent++;
+ }
+
+ if(descriptor != ((HFSPlusExtentDescriptor*) forkData->extents)) {
+ free(descriptor);
+ }
+
+ return TRUE;
}
int writeExtents(RawFile* rawFile) {
- Extent* extent;
- int currentExtent;
- HFSPlusExtentKey extentKey;
- HFSPlusExtentDescriptor descriptor[8];
- HFSPlusForkData* forkData;
-
- removeExtents(rawFile);
-
- forkData = rawFile->forkData;
- currentExtent = 0;
- extent = rawFile->extents;
-
- memset(forkData->extents, 0, sizeof(HFSPlusExtentRecord));
- while(extent != NULL && currentExtent < 8) {
- ((HFSPlusExtentDescriptor*)forkData->extents)[currentExtent].startBlock = extent->startBlock;
- ((HFSPlusExtentDescriptor*)forkData->extents)[currentExtent].blockCount = extent->blockCount;
- extent = extent->next;
- currentExtent++;
- }
-
- if(extent != NULL) {
- extentKey.keyLength = sizeof(HFSPlusExtentKey) - sizeof(extentKey.keyLength);
- extentKey.forkType = 0;
- extentKey.fileID = rawFile->id;
-
- currentExtent = 0;
-
- while(extent != NULL) {
- if(currentExtent == 0) {
- memset(descriptor, 0, sizeof(HFSPlusExtentRecord));
- }
-
- if(currentExtent == 8) {
- extentKey.startBlock = descriptor[0].startBlock;
- addToBTree(rawFile->volume->extentsTree, (BTKey*)(&extentKey), sizeof(HFSPlusExtentRecord), (unsigned char *)(&(descriptor[0])));
- currentExtent = 0;
- }
-
- descriptor[currentExtent].startBlock = extent->startBlock;
- descriptor[currentExtent].blockCount = extent->blockCount;
-
- currentExtent++;
- extent = extent->next;
- }
-
- extentKey.startBlock = descriptor[0].startBlock;
- addToBTree(rawFile->volume->extentsTree, (BTKey*)(&extentKey), sizeof(HFSPlusExtentRecord), (unsigned char *)(&(descriptor[0])));
- }
-
- return TRUE;
+ Extent* extent;
+ int currentExtent;
+ HFSPlusExtentKey extentKey;
+ HFSPlusExtentDescriptor descriptor[8];
+ HFSPlusForkData* forkData;
+
+ removeExtents(rawFile);
+
+ forkData = rawFile->forkData;
+ currentExtent = 0;
+ extent = rawFile->extents;
+
+ memset(forkData->extents, 0, sizeof(HFSPlusExtentRecord));
+ while(extent != NULL && currentExtent < 8) {
+ ((HFSPlusExtentDescriptor*)forkData->extents)[currentExtent].startBlock = extent->startBlock;
+ ((HFSPlusExtentDescriptor*)forkData->extents)[currentExtent].blockCount = extent->blockCount;
+ extent = extent->next;
+ currentExtent++;
+ }
+
+ if(extent != NULL) {
+ extentKey.keyLength = sizeof(HFSPlusExtentKey) - sizeof(extentKey.keyLength);
+ extentKey.forkType = 0;
+ extentKey.fileID = rawFile->id;
+
+ currentExtent = 0;
+
+ while(extent != NULL) {
+ if(currentExtent == 0) {
+ memset(descriptor, 0, sizeof(HFSPlusExtentRecord));
+ }
+
+ if(currentExtent == 8) {
+ extentKey.startBlock = descriptor[0].startBlock;
+ addToBTree(rawFile->volume->extentsTree, (BTKey*)(&extentKey), sizeof(HFSPlusExtentRecord), (unsigned char *)(&(descriptor[0])));
+ currentExtent = 0;
+ }
+
+ descriptor[currentExtent].startBlock = extent->startBlock;
+ descriptor[currentExtent].blockCount = extent->blockCount;
+
+ currentExtent++;
+ extent = extent->next;
+ }
+
+ extentKey.startBlock = descriptor[0].startBlock;
+ addToBTree(rawFile->volume->extentsTree, (BTKey*)(&extentKey), sizeof(HFSPlusExtentRecord), (unsigned char *)(&(descriptor[0])));
+ }
+
+ return TRUE;
}
int readExtents(RawFile* rawFile) {
- uint32_t blocksLeft;
- HFSPlusForkData* forkData;
- uint32_t currentBlock;
-
- Extent* extent;
- Extent* lastExtent;
-
- HFSPlusExtentDescriptor* descriptor;
- int currentExtent;
- HFSPlusExtentKey extentKey;
- int exact;
-
- extentKey.keyLength = sizeof(HFSPlusExtentKey) - sizeof(extentKey.keyLength);
- extentKey.forkType = 0;
- extentKey.fileID = rawFile->id;
-
- forkData = rawFile->forkData;
- blocksLeft = forkData->totalBlocks;
- currentExtent = 0;
- currentBlock = 0;
- descriptor = (HFSPlusExtentDescriptor*) forkData->extents;
-
- lastExtent = NULL;
-
- while(blocksLeft > 0) {
- extent = (Extent*) malloc(sizeof(Extent));
-
- if(currentExtent == 8) {
- if(rawFile->volume->extentsTree == NULL) {
- hfs_panic("no extents overflow file loaded yet!");
- return FALSE;
- }
-
- if(descriptor != ((HFSPlusExtentDescriptor*) forkData->extents)) {
- free(descriptor);
- }
-
- extentKey.startBlock = currentBlock;
- descriptor = (HFSPlusExtentDescriptor*) search(rawFile->volume->extentsTree, (BTKey*)(&extentKey), &exact, NULL, NULL);
- if(descriptor == NULL || exact == FALSE) {
- hfs_panic("inconsistent extents information!");
- return FALSE;
- } else {
- currentExtent = 0;
- continue;
- }
- }
-
- extent->startBlock = descriptor[currentExtent].startBlock;
- extent->blockCount = descriptor[currentExtent].blockCount;
- extent->next = NULL;
-
- currentBlock += extent->blockCount;
- blocksLeft -= extent->blockCount;
- currentExtent++;
-
- if(lastExtent == NULL) {
- rawFile->extents = extent;
- } else {
- lastExtent->next = extent;
- }
-
- lastExtent = extent;
- }
-
- if(descriptor != ((HFSPlusExtentDescriptor*) forkData->extents)) {
- free(descriptor);
- }
-
- return TRUE;
+ uint32_t blocksLeft;
+ HFSPlusForkData* forkData;
+ uint32_t currentBlock;
+
+ Extent* extent;
+ Extent* lastExtent;
+
+ HFSPlusExtentDescriptor* descriptor;
+ int currentExtent;
+ HFSPlusExtentKey extentKey;
+ int exact;
+
+ extentKey.keyLength = sizeof(HFSPlusExtentKey) - sizeof(extentKey.keyLength);
+ extentKey.forkType = 0;
+ extentKey.fileID = rawFile->id;
+
+ forkData = rawFile->forkData;
+ blocksLeft = forkData->totalBlocks;
+ currentExtent = 0;
+ currentBlock = 0;
+ descriptor = (HFSPlusExtentDescriptor*) forkData->extents;
+
+ lastExtent = NULL;
+
+ while(blocksLeft > 0) {
+ extent = (Extent*) malloc(sizeof(Extent));
+
+ if(currentExtent == 8) {
+ if(rawFile->volume->extentsTree == NULL) {
+ hfs_panic("no extents overflow file loaded yet!");
+ return FALSE;
+ }
+
+ if(descriptor != ((HFSPlusExtentDescriptor*) forkData->extents)) {
+ free(descriptor);
+ }
+
+ extentKey.startBlock = currentBlock;
