├── LICENSE
├── Makefile
├── README.markdown
├── abstractfile.c
├── base64.c
├── img2.c
├── img3.c
├── includes
    ├── 8900.h
    ├── abstractfile.h
    ├── common.h
    ├── dmg.h
    ├── dmgfile.h
    ├── dmglib.h
    ├── filevault.h
    ├── firmwaremaster.h
    ├── hfscompress.h
    ├── hfslib.h
    ├── hfsplus.h
    ├── ibootim.h
    ├── img2.h
    ├── img3.h
    ├── libxpwn.h
    ├── lzss.h
    ├── lzssfile.h
    ├── nor_files.h
    ├── outputstate.h
    ├── partial.h
    ├── plist.h
    └── pwnutil.h
├── libxpwn.c
├── lzss.c
├── lzssfile.c
├── nor_files.c
└── xpwntool.c


/LICENSE:
--------------------------------------------------------------------------------
  1 |                     GNU GENERAL PUBLIC LICENSE
  2 |                        Version 3, 29 June 2007
  3 | 
  4 |  Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
  5 |  Everyone is permitted to copy and distribute verbatim copies
  6 |  of this license document, but changing it is not allowed.
  7 | 
  8 |                             Preamble
  9 | 
 10 |   The GNU General Public License is a free, copyleft license for
 11 | software and other kinds of works.
 12 | 
 13 |   The licenses for most software and other practical works are designed
 14 | to take away your freedom to share and change the works.  By contrast,
 15 | the GNU General Public License is intended to guarantee your freedom to
 16 | share and change all versions of a program--to make sure it remains free
 17 | software for all its users.  We, the Free Software Foundation, use the
 18 | GNU General Public License for most of our software; it applies also to
 19 | any other work released this way by its authors.  You can apply it to
 20 | your programs, too.
 21 | 
 22 |   When we speak of free software, we are referring to freedom, not
 23 | price.  Our General Public Licenses are designed to make sure that you
 24 | have the freedom to distribute copies of free software (and charge for
 25 | them if you wish), that you receive source code or can get it if you
 26 | want it, that you can change the software or use pieces of it in new
 27 | free programs, and that you know you can do these things.
 28 | 
 29 |   To protect your rights, we need to prevent others from denying you
 30 | these rights or asking you to surrender the rights.  Therefore, you have
 31 | certain responsibilities if you distribute copies of the software, or if
 32 | you modify it: responsibilities to respect the freedom of others.
 33 | 
 34 |   For example, if you distribute copies of such a program, whether
 35 | gratis or for a fee, you must pass on to the recipients the same
 36 | freedoms that you received.  You must make sure that they, too, receive
 37 | or can get the source code.  And you must show them these terms so they
 38 | know their rights.
 39 | 
 40 |   Developers that use the GNU GPL protect your rights with two steps:
 41 | (1) assert copyright on the software, and (2) offer you this License
 42 | giving you legal permission to copy, distribute and/or modify it.
 43 | 
 44 |   For the developers' and authors' protection, the GPL clearly explains
 45 | that there is no warranty for this free software.  For both users' and
 46 | authors' sake, the GPL requires that modified versions be marked as
 47 | changed, so that their problems will not be attributed erroneously to
 48 | authors of previous versions.
 49 | 
 50 |   Some devices are designed to deny users access to install or run
 51 | modified versions of the software inside them, although the manufacturer
 52 | can do so.  This is fundamentally incompatible with the aim of
 53 | protecting users' freedom to change the software.  The systematic
 54 | pattern of such abuse occurs in the area of products for individuals to
 55 | use, which is precisely where it is most unacceptable.  Therefore, we
 56 | have designed this version of the GPL to prohibit the practice for those
 57 | products.  If such problems arise substantially in other domains, we
 58 | stand ready to extend this provision to those domains in future versions
 59 | of the GPL, as needed to protect the freedom of users.
 60 | 
 61 |   Finally, every program is threatened constantly by software patents.
 62 | States should not allow patents to restrict development and use of
 63 | software on general-purpose computers, but in those that do, we wish to
 64 | avoid the special danger that patents applied to a free program could
 65 | make it effectively proprietary.  To prevent this, the GPL assures that
 66 | patents cannot be used to render the program non-free.
 67 | 
 68 |   The precise terms and conditions for copying, distribution and
 69 | modification follow.
 70 | 
 71 |                        TERMS AND CONDITIONS
 72 | 
 73 |   0. Definitions.
 74 | 
 75 |   "This License" refers to version 3 of the GNU General Public License.
 76 | 
 77 |   "Copyright" also means copyright-like laws that apply to other kinds of
 78 | works, such as semiconductor masks.
 79 | 
 80 |   "The Program" refers to any copyrightable work licensed under this
 81 | License.  Each licensee is addressed as "you".  "Licensees" and
 82 | "recipients" may be individuals or organizations.
 83 | 
 84 |   To "modify" a work means to copy from or adapt all or part of the work
 85 | in a fashion requiring copyright permission, other than the making of an
 86 | exact copy.  The resulting work is called a "modified version" of the
 87 | earlier work or a work "based on" the earlier work.
 88 | 
 89 |   A "covered work" means either the unmodified Program or a work based
 90 | on the Program.
 91 | 
 92 |   To "propagate" a work means to do anything with it that, without
 93 | permission, would make you directly or secondarily liable for
 94 | infringement under applicable copyright law, except executing it on a
 95 | computer or modifying a private copy.  Propagation includes copying,
 96 | distribution (with or without modification), making available to the
 97 | public, and in some countries other activities as well.
 98 | 
 99 |   To "convey" a work means any kind of propagation that enables other
100 | parties to make or receive copies.  Mere interaction with a user through
101 | a computer network, with no transfer of a copy, is not conveying.
102 | 
103 |   An interactive user interface displays "Appropriate Legal Notices"
104 | to the extent that it includes a convenient and prominently visible
105 | feature that (1) displays an appropriate copyright notice, and (2)
106 | tells the user that there is no warranty for the work (except to the
107 | extent that warranties are provided), that licensees may convey the
108 | work under this License, and how to view a copy of this License.  If
109 | the interface presents a list of user commands or options, such as a
110 | menu, a prominent item in the list meets this criterion.
111 | 
112 |   1. Source Code.
113 | 
114 |   The "source code" for a work means the preferred form of the work
115 | for making modifications to it.  "Object code" means any non-source
116 | form of a work.
117 | 
118 |   A "Standard Interface" means an interface that either is an official
119 | standard defined by a recognized standards body, or, in the case of
120 | interfaces specified for a particular programming language, one that
121 | is widely used among developers working in that language.
122 | 
123 |   The "System Libraries" of an executable work include anything, other
124 | than the work as a whole, that (a) is included in the normal form of
125 | packaging a Major Component, but which is not part of that Major
126 | Component, and (b) serves only to enable use of the work with that
127 | Major Component, or to implement a Standard Interface for which an
128 | implementation is available to the public in source code form.  A
129 | "Major Component", in this context, means a major essential component
130 | (kernel, window system, and so on) of the specific operating system
131 | (if any) on which the executable work runs, or a compiler used to
132 | produce the work, or an object code interpreter used to run it.
133 | 
134 |   The "Corresponding Source" for a work in object code form means all
135 | the source code needed to generate, install, and (for an executable
136 | work) run the object code and to modify the work, including scripts to
137 | control those activities.  However, it does not include the work's
138 | System Libraries, or general-purpose tools or generally available free
139 | programs which are used unmodified in performing those activities but
140 | which are not part of the work.  For example, Corresponding Source
141 | includes interface definition files associated with source files for
142 | the work, and the source code for shared libraries and dynamically
143 | linked subprograms that the work is specifically designed to require,
144 | such as by intimate data communication or control flow between those
145 | subprograms and other parts of the work.
146 | 
147 |   The Corresponding Source need not include anything that users
148 | can regenerate automatically from other parts of the Corresponding
149 | Source.
150 | 
151 |   The Corresponding Source for a work in source code form is that
152 | same work.
153 | 
154 |   2. Basic Permissions.
155 | 
156 |   All rights granted under this License are granted for the term of
157 | copyright on the Program, and are irrevocable provided the stated
158 | conditions are met.  This License explicitly affirms your unlimited
159 | permission to run the unmodified Program.  The output from running a
160 | covered work is covered by this License only if the output, given its
161 | content, constitutes a covered work.  This License acknowledges your
162 | rights of fair use or other equivalent, as provided by copyright law.
163 | 
164 |   You may make, run and propagate covered works that you do not
165 | convey, without conditions so long as your license otherwise remains
166 | in force.  You may convey covered works to others for the sole purpose
167 | of having them make modifications exclusively for you, or provide you
168 | with facilities for running those works, provided that you comply with
169 | the terms of this License in conveying all material for which you do
170 | not control copyright.  Those thus making or running the covered works
171 | for you must do so exclusively on your behalf, under your direction
172 | and control, on terms that prohibit them from making any copies of
173 | your copyrighted material outside their relationship with you.
174 | 
175 |   Conveying under any other circumstances is permitted solely under
176 | the conditions stated below.  Sublicensing is not allowed; section 10
177 | makes it unnecessary.
178 | 
179 |   3. Protecting Users' Legal Rights From Anti-Circumvention Law.
180 | 
181 |   No covered work shall be deemed part of an effective technological
182 | measure under any applicable law fulfilling obligations under article
183 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or
184 | similar laws prohibiting or restricting circumvention of such
185 | measures.
186 | 
187 |   When you convey a covered work, you waive any legal power to forbid
188 | circumvention of technological measures to the extent such circumvention
189 | is effected by exercising rights under this License with respect to
190 | the covered work, and you disclaim any intention to limit operation or
191 | modification of the work as a means of enforcing, against the work's
192 | users, your or third parties' legal rights to forbid circumvention of
193 | technological measures.
194 | 
195 |   4. Conveying Verbatim Copies.
196 | 
197 |   You may convey verbatim copies of the Program's source code as you
198 | receive it, in any medium, provided that you conspicuously and
199 | appropriately publish on each copy an appropriate copyright notice;
200 | keep intact all notices stating that this License and any
201 | non-permissive terms added in accord with section 7 apply to the code;
202 | keep intact all notices of the absence of any warranty; and give all
203 | recipients a copy of this License along with the Program.
204 | 
205 |   You may charge any price or no price for each copy that you convey,
206 | and you may offer support or warranty protection for a fee.
207 | 
208 |   5. Conveying Modified Source Versions.
209 | 
210 |   You may convey a work based on the Program, or the modifications to
211 | produce it from the Program, in the form of source code under the
212 | terms of section 4, provided that you also meet all of these conditions:
213 | 
214 |     a) The work must carry prominent notices stating that you modified
215 |     it, and giving a relevant date.
216 | 
217 |     b) The work must carry prominent notices stating that it is
218 |     released under this License and any conditions added under section
219 |     7.  This requirement modifies the requirement in section 4 to
220 |     "keep intact all notices".
221 | 
222 |     c) You must license the entire work, as a whole, under this
223 |     License to anyone who comes into possession of a copy.  This
224 |     License will therefore apply, along with any applicable section 7
225 |     additional terms, to the whole of the work, and all its parts,
226 |     regardless of how they are packaged.  This License gives no
227 |     permission to license the work in any other way, but it does not
228 |     invalidate such permission if you have separately received it.
229 | 
230 |     d) If the work has interactive user interfaces, each must display
231 |     Appropriate Legal Notices; however, if the Program has interactive
232 |     interfaces that do not display Appropriate Legal Notices, your
233 |     work need not make them do so.
234 | 
235 |   A compilation of a covered work with other separate and independent
236 | works, which are not by their nature extensions of the covered work,
237 | and which are not combined with it such as to form a larger program,
238 | in or on a volume of a storage or distribution medium, is called an
239 | "aggregate" if the compilation and its resulting copyright are not
240 | used to limit the access or legal rights of the compilation's users
241 | beyond what the individual works permit.  Inclusion of a covered work
242 | in an aggregate does not cause this License to apply to the other
243 | parts of the aggregate.
244 | 
245 |   6. Conveying Non-Source Forms.
246 | 
247 |   You may convey a covered work in object code form under the terms
248 | of sections 4 and 5, provided that you also convey the
249 | machine-readable Corresponding Source under the terms of this License,
250 | in one of these ways:
251 | 
252 |     a) Convey the object code in, or embodied in, a physical product
253 |     (including a physical distribution medium), accompanied by the
254 |     Corresponding Source fixed on a durable physical medium
255 |     customarily used for software interchange.
256 | 
257 |     b) Convey the object code in, or embodied in, a physical product
258 |     (including a physical distribution medium), accompanied by a
259 |     written offer, valid for at least three years and valid for as
260 |     long as you offer spare parts or customer support for that product
261 |     model, to give anyone who possesses the object code either (1) a
262 |     copy of the Corresponding Source for all the software in the
263 |     product that is covered by this License, on a durable physical
264 |     medium customarily used for software interchange, for a price no
265 |     more than your reasonable cost of physically performing this
266 |     conveying of source, or (2) access to copy the
267 |     Corresponding Source from a network server at no charge.
268 | 
269 |     c) Convey individual copies of the object code with a copy of the
270 |     written offer to provide the Corresponding Source.  This
271 |     alternative is allowed only occasionally and noncommercially, and
272 |     only if you received the object code with such an offer, in accord
273 |     with subsection 6b.
274 | 
275 |     d) Convey the object code by offering access from a designated
276 |     place (gratis or for a charge), and offer equivalent access to the
277 |     Corresponding Source in the same way through the same place at no
278 |     further charge.  You need not require recipients to copy the
279 |     Corresponding Source along with the object code.  If the place to
280 |     copy the object code is a network server, the Corresponding Source
281 |     may be on a different server (operated by you or a third party)
282 |     that supports equivalent copying facilities, provided you maintain
283 |     clear directions next to the object code saying where to find the
284 |     Corresponding Source.  Regardless of what server hosts the
285 |     Corresponding Source, you remain obligated to ensure that it is
286 |     available for as long as needed to satisfy these requirements.
287 | 
288 |     e) Convey the object code using peer-to-peer transmission, provided
289 |     you inform other peers where the object code and Corresponding
290 |     Source of the work are being offered to the general public at no
291 |     charge under subsection 6d.
292 | 
293 |   A separable portion of the object code, whose source code is excluded
294 | from the Corresponding Source as a System Library, need not be
295 | included in conveying the object code work.
296 | 
297 |   A "User Product" is either (1) a "consumer product", which means any
298 | tangible personal property which is normally used for personal, family,
299 | or household purposes, or (2) anything designed or sold for incorporation
300 | into a dwelling.  In determining whether a product is a consumer product,
301 | doubtful cases shall be resolved in favor of coverage.  For a particular
302 | product received by a particular user, "normally used" refers to a
303 | typical or common use of that class of product, regardless of the status
304 | of the particular user or of the way in which the particular user
305 | actually uses, or expects or is expected to use, the product.  A product
306 | is a consumer product regardless of whether the product has substantial
307 | commercial, industrial or non-consumer uses, unless such uses represent
308 | the only significant mode of use of the product.
309 | 
310 |   "Installation Information" for a User Product means any methods,
311 | procedures, authorization keys, or other information required to install
312 | and execute modified versions of a covered work in that User Product from
313 | a modified version of its Corresponding Source.  The information must
314 | suffice to ensure that the continued functioning of the modified object
315 | code is in no case prevented or interfered with solely because
316 | modification has been made.
317 | 
318 |   If you convey an object code work under this section in, or with, or
319 | specifically for use in, a User Product, and the conveying occurs as
320 | part of a transaction in which the right of possession and use of the
321 | User Product is transferred to the recipient in perpetuity or for a
322 | fixed term (regardless of how the transaction is characterized), the
323 | Corresponding Source conveyed under this section must be accompanied
324 | by the Installation Information.  But this requirement does not apply
325 | if neither you nor any third party retains the ability to install
326 | modified object code on the User Product (for example, the work has
327 | been installed in ROM).
328 | 
329 |   The requirement to provide Installation Information does not include a
330 | requirement to continue to provide support service, warranty, or updates
331 | for a work that has been modified or installed by the recipient, or for
332 | the User Product in which it has been modified or installed.  Access to a
333 | network may be denied when the modification itself materially and
334 | adversely affects the operation of the network or violates the rules and
335 | protocols for communication across the network.
336 | 
337 |   Corresponding Source conveyed, and Installation Information provided,
338 | in accord with this section must be in a format that is publicly
339 | documented (and with an implementation available to the public in
340 | source code form), and must require no special password or key for
341 | unpacking, reading or copying.
342 | 
343 |   7. Additional Terms.
344 | 
345 |   "Additional permissions" are terms that supplement the terms of this
346 | License by making exceptions from one or more of its conditions.
347 | Additional permissions that are applicable to the entire Program shall
348 | be treated as though they were included in this License, to the extent
349 | that they are valid under applicable law.  If additional permissions
350 | apply only to part of the Program, that part may be used separately
351 | under those permissions, but the entire Program remains governed by
352 | this License without regard to the additional permissions.
353 | 
354 |   When you convey a copy of a covered work, you may at your option
355 | remove any additional permissions from that copy, or from any part of
356 | it.  (Additional permissions may be written to require their own
357 | removal in certain cases when you modify the work.)  You may place
358 | additional permissions on material, added by you to a covered work,
359 | for which you have or can give appropriate copyright permission.
360 | 
361 |   Notwithstanding any other provision of this License, for material you
362 | add to a covered work, you may (if authorized by the copyright holders of
363 | that material) supplement the terms of this License with terms:
364 | 
365 |     a) Disclaiming warranty or limiting liability differently from the
366 |     terms of sections 15 and 16 of this License; or
367 | 
368 |     b) Requiring preservation of specified reasonable legal notices or
369 |     author attributions in that material or in the Appropriate Legal
370 |     Notices displayed by works containing it; or
371 | 
372 |     c) Prohibiting misrepresentation of the origin of that material, or
373 |     requiring that modified versions of such material be marked in
374 |     reasonable ways as different from the original version; or
375 | 
376 |     d) Limiting the use for publicity purposes of names of licensors or
377 |     authors of the material; or
378 | 
379 |     e) Declining to grant rights under trademark law for use of some
380 |     trade names, trademarks, or service marks; or
381 | 
382 |     f) Requiring indemnification of licensors and authors of that
383 |     material by anyone who conveys the material (or modified versions of
384 |     it) with contractual assumptions of liability to the recipient, for
385 |     any liability that these contractual assumptions directly impose on
386 |     those licensors and authors.
387 | 
388 |   All other non-permissive additional terms are considered "further
389 | restrictions" within the meaning of section 10.  If the Program as you
390 | received it, or any part of it, contains a notice stating that it is
391 | governed by this License along with a term that is a further
392 | restriction, you may remove that term.  If a license document contains
393 | a further restriction but permits relicensing or conveying under this
394 | License, you may add to a covered work material governed by the terms
395 | of that license document, provided that the further restriction does
396 | not survive such relicensing or conveying.
397 | 
398 |   If you add terms to a covered work in accord with this section, you
399 | must place, in the relevant source files, a statement of the
400 | additional terms that apply to those files, or a notice indicating
401 | where to find the applicable terms.
402 | 
403 |   Additional terms, permissive or non-permissive, may be stated in the
404 | form of a separately written license, or stated as exceptions;
405 | the above requirements apply either way.
406 | 
407 |   8. Termination.
408 | 
409 |   You may not propagate or modify a covered work except as expressly
410 | provided under this License.  Any attempt otherwise to propagate or
411 | modify it is void, and will automatically terminate your rights under
412 | this License (including any patent licenses granted under the third
413 | paragraph of section 11).
414 | 
415 |   However, if you cease all violation of this License, then your
416 | license from a particular copyright holder is reinstated (a)
417 | provisionally, unless and until the copyright holder explicitly and
418 | finally terminates your license, and (b) permanently, if the copyright
419 | holder fails to notify you of the violation by some reasonable means
420 | prior to 60 days after the cessation.
421 | 
422 |   Moreover, your license from a particular copyright holder is
423 | reinstated permanently if the copyright holder notifies you of the
424 | violation by some reasonable means, this is the first time you have
425 | received notice of violation of this License (for any work) from that
426 | copyright holder, and you cure the violation prior to 30 days after
427 | your receipt of the notice.
428 | 
429 |   Termination of your rights under this section does not terminate the
430 | licenses of parties who have received copies or rights from you under
431 | this License.  If your rights have been terminated and not permanently
432 | reinstated, you do not qualify to receive new licenses for the same
433 | material under section 10.
434 | 
435 |   9. Acceptance Not Required for Having Copies.
436 | 
437 |   You are not required to accept this License in order to receive or
438 | run a copy of the Program.  Ancillary propagation of a covered work
439 | occurring solely as a consequence of using peer-to-peer transmission
440 | to receive a copy likewise does not require acceptance.  However,
441 | nothing other than this License grants you permission to propagate or
442 | modify any covered work.  These actions infringe copyright if you do
443 | not accept this License.  Therefore, by modifying or propagating a
444 | covered work, you indicate your acceptance of this License to do so.
445 | 
446 |   10. Automatic Licensing of Downstream Recipients.
447 | 
448 |   Each time you convey a covered work, the recipient automatically
449 | receives a license from the original licensors, to run, modify and
450 | propagate that work, subject to this License.  You are not responsible
451 | for enforcing compliance by third parties with this License.
452 | 
453 |   An "entity transaction" is a transaction transferring control of an
454 | organization, or substantially all assets of one, or subdividing an
455 | organization, or merging organizations.  If propagation of a covered
456 | work results from an entity transaction, each party to that
457 | transaction who receives a copy of the work also receives whatever
458 | licenses to the work the party's predecessor in interest had or could
459 | give under the previous paragraph, plus a right to possession of the
460 | Corresponding Source of the work from the predecessor in interest, if
461 | the predecessor has it or can get it with reasonable efforts.
462 | 
463 |   You may not impose any further restrictions on the exercise of the
464 | rights granted or affirmed under this License.  For example, you may
465 | not impose a license fee, royalty, or other charge for exercise of
466 | rights granted under this License, and you may not initiate litigation
467 | (including a cross-claim or counterclaim in a lawsuit) alleging that
468 | any patent claim is infringed by making, using, selling, offering for
469 | sale, or importing the Program or any portion of it.
470 | 
471 |   11. Patents.
472 | 
473 |   A "contributor" is a copyright holder who authorizes use under this
474 | License of the Program or a work on which the Program is based.  The
475 | work thus licensed is called the contributor's "contributor version".
476 | 
477 |   A contributor's "essential patent claims" are all patent claims
478 | owned or controlled by the contributor, whether already acquired or
479 | hereafter acquired, that would be infringed by some manner, permitted
480 | by this License, of making, using, or selling its contributor version,
481 | but do not include claims that would be infringed only as a
482 | consequence of further modification of the contributor version.  For
483 | purposes of this definition, "control" includes the right to grant
484 | patent sublicenses in a manner consistent with the requirements of
485 | this License.
486 | 
487 |   Each contributor grants you a non-exclusive, worldwide, royalty-free
488 | patent license under the contributor's essential patent claims, to
489 | make, use, sell, offer for sale, import and otherwise run, modify and
490 | propagate the contents of its contributor version.
491 | 
492 |   In the following three paragraphs, a "patent license" is any express
493 | agreement or commitment, however denominated, not to enforce a patent
494 | (such as an express permission to practice a patent or covenant not to
495 | sue for patent infringement).  To "grant" such a patent license to a
496 | party means to make such an agreement or commitment not to enforce a
497 | patent against the party.
498 | 
499 |   If you convey a covered work, knowingly relying on a patent license,
500 | and the Corresponding Source of the work is not available for anyone
501 | to copy, free of charge and under the terms of this License, through a
502 | publicly available network server or other readily accessible means,
503 | then you must either (1) cause the Corresponding Source to be so
504 | available, or (2) arrange to deprive yourself of the benefit of the
505 | patent license for this particular work, or (3) arrange, in a manner
506 | consistent with the requirements of this License, to extend the patent
507 | license to downstream recipients.  "Knowingly relying" means you have
508 | actual knowledge that, but for the patent license, your conveying the
509 | covered work in a country, or your recipient's use of the covered work
510 | in a country, would infringe one or more identifiable patents in that
511 | country that you have reason to believe are valid.
512 | 
513 |   If, pursuant to or in connection with a single transaction or
514 | arrangement, you convey, or propagate by procuring conveyance of, a
515 | covered work, and grant a patent license to some of the parties
516 | receiving the covered work authorizing them to use, propagate, modify
517 | or convey a specific copy of the covered work, then the patent license
518 | you grant is automatically extended to all recipients of the covered
519 | work and works based on it.
520 | 
521 |   A patent license is "discriminatory" if it does not include within
522 | the scope of its coverage, prohibits the exercise of, or is
523 | conditioned on the non-exercise of one or more of the rights that are
524 | specifically granted under this License.  You may not convey a covered
525 | work if you are a party to an arrangement with a third party that is
526 | in the business of distributing software, under which you make payment
527 | to the third party based on the extent of your activity of conveying
528 | the work, and under which the third party grants, to any of the
529 | parties who would receive the covered work from you, a discriminatory
530 | patent license (a) in connection with copies of the covered work
531 | conveyed by you (or copies made from those copies), or (b) primarily
532 | for and in connection with specific products or compilations that
533 | contain the covered work, unless you entered into that arrangement,
534 | or that patent license was granted, prior to 28 March 2007.
535 | 
536 |   Nothing in this License shall be construed as excluding or limiting
537 | any implied license or other defenses to infringement that may
538 | otherwise be available to you under applicable patent law.
539 | 
540 |   12. No Surrender of Others' Freedom.
541 | 
542 |   If conditions are imposed on you (whether by court order, agreement or
543 | otherwise) that contradict the conditions of this License, they do not
544 | excuse you from the conditions of this License.  If you cannot convey a
545 | covered work so as to satisfy simultaneously your obligations under this
546 | License and any other pertinent obligations, then as a consequence you may
547 | not convey it at all.  For example, if you agree to terms that obligate you
548 | to collect a royalty for further conveying from those to whom you convey
549 | the Program, the only way you could satisfy both those terms and this
550 | License would be to refrain entirely from conveying the Program.
551 | 
552 |   13. Use with the GNU Affero General Public License.
553 | 
554 |   Notwithstanding any other provision of this License, you have
555 | permission to link or combine any covered work with a work licensed
556 | under version 3 of the GNU Affero General Public License into a single
557 | combined work, and to convey the resulting work.  The terms of this
558 | License will continue to apply to the part which is the covered work,
559 | but the special requirements of the GNU Affero General Public License,
560 | section 13, concerning interaction through a network will apply to the
561 | combination as such.
562 | 
563 |   14. Revised Versions of this License.
564 | 
565 |   The Free Software Foundation may publish revised and/or new versions of
566 | the GNU General Public License from time to time.  Such new versions will
567 | be similar in spirit to the present version, but may differ in detail to
568 | address new problems or concerns.
569 | 
570 |   Each version is given a distinguishing version number.  If the
571 | Program specifies that a certain numbered version of the GNU General
572 | Public License "or any later version" applies to it, you have the
573 | option of following the terms and conditions either of that numbered
574 | version or of any later version published by the Free Software
575 | Foundation.  If the Program does not specify a version number of the
576 | GNU General Public License, you may choose any version ever published
577 | by the Free Software Foundation.
578 | 
579 |   If the Program specifies that a proxy can decide which future
580 | versions of the GNU General Public License can be used, that proxy's
581 | public statement of acceptance of a version permanently authorizes you
582 | to choose that version for the Program.
583 | 
584 |   Later license versions may give you additional or different
585 | permissions.  However, no additional obligations are imposed on any
586 | author or copyright holder as a result of your choosing to follow a
587 | later version.
588 | 
589 |   15. Disclaimer of Warranty.
590 | 
591 |   THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
592 | APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
593 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
594 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
595 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
596 | PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
597 | IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
598 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
599 | 
600 |   16. Limitation of Liability.
601 | 
602 |   IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
603 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
604 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
605 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
606 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
607 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
608 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
609 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
610 | SUCH DAMAGES.
611 | 
612 |   17. Interpretation of Sections 15 and 16.
613 | 
614 |   If the disclaimer of warranty and limitation of liability provided
615 | above cannot be given local legal effect according to their terms,
616 | reviewing courts shall apply local law that most closely approximates
617 | an absolute waiver of all civil liability in connection with the
618 | Program, unless a warranty or assumption of liability accompanies a
619 | copy of the Program in return for a fee.
620 | 
621 |                      END OF TERMS AND CONDITIONS
622 | 
623 |             How to Apply These Terms to Your New Programs
624 | 
625 |   If you develop a new program, and you want it to be of the greatest
626 | possible use to the public, the best way to achieve this is to make it
627 | free software which everyone can redistribute and change under these terms.
628 | 
629 |   To do so, attach the following notices to the program.  It is safest
630 | to attach them to the start of each source file to most effectively
631 | state the exclusion of warranty; and each file should have at least
632 | the "copyright" line and a pointer to where the full notice is found.
633 | 
634 |     <one line to give the program's name and a brief idea of what it does.>
635 |     Copyright (C) <year>  <name of author>
636 | 
637 |     This program is free software: you can redistribute it and/or modify
638 |     it under the terms of the GNU General Public License as published by
639 |     the Free Software Foundation, either version 3 of the License, or
640 |     (at your option) any later version.
641 | 
642 |     This program is distributed in the hope that it will be useful,
643 |     but WITHOUT ANY WARRANTY; without even the implied warranty of
644 |     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
645 |     GNU General Public License for more details.
646 | 
647 |     You should have received a copy of the GNU General Public License
648 |     along with this program.  If not, see <http://www.gnu.org/licenses/>.
649 | 
650 | Also add information on how to contact you by electronic and paper mail.
651 | 
652 |   If the program does terminal interaction, make it output a short
653 | notice like this when it starts in an interactive mode:
654 | 
655 |     <program>  Copyright (C) <year>  <name of author>
656 |     This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
657 |     This is free software, and you are welcome to redistribute it
658 |     under certain conditions; type `show c' for details.
659 | 
660 | The hypothetical commands `show w' and `show c' should show the appropriate
661 | parts of the General Public License.  Of course, your program's commands
662 | might be different; for a GUI interface, you would use an "about box".
663 | 
664 |   You should also get your employer (if you work as a programmer) or school,
665 | if any, to sign a "copyright disclaimer" for the program, if necessary.
666 | For more information on this, and how to apply and follow the GNU GPL, see
667 | <http://www.gnu.org/licenses/>.
668 | 
669 |   The GNU General Public License does not permit incorporating your program
670 | into proprietary programs.  If your program is a subroutine library, you
671 | may consider it more useful to permit linking proprietary applications with
672 | the library.  If this is what you want to do, use the GNU Lesser General
673 | Public License instead of this License.  But first, please read
674 | <http://www.gnu.org/philosophy/why-not-lgpl.html>.
675 | 