+ descriptor = (HFSPlusExtentDescriptor*) search(rawFile->volume->extentsTree, (BTKey*)(&extentKey), &exact, NULL, NULL);
+ if(descriptor == NULL || exact == FALSE) {
+ hfs_panic("inconsistent extents information!");
+ return FALSE;
+ } else {
+ currentExtent = 0;
+ continue;
+ }
+ }
+
+ extent->startBlock = descriptor[currentExtent].startBlock;
+ extent->blockCount = descriptor[currentExtent].blockCount;
+ extent->next = NULL;
+
+ currentBlock += extent->blockCount;
+ blocksLeft -= extent->blockCount;
+ currentExtent++;
+
+ if(lastExtent == NULL) {
+ rawFile->extents = extent;
+ } else {
+ lastExtent->next = extent;
+ }
+
+ lastExtent = extent;
+ }
+
+ if(descriptor != ((HFSPlusExtentDescriptor*) forkData->extents)) {
+ free(descriptor);
+ }
+
+ return TRUE;
}
io_func* openRawFile(HFSCatalogNodeID id, HFSPlusForkData* forkData, HFSPlusCatalogRecord* catalogRecord, Volume* volume) {
- io_func* io;
- RawFile* rawFile;
-
- io = (io_func*) malloc(sizeof(io_func));
- rawFile = (RawFile*) malloc(sizeof(RawFile));
-
- rawFile->id = id;
- rawFile->volume = volume;
- rawFile->forkData = forkData;
- rawFile->catalogRecord = catalogRecord;
- rawFile->extents = NULL;
-
- io->data = rawFile;
- io->read = &rawFileRead;
- io->write = &rawFileWrite;
- io->close = &closeRawFile;
-
- if(!readExtents(rawFile)) {
- return NULL;
- }
-
- return io;
+ io_func* io;
+ RawFile* rawFile;
+
+ io = (io_func*) malloc(sizeof(io_func));
+ rawFile = (RawFile*) malloc(sizeof(RawFile));
+
+ rawFile->id = id;
+ rawFile->volume = volume;
+ rawFile->forkData = forkData;
+ rawFile->catalogRecord = catalogRecord;
+ rawFile->extents = NULL;
+
+ io->data = rawFile;
+ io->read = &rawFileRead;
+ io->write = &rawFileWrite;
+ io->close = &closeRawFile;
+
+ if(!readExtents(rawFile)) {
+ return NULL;
+ }
+
+ return io;
}
View
3 includes/common.h
@@ -12,6 +12,9 @@
#define ftello ftello64
#define off_t off64_t
#define mkdir(x, y) mkdir(x)
+#define PATH_SEPARATOR "\\"
+#else
+#define PATH_SEPARATOR "/"
#endif
#define TRUE 1
View
3 includes/hfs/hfsplus.h
@@ -161,6 +161,7 @@ struct HFSPlusCatalogKey {
} __attribute__((__packed__));
typedef struct HFSPlusCatalogKey HFSPlusCatalogKey;
+#ifndef __MACTYPES__
struct Point {
int16_t v;
int16_t h;
@@ -180,6 +181,8 @@ typedef struct Rect Rect;
typedef uint32_t FourCharCode;
typedef FourCharCode OSType;
+#endif
+
/* Finder flags (finderFlags, fdFlags and frFlags) */
enum {
kIsOnDesk = 0x0001, /* Files and folders (System 6) */
View
6 includes/xpwn/pwnutil.h
@@ -5,6 +5,8 @@
#include <xpwn/outputstate.h>
#include <hfs/hfsplus.h>
+typedef int (*PatchFunction)(AbstractFile* file);
+
#ifdef __cplusplus
extern "C" {
#endif
@@ -15,6 +17,10 @@ extern "C" {
void doPatchInPlace(Volume* volume, const char* filePath, const char* patchPath);
void fixupBootNeuterArgs(Volume* volume, char unlockBaseband, char selfDestruct, char use39, char use46);
void createRestoreOptions(Volume* volume, int SystemPartitionSize, int UpdateBaseband);
+
+ int patchSigCheck(AbstractFile* file);
+ int patchKernel(AbstractFile* file);
+ int patchDeviceTree(AbstractFile* file);
#ifdef __cplusplus
}
#endif
View
50 ipsw-patch/CMakeLists.txt
@@ -27,7 +27,11 @@ IF(NOT PNG_FOUND)
ENDIF(NOT PNG_FOUND)
include_directories(${ZLIB_INCLUDE_DIR})
+
+IF(NOT APPLE)
link_directories(${ZLIB_LIBRARIES})
+ENDIF(NOT APPLE)
+
include_directories(${BZIP2_INCLUDE_DIR})
link_directories(${BZIP2_LIBRARIES})
include_directories(${PNG_INCLUDE_DIR})
@@ -38,20 +42,42 @@ link_directories(${PROJECT_BINARY_DIR}/minizip)
link_directories(${PROJECT_BINARY_DIR}/common ${PROJECT_BINARY_DIR}/hfs ${PROJECT_BINARY_DIR}/dmg)
+IF(HAVE_HW_CRYPTO)
+ add_definitions(-DHAVE_HW_CRYPTO)
+ENDIF(HAVE_HW_CRYPTO)
+
add_library(xpwn 8900.c bspatch.c ibootim.c img2.c img3.c libxpwn.c lzss.c lzssfile.c nor_files.c outputstate.c plist.c pwnutil.c)
-target_link_libraries(xpwn dmg hfs common minizip ${CRYPTO_LIBRARIES} ${BZIP2_LIBRARIES} ${PNG_LIBRARIES} ${ZLIB_LIBRARIES} m)
-
-ADD_CUSTOM_TARGET(libXPwn.a
- COMMAND ${CMAKE_C_COMPILER}
- -L${PROJECT_BINARY_DIR}/ipsw-patch -L${PROJECT_BINARY_DIR}/dmg -L${PROJECT_BINARY_DIR}/hfs
- -L${PROJECT_BINARY_DIR}/hfs -L${PROJECT_BINARY_DIR}/minizip -L${PROJECT_BINARY_DIR}/common
- -Xlinker --whole-archive -lxpwn -ldmg -lhfs -lcommon -lminizip
- ${CRYPTO_LIBRARIES} ${BZIP2_LIBRARIES} ${PNG_LIBRARIES}
- -Xlinker --unresolved-symbols=ignore-all -Xlinker -r -nostdlib -o libXPwn.o
- COMMAND ${CMAKE_AR} cr libXPwn.a libXPwn.o
- COMMAND ${CMAKE_RANLIB} libXPwn.a
- DEPENDS xpwn dmg hfs common minizip)
+IF(HAVE_HW_CRYPTO)
+ target_link_libraries(xpwn IOKit)
+ENDIF(HAVE_HW_CRYPTO)
+
+target_link_libraries(xpwn dmg hfs common minizip ${CRYPTO_LIBRARIES} ${BZIP2_LIBRARIES} ${PNG_LIBRARIES} m)
+
+IF(NOT APPLE)
+ target_link_libraries(xpwn ${ZLIB_LIBRARIES})
+ENDIF(NOT APPLE)
+
+IF(APPLE)
+ ADD_CUSTOM_TARGET(libXPwn.a
+ COMMAND powerpc-apple-darwin8-libtool -static -o libXPwn.a
+ ${PROJECT_BINARY_DIR}/ipsw-patch/libxpwn.a ${PROJECT_BINARY_DIR}/minizip/libminizip.a
+ ${PROJECT_BINARY_DIR}/common/libcommon.a ${PROJECT_BINARY_DIR}/hfs/libhfs.a
+ ${PROJECT_BINARY_DIR}/dmg/libdmg.a ${PNG_LIBRARIES} ${BZIP2_LIBRARIES}
+ ${CRYPTO_LIBRARIES}
+ DEPENDS xpwn dmg hfs common minizip)
+ELSE(APPLE)
+ ADD_CUSTOM_TARGET(libXPwn.a
+ COMMAND ${CMAKE_C_COMPILER}
+ -L${PROJECT_BINARY_DIR}/ipsw-patch -L${PROJECT_BINARY_DIR}/dmg -L${PROJECT_BINARY_DIR}/hfs
+ -L${PROJECT_BINARY_DIR}/hfs -L${PROJECT_BINARY_DIR}/minizip -L${PROJECT_BINARY_DIR}/common
+ -Xlinker --whole-archive -lxpwn -ldmg -lhfs -lcommon -lminizip
+ ${CRYPTO_LIBRARIES} ${BZIP2_LIBRARIES} ${PNG_LIBRARIES}
+ -Xlinker --unresolved-symbols=ignore-all -Xlinker -r -nostdlib -o libXPwn.o
+ COMMAND ${CMAKE_AR} cr libXPwn.a libXPwn.o
+ COMMAND ${CMAKE_RANLIB} libXPwn.a
+ DEPENDS xpwn dmg hfs common minizip)
+ENDIF(APPLE)
IF(WIN32)
TARGET_LINK_LIBRARIES(xpwn gdi32)
View
BIN ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/018-4108-7-nowipe.patch
Binary file not shown.