--------------------------------------------------------------------------------
/Makefile:
--------------------------------------------------------------------------------
 1 | BIN = /usr/bin
 2 | GCC_BIN = $(BIN)/gcc
 3 | GCC_UNIVERSAL = $(GCC_BASE)
 4 | 
 5 | CFLAGS = 
 6 | GCC_BASE = $(GCC_BIN) -Os $(CFLAGS) -Wimplicit -I ./includes/
 7 | 
 8 | all: xpwntool
 9 | 
10 | xpwntool: xpwntool.c img3.o img2.o abstractfile.o nor_files.o libxpwn.o lzssfile.o lzss.o
11 | 	$(GCC_UNIVERSAL) -std=gnu99 -lcrypto -lz -o $@ $^
12 | 
13 | %.o: %.c
14 | 	$(GCC_UNIVERSAL) -c -o $@ $< 
15 | 
16 | clean:
17 | 	rm -f *.o xpwntool
18 | 


--------------------------------------------------------------------------------
/README.markdown:
--------------------------------------------------------------------------------
 1 | xpwntool-lite
 2 | -------------
 3 | 
 4 | This is a stripped down version of xpwntool from xwpn. We ripped out a lot of
 5 | stuff that is not required for simple xpwntool usage in order to decrypt IMG3
 6 | files that ship with iOS firmwares.
 7 | 
 8 | The source is released under the terms of the GNU General Public License
 9 | version 3. The full text of the license can be found in the file LICENSE. 
10 | The original source code this code is based on can be found at:
11 | http://github.com/planetbeing/xpwn
12 | 


--------------------------------------------------------------------------------
/abstractfile.c:
--------------------------------------------------------------------------------
  1 | #include <stdlib.h>
  2 | #include <stdio.h>
  3 | #include <string.h>
  4 | #include <stdarg.h>
  5 | #include <stdint.h>
  6 | 
  7 | #include "abstractfile.h"
  8 | #include "common.h"
  9 | 
 10 | size_t freadWrapper(AbstractFile* file, void* data, size_t len) {
 11 |   return fread(data, 1, len, (FILE*) (file->data));
 12 | }
 13 | 
 14 | size_t fwriteWrapper(AbstractFile* file, const void* data, size_t len) {
 15 |   return fwrite(data, 1, len, (FILE*) (file->data));
 16 | }
 17 | 
 18 | int fseekWrapper(AbstractFile* file, off_t offset) {
 19 |   return fseeko((FILE*) (file->data), offset, SEEK_SET);
 20 | }
 21 | 
 22 | off_t ftellWrapper(AbstractFile* file) {
 23 |   return ftello((FILE*) (file->data));
 24 | }
 25 | 
 26 | void fcloseWrapper(AbstractFile* file) {
 27 |   fclose((FILE*) (file->data));
 28 |   free(file);
 29 | }
 30 | 
 31 | off_t fileGetLength(AbstractFile* file) {
 32 | 	off_t length;
 33 | 	off_t pos;
 34 | 
 35 | 	pos = ftello((FILE*) (file->data));
 36 | 
 37 | 	fseeko((FILE*) (file->data), 0, SEEK_END);
 38 | 	length = ftello((FILE*) (file->data));
 39 | 
 40 | 	fseeko((FILE*) (file->data), pos, SEEK_SET);
 41 | 
 42 | 	return length;
 43 | }
 44 | 
 45 | AbstractFile* createAbstractFileFromFile(FILE* file) {
 46 | 	AbstractFile* toReturn;
 47 | 
 48 | 	if(file == NULL) {
 49 | 		return NULL;
 50 | 	}
 51 | 
 52 | 	toReturn = (AbstractFile*) malloc(sizeof(AbstractFile));
 53 | 	toReturn->data = file;
 54 | 	toReturn->read = freadWrapper;
 55 | 	toReturn->write = fwriteWrapper;
 56 | 	toReturn->seek = fseekWrapper;
 57 | 	toReturn->tell = ftellWrapper;
 58 | 	toReturn->getLength = fileGetLength;
 59 | 	toReturn->close = fcloseWrapper;
 60 | 	toReturn->type = AbstractFileTypeFile;
 61 | 	return toReturn;
 62 | }
 63 | 
 64 | size_t dummyRead(AbstractFile* file, void* data, size_t len) {
 65 |   return 0;
 66 | }
 67 | 
 68 | size_t dummyWrite(AbstractFile* file, const void* data, size_t len) {
 69 |   *((off_t*) (file->data)) += len;
 70 |   return len;
 71 | }
 72 | 
 73 | int dummySeek(AbstractFile* file, off_t offset) {
 74 |   *((off_t*) (file->data)) = offset;
 75 |   return 0;
 76 | }
 77 | 
 78 | off_t dummyTell(AbstractFile* file) {
 79 |   return *((off_t*) (file->data));
 80 | }
 81 | 
 82 | void dummyClose(AbstractFile* file) {
 83 |   free(file);
 84 | }
 85 | 
 86 | AbstractFile* createAbstractFileFromDummy() {
 87 | 	AbstractFile* toReturn;
 88 | 	toReturn = (AbstractFile*) malloc(sizeof(AbstractFile));
 89 | 	toReturn->data = NULL;
 90 | 	toReturn->read = dummyRead;
 91 | 	toReturn->write = dummyWrite;
 92 | 	toReturn->seek = dummySeek;
 93 | 	toReturn->tell = dummyTell;
 94 | 	toReturn->getLength = NULL;
 95 | 	toReturn->close = dummyClose;
 96 | 	toReturn->type = AbstractFileTypeDummy;
 97 | 	return toReturn;
 98 | }
 99 | 
100 | size_t memRead(AbstractFile* file, void* data, size_t len) {
101 |   MemWrapperInfo* info = (MemWrapperInfo*) (file->data); 
102 |   if(info->bufferSize < (info->offset + len)) {
103 |     len = info->bufferSize - info->offset;
104 |   }
105 |   memcpy(data, (void*)((uint8_t*)(*(info->buffer)) + (uint32_t)info->offset), len);
106 |   info->offset += (size_t)len;
107 |   return len;
108 | }
109 | 
110 | size_t memWrite(AbstractFile* file, const void* data, size_t len) {
111 |   MemWrapperInfo* info = (MemWrapperInfo*) (file->data);
112 |   
113 |   while((info->offset + (size_t)len) > info->bufferSize) {
114 |     info->bufferSize <<= 1;
115 |     *(info->buffer) = realloc(*(info->buffer), info->bufferSize);
116 |   }
117 |   
118 |   memcpy((void*)((uint8_t*)(*(info->buffer)) + (uint32_t)info->offset), data, len);
119 |   info->offset += (size_t)len;
120 |   return len;
121 | }
122 | 
123 | int memSeek(AbstractFile* file, off_t offset) {
124 |   MemWrapperInfo* info = (MemWrapperInfo*) (file->data);
125 |   info->offset = (size_t)offset;
126 |   return 0;
127 | }
128 | 
129 | off_t memTell(AbstractFile* file) {
130 |   MemWrapperInfo* info = (MemWrapperInfo*) (file->data);
131 |   return (off_t)info->offset;
132 | }
133 | 
134 | off_t memGetLength(AbstractFile* file) {
135 |   MemWrapperInfo* info = (MemWrapperInfo*) (file->data);
136 |   return info->bufferSize;
137 | }
138 | 
139 | void memClose(AbstractFile* file) {
140 |   free(file->data);
141 |   free(file);
142 | }
143 | 
144 | AbstractFile* createAbstractFileFromMemory(void** buffer, size_t size) {
145 | 	MemWrapperInfo* info;
146 | 	AbstractFile* toReturn;
147 | 	toReturn = (AbstractFile*) malloc(sizeof(AbstractFile));
148 | 	
149 | 	info = (MemWrapperInfo*) malloc(sizeof(MemWrapperInfo));
150 | 	info->offset = 0;
151 | 	info->buffer = buffer;
152 | 	info->bufferSize = size;
153 | 
154 | 	toReturn->data = info;
155 | 	toReturn->read = memRead;
156 | 	toReturn->write = memWrite;
157 | 	toReturn->seek = memSeek;
158 | 	toReturn->tell = memTell;
159 | 	toReturn->getLength = memGetLength;
160 | 	toReturn->close = memClose;
161 | 	toReturn->type = AbstractFileTypeMem;
162 | 	return toReturn;
163 | }
164 | 
165 | void abstractFilePrint(AbstractFile* file, const char* format, ...) {
166 | 	va_list args;
167 | 	char buffer[1024];
168 | 	size_t length;
169 | 
170 | 	buffer[0] = '\0';
171 | 	va_start(args, format);
172 | 	length = vsprintf(buffer, format, args);
173 | 	va_end(args);
174 | 	ASSERT(file->write(file, buffer, length) == length, "fwrite");
175 | }
176 | 
177 | int absFileRead(io_func* io, off_t location, size_t size, void *buffer) {
178 | 	AbstractFile* file;
179 | 	file = (AbstractFile*) io->data;
180 | 	file->seek(file, location);
181 | 	if(file->read(file, buffer, size) == size) {
182 | 		return TRUE;
183 | 	} else {
184 | 		return FALSE;
185 | 	}
186 | }
187 | 
188 | int absFileWrite(io_func* io, off_t location, size_t size, void *buffer) {
189 | 	AbstractFile* file;
190 | 	file = (AbstractFile*) io->data;
191 | 	file->seek(file, location);
192 | 	if(file->write(file, buffer, size) == size) {
193 | 		return TRUE;
194 | 	} else {
195 | 		return FALSE;
196 | 	}
197 | }
198 | 
199 | void closeAbsFile(io_func* io) {
200 | 	AbstractFile* file;
201 | 	file = (AbstractFile*) io->data;
202 | 	file->close(file);
203 | 	free(io);
204 | }
205 | 
206 | 
207 | io_func* IOFuncFromAbstractFile(AbstractFile* file) {
208 | 	io_func* io;
209 | 
210 | 	io = (io_func*) malloc(sizeof(io_func));
211 | 	io->data = file;
212 | 	io->read = &absFileRead;
213 | 	io->write = &absFileWrite;
214 | 	io->close = &closeAbsFile;
215 | 
216 | 	return io;
217 | }
218 | 
219 | size_t memFileRead(AbstractFile* file, void* data, size_t len) {
220 |   MemFileWrapperInfo* info = (MemFileWrapperInfo*) (file->data); 
221 |   memcpy(data, (void*)((uint8_t*)(*(info->buffer)) + (uint32_t)info->offset), len);
222 |   info->offset += (size_t)len;
223 |   return len;
224 | }
225 | 
226 | size_t memFileWrite(AbstractFile* file, const void* data, size_t len) {
227 |   MemFileWrapperInfo* info = (MemFileWrapperInfo*) (file->data);
228 |   
229 |   while((info->offset + (size_t)len) > info->actualBufferSize) {
230 | 		info->actualBufferSize <<= 1;
231 |     *(info->buffer) = realloc(*(info->buffer), info->actualBufferSize);
232 |   }
233 |   
234 |   if((info->offset + (size_t)len) > (*(info->bufferSize))) {
235 | 		memset(((uint8_t*)(*(info->buffer))) + *(info->bufferSize), 0, (info->offset + (size_t)len) - *(info->bufferSize));
236 | 		*(info->bufferSize) = info->offset + (size_t)len;
237 | 	}
238 |       
239 |   memcpy((void*)((uint8_t*)(*(info->buffer)) + (uint32_t)info->offset), data, len);
240 |   info->offset += (size_t)len;
241 |   return len;
242 | }
243 | 
244 | int memFileSeek(AbstractFile* file, off_t offset) {
245 |   MemFileWrapperInfo* info = (MemFileWrapperInfo*) (file->data);
246 |   info->offset = (size_t)offset;
247 |   return 0;
248 | }
249 | 
250 | off_t memFileTell(AbstractFile* file) {
251 |   MemFileWrapperInfo* info = (MemFileWrapperInfo*) (file->data);
252 |   return (off_t)info->offset;
253 | }
254 | 
255 | off_t memFileGetLength(AbstractFile* file) {
256 |   MemFileWrapperInfo* info = (MemFileWrapperInfo*) (file->data);
257 |   return *(info->bufferSize);
258 | }
259 | 
260 | void memFileClose(AbstractFile* file) {
261 |   free(file->data);
262 |   free(file);
263 | }
264 | 
265 | AbstractFile* createAbstractFileFromMemoryFile(void** buffer, size_t* size) {
266 | 	MemFileWrapperInfo* info;
267 | 	AbstractFile* toReturn;
268 | 	toReturn = (AbstractFile*) malloc(sizeof(AbstractFile));
269 | 	
270 | 	info = (MemFileWrapperInfo*) malloc(sizeof(MemFileWrapperInfo));
271 | 	info->offset = 0;
272 | 	info->buffer = buffer;
273 | 	info->bufferSize = size;
274 | 	info->actualBufferSize = (1024 < (*size)) ? (*size) : 1024;
275 | 	if(info->actualBufferSize != *(info->bufferSize)) {
276 | 		*(info->buffer) = realloc(*(info->buffer), info->actualBufferSize);
277 | 	}
278 | 
279 | 	toReturn->data = info;
280 | 	toReturn->read = memFileRead;
281 | 	toReturn->write = memFileWrite;
282 | 	toReturn->seek = memFileSeek;
283 | 	toReturn->tell = memFileTell;
284 | 	toReturn->getLength = memFileGetLength;
285 | 	toReturn->close = memFileClose;
286 | 	toReturn->type = AbstractFileTypeMemFile;
287 | 	return toReturn;
288 | }
289 | 
290 | AbstractFile* createAbstractFileFromMemoryFileBuffer(void** buffer, size_t* size, size_t actualBufferSize) {
291 | 	MemFileWrapperInfo* info;
292 | 	AbstractFile* toReturn;
293 | 	toReturn = (AbstractFile*) malloc(sizeof(AbstractFile));
294 | 	
295 | 	info = (MemFileWrapperInfo*) malloc(sizeof(MemFileWrapperInfo));
296 | 	info->offset = 0;
297 | 	info->buffer = buffer;
298 | 	info->bufferSize = size;
299 | 	info->actualBufferSize = actualBufferSize;
300 | 
301 | 	toReturn->data = info;
302 | 	toReturn->read = memFileRead;
303 | 	toReturn->write = memFileWrite;
304 | 	toReturn->seek = memFileSeek;
305 | 	toReturn->tell = memFileTell;
306 | 	toReturn->getLength = memFileGetLength;
307 | 	toReturn->close = memFileClose;
308 | 	toReturn->type = AbstractFileTypeMemFile;
309 | 	return toReturn;
310 | }
311 | 
312 | 


--------------------------------------------------------------------------------
/base64.c:
--------------------------------------------------------------------------------
  1 | #include <stdlib.h>
  2 | #include <stdint.h>
  3 | #include <stdio.h>
  4 | #include <string.h>
  5 | 
  6 | #include "dmg.h"
  7 | 
  8 | unsigned char* decodeBase64(char* toDecode, size_t* dataLength) {
  9 |   uint8_t buffer[4];
 10 |   uint8_t charsInBuffer;
 11 |   unsigned char* curChar;
 12 |   unsigned char* decodeBuffer;
 13 |   unsigned int decodeLoc;
 14 |   unsigned int decodeBufferSize;
 15 |   uint8_t bytesToDrop;
 16 |   
 17 |   curChar = (unsigned char*) toDecode;
 18 |   charsInBuffer = 0;
 19 |   
 20 |   decodeBufferSize = 100;
 21 |   decodeLoc = 0;
 22 |   decodeBuffer = (unsigned char*) malloc(decodeBufferSize);
 23 |   
 24 |   bytesToDrop = 0;
 25 |   
 26 |   while((*curChar) != '\0') {
 27 |     if((*curChar) >= 'A' && (*curChar) <= 'Z') {
 28 |       buffer[charsInBuffer] = (*curChar) - 'A';
 29 |       charsInBuffer++;
 30 |     }
 31 |     
 32 |     if((*curChar) >= 'a' && (*curChar) <= 'z') {
 33 |       buffer[charsInBuffer] = ((*curChar) - 'a') + ('Z' - 'A' + 1);
 34 |       charsInBuffer++;
 35 |     }
 36 |     
 37 |     if((*curChar) >= '0' && (*curChar) <= '9') {
 38 |       buffer[charsInBuffer] = ((*curChar) - '0') + ('Z' - 'A' + 1)  + ('z' - 'a' + 1);
 39 |       charsInBuffer++;
 40 |     }
 41 |     
 42 |     if((*curChar) == '+') {
 43 |       buffer[charsInBuffer] = ('Z' - 'A' + 1)  + ('z' - 'a' + 1)  + ('9' - '0' + 1);
 44 |       charsInBuffer++;
 45 |     }
 46 |     
 47 |     if((*curChar) == '/') {
 48 |       buffer[charsInBuffer] = ('Z' - 'A' + 1)  + ('z' - 'a' + 1)  + ('9' - '0' + 1) + 1;
 49 |       charsInBuffer++;
 50 |     }
 51 |     
 52 |     if((*curChar) == '=') {
 53 |       bytesToDrop++;
 54 |     }
 55 |     
 56 |     if(charsInBuffer == 4) {
 57 |       charsInBuffer = 0;
 58 |       
 59 |       if((decodeLoc + 3) >= decodeBufferSize) {
 60 |         decodeBufferSize <<= 1;
 61 |         decodeBuffer = (unsigned char*) realloc(decodeBuffer, decodeBufferSize);
 62 |       }
 63 |       decodeBuffer[decodeLoc] = ((buffer[0] << 2) & 0xFC) + ((buffer[1] >> 4) & 0x3F);
 64 |       decodeBuffer[decodeLoc + 1] = ((buffer[1] << 4) & 0xF0) + ((buffer[2] >> 2) & 0x0F);
 65 |       decodeBuffer[decodeLoc + 2] = ((buffer[2] << 6) & 0xC0) + (buffer[3] & 0x3F);
 66 |       
 67 |       decodeLoc += 3;
 68 |       buffer[0] = 0;
 69 |       buffer[1] = 0;
 70 |       buffer[2] = 0;
 71 |       buffer[3] = 0;
 72 |     }
 73 | 
 74 |     curChar++;
 75 |   }
 76 |   
 77 |   if(bytesToDrop != 0) {  
 78 |     if((decodeLoc + 3) >= decodeBufferSize) {
 79 |       decodeBufferSize <<= 1;
 80 |       decodeBuffer = (unsigned char*) realloc(decodeBuffer, decodeBufferSize);
 81 |     }
 82 |     
 83 |     decodeBuffer[decodeLoc] = ((buffer[0] << 2) & 0xFC) | ((buffer[1] >> 4) & 0x3F);
 84 |     
 85 |     if(bytesToDrop <= 2)
 86 |       decodeBuffer[decodeLoc + 1] = ((buffer[1] << 4) & 0xF0) | ((buffer[2] >> 2) & 0x0F);
 87 |       
 88 |     if(bytesToDrop <= 1)
 89 |       decodeBuffer[decodeLoc + 2] = ((buffer[2] << 6) & 0xC0) | (buffer[3] & 0x3F);
 90 |     
 91 |     *dataLength = decodeLoc + 3 - bytesToDrop;
 92 |   } else {
 93 |     *dataLength = decodeLoc;
 94 |   }
 95 |   
 96 |   return decodeBuffer;
 97 | }
 98 | 
 99 | void writeBase64(AbstractFile* file, unsigned char* data, size_t dataLength, int tabLength, int width) {
100 |   char* buffer;
101 |   buffer = convertBase64(data, dataLength, tabLength, width);
102 |   file->write(file, buffer, strlen(buffer));
103 |   free(buffer);
104 | }
105 | 
106 | #define CHECK_BUFFER_SIZE() \
107 |     if(pos == bufferSize) { \
108 |       bufferSize <<= 1; \
109 |       buffer = (unsigned char*) realloc(buffer, bufferSize); \
110 |     }
111 | 
112 | #define CHECK_LINE_END_STRING() \
113 |     CHECK_BUFFER_SIZE() \
114 |     if(width == lineLength) { \
115 |       buffer[pos++] = '\n'; \
116 |       CHECK_BUFFER_SIZE() \
117 |       for(j = 0; j < tabLength; j++) { \
118 |         buffer[pos++] = '\t'; \
119 |         CHECK_BUFFER_SIZE() \
120 |       } \
121 |       lineLength = 0; \
122 |     } else { \
123 |       lineLength++; \
124 |     }
125 | 
126 | char* convertBase64(unsigned char* data, size_t dataLength, int tabLength, int width) {
127 |   const char* dictionary = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
128 |   
129 |   unsigned char* buffer;
130 |   size_t pos;
131 |   size_t bufferSize;
132 |   int i, j;
133 |   int lineLength;
134 |   
135 |   bufferSize = 100;
136 |   buffer = (unsigned char*) malloc(bufferSize);
137 |   pos = 0;
138 |   lineLength = 0;
139 |    
140 |   for(i = 0; i < tabLength; i++) {
141 |     CHECK_BUFFER_SIZE()
142 |     buffer[pos++] = '\t';
143 |   }
144 |   i = 0;
145 |   while(dataLength >= 3) {
146 |     dataLength -= 3;
147 |     buffer[pos++] = dictionary[(data[i] >> 2) & 0x3F];
148 |     CHECK_LINE_END_STRING();
149 |     buffer[pos++] = dictionary[(((data[i] << 4) & 0x30) | ((data[i+1] >> 4) & 0x0F)) & 0x3F];
150 |     CHECK_LINE_END_STRING();
151 |     buffer[pos++] = dictionary[(((data[i+1] << 2) & 0x3C) | ((data[i+2] >> 6) & 0x03)) & 0x03F];
152 |     CHECK_LINE_END_STRING();
153 |     buffer[pos++] = dictionary[data[i+2] & 0x3F];
154 |     CHECK_LINE_END_STRING();
155 |     i += 3;
156 |   }
157 | 
158 |   if(dataLength == 2) {
159 |     buffer[pos++] = dictionary[(data[i] >> 2) & 0x3F];
160 |     CHECK_LINE_END_STRING();
161 |     buffer[pos++] = dictionary[(((data[i] << 4) & 0x30) | ((data[i+1] >> 4) & 0x0F)) & 0x3F];
162 |     CHECK_LINE_END_STRING();
163 |     buffer[pos++] = dictionary[(data[i+1] << 2) & 0x3C];
164 |     CHECK_LINE_END_STRING();
165 |     buffer[pos++] = '=';
166 |   } else if(dataLength == 1) {
167 |     buffer[pos++] = dictionary[(data[i] >> 2) & 0x3F];
168 |     CHECK_LINE_END_STRING();
169 |     buffer[pos++] = dictionary[(data[i] << 4) & 0x30];
170 |     CHECK_LINE_END_STRING();
171 |     buffer[pos++] = '=';
172 |     CHECK_LINE_END_STRING();
173 |     buffer[pos++] = '=';
174 |   }
175 |   
176 |   CHECK_BUFFER_SIZE();
177 |   buffer[pos++] = '\n';
178 |   
179 |   CHECK_BUFFER_SIZE();
180 |   buffer[pos++] = '\0';
181 |   
182 |   return (char*) buffer;
183 | }
184 | 


--------------------------------------------------------------------------------
/img2.c:
--------------------------------------------------------------------------------
  1 | #include <zlib.h>
  2 | #include <stdlib.h>
  3 | #include <string.h>
  4 | 
  5 | #include "common.h"
  6 | #include "abstractfile.h"
  7 | #include "img2.h"
  8 | 
  9 | void flipImg2Header(Img2Header* header) {
 10 | 	FLIPENDIANLE(header->signature);
 11 | 	FLIPENDIANLE(header->imageType);
 12 | 	FLIPENDIANLE(header->unknown1);
 13 | 	FLIPENDIANLE(header->security_epoch);
 14 | 	FLIPENDIANLE(header->flags1);
 15 | 	FLIPENDIANLE(header->dataLen);
 16 | 	FLIPENDIANLE(header->dataLenPadded);
 17 | 	FLIPENDIANLE(header->unknown3);
 18 | 	FLIPENDIANLE(header->flags2);
 19 | 	FLIPENDIANLE(header->unknown4);
 20 | 	FLIPENDIANLE(header->header_checksum);
 21 | 	FLIPENDIANLE(header->checksum2);
 22 | }
 23 | 
 24 | size_t readImg2(AbstractFile* file, void* data, size_t len) {
 25 | 	InfoImg2* info = (InfoImg2*) (file->data); 
 26 | 	memcpy(data, (void*)((uint8_t*)info->buffer + (uint32_t)info->offset), len);
 27 | 	info->offset += (size_t)len;
 28 | 	return len;
 29 | }
 30 | 
 31 | size_t writeImg2(AbstractFile* file, const void* data, size_t len) {
 32 | 	InfoImg2* info = (InfoImg2*) (file->data);
 33 | 
 34 | 	while((info->offset + (size_t)len) > info->header.dataLen) {
 35 | 		info->header.dataLen = info->offset + (size_t)len;
 36 | 		info->buffer = realloc(info->buffer, info->header.dataLen);
 37 | 	}
 38 | 	
 39 | 	memcpy((void*)((uint8_t*)info->buffer + (uint32_t)info->offset), data, len);
 40 | 	info->offset += (size_t)len;
 41 | 	
 42 | 	info->dirty = TRUE;
 43 | 	
 44 | 	return len;
 45 | }
 46 | 
 47 | int seekImg2(AbstractFile* file, off_t offset) {
 48 | 	InfoImg2* info = (InfoImg2*) (file->data);
 49 | 	info->offset = (size_t)offset;
 50 | 	return 0;
 51 | }
 52 | 
 53 | off_t tellImg2(AbstractFile* file) {
 54 | 	InfoImg2* info = (InfoImg2*) (file->data);
 55 | 	return (off_t)info->offset;
 56 | }
 57 | 
 58 | off_t getLengthImg2(AbstractFile* file) {
 59 | 	InfoImg2* info = (InfoImg2*) (file->data);
 60 | 	return info->header.dataLen;
 61 | }
 62 | 
 63 | void closeImg2(AbstractFile* file) {
 64 | 	InfoImg2* info = (InfoImg2*) (file->data);
 65 | 	uint32_t cksum;
 66 | 	
 67 | 	if(info->dirty) {
 68 | 		info->file->seek(info->file, sizeof(info->header));
 69 | 		info->file->write(info->file, info->buffer, info->header.dataLen);
 70 | 		info->header.dataLenPadded = info->header.dataLen;
 71 | 	  
 72 | 		flipImg2Header(&(info->header));
 73 | 		
 74 | 		cksum = crc32(0, (unsigned char *)&(info->header), 0x64);
 75 | 		FLIPENDIANLE(cksum);
 76 | 		info->header.header_checksum = cksum;
 77 | 			
 78 | 		info->file->seek(info->file, 0);
 79 | 		info->file->write(info->file, &(info->header), sizeof(info->header));
 80 | 	}
 81 | 	
 82 | 	free(info->buffer);
 83 | 	info->file->close(info->file);
 84 | 	free(info);
 85 | 	free(file);
 86 | }
 87 | 
 88 | 
 89 | AbstractFile* createAbstractFileFromImg2(AbstractFile* file) {
 90 | 	InfoImg2* info;
 91 | 	AbstractFile* toReturn;
 92 | 
 93 | 	if(!file) {
 94 | 		return NULL;
 95 | 	}
 96 | 
 97 | 	info = (InfoImg2*) malloc(sizeof(InfoImg2));
 98 | 	info->file = file;
 99 | 	file->seek(file, 0);
100 | 	file->read(file, &(info->header), sizeof(info->header));
101 | 	flipImg2Header(&(info->header));
102 | 	if(info->header.signature != IMG2_SIGNATURE) {
103 | 		free(info);
104 | 		return NULL;
105 | 	}
106 | 	
107 | 	info->buffer = malloc(info->header.dataLen);
108 | 	file->read(file, info->buffer, info->header.dataLen);
109 | 
110 | 	info->dirty = FALSE;
111 | 	
112 | 	info->offset = 0;
113 | 	
114 | 	toReturn = (AbstractFile*) malloc(sizeof(AbstractFile));
115 | 	toReturn->data = info;
116 | 	toReturn->read = readImg2;
117 | 	toReturn->write = writeImg2;
118 | 	toReturn->seek = seekImg2;
119 | 	toReturn->tell = tellImg2;
120 | 	toReturn->getLength = getLengthImg2;
121 | 	toReturn->close = closeImg2;
122 | 	toReturn->type = AbstractFileTypeImg2;
123 | 	return toReturn;
124 | }
125 | 
126 | AbstractFile* duplicateImg2File(AbstractFile* file, AbstractFile* backing) {
127 | 	InfoImg2* info;
128 | 	AbstractFile* toReturn;
129 | 
130 | 	if(!file) {
131 | 		return NULL;
132 | 	}
133 | 
134 | 	info = (InfoImg2*) malloc(sizeof(InfoImg2));
135 | 	memcpy(info, file->data, sizeof(InfoImg2));
136 | 	
137 | 	info->file = backing;
138 | 	info->buffer = malloc(1);
139 | 	info->header.dataLen = 0;
140 | 	info->dirty = TRUE;
141 | 	info->offset = 0;
142 | 	
143 | 	toReturn = (AbstractFile*) malloc(sizeof(AbstractFile));
144 | 	toReturn->data = info;
145 | 	toReturn->read = readImg2;
146 | 	toReturn->write = writeImg2;
147 | 	toReturn->seek = seekImg2;
148 | 	toReturn->tell = tellImg2;
149 | 	toReturn->getLength = getLengthImg2;
150 | 	toReturn->close = closeImg2;
151 | 	toReturn->type = AbstractFileTypeImg2;
152 | 	return toReturn;
153 | }
154 | 
155 | 