View
BIN ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/018-4108-7.patch
Binary file not shown.
View
BIN ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/018-4118-1.patch
Binary file not shown.
View
BIN ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/DeviceTree.m68ap.patch
Binary file not shown.
View
254 ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/Info.plist
@@ -0,0 +1,254 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+ <key>BasebandPatches</key>
+ <dict>
+ <key>BBUpdater</key>
+ <dict>
+ <key>File</key>
+ <string>usr/local/bin/bbupdater</string>
+ <key>Patch</key>
+ <string>bbupdater.patch</string>
+ <key>Path</key>
+ <string>Applications/BootNeuter.app/bin/bbupdater</string>
+ </dict>
+ <key>Baseband EEP</key>
+ <dict>
+ <key>File</key>
+ <string>usr/local/standalone/firmware/ICE04.05.04_G.eep</string>
+ <key>Path</key>
+ <string>Applications/BootNeuter.app/firmware/ICE04.05.04_G.eep</string>
+ </dict>
+ <key>Baseband FLS</key>
+ <dict>
+ <key>File</key>
+ <string>usr/local/standalone/firmware/ICE04.05.04_G.fls</string>
+ <key>Path</key>
+ <string>Applications/BootNeuter.app/firmware/ICE04.05.04_G.fls</string>
+ </dict>
+ <key>Bootloader 3.9</key>
+ <dict>
+ <key>Path</key>
+ <string>Applications/BootNeuter.app/firmware/bl39.bin</string>
+ </dict>
+ <key>Bootloader 4.6</key>
+ <dict>
+ <key>Path</key>
+ <string>Applications/BootNeuter.app/firmware/bl46.bin</string>
+ </dict>
+ </dict>
+ <key>FilesystemPatches</key>
+ <dict>
+ <key>Core Files Installation</key>
+ <array>
+ <dict>
+ <key>Action</key>
+ <string>ReplaceKernel</string>
+ <key>File</key>
+ <string>kernelcache.release.s5l8900x</string>
+ <key>Name</key>
+ <string>KernelCache</string>
+ <key>Path</key>
+ <string>System/Library/Caches/com.apple.kernelcaches/kernelcache.s5l8900x</string>
+ </dict>
+ </array>
+ <key>Filesystem Jailbreak</key>
+ <array>
+ <dict>
+ <key>Action</key>
+ <string>Patch</string>
+ <key>File</key>
+ <string>etc/fstab</string>
+ <key>Name</key>
+ <string>Filesystem Write Access</string>
+ <key>Patch</key>
+ <string>fstab.patch</string>
+ </dict>
+ <dict>
+ <key>Action</key>
+ <string>Patch</string>
+ <key>File</key>
+ <string>System/Library/Lockdown/Services.plist</string>
+ <key>Name</key>
+ <string>Apple File Connection v2</string>
+ <key>Patch</key>
+ <string>Services.patch</string>
+ </dict>
+ </array>
+ <key>Phone Activation</key>
+ <array>
+ <dict>
+ <key>Action</key>
+ <string>Patch</string>
+ <key>File</key>
+ <string>usr/libexec/lockdownd</string>
+ <key>Name</key>
+ <string>Lockdownd Patch</string>
+ <key>Patch</key>
+ <string>lockdownd.patch</string>
+ </dict>
+ </array>
+ </dict>
+ <key>FirmwarePatches</key>
+ <dict>
+ <key>AppleLogo</key>
+ <dict>
+ <key>File</key>
+ <string>Firmware/all_flash/all_flash.m68ap.production/applelogo.s5l8900x.img3</string>
+ <key>IV</key>
+ <string>c9721629a4d994932c802f4277a9bcee</string>
+ <key>Key</key>
+ <string>97bfa5c532bf1cef85a147c9eb78e77a</string>
+ </dict>
+ <key>DeviceTree</key>
+ <dict>
+ <key>File</key>
+ <string>Firmware/all_flash/all_flash.m68ap.production/DeviceTree.m68ap.img3</string>
+ <key>Patch</key>
+ <string>DeviceTree.m68ap.patch</string>
+ <key>IV</key>
+ <string>e7a5c596612f2cae195f8c4cca19da9a</string>
+ <key>Key</key>
+ <string>4f140e2e56f32e923e75502e734834ce</string>
+ <key>TypeFlag</key>
+ <integer>8</integer>
+ </dict>
+ <key>KernelCache</key>
+ <dict>
+ <key>File</key>
+ <string>kernelcache.release.s5l8900x</string>
+ <key>Patch</key>
+ <string>kernelcache.release.patch</string>
+ <key>IV</key>
+ <string>2b4764d4c5bdeaa4cea2100eac7c47bb</string>
+ <key>Key</key>
+ <string>de52cebf74b7747360535fde5c331bd1</string>
+ <key>TypeFlag</key>
+ <integer>4</integer>
+ </dict>
+ <key>LLB</key>
+ <dict>
+ <key>File</key>
+ <string>Firmware/all_flash/all_flash.m68ap.production/LLB.m68ap.RELEASE.img3</string>
+ <key>Patch</key>
+ <string>LLB.m68ap.RELEASE.patch</string>
+ <key>TypeFlag</key>
+ <integer>8</integer>
+ </dict>
+ <key>RecoveryMode</key>
+ <dict>
+ <key>File</key>
+ <string>Firmware/all_flash/all_flash.m68ap.production/recoverymode.s5l8900x.img3</string>
+ <key>IV</key>
+ <string>80a64935155a9af54e39fb7c0aa52bd1</string>
+ <key>Key</key>
+ <string>e54dede9164129300cf0c6a6a0232ce8</string>
+ </dict>
+ <key>Restore Ramdisk</key>
+ <dict>
+ <key>File</key>
+ <string>018-4108-7.dmg</string>
+ <key>Patch</key>
+ <string>018-4108-7.patch</string>
+ <key>Patch2</key>