--------------------------------------------------------------------------------
/img3.c:
--------------------------------------------------------------------------------
  1 | #include <stdlib.h>
  2 | #include <string.h>
  3 | 
  4 | #include "common.h"
  5 | #include "img3.h"
  6 | #include "libxpwn.h"
  7 | 
  8 | 
  9 | void writeImg3Element(AbstractFile* file, Img3Element* element, Img3Info* info);
 10 | 
 11 | void writeImg3Root(AbstractFile* file, Img3Element* element, Img3Info* info);
 12 | 
 13 | void flipAppleImg3Header(AppleImg3Header* header) {
 14 | 	FLIPENDIANLE(header->magic);
 15 | 	FLIPENDIANLE(header->size);
 16 | 	FLIPENDIANLE(header->dataSize);
 17 | }
 18 | 
 19 | void flipAppleImg3RootExtra(AppleImg3RootExtra* extra) {
 20 | 	FLIPENDIANLE(extra->shshOffset);
 21 | 	FLIPENDIANLE(extra->name);
 22 | }
 23 | 
 24 | void flipAppleImg3KBAGHeader(AppleImg3KBAGHeader* data) {
 25 | 	FLIPENDIANLE(data->key_modifier);
 26 | 	FLIPENDIANLE(data->key_bits);
 27 | }
 28 | 
 29 | size_t readImg3(AbstractFile* file, void* data, size_t len) {
 30 | 	Img3Info* info = (Img3Info*) file->data;
 31 | 	memcpy(data, (void*)((uint8_t*)info->data->data + (uint32_t)info->offset), len);
 32 | 	info->offset += (size_t)len;
 33 | 	return len;
 34 | }
 35 | 
 36 | size_t writeImg3(AbstractFile* file, const void* data, size_t len) {
 37 | 	Img3Info* info = (Img3Info*) file->data;
 38 | 
 39 | 	while((info->offset + (size_t)len) > info->data->header->dataSize) {
 40 | 		uint32_t oldSize = info->data->header->dataSize;
 41 | 		info->data->header->dataSize = info->offset + (size_t)len;
 42 | 		info->data->header->size = info->data->header->dataSize;
 43 | 		if(info->data->header->size % 0x20 != 0) {
 44 | 			info->data->header->size += 0x20 - (info->data->header->size % 0x20); /* PwnageTool(mac): 0x20, Apple: 0x10? */
 45 | 		}
 46 | 		info->data->header->size += sizeof(AppleImg3Header);
 47 | 		info->data->data = realloc(info->data->data, info->data->header->dataSize + 32); /* hack for decryptLast rounding up */
 48 | 		memset((uint8_t *)info->data->data + oldSize, 0, info->data->header->dataSize + 32 - oldSize); /* bigger block, zero */
 49 | 	}
 50 | 	
 51 | 	memcpy((void*)((uint8_t*)info->data->data + (uint32_t)info->offset), data, len);
 52 | 	info->offset += (size_t)len;
 53 | 	
 54 | 	info->dirty = TRUE;
 55 | 	
 56 | 	return len;
 57 | }
 58 | 
 59 | int seekImg3(AbstractFile* file, off_t offset) {
 60 | 	Img3Info* info = (Img3Info*) file->data;
 61 | 	info->offset = (size_t)offset;
 62 | 	return 0;
 63 | }
 64 | 
 65 | off_t tellImg3(AbstractFile* file) {
 66 | 	Img3Info* info = (Img3Info*) file->data;
 67 | 	return (off_t)info->offset;
 68 | }
 69 | 
 70 | off_t getLengthImg3(AbstractFile* file) {
 71 | 	Img3Info* info = (Img3Info*) file->data;
 72 | 	return info->data->header->dataSize;
 73 | }
 74 | 
 75 | void closeImg3(AbstractFile* file) {
 76 | 	Img3Info* info = (Img3Info*) file->data;
 77 | 
 78 | 	if(info->dirty) {
 79 | 		if(info->encrypted) {
 80 | 			uint32_t sz = info->data->header->dataSize;
 81 | 			if (info->decryptLast) {
 82 | 				sz = info->data->header->size;
 83 | 			}
 84 | 			uint8_t ivec[16];
 85 | 			memcpy(ivec, info->iv, 16);
 86 | 			AES_cbc_encrypt(info->data->data, info->data->data, (sz / 16) * 16, &(info->encryptKey), ivec, AES_ENCRYPT);
 87 | 		}
 88 | 
 89 | 		info->file->seek(info->file, 0);
 90 | 		info->root->header->dataSize = 0;	/* hack to make certain writeImg3Element doesn't preallocate */
 91 | 		info->root->header->size = 0;
 92 | 		writeImg3Element(info->file, info->root, info);
 93 | 	}
 94 | 
 95 | 	info->root->free(info->root);
 96 | 	info->file->close(info->file);
 97 | 	free(info);
 98 | 	free(file);
 99 | }
100 | 
101 | void setKeyImg3(AbstractFile2* file, const unsigned int* key, const unsigned int* iv) {
102 | 	Img3Info* info = (Img3Info*) file->super.data;
103 | 	if (!info->kbag) {
104 | 		return;
105 | 	}
106 | 
107 | 	int i;
108 | 	uint8_t bKey[32];
109 | 	int keyBits = ((AppleImg3KBAGHeader*)info->kbag->data)->key_bits;
110 | 
111 | 	for(i = 0; i < 16; i++) {
112 | 		info->iv[i] = iv[i] & 0xff;
113 | 	}
114 | 
115 | 	for(i = 0; i < (keyBits / 8); i++) {
116 | 		bKey[i] = key[i] & 0xff;
117 | 	}
118 | 
119 | 	AES_set_encrypt_key(bKey, keyBits, &(info->encryptKey));
120 | 	AES_set_decrypt_key(bKey, keyBits, &(info->decryptKey));
121 | 
122 | 	info->decryptLast = Img3DecryptLast;
123 | 	if(!info->encrypted) {
124 | 		uint32_t sz = info->data->header->dataSize;
125 | 		if (info->decryptLast) {
126 | 			sz = info->data->header->size;
127 | 		}
128 | 		uint8_t ivec[16];
129 | 		memcpy(ivec, info->iv, 16);
130 | 		AES_cbc_encrypt(info->data->data, info->data->data, (sz / 16) * 16, &(info->decryptKey), ivec, AES_DECRYPT);
131 | 	}
132 | 
133 | 	info->encrypted = TRUE;
134 | }
135 | 
136 | Img3Element* readImg3Element(AbstractFile* file);
137 | 
138 | void freeImg3Default(Img3Element* element) {
139 | 	free(element->header);
140 | 	free(element->data);
141 | 	free(element);
142 | }
143 | 
144 | void freeImg3Root(Img3Element* element) {
145 | 	Img3Element* current;
146 | 	Img3Element* toFree;
147 | 
148 | 	free(element->header);
149 | 
150 | 	current = (Img3Element*)(element->data);
151 | 
152 | 	while(current != NULL) {
153 | 		toFree = current;
154 | 		current = current->next;
155 | 		toFree->free(toFree);
156 | 	}
157 | 
158 | 	free(element);
159 | }
160 | 
161 | void readImg3Root(AbstractFile* file, Img3Element* element) {
162 | 	Img3Element* children;
163 | 	Img3Element* current;
164 | 	uint32_t remaining;
165 | 	AppleImg3RootHeader* header;
166 | 
167 | 	children = NULL;
168 | 
169 | 	header = (AppleImg3RootHeader*) realloc(element->header, sizeof(AppleImg3RootHeader));
170 | 	element->header = (AppleImg3Header*) header;
171 | 
172 | 	file->read(file, &(header->extra), sizeof(AppleImg3RootExtra));
173 | 	flipAppleImg3RootExtra(&(header->extra));
174 | 
175 | 	remaining = header->base.dataSize;
176 | 
177 | 	while(remaining > 0) {
178 | 		if(children != NULL) {
179 | 			current->next = readImg3Element(file);
180 | 			current = current->next;
181 | 		} else {
182 | 			current = readImg3Element(file);
183 | 			children = current;
184 | 		}
185 | 		remaining -= current->header->size;
186 | 	}
187 | 
188 | 	element->data = (void*) children;
189 | 	element->write = writeImg3Root;
190 | 	element->free = freeImg3Root;
191 | }
192 | 
193 | void writeImg3Root(AbstractFile* file, Img3Element* element, Img3Info* info) {
194 | 	AppleImg3RootHeader* header;
195 | 	Img3Element* current;
196 | 	off_t curPos;
197 | 
198 | 	curPos = file->tell(file);
199 | 	curPos -= sizeof(AppleImg3Header);
200 | 
201 | 	file->seek(file, curPos + sizeof(AppleImg3RootHeader));
202 | 
203 | 	header = (AppleImg3RootHeader*) element->header;
204 | 
205 | 	current = (Img3Element*) element->data;
206 | 	while(current != NULL) {
207 | 		if(current->header->magic == IMG3_SHSH_MAGIC) {
208 | 			header->extra.shshOffset = (uint32_t)(file->tell(file) - sizeof(AppleImg3RootHeader));
209 | 		}
210 | 
211 | 		if(current->header->magic != IMG3_KBAG_MAGIC || info->encrypted) {
212 | 			writeImg3Element(file, current, info);
213 | 		}
214 | 
215 | 		current = current->next;
216 | 	}
217 | 
218 | 	header->base.dataSize = file->tell(file) - (curPos + sizeof(AppleImg3RootHeader));
219 | 	header->base.size = sizeof(AppleImg3RootHeader) + header->base.dataSize;
220 | 
221 | 	file->seek(file, curPos);
222 | 
223 | 	flipAppleImg3Header(&(header->base));
224 | 	flipAppleImg3RootExtra(&(header->extra));
225 | 	file->write(file, header, sizeof(AppleImg3RootHeader));
226 | 	flipAppleImg3RootExtra(&(header->extra));
227 | 	flipAppleImg3Header(&(header->base));
228 | 
229 | 	file->seek(file, header->base.size);
230 | }
231 | 
232 | void writeImg3Default(AbstractFile* file, Img3Element* element, Img3Info* info) {
233 | 	int sz = element->header->size - sizeof(AppleImg3Header) - element->header->dataSize;
234 | 	if (info->encrypted && element->header->magic == IMG3_DATA_MAGIC) {
235 | 		/* add "encrypted" zeros */
236 | 		file->write(file, element->data, element->header->dataSize + sz);
237 | 	} else {
238 | 		/* add "plain" zeros */
239 | 		file->write(file, element->data, element->header->dataSize);
240 | 		if (sz > 0) {
241 | 			char *zeros = calloc(1, sz);
242 | 			file->write(file, zeros, sz);
243 | 			free(zeros);
244 | 		}
245 | 	}
246 | }
247 | 
248 | void writeImg3KBAG(AbstractFile* file, Img3Element* element, Img3Info* info) {
249 | 	flipAppleImg3KBAGHeader((AppleImg3KBAGHeader*) element->data);
250 | 	writeImg3Default(file, element, info);
251 | 	flipAppleImg3KBAGHeader((AppleImg3KBAGHeader*) element->data);
252 | }
253 | 
254 | void do24kpwn(Img3Info* info, Img3Element* element, off_t curPos, const uint8_t* overflow, size_t overflow_size, const uint8_t* payload, size_t payload_size)
255 | {
256 | 	off_t sizeRequired = (0x24000 + overflow_size) - curPos;
257 | 	off_t dataRequired = sizeRequired - sizeof(AppleImg3Header);
258 | 	element->data = realloc(element->data, dataRequired);
259 | 	memset(((uint8_t*)element->data) + element->header->dataSize, 0, dataRequired - element->header->dataSize);
260 | 	uint32_t overflowOffset = 0x24000 - (curPos + sizeof(AppleImg3Header));
261 | 	uint32_t payloadOffset = 0x23000 - (curPos + sizeof(AppleImg3Header));
262 | 
263 | 	memcpy(((uint8_t*)element->data) + overflowOffset, overflow, overflow_size);
264 | 	memcpy(((uint8_t*)element->data) + payloadOffset, payload, payload_size);
265 | 
266 | 	uint32_t* i;
267 | 	for(i = (uint32_t*)(((uint8_t*)element->data) + payloadOffset);
268 | 			i < (uint32_t*)(((uint8_t*)element->data) + payloadOffset + payload_size);
269 | 			i++) {
270 | 		uint32_t candidate = *i;
271 | 		FLIPENDIANLE(candidate);
272 | 		if(candidate == 0xDDCCBBAA) {
273 | 			candidate = info->replaceDWord;
274 | 			FLIPENDIANLE(candidate);
275 | 			*i = candidate;
276 | 			break;
277 | 		}
278 | 	}
279 | 
280 | 	element->header->size = sizeRequired;
281 | 	element->header->dataSize = dataRequired;
282 | }
283 | 
284 | void writeImg3Element(AbstractFile* file, Img3Element* element, Img3Info* info) {
285 | 	off_t curPos;
286 | 
287 | 	curPos = file->tell(file);
288 | 
289 | 	flipAppleImg3Header(element->header);
290 | 	file->write(file, element->header, sizeof(AppleImg3Header));
291 | 	flipAppleImg3Header(element->header);
292 | 
293 | 	element->write(file, element, info);
294 | 
295 | 	file->seek(file, curPos + element->header->size);
296 | }
297 | 
298 | Img3Element* readImg3Element(AbstractFile* file) {
299 | 	Img3Element* toReturn;
300 | 	AppleImg3Header* header;
301 | 	off_t curPos;
302 | 
303 | 	curPos = file->tell(file);
304 | 
305 | 	header = (AppleImg3Header*) malloc(sizeof(AppleImg3Header));
306 | 	file->read(file, header, sizeof(AppleImg3Header));
307 | 	flipAppleImg3Header(header);
308 | 
309 | 	toReturn = (Img3Element*) malloc(sizeof(Img3Element));
310 | 	toReturn->header = header;
311 | 	toReturn->next = NULL;
312 | 
313 | 	switch(header->magic) {
314 | 		case IMG3_MAGIC:
315 | 			readImg3Root(file, toReturn);
316 | 			break;
317 | 
318 | 		case IMG3_KBAG_MAGIC:
319 | 			toReturn->data = (unsigned char*) malloc(header->dataSize);
320 | 			toReturn->write = writeImg3KBAG;
321 | 			toReturn->free = freeImg3Default;
322 | 			file->read(file, toReturn->data, header->dataSize);
323 | 			flipAppleImg3KBAGHeader((AppleImg3KBAGHeader*) toReturn->data);
324 | 			break;
325 | 
326 | 		default: {
327 | 			uint32_t sz = header->size - sizeof(AppleImg3Header); /* header->dataSize */
328 | 			toReturn->data = (unsigned char*) malloc(sz);
329 | 			toReturn->write = writeImg3Default;
330 | 			toReturn->free = freeImg3Default;
331 | 			file->read(file, toReturn->data, sz);
332 | 		}
333 | 	}
334 | 
335 | 	file->seek(file, curPos + toReturn->header->size);
336 | 
337 | 	return toReturn;
338 | }
339 | 
340 | AbstractFile* createAbstractFileFromImg3(AbstractFile* file) {
341 | 	AbstractFile* toReturn;
342 | 	Img3Info* info;
343 | 	Img3Element* current;
344 | 
345 | 	if(!file) {
346 | 		return NULL;
347 | 	}
348 | 
349 | 	file->seek(file, 0);
350 | 
351 | 	info = (Img3Info*) malloc(sizeof(Img3Info));
352 | 	info->file = file;
353 | 	info->root = readImg3Element(file);
354 | 
355 | 	info->data = NULL;
356 | 	info->cert = NULL;
357 | 	info->kbag = NULL;
358 | 	info->type = NULL;
359 | 	info->shsh = NULL;
360 | 	info->ecid = NULL;
361 | 	info->encrypted = FALSE;
362 | 
363 | 	current = (Img3Element*) info->root->data;
364 | 	while(current != NULL) {
365 | 		if(current->header->magic == IMG3_DATA_MAGIC) {
366 | 			info->data = current;
367 | 		}
368 | 		if(current->header->magic == IMG3_CERT_MAGIC) {
369 | 			info->cert = current;
370 | 		}
371 | 		if(current->header->magic == IMG3_TYPE_MAGIC) {
372 | 			info->type = current;
373 | 		}
374 | 		if(current->header->magic == IMG3_SHSH_MAGIC) {
375 | 			info->shsh = current;
376 | 		}
377 | 		if(current->header->magic == IMG3_ECID_MAGIC) {
378 | 			info->ecid = current;
379 | 		}
380 | 		if(current->header->magic == IMG3_KBAG_MAGIC && ((AppleImg3KBAGHeader*)current->data)->key_modifier == 1) {
381 | 			info->kbag = current;
382 | 		}
383 | 		current = current->next;
384 | 	}
385 | 
386 | 	info->offset = 0;
387 | 	info->dirty = FALSE;
388 | 	info->encrypted = FALSE;
389 | 	info->decryptLast = FALSE;
390 | 
391 | 	toReturn = (AbstractFile*) malloc(sizeof(AbstractFile2));
392 | 	toReturn->data = info;
393 | 	toReturn->read = readImg3;
394 | 	toReturn->write = writeImg3;
395 | 	toReturn->seek = seekImg3;
396 | 	toReturn->tell = tellImg3;
397 | 	toReturn->getLength = getLengthImg3;
398 | 	toReturn->close = closeImg3;
399 | 	toReturn->type = AbstractFileTypeImg3;
400 | 
401 | 	AbstractFile2* abstractFile2 = (AbstractFile2*) toReturn;
402 | 	abstractFile2->setKey = setKeyImg3;
403 | 
404 | 	if(info->kbag) {
405 | 		uint8_t* keySeed;
406 | 		uint32_t keySeedLen;
407 | 		keySeedLen = 16 + (((AppleImg3KBAGHeader*)info->kbag->data)->key_bits)/8;
408 | 		keySeed = (uint8_t*) malloc(keySeedLen);
409 | 		memcpy(keySeed, (uint8_t*)((AppleImg3KBAGHeader*)info->kbag->data) + sizeof(AppleImg3KBAGHeader), keySeedLen);
410 | #ifdef HAVE_HW_CRYPTO
411 | 		printf("Have hardware crypto\n");
412 | 		CFMutableDictionaryRef dict = IOServiceMatching("IOAESAccelerator");
413 | 		io_service_t dev = IOServiceGetMatchingService(kIOMasterPortDefault, dict);
414 | 		io_connect_t conn = 0;
415 | 		IOServiceOpen(dev, mach_task_self(), 0, &conn);
416 | 
417 | 		int i;
418 | 		printf("KeySeed: ");
419 | 		for(i = 0; i < keySeedLen; i++)
420 | 		{
421 | 			printf("%02x", keySeed[i]);
422 | 		}
423 | 		printf("\n");
424 | 
425 | 		if(doAES(conn, keySeed, keySeed, keySeedLen, GID, NULL, NULL, kIOAESAcceleratorDecrypt) == 0) {
426 | 			unsigned int key[keySeedLen - 16];
427 | 			unsigned int iv[16];
428 | 
429 | 			printf("IV: ");
430 | 			for(i = 0; i < 16; i++)
431 | 			{
432 | 				iv[i] = keySeed[i];
433 | 				printf("%02x", iv[i]);
434 | 			}
435 | 			printf("\n");
436 | 
437 | 			printf("Key: ");
438 | 			for(i = 0; i < (keySeedLen - 16); i++)
439 | 			{
440 | 				key[i] = keySeed[i + 16];
441 | 				printf("%02x", key[i]);
442 | 			}
443 | 			printf("\n");
444 | 
445 | 			setKeyImg3(abstractFile2, key, iv);
446 | 		}
447 | 
448 | 		IOServiceClose(conn);
449 | 		IOObjectRelease(dev);
450 | #else
451 | 		int i = 0;
452 | 		char outputBuffer[256];
453 | 		char curBuffer[256];
454 | 		outputBuffer[0] = '\0';
455 | 		for(i = 0; i < keySeedLen; i++) {
456 | 			sprintf(curBuffer, "%02x", keySeed[i]);
457 | 			strcat(outputBuffer, curBuffer);
458 | 		}
459 | 		strcat(outputBuffer, "\n");
460 | 		XLOG(4, outputBuffer);
461 | #endif
462 | 		free(keySeed);
463 | 	}
464 | 
465 | 	return toReturn;
466 | }
467 | 
468 | void replaceCertificateImg3(AbstractFile* file, AbstractFile* certificate) {
469 | 	Img3Info* info = (Img3Info*) file->data;
470 | 
471 | 	info->cert->header->dataSize = certificate->getLength(certificate);
472 | 	info->cert->header->size = info->cert->header->dataSize + sizeof(AppleImg3Header);
473 | 	if(info->cert->data != NULL) {
474 | 		free(info->cert->data);
475 | 	}
476 | 	info->cert->data = malloc(info->cert->header->dataSize);
477 | 	certificate->read(certificate, info->cert->data, info->cert->header->dataSize);
478 | 
479 | 	info->dirty = TRUE;
480 | }
481 | 
482 | void replaceSignatureImg3(AbstractFile* file, AbstractFile* signature) {
483 |   Img3Info* info = (Img3Info*) file->data;
484 |   
485 |   size_t signature_size = signature->getLength(signature);
486 |   Img3Element* element = (Img3Element*) readImg3Element(signature);
487 | 
488 |   int i = 0;
489 |   Img3Element* previous = element;
490 |   for (i = previous->header->size; i < signature_size; i += previous->header->size) {
491 |     previous->next = (Img3Element*) readImg3Element(signature);
492 |     previous = previous->next;
493 |   }
494 | 
495 |   Img3Element* current = info->data;
496 |   while (current->next != info->shsh) {
497 |     current = current->next;
498 |   }
499 | 
500 |   signature->seek(signature, 0);
501 |   current->next = element;
502 |   info->dirty = TRUE;
503 | }
504 | 
505 | AbstractFile* duplicateImg3File(AbstractFile* file, AbstractFile* backing) {
506 | 	Img3Info* info;
507 | 	AbstractFile* toReturn;
508 | 
509 | 	if(!file) {
510 | 		return NULL;
511 | 	}
512 | 
513 | 	toReturn = createAbstractFileFromImg3(((Img3Info*)file->data)->file);
514 | 	info = (Img3Info*)toReturn->data;
515 | 
516 | 	info->file = backing;
517 | 	info->offset = 0;
518 | 	info->dirty = TRUE;
519 | 	info->data->header->dataSize = 0;
520 | 	info->data->header->size = info->data->header->dataSize + sizeof(AppleImg3Header);
521 | 
522 | 	return toReturn;
523 | }
524 | 
525 | 


--------------------------------------------------------------------------------
/includes/8900.h:
--------------------------------------------------------------------------------
 1 | #include <stdint.h>
 2 | #include <openssl/aes.h>
 3 | #include "abstractfile.h"
 4 | 
 5 | #ifndef INC_8900_H
 6 | #define INC_8900_H
 7 | 
 8 | typedef struct {
 9 | 	uint32_t        magic;              /* string "8900" */
10 | 	unsigned char  version[3];            /* string "1.0" */
11 | 	uint8_t         format;                /* plaintext format is 0x4, encrypted format is 0x3 */
12 | 	uint32_t        unknown1;
13 | 	uint32_t        sizeOfData;            /* size of data (ie, filesize - header(0x800) - footer signature(0x80) - footer certificate(0xC0A)) */
14 | 	uint32_t        footerSignatureOffset; /* offset to footer signature */
15 | 	uint32_t        footerCertOffset;      /* offset to footer certificate, from end of header (0x800) */
16 | 	uint32_t        footerCertLen;
17 | 	unsigned char  salt[0x20];            /* a seemingly random salt (an awfully big one though... needs more attention) */
18 | 	uint16_t        unknown2;
19 | 	uint16_t        epoch;                 /* the security epoch of the file */
20 | 	unsigned char  headerSignature[0x10]; /* encrypt(sha1(header[0:0x40])[0:0x10], key_0x837, zero_iv) */
21 | 	unsigned char  padding[0x7B0];
22 | } __attribute__((__packed__)) Apple8900Header;
23 | 
24 | #define SIGNATURE_8900 0x38393030
25 | 
26 | #define key_0x837 ((uint8_t[]){0x18, 0x84, 0x58, 0xA6, 0xD1, 0x50, 0x34, 0xDF, 0xE3, 0x86, 0xF2, 0x3B, 0x61, 0xD4, 0x37, 0x74})
27 | 
28 | typedef struct Info8900 {
29 | 	AbstractFile*		file;
30 | 	
31 | 	Apple8900Header header;
32 | 	size_t          offset;
33 | 	void*           buffer;
34 | 
35 | 	unsigned char	footerSignature[0x80];
36 | 	unsigned char*	footerCertificate;
37 | 	
38 | 	AES_KEY         encryptKey;
39 | 	AES_KEY         decryptKey;
40 | 	
41 | 	char            dirty;
42 | 	char 		exploit;
43 | } Info8900;
44 | 
45 | #ifdef __cplusplus
46 | extern "C" {
47 | #endif
48 | 	AbstractFile* createAbstractFileFrom8900(AbstractFile* file);
49 | 	AbstractFile* duplicate8900File(AbstractFile* file, AbstractFile* backing);
50 | 	void replaceCertificate8900(AbstractFile* file, AbstractFile* certificate);
51 | 	void exploit8900(AbstractFile* file);
52 | #ifdef __cplusplus
53 | }
54 | #endif
55 | 
56 | 
57 | #endif
58 | 


--------------------------------------------------------------------------------
/includes/abstractfile.h:
--------------------------------------------------------------------------------
 1 | #ifndef ABSTRACTFILE_H
 2 | #define ABSTRACTFILE_H
 3 | 
 4 | #include "common.h"
 5 | #include <stdint.h>
 6 | 
 7 | typedef struct AbstractFile AbstractFile;
 8 | typedef struct AbstractFile2 AbstractFile2;
 9 | 
10 | typedef size_t (*WriteFunc)(AbstractFile* file, const void* data, size_t len);
11 | typedef size_t (*ReadFunc)(AbstractFile* file, void* data, size_t len);
12 | typedef int (*SeekFunc)(AbstractFile* file, off_t offset);
13 | typedef off_t (*TellFunc)(AbstractFile* file);
14 | typedef void (*CloseFunc)(AbstractFile* file);
15 | typedef off_t (*GetLengthFunc)(AbstractFile* file);
16 | typedef void (*SetKeyFunc)(AbstractFile2* file, const unsigned int* key, const unsigned int* iv);
17 | 
18 | typedef enum AbstractFileType {
19 | 	AbstractFileTypeFile,
20 | 	AbstractFileType8900,
21 | 	AbstractFileTypeImg2,
22 | 	AbstractFileTypeImg3,
23 | 	AbstractFileTypeLZSS,
24 | 	AbstractFileTypeIBootIM,
25 | 	AbstractFileTypeMem,
26 | 	AbstractFileTypeMemFile,
27 | 	AbstractFileTypeDummy
28 | } AbstractFileType;
29 | 
30 | struct AbstractFile {
31 | 	void* data;
32 | 	WriteFunc write;
33 | 	ReadFunc read;
34 | 	SeekFunc seek;
35 | 	TellFunc tell;
36 | 	GetLengthFunc getLength;
37 | 	CloseFunc close;
38 | 	AbstractFileType type;
39 | };
40 | 
41 | struct AbstractFile2 {
42 | 	AbstractFile super;
43 | 	SetKeyFunc setKey;
44 | };
45 | 
46 | 
47 | typedef struct {
48 | 	size_t offset;
49 | 	void** buffer;
50 | 	size_t bufferSize;
51 | } MemWrapperInfo;
52 | 
53 | typedef struct {
54 | 	size_t offset;
55 | 	void** buffer;
56 | 	size_t* bufferSize;
57 | 	size_t actualBufferSize;
58 | } MemFileWrapperInfo;
59 | 
60 | #ifdef __cplusplus
61 | extern "C" {
62 | #endif
63 | 	AbstractFile* createAbstractFileFromFile(FILE* file);
64 | 	AbstractFile* createAbstractFileFromDummy();
65 | 	AbstractFile* createAbstractFileFromMemory(void** buffer, size_t size);
66 | 	AbstractFile* createAbstractFileFromMemoryFile(void** buffer, size_t* size);
67 | 	AbstractFile* createAbstractFileFromMemoryFileBuffer(void** buffer, size_t* size, size_t actualBufferSize);
68 | 	void abstractFilePrint(AbstractFile* file, const char* format, ...);
69 | 	io_func* IOFuncFromAbstractFile(AbstractFile* file);
70 | #ifdef __cplusplus
71 | }
72 | #endif
73 | 
74 | #endif
75 | 
76 | 


--------------------------------------------------------------------------------
/includes/common.h:
--------------------------------------------------------------------------------
  1 | #ifndef COMMON_H
  2 | #define COMMON_H
  3 | 
  4 | #include <stdio.h>
  5 | #include <stdlib.h>
  6 | #include <stdint.h>
  7 | #include <string.h>
  8 | #include <sys/types.h>
  9 | 
 10 | #ifdef WIN32
 11 | #define fseeko fseeko64
 12 | #define ftello ftello64
 13 | #define off_t off64_t
 14 | #define mkdir(x, y) mkdir(x)
 15 | #define PATH_SEPARATOR "\\"
 16 | #else
 17 | #define PATH_SEPARATOR "/"
 18 | #endif
 19 | 
 20 | #define TRUE 1
 21 | #define FALSE 0
 22 | 
 23 | #define FLIPENDIAN(x) flipEndian((unsigned char *)(&(x)), sizeof(x))
 24 | #define FLIPENDIANLE(x) flipEndianLE((unsigned char *)(&(x)), sizeof(x))
 25 | 
 26 | #define IS_BIG_ENDIAN      0
 27 | #define IS_LITTLE_ENDIAN   1
 28 | 
 29 | #define TIME_OFFSET_FROM_UNIX 2082844800L
 30 | #define APPLE_TO_UNIX_TIME(x) ((x) - TIME_OFFSET_FROM_UNIX)
 31 | #define UNIX_TO_APPLE_TIME(x) ((x) + TIME_OFFSET_FROM_UNIX)
 32 | 
 33 | #define ASSERT(x, m) if(!(x)) { fflush(stdout); fprintf(stderr, "error: %s\n", m); perror("error"); fflush(stderr); exit(1); }
 34 | 
 35 | extern char endianness;
 36 | 
 37 | static inline void flipEndian(unsigned char* x, int length) {
 38 |   int i;
 39 |   unsigned char tmp;
 40 | 
 41 |   if(endianness == IS_BIG_ENDIAN) {
 42 |     return;
 43 |   } else {
 44 |     for(i = 0; i < (length / 2); i++) {
 45 |       tmp = x[i];
 46 |       x[i] = x[length - i - 1];
 47 |       x[length - i - 1] = tmp;
 48 |     }
 49 |   }
 50 | }
 51 | 
 52 | static inline void flipEndianLE(unsigned char* x, int length) {
 53 |   int i;
 54 |   unsigned char tmp;
 55 | 
 56 |   if(endianness == IS_LITTLE_ENDIAN) {
 57 |     return;
 58 |   } else {
 59 |     for(i = 0; i < (length / 2); i++) {
 60 |       tmp = x[i];
 61 |       x[i] = x[length - i - 1];
 62 |       x[length - i - 1] = tmp;
 63 |     }
 64 |   }
 65 | }
 66 | 
 67 | static inline void hexToBytes(const char* hex, uint8_t** buffer, size_t* bytes) {
 68 | 	*bytes = strlen(hex) / 2;
 69 | 	*buffer = (uint8_t*) malloc(*bytes);
 70 | 	size_t i;
 71 | 	for(i = 0; i < *bytes; i++) {
 72 | 		uint32_t byte;
 73 | 		sscanf(hex, "%2x", &byte);
 74 | 		(*buffer)[i] = byte;
 75 | 		hex += 2;
 76 | 	}
 77 | }
 78 | 
 79 | static inline void hexToInts(const char* hex, unsigned int** buffer, size_t* bytes) {
 80 | 	*bytes = strlen(hex) / 2;
 81 | 	*buffer = (unsigned int*) malloc((*bytes) * sizeof(int));
 82 | 	size_t i;
 83 | 	for(i = 0; i < *bytes; i++) {
 84 | 		sscanf(hex, "%2x", &((*buffer)[i]));
 85 | 		hex += 2;
 86 | 	}
 87 | }
 88 | 
 89 | struct io_func_struct;
 90 | 
 91 | typedef int (*readFunc)(struct io_func_struct* io, off_t location, size_t size, void *buffer);
 92 | typedef int (*writeFunc)(struct io_func_struct* io, off_t location, size_t size, void *buffer);
 93 | typedef void (*closeFunc)(struct io_func_struct* io);
 94 | 
 95 | typedef struct io_func_struct {
 96 |   void* data;
 97 |   readFunc read;
 98 |   writeFunc write;
 99 |   closeFunc close;
100 | } io_func;
101 | 
102 | struct AbstractFile;
103 | 
104 | unsigned char* decodeBase64(char* toDecode, size_t* dataLength);
105 | void writeBase64(struct AbstractFile* file, unsigned char* data, size_t dataLength, int tabLength, int width);
106 | char* convertBase64(unsigned char* data, size_t dataLength, int tabLength, int width);
107 | 
108 | #endif
109 | 


--------------------------------------------------------------------------------
/includes/dmg.h:
--------------------------------------------------------------------------------
  1 | #ifndef DMG_H
  2 | #define DMG_H
  3 | 
  4 | #include <stdlib.h>
  5 | #include <stdint.h>
  6 | #include <stdio.h>
  7 | 
  8 | #include "hfsplus.h"
  9 | #include "abstractfile.h"
 10 | 
 11 | #define CHECKSUM_CRC32 0x00000002
 12 | #define CHECKSUM_MKBLOCK 0x0002
 13 | #define CHECKSUM_NONE 0x0000
 14 | 
 15 | #define BLOCK_ZLIB 0x80000005
 16 | #define BLOCK_RAW 0x00000001
 17 | #define BLOCK_IGNORE 0x00000002
 18 | #define BLOCK_COMMENT 0x7FFFFFFE
 19 | #define BLOCK_TERMINATOR 0xFFFFFFFF
 20 | 
 21 | #define SECTOR_SIZE 512
 22 | 
 23 | #define DRIVER_DESCRIPTOR_SIGNATURE 0x4552
 24 | #define APPLE_PARTITION_MAP_SIGNATURE 0x504D
 25 | #define UDIF_BLOCK_SIGNATURE 0x6D697368
 26 | #define KOLY_SIGNATURE 0x6B6F6C79
 27 | #define HFSX_SIGNATURE 0x4858
 28 | 
 29 | #define ATTRIBUTE_HDIUTIL 0x0050
 30 | 
 31 | #define HFSX_VOLUME_TYPE "Apple_HFSX"
 32 | 
 33 | #define DDM_SIZE 0x1
 34 | #define PARTITION_SIZE 0x3f
 35 | #define ATAPI_SIZE 0x8
 36 | #define FREE_SIZE 0xa
 37 | #define EXTRA_SIZE (ATAPI_OFFSET + ATAPI_SIZE + FREE_SIZE)
 38 | 
 39 | #define DDM_OFFSET 0x0
 40 | #define PARTITION_OFFSET (DDM_SIZE)
 41 | #define ATAPI_OFFSET 64
 42 | #define USER_OFFSET (ATAPI_OFFSET + ATAPI_SIZE)
 43 | 
 44 | #define BOOTCODE_DMMY 0x444D4D59
 45 | #define BOOTCODE_GOON 0x676F6F6E
 46 | 
 47 | enum {
 48 | 	kUDIFFlagsFlattened = 1
 49 | };
 50 | 
 51 | enum {
 52 | 	kUDIFDeviceImageType = 1,
 53 | 	kUDIFPartitionImageType = 2
 54 | };
 55 | 
 56 | typedef struct {
 57 | 	uint32_t type;
 58 | 	uint32_t size;
 59 | 	uint32_t data[0x20];
 60 | } __attribute__((__packed__)) UDIFChecksum;
 61 | 
 62 | typedef struct {
 63 | 	uint32_t data1; /* smallest */
 64 | 	uint32_t data2;
 65 | 	uint32_t data3;
 66 | 	uint32_t data4; /* largest */
 67 | } __attribute__((__packed__)) UDIFID;
 68 | 
 69 | typedef struct {
 70 | 	uint32_t fUDIFSignature;
 71 | 	uint32_t fUDIFVersion;
 72 | 	uint32_t fUDIFHeaderSize;
 73 | 	uint32_t fUDIFFlags;
 74 | 	
 75 | 	uint64_t fUDIFRunningDataForkOffset;
 76 | 	uint64_t fUDIFDataForkOffset;
 77 | 	uint64_t fUDIFDataForkLength;
 78 | 	uint64_t fUDIFRsrcForkOffset;
 79 | 	uint64_t fUDIFRsrcForkLength;
 80 | 	
 81 | 	uint32_t fUDIFSegmentNumber;
 82 | 	uint32_t fUDIFSegmentCount;
 83 | 	UDIFID fUDIFSegmentID;  /* a 128-bit number like a GUID, but does not seem to be a OSF GUID, since it doesn't have the proper versioning byte */
 84 | 	
 85 | 	UDIFChecksum fUDIFDataForkChecksum;
 86 | 	
 87 | 	uint64_t fUDIFXMLOffset;
 88 | 	uint64_t fUDIFXMLLength;
 89 | 	
 90 | 	uint8_t reserved1[0x78]; /* this is actually the perfect amount of space to store every thing in this struct until the checksum */
 91 | 	
 92 | 	UDIFChecksum fUDIFMasterChecksum;
 93 | 	
 94 | 	uint32_t fUDIFImageVariant;
 95 | 	uint64_t fUDIFSectorCount;
 96 | 	
 97 | 	uint32_t reserved2;
 98 | 	uint32_t reserved3;
 99 | 	uint32_t reserved4;
100 | 	
101 | } __attribute__((__packed__)) UDIFResourceFile;
102 | 
103 | typedef struct {
104 | 	uint32_t type;
105 | 	uint32_t reserved;
106 | 	uint64_t sectorStart;
107 | 	uint64_t sectorCount;
108 | 	uint64_t compOffset;
109 | 	uint64_t compLength;
110 | } __attribute__((__packed__)) BLKXRun;
111 | 
112 | typedef struct {
113 | 	uint16_t version; /* set to 5 */
114 | 	uint32_t isHFS; /* first dword of v53(ImageInfoRec): Set to 1 if it's a HFS or HFS+ partition -- duh. */
115 | 	uint32_t unknown1; /* second dword of v53: seems to be garbage if it's HFS+, stuff related to HFS embedded if it's that*/
116 | 	uint8_t dataLen; /* length of data that proceeds, comes right before the data in ImageInfoRec. Always set to 0 for HFS, HFS+ */
117 | 	uint8_t data[255]; /* other data from v53, dataLen + 1 bytes, the rest NULL filled... a string? Not set for HFS, HFS+ */
118 | 	uint32_t unknown2; /* 8 bytes before volumeModified in v53, seems to be always set to 0 for HFS, HFS+  */
119 | 	uint32_t unknown3; /* 4 bytes before volumeModified in v53, seems to be always set to 0 for HFS, HFS+ */
120 | 	uint32_t volumeModified; /* offset 272 in v53 */
121 | 	uint32_t unknown4; /* always seems to be 0 for UDIF */
122 | 	uint16_t volumeSignature; /* HX in our case */
123 | 	uint16_t sizePresent; /* always set to 1 */
124 | } __attribute__((__packed__)) SizeResource;
125 | 
126 | typedef struct {
127 | 	uint16_t version; /* set to 1 */
128 | 	uint32_t type; /* set to 0x2 for MKBlockChecksum */
129 | 	uint32_t checksum;
130 | } __attribute__((__packed__)) CSumResource;
131 | 
132 | typedef struct NSizResource {
133 | 	char isVolume;
134 | 	unsigned char* sha1Digest;
135 | 	uint32_t blockChecksum2;
136 | 	uint32_t bytes;
137 | 	uint32_t modifyDate;
138 | 	uint32_t partitionNumber;
139 | 	uint32_t version;
140 | 	uint32_t volumeSignature;
141 | 	struct NSizResource* next;
142 | } NSizResource;
143 | 
144 | #define DDM_DESCRIPTOR 0xFFFFFFFF
145 | #define ENTIRE_DEVICE_DESCRIPTOR 0xFFFFFFFE
146 | 
147 | typedef struct {
148 | 	uint32_t fUDIFBlocksSignature;
149 | 	uint32_t infoVersion;
150 | 	uint64_t firstSectorNumber;
151 | 	uint64_t sectorCount;
152 | 	
153 | 	uint64_t dataStart;
154 | 	uint32_t decompressBufferRequested;
155 | 	uint32_t blocksDescriptor;
156 | 	
157 | 	uint32_t reserved1;
158 | 	uint32_t reserved2;
159 | 	uint32_t reserved3;
160 | 	uint32_t reserved4;
161 | 	uint32_t reserved5;
162 | 	uint32_t reserved6;
163 | 	
164 | 	UDIFChecksum checksum;
165 | 	
166 | 	uint32_t blocksRunCount;
167 | 	BLKXRun runs[0];
168 | } __attribute__((__packed__)) BLKXTable;
169 | 
170 | typedef struct {
171 | 	uint32_t ddBlock;
172 | 	uint16_t ddSize;
173 | 	uint16_t ddType;
174 | } __attribute__((__packed__)) DriverDescriptor;
175 | 
176 | typedef struct {
177 | 	uint16_t pmSig;
178 | 	uint16_t pmSigPad;
179 | 	uint32_t pmMapBlkCnt;
180 | 	uint32_t pmPyPartStart;
181 | 	uint32_t pmPartBlkCnt;
182 | 	unsigned char pmPartName[32];
183 | 	unsigned char pmParType[32];
184 | 	uint32_t pmLgDataStart;
185 | 	uint32_t pmDataCnt;
186 | 	uint32_t pmPartStatus;
187 | 	uint32_t pmLgBootStart;
188 | 	uint32_t pmBootSize;
189 | 	uint32_t pmBootAddr;
190 | 	uint32_t pmBootAddr2;
191 | 	uint32_t pmBootEntry;
192 | 	uint32_t pmBootEntry2;
193 | 	uint32_t pmBootCksum;
194 | 	unsigned char pmProcessor[16];
195 | 	uint32_t bootCode;
196 | 	uint16_t pmPad[186];
197 | } __attribute__((__packed__)) Partition;
198 | 
199 | typedef struct {
200 | 	uint16_t sbSig;
201 | 	uint16_t sbBlkSize;
202 | 	uint32_t sbBlkCount;
203 | 	uint16_t sbDevType;
204 | 	uint16_t sbDevId;
205 | 	uint32_t sbData;
206 | 	uint16_t sbDrvrCount;
207 | 	uint32_t ddBlock;
208 | 	uint16_t ddSize;
209 | 	uint16_t ddType;
210 | 	DriverDescriptor ddPad[0];
211 | } __attribute__((__packed__)) DriverDescriptorRecord;
212 | 
213 | typedef struct ResourceData {
214 | 	uint32_t attributes;
215 | 	unsigned char* data;
216 | 	size_t dataLength;
217 | 	int id;
218 | 	char* name;
219 | 	struct ResourceData* next;
220 | } ResourceData;
221 | 
222 | typedef void (*FlipDataFunc)(unsigned char* data, char out);
223 | typedef void (*ChecksumFunc)(void* ckSum, const unsigned char* data, size_t len);
224 | 
225 | typedef struct ResourceKey {
226 | 	unsigned char* key;
227 | 	ResourceData* data;
228 | 	struct ResourceKey* next;
229 | 	FlipDataFunc flipData;
230 | } ResourceKey;
231 | 
232 | #define SHA1_DIGEST_SIZE 20
233 | 
234 | typedef struct {
235 | 	uint32_t state[5];
236 | 	uint32_t count[2];
237 | 	uint8_t  buffer[64];
238 | } SHA1_CTX;
239 | 
240 | typedef struct {
241 | 	uint32_t block;
242 | 	uint32_t crc;
243 | 	SHA1_CTX sha1;
244 | } ChecksumToken;
245 | 
246 | static inline uint32_t readUInt32(AbstractFile* file) {
247 | 	uint32_t data;
248 | 	
249 | 	ASSERT(file->read(file, &data, sizeof(data)) == sizeof(data), "fread");
250 | 	FLIPENDIAN(data);
251 | 	
252 | 	return data;
253 | }
254 | 
255 | static inline void writeUInt32(AbstractFile* file, uint32_t data) {
256 | 	FLIPENDIAN(data);
257 | 	ASSERT(file->write(file, &data, sizeof(data)) == sizeof(data), "fwrite");
258 | }
259 | 
260 | static inline uint64_t readUInt64(AbstractFile* file) {
261 | 	uint64_t data;
262 | 	
263 | 	ASSERT(file->read(file, &data, sizeof(data)) == sizeof(data), "fread");
264 | 	FLIPENDIAN(data);
265 | 	
266 | 	return data;
267 | }
268 | 
269 | static inline void writeUInt64(AbstractFile* file, uint64_t data) {
270 | 	FLIPENDIAN(data);
271 | 	ASSERT(file->write(file, &data, sizeof(data)) == sizeof(data), "fwrite");
272 | }
273 | 
274 | #ifdef __cplusplus
275 | extern "C" {
276 | #endif
277 | 	void outResources(AbstractFile* file, AbstractFile* out);
278 | 	
279 | 	unsigned char* decodeBase64(char* toDecode, size_t* dataLength);
280 | 	void writeBase64(AbstractFile* file, unsigned char* data, size_t dataLength, int tabLength, int width);
281 | 	char* convertBase64(unsigned char* data, size_t dataLength, int tabLength, int width);
282 | 	
283 | 	uint32_t CRC32Checksum(uint32_t* crc, const unsigned char *buf, size_t len);
284 | 	uint32_t MKBlockChecksum(uint32_t* ckSum, const unsigned char* data, size_t len);
285 | 	
286 | 	void BlockSHA1CRC(void* token, const unsigned char* data, size_t len);
287 | 	void BlockCRC(void* token, const unsigned char* data, size_t len);
288 | 	void CRCProxy(void* token, const unsigned char* data, size_t len);
289 | 	
290 | 	void SHA1Init(SHA1_CTX* context);
291 | 	void SHA1Update(SHA1_CTX* context, const uint8_t* data, const size_t len);
292 | 	void SHA1Final(uint8_t digest[SHA1_DIGEST_SIZE], SHA1_CTX* context);
293 | 	
294 | 	void flipUDIFChecksum(UDIFChecksum* o, char out);
295 | 	void readUDIFChecksum(AbstractFile* file, UDIFChecksum* o);
296 | 	void writeUDIFChecksum(AbstractFile* file, UDIFChecksum* o);
297 | 	void readUDIFID(AbstractFile* file, UDIFID* o);
298 | 	void writeUDIFID(AbstractFile* file, UDIFID* o);
299 | 	void readUDIFResourceFile(AbstractFile* file, UDIFResourceFile* o);
300 | 	void writeUDIFResourceFile(AbstractFile* file, UDIFResourceFile* o);
301 | 	
302 | 	ResourceKey* readResources(AbstractFile* file, UDIFResourceFile* resourceFile);
303 | 	void writeResources(AbstractFile* file, ResourceKey* resources);
304 | 	void releaseResources(ResourceKey* resources);
305 | 	
306 | 	NSizResource* readNSiz(ResourceKey* resources);
307 | 	ResourceKey* writeNSiz(NSizResource* nSiz);
308 | 	void releaseNSiz(NSizResource* nSiz);
309 | 	
310 | 	extern const char* plistHeader;
311 | 	extern const char* plistFooter;
312 | 	
313 | 	ResourceKey* getResourceByKey(ResourceKey* resources, const char* key);
314 | 	ResourceData* getDataByID(ResourceKey* resource, int id);
315 | 	ResourceKey* insertData(ResourceKey* resources, const char* key, int id, const char* name, const char* data, size_t dataLength, uint32_t attributes);
316 | 	ResourceKey* makePlst();
317 | 	ResourceKey* makeSize(HFSPlusVolumeHeader* volumeHeader);
318 | 	
319 | 	void flipDriverDescriptorRecord(DriverDescriptorRecord* record, char out);
320 | 	void flipPartition(Partition* partition, char out, unsigned int BlockSize);
321 | 	void flipPartitionMultiple(Partition* partition, char multiple, char out, unsigned int BlockSize);
322 | 	
323 | 	void readDriverDescriptorMap(AbstractFile* file, ResourceKey* resources);
324 | 	DriverDescriptorRecord* createDriverDescriptorMap(uint32_t numSectors, unsigned int BlockSize);
325 | 	int writeDriverDescriptorMap(int pNum, AbstractFile* file, DriverDescriptorRecord* DDM, unsigned int BlockSize, ChecksumFunc dataForkChecksum, void* dataForkToken, ResourceKey **resources);
326 | 	void readApplePartitionMap(AbstractFile* file, ResourceKey* resources, unsigned int BlockSize);
327 | 	Partition* createApplePartitionMap(uint32_t numSectors, const char* volumeType, unsigned int BlockSize);
328 | 	int writeApplePartitionMap(int pNum, AbstractFile* file, Partition* partitions, unsigned int BlockSize, ChecksumFunc dataForkChecksum, void* dataForkToken, ResourceKey **resources, NSizResource** nsizIn);
329 | 	int writeATAPI(int pNum, AbstractFile* file, unsigned int BlockSize, ChecksumFunc dataForkChecksum, void* dataForkToken, ResourceKey **resources, NSizResource** nsizIn);
330 | 	int writeFreePartition(int pNum, AbstractFile* outFile, uint32_t offset, uint32_t numSectors, ResourceKey** resources);
331 | 	
332 | 	void extractBLKX(AbstractFile* in, AbstractFile* out, BLKXTable* blkx);
333 | 	BLKXTable* insertBLKX(AbstractFile* out, AbstractFile* in, uint32_t firstSectorNumber, uint32_t numSectors, uint32_t blocksDescriptor,
334 | 						  uint32_t checksumType, ChecksumFunc uncompressedChk, void* uncompressedChkToken, ChecksumFunc compressedChk,
335 | 						  void* compressedChkToken, Volume* volume, int addComment);
336 | 	
337 | 	
338 | 	int extractDmg(AbstractFile* abstractIn, AbstractFile* abstractOut, int partNum);
339 | 	int buildDmg(AbstractFile* abstractIn, AbstractFile* abstractOut, unsigned int BlockSize);
340 | 	int convertToISO(AbstractFile* abstractIn, AbstractFile* abstractOut);
341 | 	int convertToDMG(AbstractFile* abstractIn, AbstractFile* abstractOut);
342 | #ifdef __cplusplus
343 | }
344 | #endif
345 | 
346 | #endif
347 | 


--------------------------------------------------------------------------------
/includes/dmgfile.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  *  dmgfile.h
 3 |  *  libdmg-hfsplus
 4 |  *
 5 |  */
 6 | 
 7 | #include "dmg.h"
 8 | 
 9 | io_func* openDmgFile(AbstractFile* dmg);
10 | io_func* openDmgFilePartition(AbstractFile* dmg, int partition);
11 | 
12 | typedef struct DMG {
13 | 	AbstractFile* dmg;
14 | 	ResourceKey* resources;
15 | 	uint32_t numBLKX;
16 | 	BLKXTable** blkx;
17 | 	void* runData;
18 | 	uint64_t runStart;
19 | 	uint64_t runEnd;
20 | 	uint64_t offset;
21 | } DMG;
22 | 


--------------------------------------------------------------------------------
/includes/dmglib.h:
--------------------------------------------------------------------------------
 1 | #ifndef DMGLIB_H
 2 | #define DMGLIB_H
 3 | 
 4 | #include "dmg.h"
 5 | #include "abstractfile.h"
 6 | 
 7 | #ifdef __cplusplus
 8 | extern "C" {
 9 | #endif
10 | 	int extractDmg(AbstractFile* abstractIn, AbstractFile* abstractOut, int partNum);
11 | 	int buildDmg(AbstractFile* abstractIn, AbstractFile* abstractOut, unsigned int BlockSize);
12 | 
13 | 	int convertToDMG(AbstractFile* abstractIn, AbstractFile* abstractOut);
14 | 	int convertToISO(AbstractFile* abstractIn, AbstractFile* abstractOut);
15 | #ifdef __cplusplus
16 | }
17 | #endif
18 | 
19 | #endif
20 | 


--------------------------------------------------------------------------------
/includes/filevault.h:
--------------------------------------------------------------------------------
 1 | #ifndef FILEVAULT_H
 2 | #define FILEVAULT_H
 3 | 
 4 | #include <stdint.h>
 5 | #include "dmg.h"
 6 | 
 7 | #ifdef HAVE_CRYPT
 8 | 
 9 | #include <openssl/hmac.h>
10 | #include <openssl/aes.h>
11 | 
12 | #define FILEVAULT_CIPHER_KEY_LENGTH	16
13 | #define FILEVAULT_CIPHER_BLOCKSIZE	16
14 | #define FILEVAULT_CHUNK_SIZE		4096
15 | #define FILEVAULT_PBKDF2_ITER_COUNT	1000
16 | #define FILEVAULT_MSGDGST_LENGTH	20
17 | 
18 | /*
19 |  * Information about the FileVault format was yoinked from vfdecrypt, which was written by Ralf-Philipp Weinmann <ralf@coderpunks.org>,
20 |  * Jacob Appelbaum <jacob@appelbaum.net>, and Christian Fromme <kaner@strace.org>
21 |  */
22 | 
23 | #define FILEVAULT_V2_SIGNATURE 0x656e637263647361ULL
24 | 
25 | typedef struct FileVaultV1Header {
26 | 	uint8_t		padding1[48];
27 | 	uint32_t	kdfIterationCount;
28 | 	uint32_t	kdfSaltLen;
29 | 	uint8_t		kdfSalt[48];
30 | 	uint8_t		unwrapIV[0x20];
31 | 	uint32_t	wrappedAESKeyLen;
32 | 	uint8_t		wrappedAESKey[296];
33 | 	uint32_t	wrappedHMACSHA1KeyLen;
34 | 	uint8_t		wrappedHMACSHA1Key[300];
35 | 	uint32_t	integrityKeyLen;
36 | 	uint8_t		integrityKey[48];
37 | 	uint8_t		padding2[484];
38 | } __attribute__((__packed__)) FileVaultV1Header;
39 | 
40 | typedef struct FileVaultV2Header {
41 | 	uint64_t	signature;
42 | 	uint32_t	version;
43 | 	uint32_t	encIVSize;
44 | 	uint32_t	unk1;
45 | 	uint32_t	unk2;
46 | 	uint32_t	unk3;
47 | 	uint32_t	unk4;
48 | 	uint32_t	unk5;
49 | 	UDIFID		uuid;
50 | 	uint32_t	blockSize;
51 | 	uint64_t	dataSize;
52 | 	uint64_t	dataOffset;
53 | 	uint8_t		padding[0x260];
54 | 	uint32_t	kdfAlgorithm;
55 | 	uint32_t	kdfPRNGAlgorithm;
56 | 	uint32_t	kdfIterationCount;
57 | 	uint32_t	kdfSaltLen;
58 | 	uint8_t 	kdfSalt[0x20];
59 | 	uint32_t	blobEncIVSize;
60 | 	uint8_t		blobEncIV[0x20];
61 | 	uint32_t	blobEncKeyBits;
62 | 	uint32_t	blobEncAlgorithm;
63 | 	uint32_t	blobEncPadding;
64 | 	uint32_t	blobEncMode;
65 | 	uint32_t	encryptedKeyblobSize;
66 | 	uint8_t	encryptedKeyblob[0x30];
67 | } __attribute__((__packed__)) FileVaultV2Header;
68 | 
69 | typedef struct FileVaultInfo {
70 | 	union {
71 | 		FileVaultV1Header v1;
72 | 		FileVaultV2Header v2;
73 | 	} header;
74 | 
75 | 	uint8_t		version;
76 | 	uint64_t	dataOffset;
77 | 	uint64_t	dataSize;
78 | 	uint32_t	blockSize;
79 | 
80 | 	AbstractFile*	file;
81 | 
82 | 	HMAC_CTX	hmacCTX;
83 | 	AES_KEY		aesKey;
84 | 	AES_KEY		aesEncKey;
85 | 
86 | 	off_t		offset;
87 | 
88 | 	uint32_t	curChunk;
89 | 	unsigned char	chunk[FILEVAULT_CHUNK_SIZE];
90 | 
91 | 	char		dirty;
92 | 	char		headerDirty;
93 | } FileVaultInfo;
94 | #endif
95 | 
96 | AbstractFile* createAbstractFileFromFileVault(AbstractFile* file, const char* key);
97 | 
98 | #endif
99 | 


--------------------------------------------------------------------------------
/includes/firmwaremaster.h:
--------------------------------------------------------------------------------
1 | const char* FirmwareGetHardwareID(const char* platform);
2 | char* FirmwareGetURL(const char* platform, const char* version);
3 | 
4 | 


--------------------------------------------------------------------------------
/includes/hfscompress.h:
--------------------------------------------------------------------------------
 1 | #ifndef HFSCOMPRESS_H
 2 | #define HFSCOMPRESS_H
 3 | 
 4 | #include <stdint.h>
 5 | #include "common.h"
 6 | 
 7 | #define CMPFS_MAGIC 0x636D7066
 8 | 
 9 | typedef struct HFSPlusDecmpfs {
10 | 	uint32_t magic;
11 | 	uint32_t flags;
12 | 	uint64_t size;
13 | 	uint8_t data[0];
14 | } __attribute__ ((packed)) HFSPlusDecmpfs;
15 | 
16 | typedef struct HFSPlusCmpfRsrcHead {
17 | 	uint32_t headerSize;
18 | 	uint32_t totalSize;
19 | 	uint32_t dataSize;
20 | 	uint32_t flags;
21 | } __attribute__ ((packed)) HFSPlusCmpfRsrcHead;
22 | 
23 | typedef struct HFSPlusCmpfRsrcBlock {
24 | 	uint32_t offset;
25 | 	uint32_t size;
26 | } __attribute__ ((packed)) HFSPlusCmpfRsrcBlock;
27 | 
28 | typedef struct HFSPlusCmpfRsrcBlockHead {
29 | 	uint32_t dataSize;
30 | 	uint32_t numBlocks;
31 | 	HFSPlusCmpfRsrcBlock blocks[0];
32 | } __attribute__ ((packed)) HFSPlusCmpfRsrcBlockHead;
33 | 
34 | typedef struct HFSPlusCmpfEnd {
35 | 	uint32_t pad[6];
36 | 	uint16_t unk1;
37 | 	uint16_t unk2;
38 | 	uint16_t unk3;
39 | 	uint32_t magic;
40 | 	uint32_t flags;
41 | 	uint64_t size;
42 | 	uint32_t unk4;
43 | } __attribute__ ((packed)) HFSPlusCmpfEnd;
44 | 
45 | typedef struct HFSPlusCompressed {
46 | 	Volume* volume;
47 | 	HFSPlusCatalogFile* file;
48 | 	io_func* io;
49 | 	size_t decmpfsSize;
50 | 	HFSPlusDecmpfs* decmpfs;
51 | 
52 | 	HFSPlusCmpfRsrcHead rsrcHead;
53 | 	HFSPlusCmpfRsrcBlockHead* blocks;
54 | 
55 | 	int dirty;
56 | 
57 | 	uint8_t* cached;
58 | 	uint32_t cachedStart;
59 | 	uint32_t cachedEnd;
60 | } HFSPlusCompressed;
61 | 
62 | #ifdef __cplusplus
63 | extern "C" {
64 | #endif
65 | 	void flipHFSPlusDecmpfs(HFSPlusDecmpfs* compressData);
66 | 	io_func* openHFSPlusCompressed(Volume* volume, HFSPlusCatalogFile* file);
67 | #ifdef __cplusplus
68 | }
69 | #endif
70 | 
71 | #endif
72 | 