+ <string>018-4108-7-nowipe.patch</string>
+ <key>IV</key>
+ <string>fd530c4cf8a878f16387432988b199b8</string>
+ <key>Key</key>
+ <string>42b4f39976afa59f9ec680fccd2c7d04</string>
+ <key>TypeFlag</key>
+ <integer>8</integer>
+ </dict>
+ <key>Update Ramdisk</key>
+ <dict>
+ <key>File</key>
+ <string>018-4118-1.dmg</string>
+ <key>Patch</key>
+ <string>018-4118-1.patch</string>
+ <key>IV</key>
+ <string>4b9a4d90965381c1fec08922f7242644</string>
+ <key>Key</key>
+ <string>d77bd81b9d1adc01fe540eecd885547b</string>
+ <key>TypeFlag</key>
+ <integer>8</integer>
+ </dict>
+ <key>iBEC</key>
+ <dict>
+ <key>File</key>
+ <string>Firmware/dfu/iBEC.m68ap.RELEASE.dfu</string>
+ <key>Patch</key>
+ <string>iBEC.m68ap.RELEASE.patch</string>
+ <key>TypeFlag</key>
+ <integer>8</integer>
+ </dict>
+ <key>iBSS</key>
+ <dict>
+ <key>File</key>
+ <string>Firmware/dfu/iBSS.m68ap.RELEASE.dfu</string>
+ <key>Patch</key>
+ <string>iBSS.m68ap.RELEASE.patch</string>
+ <key>TypeFlag</key>
+ <integer>8</integer>
+ </dict>
+ <key>WTF</key>
+ <dict>
+ <key>File</key>
+ <string>Firmware/dfu/WTF.m68ap.RELEASE.dfu</string>
+ <key>Patch</key>
+ <string>WTF.m68ap.RELEASE.patch</string>
+ <key>TypeFlag</key>
+ <integer>8</integer>
+ </dict>
+ <key>WTF 2</key>
+ <dict>
+ <key>File</key>
+ <string>Firmware/dfu/WTF.s5l8900xall.RELEASE.dfu</string>
+ <key>Patch</key>
+ <string>WTF.s5l8900xall.RELEASE.patch</string>
+ <key>TypeFlag</key>
+ <integer>8</integer>
+ </dict>
+ <key>iBoot</key>
+ <dict>
+ <key>File</key>
+ <string>Firmware/all_flash/all_flash.m68ap.production/iBoot.m68ap.RELEASE.img3</string>
+ <key>Patch</key>
+ <string>iBoot.m68ap.RELEASE.patch</string>
+ <key>IV</key>
+ <string>12a18540363aad4f446b264d11ae2692</string>
+ <key>Key</key>
+ <string>3fe2f270daaeb5debb1d7fe748db42d8</string>
+ <key>TypeFlag</key>
+ <integer>8</integer>
+ </dict>
+ </dict>
+ <key>PreInstalledPackages</key>
+ <array>
+ <string>com.ripdev.install</string>
+ <string>org.saurik.cydia</string>
+ </array>
+ <key>RamdiskMountVolume</key>
+ <string>ramdisk</string>
+ <key>RootFilesystem</key>
+ <string>018-3946-43.dmg</string>
+ <key>RootFilesystemUsedSpace</key>
+ <integer>414</integer>
+ <key>RootFilesystemSize</key>
+ <integer>500</integer>
+ <key>RootFilesystemKey</key>
+ <string>562ca0f7963eafb462da74a9c1f01a45c30a7eb5f1f493feceecae03ee6521a334f4ff68</string>
+ <key>RootFilesystemMountVolume</key>
+ <string>SugarBowl5F136.M68OS</string>
+ <key>SHA1</key>
+ <string>353b7745767b85932e14e262e69463620939bdf7</string>
+ <key>Filename</key>
+ <string>iPhone1,1_2.1_5F136_Restore.ipsw</string>
+ <key>Name</key>
+ <string>iPhone1,1_2.1_5F136</string>
+ <key>DownloadUrl</key>
+ <string>http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone/061-5202.20080909.gkbEj/iPhone1,1_2.1_5F136_Restore.ipsw</string>
+ <key>Platform</key>
+ <integer>1</integer>
+</dict>
+</plist>
View
BIN ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/LLB.m68ap.RELEASE.patch
Binary file not shown.
View
BIN ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/Services.patch
Binary file not shown.
View
BIN ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/WTF.m68ap.RELEASE.patch
Binary file not shown.
View
BIN ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/WTF.s5l8900xall.RELEASE.patch
Binary file not shown.
View
BIN ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/bbupdater.patch
Binary file not shown.
View
BIN ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/fstab.patch
Binary file not shown.
View
BIN ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/iBEC.m68ap.RELEASE.patch
Binary file not shown.
View
BIN ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/iBSS.m68ap.RELEASE.patch
Binary file not shown.
View
BIN ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/iBoot.m68ap.RELEASE.patch
Binary file not shown.
View
BIN ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/kernelcache.release.patch
Binary file not shown.
View
BIN ipsw-patch/FirmwareBundles/iPhone1,1_2.1_5F136.bundle/lockdownd.patch
Binary file not shown.
View
BIN ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/018-4118-1.patch
Binary file not shown.
View
BIN ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/018-4122-1-nowipe.patch
Binary file not shown.
View
BIN ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/018-4122-1.patch
Binary file not shown.
View
BIN ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/DeviceTree.n82ap.patch
Binary file not shown.