--------------------------------------------------------------------------------
/includes/hfslib.h:
--------------------------------------------------------------------------------
 1 | #include "common.h"
 2 | #include "hfsplus.h"
 3 | #include "abstractfile.h"
 4 | 
 5 | #ifdef __cplusplus
 6 | extern "C" {
 7 | #endif
 8 | 	void writeToFile(HFSPlusCatalogFile* file, AbstractFile* output, Volume* volume);
 9 | 	void writeToHFSFile(HFSPlusCatalogFile* file, AbstractFile* input, Volume* volume);
10 | 	void get_hfs(Volume* volume, const char* inFileName, AbstractFile* output);
11 | 	int add_hfs(Volume* volume, AbstractFile* inFile, const char* outFileName);
12 | 	void grow_hfs(Volume* volume, uint64_t newSize);
13 | 	void removeAllInFolder(HFSCatalogNodeID folderID, Volume* volume, const char* parentName);
14 | 	void addAllInFolder(HFSCatalogNodeID folderID, Volume* volume, const char* parentName);
15 | 	void addall_hfs(Volume* volume, const char* dirToMerge, const char* dest);
16 | 	void extractAllInFolder(HFSCatalogNodeID folderID, Volume* volume);
17 | 	int copyAcrossVolumes(Volume* volume1, Volume* volume2, char* path1, char* path2);
18 | 
19 | 	void hfs_untar(Volume* volume, AbstractFile* tarFile);
20 | 	void hfs_ls(Volume* volume, const char* path);
21 | 	void hfs_setsilence(int s);
22 | #ifdef __cplusplus
23 | }
24 | #endif
25 | 
26 | 


--------------------------------------------------------------------------------
/includes/hfsplus.h:
--------------------------------------------------------------------------------
  1 | #ifndef HFSPLUS_H
  2 | #define HFSPLUS_H
  3 | 
  4 | #include <stdio.h>
  5 | #include <stdint.h>
  6 | #include <stdlib.h>
  7 | 
  8 | 
  9 | #include "common.h"
 10 | 
 11 | #define READ(a, b, c, d) ((*((a)->read))(a, b, c, d))
 12 | #define WRITE(a, b, c, d) ((*((a)->write))(a, b, c, d))
 13 | #define CLOSE(a) ((*((a)->close))(a))
 14 | #define COMPARE(a, b, c) ((*((a)->compare))(b, c))
 15 | #define READ_KEY(a, b, c) ((*((a)->keyRead))(b, c))
 16 | #define WRITE_KEY(a, b, c, d) ((*((a)->keyWrite))(b, c, d))
 17 | #define READ_DATA(a, b, c) ((*((a)->dataRead))(b, c))
 18 | 
 19 | struct BTKey {
 20 |   uint16_t keyLength;
 21 |   unsigned char data[0];
 22 | } __attribute__((__packed__));
 23 | 
 24 | typedef struct BTKey BTKey;
 25 | 
 26 | typedef BTKey* (*dataReadFunc)(off_t offset, struct io_func_struct* io);
 27 | typedef void (*keyPrintFunc)(BTKey* toPrint);
 28 | typedef int (*keyWriteFunc)(off_t offset, BTKey* toWrite, struct io_func_struct* io);
 29 | typedef int (*compareFunc)(BTKey* left, BTKey* right);
 30 | 
 31 | #define STR_SIZE(str) (sizeof(uint16_t) + (sizeof(uint16_t) * (str).length))
 32 | 
 33 | #ifndef __HFS_FORMAT__
 34 | 
 35 | typedef uint32_t HFSCatalogNodeID;
 36 | 
 37 | enum {
 38 |     kHFSRootParentID            = 1,
 39 |     kHFSRootFolderID            = 2,
 40 |     kHFSExtentsFileID           = 3,
 41 |     kHFSCatalogFileID           = 4,
 42 |     kHFSBadBlockFileID          = 5,
 43 |     kHFSAllocationFileID        = 6,
 44 |     kHFSStartupFileID           = 7,
 45 |     kHFSAttributesFileID        = 8,
 46 |     kHFSRepairCatalogFileID     = 14,
 47 |     kHFSBogusExtentFileID       = 15,
 48 |     kHFSFirstUserCatalogNodeID  = 16
 49 | };
 50 | 
 51 | struct HFSUniStr255 {
 52 |     uint16_t  length;
 53 |     uint16_t unicode[255];
 54 | } __attribute__((__packed__));
 55 | typedef struct HFSUniStr255 HFSUniStr255;
 56 | typedef const  HFSUniStr255 *ConstHFSUniStr255Param;
 57 | 
 58 | struct HFSPlusExtentDescriptor {
 59 |     uint32_t startBlock;
 60 |     uint32_t blockCount;
 61 | } __attribute__((__packed__));
 62 | typedef struct HFSPlusExtentDescriptor HFSPlusExtentDescriptor;
 63 | 
 64 | typedef HFSPlusExtentDescriptor HFSPlusExtentRecord[8];
 65 | 
 66 | struct HFSPlusForkData {
 67 |   uint64_t logicalSize;
 68 |   uint32_t clumpSize;
 69 |   uint32_t totalBlocks;
 70 |   HFSPlusExtentRecord extents;
 71 | } __attribute__((__packed__));
 72 | typedef struct HFSPlusForkData HFSPlusForkData;
 73 |  
 74 | struct HFSPlusVolumeHeader {
 75 |   uint16_t signature;
 76 |   uint16_t version;
 77 |   uint32_t attributes;
 78 |   uint32_t lastMountedVersion;
 79 |   uint32_t journalInfoBlock;
 80 |  
 81 |   uint32_t createDate;
 82 |   uint32_t modifyDate;
 83 |   uint32_t backupDate;
 84 |   uint32_t checkedDate;
 85 |  
 86 |   uint32_t fileCount;
 87 |   uint32_t folderCount;
 88 |  
 89 |   uint32_t blockSize;
 90 |   uint32_t totalBlocks;
 91 |   uint32_t freeBlocks;
 92 |  
 93 |   uint32_t nextAllocation;
 94 |   uint32_t rsrcClumpSize;
 95 |   uint32_t dataClumpSize;
 96 |   HFSCatalogNodeID nextCatalogID;
 97 |  
 98 |   uint32_t writeCount;
 99 |   uint64_t encodingsBitmap;
100 |  
101 |   uint32_t finderInfo[8];
102 |  
103 |   HFSPlusForkData allocationFile;
104 |   HFSPlusForkData extentsFile;
105 |   HFSPlusForkData catalogFile;
106 |   HFSPlusForkData attributesFile;
107 |   HFSPlusForkData startupFile;
108 | } __attribute__((__packed__));
109 | typedef struct HFSPlusVolumeHeader HFSPlusVolumeHeader;
110 | 
111 | enum {
112 |     kBTLeafNode       = -1,
113 |     kBTIndexNode      =  0,
114 |     kBTHeaderNode     =  1,
115 |     kBTMapNode        =  2
116 | };
117 | 
118 | struct BTNodeDescriptor {
119 |     uint32_t    fLink;
120 |     uint32_t    bLink;
121 |     int8_t     kind;
122 |     uint8_t     height;
123 |     uint16_t    numRecords;
124 |     uint16_t    reserved;
125 | } __attribute__((__packed__));
126 | typedef struct BTNodeDescriptor BTNodeDescriptor;
127 | 
128 | #define kHFSCaseFolding 0xCF
129 | #define kHFSBinaryCompare 0xBC
130 | 
131 | struct BTHeaderRec {
132 |     uint16_t    treeDepth;
133 |     uint32_t    rootNode;
134 |     uint32_t    leafRecords;
135 |     uint32_t    firstLeafNode;
136 |     uint32_t    lastLeafNode;
137 |     uint16_t    nodeSize;
138 |     uint16_t    maxKeyLength;
139 |     uint32_t    totalNodes;
140 |     uint32_t    freeNodes;
141 |     uint16_t    reserved1;
142 |     uint32_t    clumpSize;      // misaligned
143 |     uint8_t     btreeType;
144 |     uint8_t     keyCompareType;
145 |     uint32_t    attributes;     // long aligned again
146 |     uint32_t    reserved3[16];
147 | } __attribute__((__packed__));
148 | typedef struct BTHeaderRec BTHeaderRec;
149 | 
150 | struct HFSPlusExtentKey {
151 |     uint16_t              keyLength;
152 |     uint8_t               forkType;
153 |     uint8_t               pad;
154 |     HFSCatalogNodeID    fileID;
155 |     uint32_t              startBlock;
156 | } __attribute__((__packed__));
157 | typedef struct HFSPlusExtentKey HFSPlusExtentKey;
158 | 
159 | struct HFSPlusCatalogKey {
160 |     uint16_t              keyLength;
161 |     HFSCatalogNodeID    parentID;
162 |     HFSUniStr255        nodeName;
163 | } __attribute__((__packed__));
164 | typedef struct HFSPlusCatalogKey HFSPlusCatalogKey;
165 | 
166 | #ifndef __MACTYPES__
167 | struct Point {
168 |   int16_t              v;
169 |   int16_t              h;
170 | } __attribute__((__packed__));
171 | typedef struct Point  Point;
172 | 
173 | struct Rect {
174 |   int16_t              top;
175 |   int16_t              left;
176 |   int16_t              bottom;
177 |   int16_t              right;
178 | } __attribute__((__packed__));
179 | typedef struct Rect   Rect;
180 | 
181 | /* OSType is a 32-bit value made by packing four 1-byte characters 
182 |    together. */
183 | typedef uint32_t        FourCharCode;
184 | typedef FourCharCode  OSType;
185 | 
186 | #endif
187 | 
188 | /* Finder flags (finderFlags, fdFlags and frFlags) */
189 | enum {
190 |   kIsOnDesk       = 0x0001,     /* Files and folders (System 6) */
191 |   kColor          = 0x000E,     /* Files and folders */
192 |   kIsShared       = 0x0040,     /* Files only (Applications only) If */
193 |                                 /* clear, the application needs */
194 |                                 /* to write to its resource fork, */
195 |                                 /* and therefore cannot be shared */
196 |                                 /* on a server */
197 |   kHasNoINITs     = 0x0080,     /* Files only (Extensions/Control */
198 |                                 /* Panels only) */
199 |                                 /* This file contains no INIT resource */
200 |   kHasBeenInited  = 0x0100,     /* Files only.  Clear if the file */
201 |                                 /* contains desktop database resources */
202 |                                 /* ('BNDL', 'FREF', 'open', 'kind'...) */
203 |                                 /* that have not been added yet.  Set */
204 |                                 /* only by the Finder. */
205 |                                 /* Reserved for folders */
206 |   kHasCustomIcon  = 0x0400,     /* Files and folders */
207 |   kIsStationery   = 0x0800,     /* Files only */
208 |   kNameLocked     = 0x1000,     /* Files and folders */
209 |   kHasBundle      = 0x2000,     /* Files only */
210 |   kIsInvisible    = 0x4000,     /* Files and folders */
211 |   kIsAlias        = 0x8000      /* Files only */
212 | };
213 | 
214 | /* Extended flags (extendedFinderFlags, fdXFlags and frXFlags) */
215 | enum {
216 |   kExtendedFlagsAreInvalid    = 0x8000, /* The other extended flags */
217 |                                         /* should be ignored */
218 |   kExtendedFlagHasCustomBadge = 0x0100, /* The file or folder has a */
219 |                                         /* badge resource */
220 |   kExtendedFlagHasRoutingInfo = 0x0004  /* The file contains routing */
221 |                                         /* info resource */
222 | };
223 | 
224 | enum {
225 |     kSymLinkFileType  = 0x736C6E6B, /* 'slnk' */
226 |     kSymLinkCreator   = 0x72686170  /* 'rhap' */
227 | };
228 | 
229 | struct FileInfo {
230 |   OSType    fileType;           /* The type of the file */
231 |   OSType    fileCreator;        /* The file's creator */
232 |   uint16_t    finderFlags;
233 |   Point     location;           /* File's location in the folder. */
234 |   uint16_t    reservedField;
235 | } __attribute__((__packed__));
236 | typedef struct FileInfo   FileInfo;
237 | 
238 | struct ExtendedFileInfo {
239 |   int16_t    reserved1[4];
240 |   uint16_t    extendedFinderFlags;
241 |   int16_t    reserved2;
242 |   int32_t    putAwayFolderID;
243 | } __attribute__((__packed__));
244 | typedef struct ExtendedFileInfo   ExtendedFileInfo;
245 | 
246 | struct FolderInfo {
247 |   Rect      windowBounds;       /* The position and dimension of the */
248 |                                 /* folder's window */
249 |   uint16_t    finderFlags;
250 |   Point     location;           /* Folder's location in the parent */
251 |                                 /* folder. If set to {0, 0}, the Finder */
252 |                                 /* will place the item automatically */
253 |   uint16_t    reservedField;
254 | } __attribute__((__packed__));
255 | typedef struct FolderInfo   FolderInfo;
256 | 
257 | struct ExtendedFolderInfo {
258 |   Point     scrollPosition;     /* Scroll position (for icon views) */
259 |   int32_t    reserved1;
260 |   uint16_t    extendedFinderFlags;
261 |   int16_t    reserved2;
262 |   int32_t    putAwayFolderID;
263 | } __attribute__((__packed__));
264 | typedef struct ExtendedFolderInfo   ExtendedFolderInfo;
265 | 
266 | #ifndef _STAT_H_
267 | #ifndef _SYS_STAT_H
268 | #define S_ISUID 0004000     /* set user id on execution */
269 | #define S_ISGID 0002000     /* set group id on execution */
270 | #define S_ISTXT 0001000     /* sticky bit */
271 | 
272 | #define S_IRWXU 0000700     /* RWX mask for owner */
273 | #define S_IRUSR 0000400     /* R for owner */
274 | #define S_IWUSR 0000200     /* W for owner */
275 | #define S_IXUSR 0000100     /* X for owner */
276 | 
277 | #define S_IRWXG 0000070     /* RWX mask for group */
278 | #define S_IRGRP 0000040     /* R for group */
279 | #define S_IWGRP 0000020     /* W for group */
280 | #define S_IXGRP 0000010     /* X for group */
281 | 
282 | #define S_IRWXO 0000007     /* RWX mask for other */
283 | #define S_IROTH 0000004     /* R for other */
284 | #define S_IWOTH 0000002     /* W for other */
285 | #define S_IXOTH 0000001     /* X for other */
286 | 
287 | #define S_IFMT   0170000    /* type of file mask */
288 | #define S_IFIFO  0010000    /* named pipe (fifo) */
289 | #define S_IFCHR  0020000    /* character special */
290 | #define S_IFDIR  0040000    /* directory */
291 | #define S_IFBLK  0060000    /* block special */
292 | #define S_IFREG  0100000    /* regular */
293 | #define S_IFLNK  0120000    /* symbolic link */
294 | #define S_IFSOCK 0140000    /* socket */
295 | #define S_IFWHT  0160000    /* whiteout */
296 | #endif
297 | #endif
298 | 
299 | #define UF_COMPRESSED 040
300 | 
301 | struct HFSPlusBSDInfo {
302 |     uint32_t  ownerID;
303 |     uint32_t  groupID;
304 |     uint8_t   adminFlags;
305 |     uint8_t   ownerFlags;
306 |     uint16_t  fileMode;
307 |     union {
308 |         uint32_t  iNodeNum;
309 |         uint32_t  linkCount;
310 |         uint32_t  rawDevice;
311 |     } special;
312 | } __attribute__((__packed__));
313 | typedef struct HFSPlusBSDInfo HFSPlusBSDInfo;
314 | 
315 | enum {
316 |     kHFSPlusFolderRecord        = 0x0001,
317 |     kHFSPlusFileRecord          = 0x0002,
318 |     kHFSPlusFolderThreadRecord  = 0x0003,
319 |     kHFSPlusFileThreadRecord    = 0x0004
320 | };
321 | 
322 | enum {
323 | 	kHFSFileLockedBit       = 0x0000,       /* file is locked and cannot be written to */
324 | 	kHFSFileLockedMask      = 0x0001,
325 | 	
326 | 	kHFSThreadExistsBit     = 0x0001,       /* a file thread record exists for this file */
327 | 	kHFSThreadExistsMask    = 0x0002,
328 | 	
329 | 	kHFSHasAttributesBit    = 0x0002,       /* object has extended attributes */
330 | 	kHFSHasAttributesMask   = 0x0004,
331 | 	
332 | 	kHFSHasSecurityBit      = 0x0003,       /* object has security data (ACLs) */
333 | 	kHFSHasSecurityMask     = 0x0008,
334 | 	
335 | 	kHFSHasFolderCountBit   = 0x0004,       /* only for HFSX, folder maintains a separate sub-folder count */
336 | 	kHFSHasFolderCountMask  = 0x0010,       /* (sum of folder records and directory hard links) */
337 | 	
338 | 	kHFSHasLinkChainBit     = 0x0005,       /* has hardlink chain (inode or link) */
339 | 	kHFSHasLinkChainMask    = 0x0020,
340 | 	
341 | 	kHFSHasChildLinkBit     = 0x0006,       /* folder has a child that's a dir link */
342 | 	kHFSHasChildLinkMask    = 0x0040
343 | };
344 | 
345 | struct HFSPlusCatalogFolder {
346 |     int16_t              recordType;
347 |     uint16_t              flags;
348 |     uint32_t              valence;
349 |     HFSCatalogNodeID    folderID;
350 |     uint32_t              createDate;
351 |     uint32_t              contentModDate;
352 |     uint32_t              attributeModDate;
353 |     uint32_t              accessDate;
354 |     uint32_t              backupDate;
355 |     HFSPlusBSDInfo      permissions;
356 |     FolderInfo          userInfo;
357 |     ExtendedFolderInfo  finderInfo;
358 |     uint32_t              textEncoding;
359 |     uint32_t              folderCount;
360 | } __attribute__((__packed__));
361 | typedef struct HFSPlusCatalogFolder HFSPlusCatalogFolder;
362 | 
363 | struct HFSPlusCatalogFile {
364 |     int16_t              recordType;
365 |     uint16_t              flags;
366 |     uint32_t              reserved1;
367 |     HFSCatalogNodeID    fileID;
368 |     uint32_t              createDate;
369 |     uint32_t              contentModDate;
370 |     uint32_t              attributeModDate;
371 |     uint32_t              accessDate;
372 |     uint32_t              backupDate;
373 |     HFSPlusBSDInfo      permissions;
374 |     FileInfo            userInfo;
375 |     ExtendedFileInfo    finderInfo;
376 |     uint32_t              textEncoding;
377 |     uint32_t              reserved2;
378 |  
379 |     HFSPlusForkData     dataFork;
380 |     HFSPlusForkData     resourceFork;
381 | } __attribute__((__packed__));
382 | typedef struct HFSPlusCatalogFile HFSPlusCatalogFile;
383 | 
384 | struct HFSPlusCatalogThread {
385 |     int16_t              recordType;
386 |     int16_t              reserved;
387 |     HFSCatalogNodeID    parentID;
388 |     HFSUniStr255        nodeName;
389 | } __attribute__((__packed__));
390 | typedef struct HFSPlusCatalogThread HFSPlusCatalogThread;
391 | 
392 | enum {
393 | 	kHFSPlusAttrInlineData	= 0x10,
394 | 	kHFSPlusAttrForkData	= 0x20,
395 | 	kHFSPlusAttrExtents	= 0x30
396 | };
397 | 
398 | struct HFSPlusAttrForkData {
399 | 	uint32_t 	recordType;
400 | 	uint32_t 	reserved;
401 | 	HFSPlusForkData theFork;
402 | } __attribute__((__packed__));
403 | typedef struct HFSPlusAttrForkData HFSPlusAttrForkData;
404 | 
405 | struct HFSPlusAttrExtents {
406 | 	uint32_t 		recordType;
407 | 	uint32_t 		reserved;
408 | 	HFSPlusExtentRecord	extents;
409 | };
410 | typedef struct HFSPlusAttrExtents HFSPlusAttrExtents;
411 | 
412 | struct HFSPlusAttrData {
413 | 	uint32_t    recordType;
414 | 	uint32_t    reserved[2];
415 | 	uint32_t    size;
416 | 	uint8_t     data[0];
417 | } __attribute__((__packed__));
418 | typedef struct HFSPlusAttrData HFSPlusAttrData;
419 | 
420 | union HFSPlusAttrRecord {
421 | 	uint32_t 		recordType;
422 | 	HFSPlusAttrData 	attrData;
423 | 	HFSPlusAttrForkData 	forkData;
424 | 	HFSPlusAttrExtents 	overflowExtents;
425 | };
426 | typedef union HFSPlusAttrRecord HFSPlusAttrRecord;
427 | 
428 | struct HFSPlusAttrKey {
429 | 	uint16_t     keyLength;
430 | 	uint16_t     pad;
431 | 	uint32_t     fileID;
432 | 	uint32_t     startBlock;
433 | 	HFSUniStr255 name;
434 | } __attribute__((__packed__));
435 | typedef struct HFSPlusAttrKey HFSPlusAttrKey;
436 | 
437 | enum {
438 | 	kHardLinkFileType = 0x686C6E6B,  /* 'hlnk' */
439 | 	kHFSPlusCreator   = 0x6866732B   /* 'hfs+' */
440 | };
441 | 
442 | #endif
443 | 
444 | struct HFSPlusCatalogRecord {
445 |   int16_t recordType;
446 |   unsigned char data[0];
447 | } __attribute__((__packed__));
448 | typedef struct HFSPlusCatalogRecord HFSPlusCatalogRecord;
449 | 
450 | struct CatalogRecordList {
451 |   HFSUniStr255 name;
452 |   HFSPlusCatalogRecord* record;
453 |   struct CatalogRecordList* next;
454 | };
455 | typedef struct CatalogRecordList CatalogRecordList;
456 | 
457 | struct XAttrList {
458 |   char* name;
459 |   struct XAttrList* next;
460 | };
461 | typedef struct XAttrList XAttrList;
462 | 
463 | struct Extent {
464 |   uint32_t startBlock;
465 |   uint32_t blockCount;
466 |   struct Extent* next;
467 | };
468 | 
469 | typedef struct Extent Extent;
470 | 
471 | typedef struct {
472 |   io_func* io;
473 |   BTHeaderRec *headerRec;
474 |   compareFunc compare;
475 |   dataReadFunc keyRead;
476 |   keyWriteFunc keyWrite;
477 |   keyPrintFunc keyPrint;
478 |   dataReadFunc dataRead;
479 | } BTree;
480 | 
481 | typedef struct {
482 |   io_func* image;
483 |   HFSPlusVolumeHeader* volumeHeader;
484 | 
485 |   BTree* extentsTree;
486 |   BTree* catalogTree;
487 |   BTree* attrTree;
488 |   io_func* allocationFile;
489 |   HFSCatalogNodeID metadataDir;
490 | } Volume;
491 | 
492 | 
493 | typedef struct {
494 |   HFSCatalogNodeID id;
495 |   HFSPlusCatalogRecord* catalogRecord;
496 |   Volume* volume;
497 |   HFSPlusForkData* forkData;
498 |   Extent* extents;
499 | } RawFile;
500 | 
501 | #ifdef __cplusplus
502 | extern "C" {
503 | #endif
504 | 	void hfs_panic(const char* panicString);
505 | 
506 | 	void printUnicode(HFSUniStr255* str);
507 | 	char* unicodeToAscii(HFSUniStr255* str);
508 | 
509 | 	BTNodeDescriptor* readBTNodeDescriptor(uint32_t num, BTree* tree);
510 | 
511 | 	BTHeaderRec* readBTHeaderRec(io_func* io);
512 | 
513 | 	BTree* openBTree(io_func* io, compareFunc compare, dataReadFunc keyRead, keyWriteFunc keyWrite, keyPrintFunc keyPrint, dataReadFunc dataRead);
514 | 
515 | 	void closeBTree(BTree* tree);
516 | 
517 | 	off_t getRecordOffset(int num, uint32_t nodeNum, BTree* tree);
518 | 
519 | 	off_t getNodeNumberFromPointerRecord(off_t offset, io_func* io);
520 | 
521 | 	void* search(BTree* tree, BTKey* searchKey, int *exact, uint32_t *nodeNumber, int *recordNumber);
522 | 
523 | 	io_func* openFlatFile(const char* fileName);
524 | 	io_func* openFlatFileRO(const char* fileName);
525 | 
526 | 	io_func* openRawFile(HFSCatalogNodeID id, HFSPlusForkData* forkData, HFSPlusCatalogRecord* catalogRecord, Volume* volume);
527 | 
528 | 	BTree* openAttributesTree(io_func* file);
529 | 	size_t getAttribute(Volume* volume, uint32_t fileID, const char* name, uint8_t** data);
530 | 	int setAttribute(Volume* volume, uint32_t fileID, const char* name, uint8_t* data, size_t size);
531 | 	int unsetAttribute(Volume* volume, uint32_t fileID, const char* name);
532 | 	XAttrList* getAllExtendedAttributes(HFSCatalogNodeID CNID, Volume* volume);
533 | 
534 | 	void flipExtentRecord(HFSPlusExtentRecord* extentRecord);
535 | 
536 | 	BTree* openExtentsTree(io_func* file);
537 | 
538 | 	void ASCIIToUnicode(const char* ascii, HFSUniStr255* unistr);
539 | 
540 | 	void flipCatalogFolder(HFSPlusCatalogFolder* record);
541 | 	void flipCatalogFile(HFSPlusCatalogFile* record);
542 | 	void flipCatalogThread(HFSPlusCatalogThread* record, int out);
543 | 
544 | 	BTree* openCatalogTree(io_func* file);
545 | 	int updateCatalog(Volume* volume, HFSPlusCatalogRecord* catalogRecord);
546 | 	int move(const char* source, const char* dest, Volume* volume);
547 | 	int removeFile(const char* fileName, Volume* volume);
548 | 	HFSCatalogNodeID newFolder(const char* pathName, Volume* volume);
549 | 	HFSCatalogNodeID newFile(const char* pathName, Volume* volume);
550 | 	int chmodFile(const char* pathName, int mode, Volume* volume);
551 | 	int chownFile(const char* pathName, uint32_t owner, uint32_t group, Volume* volume);
552 | 	int makeSymlink(const char* pathName, const char* target, Volume* volume);
553 | 
554 | 	HFSCatalogNodeID getMetadataDirectoryID(Volume* volume);
555 | 	HFSPlusCatalogRecord* getRecordByCNID(HFSCatalogNodeID CNID, Volume* volume);
556 | 	HFSPlusCatalogRecord* getLinkTarget(HFSPlusCatalogRecord* record, HFSCatalogNodeID parentID, HFSPlusCatalogKey *key, Volume* volume);
557 | 	CatalogRecordList* getFolderContents(HFSCatalogNodeID CNID, Volume* volume);
558 | 	HFSPlusCatalogRecord* getRecordFromPath(const char* path, Volume* volume, char **name, HFSPlusCatalogKey* retKey);
559 | 	HFSPlusCatalogRecord* getRecordFromPath2(const char* path, Volume* volume, char **name, HFSPlusCatalogKey* retKey, char traverse);
560 | 	HFSPlusCatalogRecord* getRecordFromPath3(const char* path, Volume* volume, char **name, HFSPlusCatalogKey* retKey, char traverse, char returnLink, HFSCatalogNodeID parentID);
561 | 	void releaseCatalogRecordList(CatalogRecordList* list);
562 | 
563 | 	int isBlockUsed(Volume* volume, uint32_t block);
564 | 	int setBlockUsed(Volume* volume, uint32_t block, int used);
565 | 	int allocate(RawFile* rawFile, off_t size);
566 | 
567 | 	void flipForkData(HFSPlusForkData* forkData);
568 | 
569 | 	Volume* openVolume(io_func* io);
570 | 	void closeVolume(Volume *volume);
571 | 	int updateVolume(Volume* volume);
572 | 
573 | 	int debugBTree(BTree* tree, int displayTree);
574 | 
575 | 	int addToBTree(BTree* tree, BTKey* searchKey, size_t length, unsigned char* content);
576 | 
577 | 	int removeFromBTree(BTree* tree, BTKey* searchKey);
578 | 
579 | 	int32_t FastUnicodeCompare ( register uint16_t str1[], register uint16_t length1,
580 | 		                    register uint16_t str2[], register uint16_t length2);
581 | #ifdef __cplusplus
582 | }
583 | #endif
584 | 
585 | #endif
586 | 
587 | 


--------------------------------------------------------------------------------
/includes/ibootim.h:
--------------------------------------------------------------------------------
 1 | #ifndef IBOOTIM_H
 2 | #define IBOOTIM_H
 3 | 
 4 | #include <stdint.h>
 5 | #include "abstractfile.h"
 6 | 
 7 | typedef struct IBootIMHeader {
 8 | 	char    signature[8];
 9 | 	uint32_t unknown;
10 | 	uint32_t compression_type;
11 | 	uint32_t format;
12 | 	uint16_t width;
13 | 	uint16_t height;
14 | 	uint8_t  padding[0x28];
15 | } __attribute__((__packed__)) IBootIMHeader;
16 | 
17 | #define IBOOTIM_SIG_UINT 0x69426F6F
18 | #define IBOOTIM_SIGNATURE "iBootIm"
19 | #define IBOOTIM_LZSS_TYPE 0x6C7A7373
20 | #define IBOOTIM_ARGB 0x61726762
21 | #define IBOOTIM_GREY 0x67726579
22 | 
23 | typedef struct InfoIBootIM {
24 | 	AbstractFile*		file;
25 | 	
26 | 	IBootIMHeader   header;
27 | 	size_t          length;
28 | 	size_t          compLength;
29 | 	size_t          offset;
30 | 	void*           buffer;
31 | 
32 | 	char            dirty;
33 | } InfoIBootIM;
34 | 
35 | #ifdef __cplusplus
36 | extern "C" {
37 | #endif
38 | 	AbstractFile* createAbstractFileFromIBootIM(AbstractFile* file);
39 | 	AbstractFile* duplicateIBootIMFile(AbstractFile* file, AbstractFile* backing);
40 | 	void* replaceBootImage(AbstractFile* imageWrapper, const unsigned int* key, const unsigned int* iv, AbstractFile* png, size_t *fileSize);
41 | 	int convertToPNG(AbstractFile* imageWrapper, const unsigned int* key, const unsigned int* iv, const char* png);
42 | #ifdef __cplusplus
43 | }
44 | #endif
45 | 
46 | #endif
47 | 
48 | 


--------------------------------------------------------------------------------
/includes/img2.h:
--------------------------------------------------------------------------------
 1 | #include <stdint.h>
 2 | #include "abstractfile.h"
 3 | 
 4 | #define IMG2_SIGNATURE 0x496D6732
 5 | 
 6 | typedef struct Img2Header {
 7 | 	uint32_t signature;        /* 0x0 */
 8 | 	uint32_t imageType;        /* 0x4 */
 9 | 	uint16_t unknown1;         /* 0x8 */
10 | 	uint16_t security_epoch;   /* 0xa */
11 | 	uint32_t flags1;           /* 0xc */
12 | 	uint32_t dataLenPadded;    /* 0x10 */
13 | 	uint32_t dataLen;          /* 0x14 */
14 | 	uint32_t unknown3;         /* 0x18 */
15 | 	uint32_t flags2;           /* 0x1c */ /* 0x01000000 has to be unset */
16 | 	uint8_t  reserved[0x40];   /* 0x20 */
17 | 	uint32_t unknown4;         /* 0x60 */ /* some sort of length field? */
18 | 	uint32_t header_checksum;  /* 0x64 */ /* standard crc32 on first 0x64 bytes */
19 | 	uint32_t checksum2;        /* 0x68 */
20 | 	uint8_t  unknown5[0x394]; /* 0x68 */
21 | } __attribute__((__packed__)) Img2Header;
22 | 
23 | typedef struct InfoImg2 {
24 | 	AbstractFile*		file;
25 | 	
26 | 	Img2Header      header;
27 | 	size_t          offset;
28 | 	void*           buffer;
29 | 
30 | 	char            dirty;
31 | } InfoImg2;
32 | 
33 | AbstractFile* createAbstractFileFromImg2(AbstractFile* file);
34 | AbstractFile* duplicateImg2File(AbstractFile* file, AbstractFile* backing);
35 | 


--------------------------------------------------------------------------------
/includes/img3.h:
--------------------------------------------------------------------------------
 1 | #ifndef IMG3_H
 2 | #define IMG3_H
 3 | 
 4 | #include <stdint.h>
 5 | #include "common.h"
 6 | #include "abstractfile.h"
 7 | #include <openssl/aes.h>
 8 | 
 9 | #define IMG3_MAGIC 0x496d6733
10 | #define IMG3_DATA_MAGIC 0x44415441
11 | #define IMG3_VERS_MAGIC 0x56455253
12 | #define IMG3_SEPO_MAGIC 0x5345504f
13 | #define IMG3_SCEP_MAGIC 0x53434550
14 | #define IMG3_BORD_MAGIC 0x424f5244
15 | #define IMG3_BDID_MAGIC 0x42444944
16 | #define IMG3_SHSH_MAGIC 0x53485348
17 | #define IMG3_CERT_MAGIC 0x43455254
18 | #define IMG3_KBAG_MAGIC 0x4B424147
19 | #define IMG3_TYPE_MAGIC 0x54595045
20 | #define IMG3_ECID_MAGIC 0x45434944
21 | 
22 | #define IMG3_SIGNATURE IMG3_MAGIC
23 | 
24 | typedef struct Img3Element Img3Element;
25 | typedef struct Img3Info Img3Info;
26 | 
27 | typedef void (*WriteImg3)(AbstractFile* file, Img3Element* element, Img3Info* info);
28 | typedef void (*FreeImg3)(Img3Element* element);
29 | 
30 | typedef struct AppleImg3Header {
31 | 	uint32_t magic;
32 | 	uint32_t size;
33 | 	uint32_t dataSize;
34 | }__attribute__((__packed__)) AppleImg3Header;
35 | 
36 | typedef struct AppleImg3RootExtra {
37 | 	uint32_t shshOffset;
38 | 	uint32_t name;
39 | }__attribute__((__packed__)) AppleImg3RootExtra;
40 | 
41 | typedef struct AppleImg3RootHeader {
42 | 	AppleImg3Header base;
43 | 	AppleImg3RootExtra extra;
44 | }__attribute__((__packed__)) AppleImg3RootHeader;
45 | 
46 | typedef struct AppleImg3KBAGHeader {
47 |  
48 |   uint32_t key_modifier;		// key modifier, can be 0 or 1 	
49 |   uint32_t key_bits;			// number of bits in the key, can be 128, 192 or 256 (it seems only 128 is supported in current iBoot)
50 | } AppleImg3KBAGHeader;
51 | 
52 | struct Img3Element
53 | {
54 | 	AppleImg3Header* header;
55 | 	WriteImg3 write;
56 | 	FreeImg3 free;
57 | 	void* data;
58 | 	struct Img3Element* next;
59 | };
60 | 
61 | struct Img3Info {
62 | 	AbstractFile* file;
63 | 	Img3Element* root;
64 | 	Img3Element* data;
65 | 	Img3Element* cert;
66 | 	Img3Element* kbag;
67 | 	Img3Element* type;
68 | 	Img3Element* shsh;
69 | 	Img3Element* ecid;
70 | 	int encrypted;
71 | 	AES_KEY encryptKey;
72 | 	AES_KEY decryptKey;
73 | 	uint8_t iv[16];
74 | 	size_t offset;
75 | 	uint32_t replaceDWord;
76 | 	char dirty;
77 | 	char exploit24k;
78 | 	char exploitN8824k;
79 | 	char decryptLast;
80 | };
81 | 
82 | #ifdef __cplusplus
83 | extern "C" {
84 | #endif
85 | 	AbstractFile* createAbstractFileFromImg3(AbstractFile* file);
86 | 	AbstractFile* duplicateImg3File(AbstractFile* file, AbstractFile* backing);
87 | 	void replaceCertificateImg3(AbstractFile* file, AbstractFile* certificate);
88 | 	void replaceSignatureImg3(AbstractFile* file, AbstractFile* signature);
89 | 	void exploit24kpwn(AbstractFile* file);
90 | 	void exploitN8824kpwn(AbstractFile* file);
91 | #ifdef __cplusplus
92 | }
93 | #endif
94 | 
95 | 
96 | #endif
97 | 
98 | 


--------------------------------------------------------------------------------
/includes/libxpwn.h:
--------------------------------------------------------------------------------
 1 | #ifndef LIBXPWN_H
 2 | #define LIBXPWN_H
 3 | 
 4 | typedef void (*LogMessageCallback) (const char * Message);
 5 | 
 6 | extern LogMessageCallback logCallback;
 7 | 
 8 | #if __STDC_VERSION__ < 199901L
 9 | # if __GNUC__ >= 2
10 | #  define __func__ __FUNCTION__
11 | # else
12 | #  define __func__ "<unknown>"
13 | # endif
14 | #endif
15 | 
16 | #define XLOG(level, format, ...) Log(level, __FILE__, __LINE__, __func__, format, ## __VA_ARGS__)
17 | 
18 | #ifdef __cplusplus
19 | extern "C" {
20 | #endif
21 | 	void init_libxpwn(int *argc, char *argv[]);
22 | 	void libxpwn_log(LogMessageCallback callback);
23 | 	void libxpwn_loglevel(int logLevel);
24 | 	void Log(int level, const char* file, unsigned int line, const char* function, const char* format, ...);
25 | 	void TestByteOrder();
26 | #ifdef __cplusplus
27 | }
28 | #endif
29 | 
30 | extern int Img3DecryptLast; /* FALSE for <= 7a341, TRUE for >= 7c144 */
31 | 
32 | #endif
33 | 
34 | 


--------------------------------------------------------------------------------
/includes/lzss.h:
--------------------------------------------------------------------------------
1 | #include <stdint.h>
2 | 
3 | uint32_t lzadler32(uint8_t *buf, int32_t len);
4 | int decompress_lzss(uint8_t *dst, uint8_t *src, uint32_t srclen);
5 | uint8_t *compress_lzss(uint8_t *dst, uint32_t dstlen, uint8_t *src, uint32_t srcLen);
6 | 


--------------------------------------------------------------------------------
/includes/lzssfile.h:
--------------------------------------------------------------------------------
 1 | #include <stdint.h>
 2 | #include "abstractfile.h"
 3 | 
 4 | #define COMP_SIGNATURE 0x636F6D70
 5 | #define LZSS_SIGNATURE 0x6C7A7373
 6 | 
 7 | typedef struct CompHeader {
 8 | 	uint32_t signature;
 9 | 	uint32_t compression_type;
10 | 	uint32_t checksum;
11 | 	uint32_t length_uncompressed;
12 | 	uint32_t length_compressed;
13 | 	uint8_t  padding[0x16C];
14 | } __attribute__((__packed__)) CompHeader;
15 | 
16 | typedef struct InfoComp {
17 | 	AbstractFile*		file;
18 | 	
19 | 	CompHeader      header;
20 | 	size_t          offset;
21 | 	void*           buffer;
22 | 
23 | 	char            dirty;
24 | } InfoComp;
25 | 
26 | AbstractFile* createAbstractFileFromComp(AbstractFile* file);
27 | AbstractFile* duplicateCompFile(AbstractFile* file, AbstractFile* backing);
28 | 


--------------------------------------------------------------------------------
/includes/nor_files.h:
--------------------------------------------------------------------------------
 1 | #ifndef NOR_FILES_H
 2 | #define NOR_FILES_H
 3 | 
 4 | #include "abstractfile.h"
 5 | #include "8900.h"
 6 | #include "img2.h"
 7 | #include "lzssfile.h"
 8 | 
 9 | #ifdef __cplusplus
10 | extern "C" {
11 | #endif
12 | 	AbstractFile* openAbstractFile(AbstractFile* file);
13 | 	AbstractFile* openAbstractFile2(AbstractFile* file, const unsigned int* key, const unsigned int* iv);
14 | 	AbstractFile* openAbstractFile3(AbstractFile* file, const unsigned int* key, const unsigned int* iv, int layers);
15 | 	AbstractFile* duplicateAbstractFile(AbstractFile* file, AbstractFile* backing);
16 | 	AbstractFile* duplicateAbstractFile2(AbstractFile* file, AbstractFile* backing, const unsigned int* key, const unsigned int* iv, AbstractFile* certificate);
17 | #ifdef __cplusplus
18 | }
19 | #endif
20 | 
21 | #endif
22 | 
23 | 


--------------------------------------------------------------------------------
/includes/outputstate.h:
--------------------------------------------------------------------------------
 1 | #ifndef OUTPUTSTATE_H
 2 | #define OUTPUTSTATE_H
 3 | 
 4 | #include "abstractfile.h"
 5 | 
 6 | typedef struct OutputState {
 7 | 	char* fileName;
 8 | 	void* buffer;
 9 | 	size_t bufferSize;
10 | 	char* tmpFileName;
11 | 	struct OutputState* next;
12 | 	struct OutputState* prev;
13 | } OutputState;
14 | 
15 | #ifdef __cplusplus
16 | extern "C" {
17 | #endif
18 | 	char* createTempFile();
19 | 	void addToOutput2(OutputState** state, const char* fileName, void* buffer, const size_t bufferSize, char* tmpFileName);
20 | 	void addToOutput(OutputState** state, const char* fileName, void* buffer, const size_t bufferSize);
21 | 	void removeFileFromOutputState(OutputState** state, const char* fileName);
22 | 	AbstractFile* getFileFromOutputState(OutputState** state, const char* fileName);
23 | 	AbstractFile* getFileFromOutputStateForOverwrite(OutputState** state, const char* fileName);
24 | 	AbstractFile* getFileFromOutputStateForReplace(OutputState** state, const char* fileName);
25 | 	void writeOutput(OutputState** state, char* ipsw);
26 | 	void releaseOutput(OutputState** state);
27 | 	OutputState* loadZip2(const char* ipsw, int useMemory);
28 | 	void loadZipFile2(const char* ipsw, OutputState** output, const char* file, int useMemory);
29 | 	OutputState* loadZip(const char* ipsw);
30 | 	void loadZipFile(const char* ipsw, OutputState** output, const char* file);
31 | #ifdef __cplusplus
32 | }
33 | #endif
34 | 
35 | #endif
36 | 
37 | 


--------------------------------------------------------------------------------
/includes/partial.h:
--------------------------------------------------------------------------------
 1 | #include <inttypes.h>
 2 | #include <curl/curl.h>
 3 | 
 4 | typedef struct EndOfCD {
 5 | 	uint32_t signature;
 6 | 	uint16_t diskNo;
 7 | 	uint16_t CDDiskNo;
 8 | 	uint16_t CDDiskEntries;
 9 | 	uint16_t CDEntries;
10 | 	uint32_t CDSize;
11 | 	uint32_t CDOffset;
12 | 	uint16_t lenComment;
13 | } __attribute__ ((packed)) EndOfCD;
14 | 
15 | typedef struct CDFile {
16 | 	uint32_t signature;
17 | 	uint16_t version;
18 | 	uint16_t versionExtract;
19 | 	uint16_t flags;
20 | 	uint16_t method;
21 | 	uint16_t modTime;
22 | 	uint16_t modDate;
23 | 	uint32_t crc32;
24 | 	uint32_t compressedSize;
25 | 	uint32_t size;
26 | 	uint16_t lenFileName;
27 | 	uint16_t lenExtra;
28 | 	uint16_t lenComment;
29 | 	uint16_t diskStart;
30 | 	uint16_t internalAttr;
31 | 	uint32_t externalAttr;
32 | 	uint32_t offset;
33 | } __attribute__ ((packed)) CDFile;
34 | 
35 | typedef struct LocalFile {
36 | 	uint32_t signature;
37 | 	uint16_t versionExtract;
38 | 	uint16_t flags;
39 | 	uint16_t method;
40 | 	uint16_t modTime;
41 | 	uint16_t modDate;
42 | 	uint32_t crc32;
43 | 	uint32_t compressedSize;
44 | 	uint32_t size;
45 | 	uint16_t lenFileName;
46 | 	uint16_t lenExtra;
47 | } __attribute__ ((packed)) LocalFile;
48 | 
49 | typedef struct ZipInfo ZipInfo;
50 | 
51 | typedef void (*PartialZipProgressCallback)(ZipInfo* info, CDFile* file, size_t progress);
52 | 
53 | struct ZipInfo {
54 | 	char* url;
55 | 	uint64_t length;
56 | 	CURL* hIPSW;
57 | 	char* centralDirectory;
58 | 	size_t centralDirectoryRecvd;
59 | 	EndOfCD* centralDirectoryDesc;
60 | 	char centralDirectoryEnd[0xffff + sizeof(EndOfCD)];
61 | 	size_t centralDirectoryEndRecvd;
62 | 	PartialZipProgressCallback progressCallback;
63 | };
64 | 
65 | #ifdef __cplusplus
66 | extern "C" {
67 | #endif
68 | 
69 | 	ZipInfo* PartialZipInit(const char* url);
70 | 
71 | 	CDFile* PartialZipFindFile(ZipInfo* info, const char* fileName);
72 | 
73 | 	CDFile* PartialZipListFiles(ZipInfo* info);
74 | 
75 | 	unsigned char* PartialZipGetFile(ZipInfo* info, CDFile* file);
76 | 
77 | 	void PartialZipRelease(ZipInfo* info);
78 | 	
79 | 	void PartialZipSetProgressCallback(ZipInfo* info, PartialZipProgressCallback progressCallback);
80 | 
81 | #ifdef __cplusplus
82 | }
83 | #endif
84 | 
85 | 