View
218 ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/Info.plist
@@ -0,0 +1,218 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+ <key>FilesystemPatches</key>
+ <dict>
+ <key>Core Files Installation</key>
+ <array>
+ <dict>
+ <key>Action</key>
+ <string>ReplaceKernel</string>
+ <key>File</key>
+ <string>kernelcache.release.s5l8900x</string>
+ <key>Name</key>
+ <string>KernelCache</string>
+ <key>Path</key>
+ <string>System/Library/Caches/com.apple.kernelcaches/kernelcache.s5l8900x</string>
+ </dict>
+ </array>
+ <key>Filesystem Jailbreak</key>
+ <array>
+ <dict>
+ <key>Action</key>
+ <string>Patch</string>
+ <key>File</key>
+ <string>etc/fstab</string>
+ <key>Name</key>
+ <string>Filesystem Write Access</string>
+ <key>Patch</key>
+ <string>fstab.patch</string>
+ </dict>
+ <dict>
+ <key>Action</key>
+ <string>Patch</string>
+ <key>File</key>
+ <string>System/Library/Lockdown/Services.plist</string>
+ <key>Name</key>
+ <string>Apple File Connection v2</string>
+ <key>Patch</key>
+ <string>Services.patch</string>
+ </dict>
+ </array>
+ <key>Phone Activation</key>
+ <array>
+ <dict>
+ <key>Action</key>
+ <string>Patch</string>
+ <key>File</key>
+ <string>usr/libexec/lockdownd</string>
+ <key>Name</key>
+ <string>Lockdownd Patch</string>
+ <key>Patch</key>
+ <string>lockdownd.patch</string>
+ </dict>
+ </array>
+ </dict>
+ <key>FirmwarePatches</key>
+ <dict>
+ <key>AppleLogo</key>
+ <dict>
+ <key>File</key>
+ <string>Firmware/all_flash/all_flash.n82ap.production/applelogo.s5l8900x.img3</string>
+ <key>IV</key>
+ <string>c9721629a4d994932c802f4277a9bcee</string>
+ <key>Key</key>
+ <string>97bfa5c532bf1cef85a147c9eb78e77a</string>
+ </dict>
+ <key>DeviceTree</key>
+ <dict>
+ <key>File</key>
+ <string>Firmware/all_flash/all_flash.n82ap.production/DeviceTree.n82ap.img3</string>
+ <key>Patch</key>
+ <string>DeviceTree.n82ap.patch</string>
+ <key>IV</key>
+ <string>d191a46cb673216b516dbf299d7c1c2e</string>
+ <key>Key</key>
+ <string>8c0d15eeb8f71fb8b436833ab1ad54b1</string>
+ <key>TypeFlag</key>
+ <integer>8</integer>
+ </dict>
+ <key>KernelCache</key>
+ <dict>
+ <key>File</key>
+ <string>kernelcache.release.s5l8900x</string>
+ <key>Patch</key>
+ <string>kernelcache.release.patch</string>
+ <key>IV</key>
+ <string>2b4764d4c5bdeaa4cea2100eac7c47bb</string>
+ <key>Key</key>
+ <string>de52cebf74b7747360535fde5c331bd1</string>
+ <key>TypeFlag</key>
+ <integer>4</integer>
+ </dict>
+ <key>LLB</key>
+ <dict>
+ <key>File</key>
+ <string>Firmware/all_flash/all_flash.n82ap.production/LLB.n82ap.RELEASE.img3</string>
+ <key>Patch</key>
+ <string>LLB.n82ap.RELEASE.patch</string>
+ <key>TypeFlag</key>
+ <integer>8</integer>
+ </dict>
+ <key>RecoveryMode</key>
+ <dict>
+ <key>File</key>
+ <string>Firmware/all_flash/all_flash.n82ap.production/recoverymode.s5l8900x.img3</string>
+ <key>IV</key>
+ <string>80a64935155a9af54e39fb7c0aa52bd1</string>
+ <key>Key</key>
+ <string>e54dede9164129300cf0c6a6a0232ce8</string>
+ </dict>
+ <key>Restore Ramdisk</key>
+ <dict>
+ <key>File</key>
+ <string>018-4122-1.dmg</string>
+ <key>Patch</key>
+ <string>018-4122-1.patch</string>
+ <key>Patch2</key>
+ <string>018-4122-1-nowipe.patch</string>
+ <key>IV</key>
+ <string>66a5b36499cb2af303747b473ef0b219</string>
+ <key>Key</key>
+ <string>a05dd9094438c350f3ecc97ad13ab065</string>
+ <key>TypeFlag</key>
+ <integer>8</integer>
+ </dict>
+ <key>Update Ramdisk</key>
+ <dict>
+ <key>File</key>
+ <string>018-4118-1.dmg</string>
+ <key>Patch</key>
+ <string>018-4118-1.patch</string>
+ <key>IV</key>
+ <string>4b9a4d90965381c1fec08922f7242644</string>
+ <key>Key</key>
+ <string>d77bd81b9d1adc01fe540eecd885547b</string>
+ <key>TypeFlag</key>
+ <integer>8</integer>
+ </dict>
+ <key>iBEC</key>
+ <dict>
+ <key>File</key>
+ <string>Firmware/dfu/iBEC.n82ap.RELEASE.dfu</string>
+ <key>Patch</key>
+ <string>iBEC.n82ap.RELEASE.patch</string>
+ <key>TypeFlag</key>
+ <integer>8</integer>
+ </dict>
+ <key>iBSS</key>
+ <dict>
+ <key>File</key>
+ <string>Firmware/dfu/iBSS.n82ap.RELEASE.dfu</string>
+ <key>Patch</key>
+ <string>iBSS.n82ap.RELEASE.patch</string>
+ <key>TypeFlag</key>
+ <integer>8</integer>
+ </dict>
+ <key>WTF</key>
+ <dict>
+ <key>File</key>
+ <string>Firmware/dfu/WTF.n82ap.RELEASE.dfu</string>
+ <key>Patch</key>
+ <string>WTF.n82ap.RELEASE.patch</string>
+ <key>TypeFlag</key>
+ <integer>8</integer>
+ </dict>
+ <key>WTF 2</key>
+ <dict>
+ <key>File</key>
+ <string>Firmware/dfu/WTF.s5l8900xall.RELEASE.dfu</string>
+ <key>Patch</key>
+ <string>WTF.s5l8900xall.RELEASE.patch</string>
+ <key>TypeFlag</key>
+ <integer>8</integer>
+ </dict>
+ <key>iBoot</key>
+ <dict>
+ <key>File</key>
+ <string>Firmware/all_flash/all_flash.n82ap.production/iBoot.n82ap.RELEASE.img3</string>
+ <key>Patch</key>
+ <string>iBoot.n82ap.RELEASE.patch</string>
+ <key>IV</key>
+ <string>6f1ea15d6e593050c98559c243bfb144</string>
+ <key>Key</key>
+ <string>5f378e5445fc9e62257235c7dd4154fe</string>
+ <key>TypeFlag</key>
+ <integer>8</integer>
+ </dict>
+ </dict>
+ <key>PreInstalledPackages</key>
+ <array>
+ <string>com.ripdev.install</string>
+ <string>org.saurik.cydia</string>
+ </array>
+ <key>RamdiskMountVolume</key>
+ <string>ramdisk</string>
+ <key>RootFilesystem</key>
+ <string>018-3940-43.dmg</string>
+ <key>RootFilesystemUsedSpace</key>
+ <integer>414</integer>
+ <key>RootFilesystemSize</key>
+ <integer>500</integer>
+ <key>RootFilesystemKey</key>
+ <string>562ca0f7963eafb462da74a9c1f01a45c30a7eb5f1f493feceecae03ee6521a334f4ff68</string>
+ <key>RootFilesystemMountVolume</key>
+ <string>SugarBowl5F136.N82OS</string>
+ <key>SHA1</key>
+ <string>c6957dcbf2a95ccfd6dce374a727b1b7700a9043</string>
+ <key>Filename</key>
+ <string>iPhone1,2_2.1_5F136_Restore.ipsw</string>
+ <key>Name</key>
+ <string>iPhone1,2_2.1_5F136</string>
+ <key>DownloadUrl</key>
+ <string>http://appldnld.apple.com.edgesuite.net/content.info.apple.com/iPhone/061-5198.20080909.K3294/iPhone1,2_2.1_5F136_Restore.ipsw</string>
+ <key>Platform</key>
+ <integer>3</integer>
+</dict>
+</plist>
View
BIN ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/LLB.n82ap.RELEASE.patch
Binary file not shown.
View
BIN ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/Services.patch
Binary file not shown.
View
BIN ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/WTF.n82ap.RELEASE.patch
Binary file not shown.
View
BIN ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/WTF.s5l8900xall.RELEASE.patch
Binary file not shown.
View
BIN ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/fstab.patch
Binary file not shown.
View
BIN ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/iBEC.n82ap.RELEASE.patch
Binary file not shown.
View
BIN ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/iBSS.n82ap.RELEASE.patch
Binary file not shown.
View
BIN ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/iBoot.n82ap.RELEASE.patch
Binary file not shown.
View
BIN ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/kernelcache.release.patch
Binary file not shown.
View
BIN ipsw-patch/FirmwareBundles/iPhone1,2_2.1_5F136.bundle/lockdownd.patch
Binary file not shown.
View
BIN ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/018-4146-1.patch
Binary file not shown.
View
BIN ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/018-4149-1-nowipe.patch
Binary file not shown.
View
BIN ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/018-4149-1.patch
Binary file not shown.
View
BIN ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/DeviceTree.n45ap.patch
Binary file not shown.
View
203 ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/Info.plist
@@ -0,0 +1,203 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+ <key>FilesystemPatches</key>
+ <dict>
+ <key>Core Files Installation</key>
+ <array>
+ <dict>
+ <key>Action</key>
+ <string>ReplaceKernel</string>
+ <key>File</key>
+ <string>kernelcache.release.s5l8900x</string>
+ <key>Name</key>
+ <string>KernelCache</string>
+ <key>Path</key>
+ <string>System/Library/Caches/com.apple.kernelcaches/kernelcache.s5l8900x</string>
+ </dict>
+ </array>
+ <key>Filesystem Jailbreak</key>
+ <array>
+ <dict>
+ <key>Action</key>
+ <string>Patch</string>
+ <key>File</key>
+ <string>etc/fstab</string>
+ <key>Name</key>
+ <string>Filesystem Write Access</string>
+ <key>Patch</key>
+ <string>fstab.patch</string>
+ </dict>
+ <dict>
+ <key>Action</key>
+ <string>Patch</string>
+ <key>File</key>
+ <string>System/Library/Lockdown/Services.plist</string>
+ <key>Name</key>
+ <string>Apple File Connection v2</string>
+ <key>Patch</key>
+ <string>Services.patch</string>
+ </dict>
+ </array>
+ </dict>
+ <key>FirmwarePatches</key>
+ <dict>
+ <key>AppleLogo</key>
+ <dict>
+ <key>File</key>
+ <string>Firmware/all_flash/all_flash.n45ap.production/applelogo.s5l8900x.img3</string>
+ <key>IV</key>
+ <string>c9721629a4d994932c802f4277a9bcee</string>
+ <key>Key</key>
+ <string>97bfa5c532bf1cef85a147c9eb78e77a</string>
+ </dict>
+ <key>DeviceTree</key>
+ <dict>
+ <key>File</key>
+ <string>Firmware/all_flash/all_flash.n45ap.production/DeviceTree.n45ap.img3</string>
+ <key>Patch</key>
+ <string>DeviceTree.n45ap.patch</string>
+ <key>IV</key>
+ <string>27d3aa1a89e3cea2bddc02342434e94a</string>
+ <key>Key</key>
+ <string>8b88e102d53ecac2b4276bc93147e431</string>
+ <key>TypeFlag</key>
+ <integer>8</integer>
+ </dict>
+ <key>KernelCache</key>
+ <dict>
+ <key>File</key>
+ <string>kernelcache.release.s5l8900x</string>
+ <key>Patch</key>
+ <string>kernelcache.release.patch</string>
+ <key>IV</key>
+ <string>ed71e1ae905d2ff18ed840b111bda009</string>
+ <key>Key</key>
+ <string>2e2b844f2fd50432fb44a285de07361b</string>
+ <key>TypeFlag</key>
+ <integer>4</integer>
+ </dict>
+ <key>LLB</key>
+ <dict>
+ <key>File</key>
+ <string>Firmware/all_flash/all_flash.n45ap.production/LLB.n45ap.RELEASE.img3</string>
+ <key>Patch</key>
+ <string>LLB.n45ap.RELEASE.patch</string>
+ <key>TypeFlag</key>
+ <integer>8</integer>
+ </dict>
+ <key>RecoveryMode</key>
+ <dict>
+ <key>File</key>
+ <string>Firmware/all_flash/all_flash.n45ap.production/recoverymode.s5l8900x.img3</string>
+ <key>IV</key>
+ <string>80a64935155a9af54e39fb7c0aa52bd1</string>
+ <key>Key</key>
+ <string>e54dede9164129300cf0c6a6a0232ce8</string>
+ </dict>
+ <key>Restore Ramdisk</key>
+ <dict>
+ <key>File</key>
+ <string>018-4149-1.dmg</string>
+ <key>Patch</key>
+ <string>018-4149-1.patch</string>
+ <key>Patch2</key>
+ <string>018-4149-1-nowipe.patch</string>
+ <key>IV</key>
+ <string>5cb7fa82e8fc42b9db6c027d8f4c7c39</string>
+ <key>Key</key>
+ <string>7c807f6565015daa6d182dff795e1091</string>
+ <key>TypeFlag</key>
+ <integer>8</integer>
+ </dict>
+ <key>Update Ramdisk</key>
+ <dict>
+ <key>File</key>
+ <string>018-4146-1.dmg</string>
+ <key>Patch</key>
+ <string>018-4146-1.patch</string>
+ <key>IV</key>
+ <string>c0b45881ec3ae9578c9f0e8085f70f1c</string>
+ <key>Key</key>
+ <string>4ffb6fe87bb370008a6f8ecd8e4a5258</string>
+ <key>TypeFlag</key>
+ <integer>8</integer>
+ </dict>
+ <key>iBEC</key>
+ <dict>
+ <key>File</key>
+ <string>Firmware/dfu/iBEC.n45ap.RELEASE.dfu</string>
+ <key>Patch</key>
+ <string>iBEC.n45ap.RELEASE.patch</string>
+ <key>TypeFlag</key>
+ <integer>8</integer>
+ </dict>
+ <key>iBSS</key>
+ <dict>
+ <key>File</key>
+ <string>Firmware/dfu/iBSS.n45ap.RELEASE.dfu</string>
+ <key>Patch</key>
+ <string>iBSS.n45ap.RELEASE.patch</string>
+ <key>TypeFlag</key>
+ <integer>8</integer>
+ </dict>
+ <key>WTF</key>
+ <dict>
+ <key>File</key>
+ <string>Firmware/dfu/WTF.n45ap.RELEASE.dfu</string>
+ <key>Patch</key>
+ <string>WTF.n45ap.RELEASE.patch</string>
+ <key>TypeFlag</key>
+ <integer>8</integer>
+ </dict>
+ <key>WTF 2</key>
+ <dict>
+ <key>File</key>
+ <string>Firmware/dfu/WTF.s5l8900xall.RELEASE.dfu</string>
+ <key>Patch</key>
+ <string>WTF.s5l8900xall.RELEASE.patch</string>
+ <key>TypeFlag</key>
+ <integer>8</integer>
+ </dict>
+ <key>iBoot</key>
+ <dict>
+ <key>File</key>
+ <string>Firmware/all_flash/all_flash.n45ap.production/iBoot.n45ap.RELEASE.img3</string>
+ <key>Patch</key>
+ <string>iBoot.n45ap.RELEASE.patch</string>
+ <key>IV</key>
+ <string>36a2bcf1b0c6f9af3774710602cb9468</string>
+ <key>Key</key>
+ <string>f17a2e75c9addd765ac8561215191ecb</string>
+ <key>TypeFlag</key>
+ <integer>8</integer>
+ </dict>
+ </dict>
+ <key>PreInstalledPackages</key>
+ <array>
+ <string>com.ripdev.install</string>
+ <string>org.saurik.cydia</string>
+ </array>
+ <key>RamdiskMountVolume</key>
+ <string>ramdisk</string>
+ <key>RootFilesystem</key>
+ <string>018-4116-2.dmg</string>
+ <key>RootFilesystemUsedSpace</key>
+ <integer>409</integer>
+ <key>RootFilesystemSize</key>
+ <integer>500</integer>
+ <key>RootFilesystemKey</key>
+ <string>9714f2cb955afa550d6287a1c7dd7bd0efb3c26cf74b948de7c43cf934913df69fc5a05f</string>
+ <key>RootFilesystemMountVolume</key>
+ <string>SugarBowl5F137.N45OS</string>
+ <key>SHA1</key>
+ <string>fc7f6d0972927df502ffca47438ca75dcccffaf3</string>
+ <key>Filename</key>
+ <string>iPod1,1_2.1_5F137_Restore.ipsw</string>
+ <key>Name</key>
+ <string>iPod1,1_2.1_5F137</string>
+ <key>Platform</key>
+ <integer>2</integer>
+</dict>
+</plist>
View
BIN ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/LLB.n45ap.RELEASE.patch
Binary file not shown.
View
BIN ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/Services.patch
Binary file not shown.
View
BIN ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/WTF.n45ap.RELEASE.patch
Binary file not shown.
View
BIN ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/WTF.s5l8900xall.RELEASE.patch
Binary file not shown.
View
BIN ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/fstab.patch
Binary file not shown.
View
BIN ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/iBEC.n45ap.RELEASE.patch
Binary file not shown.
View
BIN ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/iBSS.n45ap.RELEASE.patch
Binary file not shown.
View
BIN ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/iBoot.n45ap.RELEASE.patch
Binary file not shown.
View
BIN ipsw-patch/FirmwareBundles/iPod1,1_2.1_5F137.bundle/kernelcache.release.patch
Binary file not shown.
View
92 ipsw-patch/img3.c
@@ -3,6 +3,76 @@
#include "common.h"
#include <xpwn/img3.h>
+#ifdef HAVE_HW_CRYPTO
+#include <stdint.h>
+#include <IOKit/IOKitLib.h>
+
+typedef struct
+{
+ void* inbuf;
+ void* outbuf;
+ uint32_t size;
+ uint8_t iv[16];
+ uint32_t mode;
+ uint32_t bits;
+ uint8_t keybuf[32];
+ uint32_t mask;
+} IOAESStruct;
+
+#define kIOAESAcceleratorInfo 0
+#define kIOAESAcceleratorTask 1
+#define kIOAESAcceleratorTest 2
+
+#define kIOAESAcceleratorEncrypt 0
+#define kIOAESAcceleratorDecrypt 1
+
+#define kIOAESAcceleratorGIDMask 0x3E8
+#define kIOAESAcceleratorUIDMask 0x7D0
+#define kIOAESAcceleratorCustomMask 0
+
+typedef enum {
+ UID,
+ GID,
+ Custom
+} IOAESKeyType;
+
+IOReturn doAES(io_connect_t conn, void* inbuf, void *outbuf, uint32_t size, IOAESKeyType keyType, void* key, void* iv, int mode) {
+ IOAESStruct in;
+
+ in.mode = mode;
+ in.bits = 128;
+ in.inbuf = inbuf;
+ in.outbuf = outbuf;
+ in.size = size;
+
+ switch(keyType) {
+ case UID:
+ in.mask = kIOAESAcceleratorUIDMask;
+ break;
+ case GID:
+ in.mask = kIOAESAcceleratorGIDMask;
+ break;
+ case Custom:
+ in.mask = kIOAESAcceleratorCustomMask;
+ break;
+ }
+ memset(in.keybuf, 0, sizeof(in.keybuf));
+
+ if(key)
+ memcpy(in.keybuf, key, in.bits / 8);
+
+ if(iv)
+ memcpy(in.iv, iv, 16);
+ else
+ memset(in.iv, 0, 16);
+
+ IOByteCount inSize = sizeof(in);
+
+ return IOConnectCallStructMethod(conn, kIOAESAcceleratorTask, &in, inSize, &in, &inSize);
+}
+
+#endif
+
void writeImg3Element(AbstractFile* file, Img3Element* element);
void writeImg3Root(AbstractFile* file, Img3Element* element);
@@ -314,11 +384,33 @@ AbstractFile* createAbstractFileFromImg3(AbstractFile* file) {
keySeedLen = 16 + (((AppleImg3KBAGHeader*)info->kbag->data)->key_bits)/8;
keySeed = (uint8_t*) malloc(keySeedLen);
memcpy(keySeed, (uint8_t*)((AppleImg3KBAGHeader*)info->kbag->data) + sizeof(AppleImg3KBAGHeader), keySeedLen);
+#ifdef HAVE_HW_CRYPTO
+ CFMutableDictionaryRef dict = IOServiceMatching("IOAESAccelerator");
+ io_service_t dev = IOServiceGetMatchingService(kIOMasterPortDefault, dict);
+ io_connect_t conn = 0;
+ IOServiceOpen(dev, mach_task_self(), 0, &conn);
+ doAES(conn, keySeed, keySeed, keySeedLen, GID, NULL, NULL, kIOAESAcceleratorDecrypt);
+ IOServiceClose(conn);
+ IOObjectRelease(dev);
+
+ unsigned int key[keySeedLen - 16];
+ unsigned int iv[16];
+
+ int i;
+ for(i = 0; i < 16; i++)
+ iv[i] = keySeed[i];
+
+ for(i = 0; i < (keySeedLen - 16); i++)
+ key[i] = keySeed[i + 16];
+
+ setKeyImg3(abstractFile2, key, iv);
+#else
int i = 0;
for(i = 0; i < keySeedLen; i++) {
printf("%02x", keySeed[i]);
}
printf("\n");
+#endif
free(keySeed);
}
View
7 ipsw-patch/libxpwn.c
@@ -33,6 +33,10 @@ void libxpwn_loglevel(int logLevel) {
}
void Log(int level, const char* file, unsigned int line, const char* function, const char* format, ...) {
+ static FILE* logFile = NULL;
+ if(logFile == NULL)
+ logFile = fopen("log.txt", "w");
+
char mainBuffer[1024];
char buffer[1024];
@@ -54,5 +58,8 @@ void Log(int level, const char* file, unsigned int line, const char* function, c
snprintf(mainBuffer, sizeof(mainBuffer), "%s:%s:%d: %s", file, function, line, buffer);
}
logCallback(mainBuffer);
+ strcat(mainBuffer, "\n");
+ fwrite(mainBuffer, 1, strlen(mainBuffer), logFile);
+ fflush(logFile);
}
View
8 ipsw-patch/outputstate.c
@@ -14,6 +14,8 @@
#define DEFAULT_BUFFER_SIZE (1 * 1024 * 1024)
+uint64_t MaxLoadZipSize = UINT64_MAX;
+
void addToOutputQueue(OutputState** state, const char* fileName, void* buffer, const size_t bufferSize, char* tmpFileName) {
OutputState* leftNeighbor;
OutputState* rightNeighbor;
@@ -282,10 +284,10 @@ char* createTempFile() {
#ifdef WIN32
char tmpFilePath[512];
GetTempPath(512, tmpFilePath);
- GetTempFileName(tmpFilePath, "zip", 0, tmpFileBuffer);
+ GetTempFileName(tmpFilePath, "pwn", 0, tmpFileBuffer);
CloseHandle(CreateFile(tmpFilePath, GENERIC_READ | GENERIC_WRITE, FILE_SHARE_DELETE, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_TEMPORARY, NULL));
#else
- strcpy(tmpFileBuffer, "/tmp/zipXXXXXX");
+ strcpy(tmpFileBuffer, "/tmp/pwnXXXXXX");
close(mkstemp(tmpFileBuffer));
FILE* tFile = fopen(tmpFileBuffer, "wb");
fclose(tFile);
@@ -323,7 +325,7 @@ void loadZipFile2(const char* ipsw, OutputState** output, const char* file, int
ASSERT(unzGetCurrentFileInfo(zip, &pfile_info, NULL, 0, NULL, 0, NULL, 0) == UNZ_OK, "cannot get current file info from ipsw");
fileName = (char*) malloc(pfile_info.size_filename + 1);
ASSERT(unzGetCurrentFileInfo(zip, NULL, fileName, pfile_info.size_filename + 1, NULL, 0, NULL, 0) == UNZ_OK, "cannot get current file name from ipsw");
- if((file == NULL && fileName[strlen(fileName) - 1] != '/') || (file != NULL && strcmp(fileName, file)) == 0) {
+ if(((file == NULL && fileName[strlen(fileName) - 1] != '/') || (file != NULL && strcmp(fileName, file)) == 0) && pfile_info.uncompressed_size <= MaxLoadZipSize) {
printf("loading: %s (%ld)\n", fileName, pfile_info.uncompressed_size); fflush(stdout);
ASSERT(unzOpenCurrentFile(zip) == UNZ_OK, "cannot open compressed file in IPSW");
if(useMemory) {
View
134 ipsw-patch/pwnutil.c
@@ -55,7 +55,7 @@ Dictionary* parseIPSW2(const char* inputIPSW, const char* bundleRoot, char** bun
fclose(inputIPSWFile);
- XLOG(0, "Matching IPSW... (%02x%02x%02x%02x...)\n", (int) hash[0], (int) hash[1], (int) hash[2], (int) hash[3]);
+ XLOG(0, "Matching IPSW in %s... (%02x%02x%02x%02x...)\n", bundleRoot, (int) hash[0], (int) hash[1], (int) hash[2], (int) hash[3]);
dir = opendir(bundleRoot);
if(dir == NULL) {
@@ -67,10 +67,8 @@ Dictionary* parseIPSW2(const char* inputIPSW, const char* bundleRoot, char** bun
continue;
}
- infoPath = (char*) malloc(sizeof(char) * (strlen(bundleRoot) + strlen(ent->d_name) + sizeof("/Info.plist")));
- strcpy(infoPath, bundleRoot);
- strcat(infoPath, ent->d_name);
- strcat(infoPath, "/Info.plist");
+ infoPath = (char*) malloc(sizeof(char) * (strlen(bundleRoot) + sizeof(PATH_SEPARATOR) + strlen(ent->d_name) + sizeof(PATH_SEPARATOR "Info.plist")));
+ sprintf(infoPath, "%s" PATH_SEPARATOR "%s" PATH_SEPARATOR "Info.plist", bundleRoot, ent->d_name);
XLOG(0, "checking: %s\n", infoPath);
if((plistFile = createAbstractFileFromFile(fopen(infoPath, "rb"))) != NULL) {
@@ -95,9 +93,8 @@ Dictionary* parseIPSW2(const char* inputIPSW, const char* bundleRoot, char** bun
}
if(i == 20) {
- *bundlePath = (char*) malloc(sizeof(char) * (strlen(bundleRoot) + strlen(ent->d_name) + 1));
- strcpy(*bundlePath, bundleRoot);
- strcat(*bundlePath, ent->d_name);
+ *bundlePath = (char*) malloc(sizeof(char) * (strlen(bundleRoot) + sizeof(PATH_SEPARATOR) + strlen(ent->d_name)));
+ sprintf(*bundlePath, "%s" PATH_SEPARATOR "%s", bundleRoot, ent->d_name);
free(infoPath);
break;
@@ -325,3 +322,124 @@ void fixupBootNeuterArgs(Volume* volume, char unlockBaseband, char selfDestruct,
add_hfs(volume, plistFile, bootNeuterPlist);
free(plist);
}
+
+int patchSigCheck(AbstractFile* file) {
+ const uint8_t patch[] = {0x01, 0xE0, 0x01, 0x20, 0x40, 0x42, 0x88, 0x23};
+
+ size_t length = file->getLength(file);
+ uint8_t* buffer = (uint8_t*)malloc(length);
+ file->seek(file, 0);
+ file->read(file, buffer, length);
+
+ int retval = FALSE;
+ int i;
+ for(i = 0; i < length; i++) {
+ uint8_t* candidate = &buffer[i];
+ if(memcmp(candidate, patch, sizeof(patch)) == 0) {
+ candidate[4] = 0;
+ candidate[5] = 0x20;
+ file->seek(file, i);
+ file->write(file, candidate, sizeof(patch));
+ retval = TRUE;
+ continue;
+ }
+ }
+
+ free(buffer);
+ return retval;
+}
+
+int patchKernel(AbstractFile* file) {
+ const char patch[] = {0x00, 0x00, 0x00, 0x0A, 0x00, 0x40, 0xA0, 0xE3, 0x04, 0x00, 0xA0, 0xE1, 0x90, 0x80, 0xBD, 0xE8};
+
+ const char patch2[] = {0xFF, 0x50, 0xA0, 0xE3, 0x04, 0x00, 0xA0, 0xE1, 0x0A, 0x10, 0xA0, 0xE1};
+
+ const char patch3[] = {0x99, 0x91, 0x43, 0x2B, 0x91, 0xCD, 0xE7, 0x04, 0x24, 0x1D, 0xB0};
+
+ size_t length = file->getLength(file);
+ uint8_t* buffer = (uint8_t*)malloc(length);
+ file->seek(file, 0);
+ file->read(file, buffer, length);
+
+ int retval = 0;
+ int i;
+ for(i = 0; i < length; i++) {
+ uint8_t* candidate = &buffer[i];
+ if(memcmp(candidate, patch, sizeof(patch)) == 0) {
+ candidate[4] = 0x01;
+ file->seek(file, i);
+ file->write(file, candidate, sizeof(patch));
+ retval = TRUE;
+ continue;
+ }
+ if(memcmp(candidate, patch2, sizeof(patch2)) == 0) {
+ candidate[0] = 0x00;
+ file->seek(file, i);
+ file->write(file, candidate, sizeof(patch2));
+ retval = TRUE;
+ continue;
+ }
+ if(memcmp(candidate, patch3, sizeof(patch3)) == 0) {
+ candidate[0] = 0x2B;
+ candidate[1] = 0x99;
+ candidate[2] = 0x00;
+ candidate[3] = 0x00;
+ file->seek(file, i);
+ file->write(file, candidate, sizeof(patch3));
+ retval = TRUE;
+ continue;
+ }
+ }
+
+ free(buffer);