--------------------------------------------------------------------------------
/includes/plist.h:
--------------------------------------------------------------------------------
 1 | #ifndef PLIST_H
 2 | #define PLIST_H
 3 | 
 4 | #include "abstractfile.h"
 5 | 
 6 | enum DictTypes {
 7 | 	DictionaryType = 1,
 8 | 	ArrayType,
 9 | 	StringType,
10 | 	DataType,
11 | 	IntegerType,
12 | 	BoolType
13 | };
14 | 
15 | typedef struct DictValue {
16 | 	int type;
17 | 	char* key;
18 | 	struct DictValue* next;
19 | 	struct DictValue* prev;
20 | } DictValue;
21 | 
22 | typedef struct StringValue {
23 | 	DictValue dValue;
24 | 	char* value;
25 | } StringValue;
26 | 
27 | typedef struct DataValue {
28 | 	DictValue dValue;
29 | 	char* value;
30 | } DataValue;
31 | 
32 | typedef struct IntegerValue {
33 | 	DictValue dValue;
34 | 	int value;
35 | } IntegerValue;
36 | 
37 | typedef struct BoolValue {
38 | 	DictValue dValue;
39 | 	char value;
40 | } BoolValue;
41 | 
42 | typedef struct ArrayValue {
43 | 	DictValue dValue;
44 | 	int size;
45 | 	DictValue** values;
46 | } ArrayValue;
47 | 
48 | typedef struct Dictionary {
49 | 	DictValue dValue;
50 | 	DictValue* values;
51 | } Dictionary;
52 | 
53 | typedef struct Tag {
54 | 	char* name;
55 | 	char* xml;
56 | } Tag;
57 | 
58 | #ifdef __cplusplus
59 | extern "C" {
60 | #endif
61 | 	void createArray(ArrayValue* myself, char* xml);
62 | 	void createDictionary(Dictionary* myself, char* xml);
63 | 	Dictionary* createDictionaryFromAbstractFile(AbstractFile* file);
64 | 	void releaseArray(ArrayValue* myself);
65 | 	void releaseDictionary(Dictionary* myself);
66 | 	char* getXmlFromArrayValue(ArrayValue* myself, int tabsCount);
67 | 	char* getXmlFromDictionary(Dictionary* myself, int tabsCount);
68 | 	Dictionary* createRoot(char* xml);
69 | 	char* getXmlFromRoot(Dictionary* root);
70 | 	DictValue* getValueByKey(Dictionary* myself, const char* key);
71 | 	void addStringToArray(ArrayValue* array, char* str);
72 | 	void removeKey(Dictionary* dict, char* key);
73 | 	void addStringToDictionary(Dictionary* dict, const char* key, const char* value);
74 | 	void addDataToDictionary(Dictionary* dict, const char* key, const char* value);
75 | 	void addBoolToDictionary(Dictionary* dict, const char* key, int value);
76 | 	void addIntegerToDictionary(Dictionary* dict, const char* key, int value);
77 | 	void addValueToDictionary(Dictionary* dict, const char* key, DictValue* value);
78 | #ifdef __cplusplus
79 | }
80 | #endif
81 | 
82 | #endif
83 | 


--------------------------------------------------------------------------------
/includes/pwnutil.h:
--------------------------------------------------------------------------------
 1 | #ifndef PWNUTIL_H
 2 | #define PWNUTIL_H
 3 | 
 4 | #include "plist.h"
 5 | #include "outputstate.h"
 6 | #include "hfsplus.h"
 7 | 
 8 | typedef int (*PatchFunction)(AbstractFile* file);
 9 | 
10 | #ifdef __cplusplus
11 | extern "C" {
12 | #endif
13 | 	int patch(AbstractFile* in, AbstractFile* out, AbstractFile* patch);
14 | 	Dictionary* parseIPSW(const char* inputIPSW, const char* bundleRoot, char** bundlePath, OutputState** state);
15 | 	Dictionary* parseIPSW2(const char* inputIPSW, const char* bundleRoot, char** bundlePath, OutputState** state, int useMemory);
16 | 	int doPatch(StringValue* patchValue, StringValue* fileValue, const char* bundlePath, OutputState** state, unsigned int* key, unsigned int* iv, int useMemory, int isPlain);
17 | 	void doPatchInPlace(Volume* volume, const char* filePath, const char* patchPath);
18 | 	void doPatchInPlaceMemoryPatch(Volume* volume, const char* filePath, void** patch, size_t* patchSize);
19 | 	void fixupBootNeuterArgs(Volume* volume, char unlockBaseband, char selfDestruct, char use39, char use46);
20 | 	void createRestoreOptions(Volume* volume, int SystemPartitionSize, int UpdateBaseband);
21 | 
22 | 	int patchSigCheck(AbstractFile* file);
23 | 	int patchKernel(AbstractFile* file);
24 | 	int patchDeviceTree(AbstractFile* file);
25 | #ifdef __cplusplus
26 | }
27 | #endif
28 | 
29 | #endif
30 | 


--------------------------------------------------------------------------------
/libxpwn.c:
--------------------------------------------------------------------------------
 1 | #include <stdarg.h>
 2 | #include <string.h>
 3 | 
 4 | #include "common.h"
 5 | #include "libxpwn.h"
 6 | 
 7 | LogMessageCallback logCallback;
 8 | char endianness;
 9 | int GlobalLogLevel;
10 | 
11 | int Img3DecryptLast = TRUE; /* FALSE for <= 7a341, TRUE for >= 7c144 */
12 | 
13 | void TestByteOrder()
14 | {
15 | 	short int word = 0x0001;
16 | 	char *byte = (char *) &word;
17 | 	endianness = byte[0] ? IS_LITTLE_ENDIAN : IS_BIG_ENDIAN;
18 | }
19 | 
20 | void defaultCallback(const char* Message) {
21 | 	printf("%s", Message);
22 | }
23 | 
24 | void init_libxpwn(int *argc, char *argv[]) {
25 | 	int i, j, n = *argc;
26 | 	for (i = 0; i < n; i++) {
27 | 		if (!strcmp(argv[i], "--old-img3-decrypt")) {
28 | 			n--;
29 | 			memmove(&argv[i], &argv[i + 1], (n - i) * sizeof(char *));
30 | 			Img3DecryptLast = FALSE;
31 | 		}
32 | 	}
33 | 	argv[*argc = n] = NULL;
34 | 
35 | 	TestByteOrder();
36 | 	GlobalLogLevel = 0xFF;
37 | 	logCallback = defaultCallback;
38 | }
39 | 
40 | void libxpwn_log(LogMessageCallback callback) {
41 | 	logCallback = callback;
42 | }
43 | 
44 | void libxpwn_loglevel(int logLevel) {
45 | 	GlobalLogLevel = logLevel;
46 | }
47 | 
48 | void Log(int level, const char* file, unsigned int line, const char* function, const char* format, ...) {
49 | #ifdef HARD_LOG
50 | 	static FILE* logFile = NULL;
51 | 	if(logFile == NULL)
52 | 		logFile = fopen("log.txt", "w");
53 | #endif
54 | 
55 | 	char mainBuffer[1024];
56 | 	char buffer[1024];
57 | 
58 | 	if(level >= GlobalLogLevel) {
59 | 		return;
60 | 	}
61 | 
62 | 	va_list args;
63 | 	va_start(args, format);
64 | 	vsnprintf(buffer, sizeof(buffer), format, args);
65 | 	va_end(args);
66 | 
67 | 	switch(level) {
68 | 		case 0:
69 | 		case 1:
70 | 			strcpy(mainBuffer, buffer);
71 | 			break;
72 | 		default:
73 | 			snprintf(mainBuffer, sizeof(mainBuffer), "%s:%s:%d: %s", file, function, line, buffer);
74 | 	}
75 | 	logCallback(mainBuffer);
76 | 
77 | #ifdef HARD_LOG
78 | 	strcat(mainBuffer, "\n");
79 | 	fwrite(mainBuffer, 1, strlen(mainBuffer), logFile);
80 | 	fflush(logFile);
81 | #endif
82 | }
83 | 
84 | 


--------------------------------------------------------------------------------
/lzss.c:
--------------------------------------------------------------------------------
  1 | #include <stdint.h>
  2 | #include <string.h>
  3 | #include <stdlib.h>
  4 | 
  5 | #include "lzss.h"
  6 | 
  7 | #define BASE 65521L /* largest prime smaller than 65536 */
  8 | #define NMAX 5000  
  9 | // NMAX (was 5521) the largest n such that 255n(n+1)/2 + (n+1)(BASE-1) <= 2^32-1
 10 | 
 11 | #define DO1(buf,i)  {s1 += buf[i]; s2 += s1;}
 12 | #define DO2(buf,i)  DO1(buf,i); DO1(buf,i+1);
 13 | #define DO4(buf,i)  DO2(buf,i); DO2(buf,i+2);
 14 | #define DO8(buf,i)  DO4(buf,i); DO4(buf,i+4);
 15 | #define DO16(buf)   DO8(buf,0); DO8(buf,8);
 16 | 
 17 | uint32_t lzadler32(uint8_t *buf, int32_t len)
 18 | {
 19 |     unsigned long s1 = 1; // adler & 0xffff;
 20 |     unsigned long s2 = 0; // (adler >> 16) & 0xffff;
 21 |     int k;
 22 | 
 23 |     while (len > 0) {
 24 |         k = len < NMAX ? len : NMAX;
 25 |         len -= k;
 26 |         while (k >= 16) {
 27 |             DO16(buf);
 28 |             buf += 16;
 29 |             k -= 16;
 30 |         }
 31 |         if (k != 0) do {
 32 |             s1 += *buf++;
 33 |             s2 += s1;
 34 |         } while (--k);
 35 |         s1 %= BASE;
 36 |         s2 %= BASE;
 37 |     }
 38 |     return (s2 << 16) | s1;
 39 | }
 40 | 
 41 | 
 42 | 
 43 | /**************************************************************
 44 |  LZSS.C -- A Data Compression Program
 45 | ***************************************************************
 46 |     4/6/1989 Haruhiko Okumura
 47 |     Use, distribute, and modify this program freely.
 48 |     Please send me your improved versions.
 49 |         PC-VAN      SCIENCE
 50 |         NIFTY-Serve PAF01022
 51 |         CompuServe  74050,1022
 52 | 
 53 | **************************************************************/
 54 | 
 55 | #define N         4096  /* size of ring buffer - must be power of 2 */
 56 | #define F         18    /* upper limit for match_length */
 57 | #define THRESHOLD 2     /* encode string into position and length
 58 |                            if match_length is greater than this */
 59 | #define NIL       N     /* index for root of binary search trees */
 60 | 
 61 | struct encode_state {
 62 |     /*
 63 |      * left & right children & parent. These constitute binary search trees.
 64 |      */
 65 |     int lchild[N + 1], rchild[N + 257], parent[N + 1];
 66 | 
 67 |     /* ring buffer of size N, with extra F-1 bytes to aid string comparison */
 68 |     uint8_t text_buf[N + F - 1];
 69 | 
 70 |     /*
 71 |      * match_length of longest match.
 72 |      * These are set by the insert_node() procedure.
 73 |      */
 74 |     int match_position, match_length;
 75 | };
 76 | 
 77 | 
 78 | int
 79 | decompress_lzss(uint8_t *dst, uint8_t *src, uint32_t srclen)
 80 | {
 81 |     /* ring buffer of size N, with extra F-1 bytes to aid string comparison */
 82 |     uint8_t text_buf[N + F - 1];
 83 |     uint8_t *dststart = dst;
 84 |     uint8_t *srcend = src + srclen;
 85 |     int  i, j, k, r, c;
 86 |     unsigned int flags;
 87 |     
 88 |     dst = dststart;
 89 |     srcend = src + srclen;
 90 |     for (i = 0; i < N - F; i++)
 91 |         text_buf[i] = ' ';
 92 |     r = N - F;
 93 |     flags = 0;
 94 |     for ( ; ; ) {
 95 |         if (((flags >>= 1) & 0x100) == 0) {
 96 |             if (src < srcend) c = *src++; else break;
 97 |             flags = c | 0xFF00;  /* uses higher byte cleverly */
 98 |         }   /* to count eight */
 99 |         if (flags & 1) {
100 |             if (src < srcend) c = *src++; else break;
101 |             *dst++ = c;
102 |             text_buf[r++] = c;
103 |             r &= (N - 1);
104 |         } else {
105 |             if (src < srcend) i = *src++; else break;
106 |             if (src < srcend) j = *src++; else break;
107 |             i |= ((j & 0xF0) << 4);
108 |             j  =  (j & 0x0F) + THRESHOLD;
109 |             for (k = 0; k <= j; k++) {
110 |                 c = text_buf[(i + k) & (N - 1)];
111 |                 *dst++ = c;
112 |                 text_buf[r++] = c;
113 |                 r &= (N - 1);
114 |             }
115 |         }
116 |     }
117 |     
118 |     return dst - dststart;
119 | }
120 | 
121 | /*
122 |  * initialize state, mostly the trees
123 |  *
124 |  * For i = 0 to N - 1, rchild[i] and lchild[i] will be the right and left 
125 |  * children of node i.  These nodes need not be initialized.  Also, parent[i] 
126 |  * is the parent of node i.  These are initialized to NIL (= N), which stands 
127 |  * for 'not used.'  For i = 0 to 255, rchild[N + i + 1] is the root of the 
128 |  * tree for strings that begin with character i.  These are initialized to NIL. 
129 |  * Note there are 256 trees. */
130 | static void init_state(struct encode_state *sp)
131 | {
132 |     int  i;
133 | 
134 |     memset(sp, 0, sizeof(*sp));
135 | 
136 |     for (i = 0; i < N - F; i++)
137 |         sp->text_buf[i] = ' ';
138 |     for (i = N + 1; i <= N + 256; i++)
139 |         sp->rchild[i] = NIL;
140 |     for (i = 0; i < N; i++)
141 |         sp->parent[i] = NIL;
142 | }
143 | 
144 | /*
145 |  * Inserts string of length F, text_buf[r..r+F-1], into one of the trees
146 |  * (text_buf[r]'th tree) and returns the longest-match position and length
147 |  * via the global variables match_position and match_length.
148 |  * If match_length = F, then removes the old node in favor of the new one,
149 |  * because the old one will be deleted sooner. Note r plays double role,
150 |  * as tree node and position in buffer.
151 |  */
152 | static void insert_node(struct encode_state *sp, int r)
153 | {
154 |     int  i, p, cmp;
155 |     uint8_t  *key;
156 | 
157 |     cmp = 1;
158 |     key = &sp->text_buf[r];
159 |     p = N + 1 + key[0];
160 |     sp->rchild[r] = sp->lchild[r] = NIL;
161 |     sp->match_length = 0;
162 |     for ( ; ; ) {
163 |         if (cmp >= 0) {
164 |             if (sp->rchild[p] != NIL)
165 |                 p = sp->rchild[p];
166 |             else {
167 |                 sp->rchild[p] = r; 
168 |                 sp->parent[r] = p;
169 |                 return;
170 |             }
171 |         } else {
172 |             if (sp->lchild[p] != NIL)
173 |                 p = sp->lchild[p];
174 |             else {
175 |                 sp->lchild[p] = r;
176 |                 sp->parent[r] = p;
177 |                 return;
178 |             }
179 |         }
180 |         for (i = 1; i < F; i++) {
181 |             if ((cmp = key[i] - sp->text_buf[p + i]) != 0)
182 |                 break;
183 |         }
184 |         if (i > sp->match_length) {
185 |             sp->match_position = p;
186 |             if ((sp->match_length = i) >= F)
187 |                 break;
188 |         }
189 |     }
190 |     sp->parent[r] = sp->parent[p];
191 |     sp->lchild[r] = sp->lchild[p];
192 |     sp->rchild[r] = sp->rchild[p];
193 |     sp->parent[sp->lchild[p]] = r;
194 |     sp->parent[sp->rchild[p]] = r;
195 |     if (sp->rchild[sp->parent[p]] == p)
196 |         sp->rchild[sp->parent[p]] = r;
197 |     else
198 |         sp->lchild[sp->parent[p]] = r;
199 |     sp->parent[p] = NIL;  /* remove p */
200 | }
201 | 
202 | /* deletes node p from tree */
203 | static void delete_node(struct encode_state *sp, int p)
204 | {
205 |     int  q;
206 |     
207 |     if (sp->parent[p] == NIL)
208 |         return;  /* not in tree */
209 |     if (sp->rchild[p] == NIL)
210 |         q = sp->lchild[p];
211 |     else if (sp->lchild[p] == NIL)
212 |         q = sp->rchild[p];
213 |     else {
214 |         q = sp->lchild[p];
215 |         if (sp->rchild[q] != NIL) {
216 |             do {
217 |                 q = sp->rchild[q];
218 |             } while (sp->rchild[q] != NIL);
219 |             sp->rchild[sp->parent[q]] = sp->lchild[q];
220 |             sp->parent[sp->lchild[q]] = sp->parent[q];
221 |             sp->lchild[q] = sp->lchild[p];
222 |             sp->parent[sp->lchild[p]] = q;
223 |         }
224 |         sp->rchild[q] = sp->rchild[p];
225 |         sp->parent[sp->rchild[p]] = q;
226 |     }
227 |     sp->parent[q] = sp->parent[p];
228 |     if (sp->rchild[sp->parent[p]] == p)
229 |         sp->rchild[sp->parent[p]] = q;
230 |     else
231 |         sp->lchild[sp->parent[p]] = q;
232 |     sp->parent[p] = NIL;
233 | }
234 | 
235 | uint8_t *
236 | compress_lzss(uint8_t *dst, uint32_t dstlen, uint8_t *src, uint32_t srcLen)
237 | {
238 |     /* Encoding state, mostly tree but some current match stuff */
239 |     struct encode_state *sp;
240 | 
241 |     int  i, c, len, r, s, last_match_length, code_buf_ptr;
242 |     uint8_t code_buf[17], mask;
243 |     uint8_t *srcend = src + srcLen;
244 |     uint8_t *dstend = dst + dstlen;
245 | 
246 |     /* initialize trees */
247 |     sp = (struct encode_state *) malloc(sizeof(*sp));
248 |     init_state(sp);
249 | 
250 |     /*
251 |      * code_buf[1..16] saves eight units of code, and code_buf[0] works
252 |      * as eight flags, "1" representing that the unit is an unencoded
253 |      * letter (1 byte), "" a position-and-length pair (2 bytes).
254 |      * Thus, eight units require at most 16 bytes of code.
255 |      */
256 |     code_buf[0] = 0;
257 |     code_buf_ptr = mask = 1;
258 | 
259 |     /* Clear the buffer with any character that will appear often. */
260 |     s = 0;  r = N - F;
261 | 
262 |     /* Read F bytes into the last F bytes of the buffer */
263 |     for (len = 0; len < F && src < srcend; len++)
264 |         sp->text_buf[r + len] = *src++;  
265 |     if (!len) {
266 |         free(sp);
267 |         return (void *) 0;  /* text of size zero */
268 |     }
269 |     /*
270 |      * Insert the F strings, each of which begins with one or more
271 |      * 'space' characters.  Note the order in which these strings are
272 |      * inserted.  This way, degenerate trees will be less likely to occur.
273 |      */
274 |     for (i = 1; i <= F; i++)
275 |         insert_node(sp, r - i); 
276 | 
277 |     /*
278 |      * Finally, insert the whole string just read.
279 |      * The global variables match_length and match_position are set.
280 |      */
281 |     insert_node(sp, r);
282 |     do {
283 |         /* match_length may be spuriously long near the end of text. */
284 |         if (sp->match_length > len)
285 |             sp->match_length = len;
286 |         if (sp->match_length <= THRESHOLD) {
287 |             sp->match_length = 1;  /* Not long enough match.  Send one byte. */
288 |             code_buf[0] |= mask;  /* 'send one byte' flag */
289 |             code_buf[code_buf_ptr++] = sp->text_buf[r];  /* Send uncoded. */
290 |         } else {
291 |             /* Send position and length pair. Note match_length > THRESHOLD. */
292 |             code_buf[code_buf_ptr++] = (uint8_t) sp->match_position;
293 |             code_buf[code_buf_ptr++] = (uint8_t)
294 |                 ( ((sp->match_position >> 4) & 0xF0)
295 |                 |  (sp->match_length - (THRESHOLD + 1)) );
296 |         }
297 |         if ((mask <<= 1) == 0) {  /* Shift mask left one bit. */
298 |                 /* Send at most 8 units of code together */
299 |             for (i = 0; i < code_buf_ptr; i++)
300 |                 if (dst < dstend)
301 |                     *dst++ = code_buf[i]; 
302 |                 else {
303 |                     free(sp);
304 |                     return (void *) 0;
305 |                 }
306 |             code_buf[0] = 0;
307 |             code_buf_ptr = mask = 1;
308 |         }
309 |         last_match_length = sp->match_length;
310 |         for (i = 0; i < last_match_length && src < srcend; i++) {
311 |             delete_node(sp, s);    /* Delete old strings and */
312 |             c = *src++;
313 |             sp->text_buf[s] = c;    /* read new bytes */
314 | 
315 |             /*
316 |              * If the position is near the end of buffer, extend the buffer
317 |              * to make string comparison easier.
318 |              */
319 |             if (s < F - 1)
320 |                 sp->text_buf[s + N] = c;
321 | 
322 |             /* Since this is a ring buffer, increment the position modulo N. */
323 |             s = (s + 1) & (N - 1);
324 |             r = (r + 1) & (N - 1);
325 | 
326 |             /* Register the string in text_buf[r..r+F-1] */
327 |             insert_node(sp, r); 
328 |         }
329 |         while (i++ < last_match_length) {
330 |         delete_node(sp, s);
331 | 
332 |             /* After the end of text, no need to read, */
333 |             s = (s + 1) & (N - 1); 
334 |             r = (r + 1) & (N - 1);
335 |             /* but buffer may not be empty. */
336 |             if (--len)
337 |                 insert_node(sp, r);
338 |         }
339 |     } while (len > 0);   /* until length of string to be processed is zero */
340 | 
341 |     if (code_buf_ptr > 1) {    /* Send remaining code. */
342 |         for (i = 0; i < code_buf_ptr; i++)
343 |             if (dst < dstend)
344 |                 *dst++ = code_buf[i]; 
345 |             else {
346 |                 free(sp);
347 |                 return (void *) 0;
348 |             }
349 |     }
350 | 
351 |     free(sp);
352 |     return dst;
353 | }
354 | 


--------------------------------------------------------------------------------
/lzssfile.c:
--------------------------------------------------------------------------------
  1 | #include <stdlib.h>
  2 | #include <string.h>
  3 | 
  4 | #include "common.h"
  5 | #include "abstractfile.h"
  6 | #include "lzssfile.h"
  7 | #include "lzss.h"
  8 | #include "libxpwn.h"
  9 |  
 10 | void flipCompHeader(CompHeader* header) {
 11 | FLIPENDIAN(header->signature);
 12 | FLIPENDIAN(header->compression_type);
 13 | FLIPENDIAN(header->checksum);
 14 | FLIPENDIAN(header->length_uncompressed);
 15 | FLIPENDIAN(header->length_compressed);
 16 | }
 17 |  
 18 | size_t readComp(AbstractFile* file, void* data, size_t len) {
 19 | InfoComp* info = (InfoComp*) (file->data);
 20 | memcpy(data, (void*)((uint8_t*)info->buffer + (uint32_t)info->offset), len);
 21 | info->offset += (size_t)len;
 22 | return len;
 23 | }
 24 |  
 25 | size_t writeComp(AbstractFile* file, const void* data, size_t len) {
 26 | InfoComp* info = (InfoComp*) (file->data);
 27 |  
 28 | while((info->offset + (size_t)len) > info->header.length_uncompressed) {
 29 | info->header.length_uncompressed = info->offset + (size_t)len;
 30 | info->buffer = realloc(info->buffer, info->header.length_uncompressed);
 31 | }
 32 |  
 33 | memcpy((void*)((uint8_t*)info->buffer + (uint32_t)info->offset), data, len);
 34 | info->offset += (size_t)len;
 35 |  
 36 | info->dirty = TRUE;
 37 |  
 38 | return len;
 39 | }
 40 |  
 41 | int seekComp(AbstractFile* file, off_t offset) {
 42 | InfoComp* info = (InfoComp*) (file->data);
 43 | info->offset = (size_t)offset;
 44 | return 0;
 45 | }
 46 |  
 47 | off_t tellComp(AbstractFile* file) {
 48 | InfoComp* info = (InfoComp*) (file->data);
 49 | return (off_t)info->offset;
 50 | }
 51 |  
 52 | off_t getLengthComp(AbstractFile* file) {
 53 | InfoComp* info = (InfoComp*) (file->data);
 54 | return info->header.length_uncompressed;
 55 | }
 56 |  
 57 | void closeComp(AbstractFile* file) {
 58 | InfoComp* info = (InfoComp*) (file->data);
 59 | uint8_t *compressed;
 60 | if(info->dirty) {
 61 | info->header.checksum = lzadler32((uint8_t*)info->buffer, info->header.length_uncompressed);
 62 |  
 63 | compressed = malloc(info->header.length_uncompressed * 2);
 64 | info->header.length_compressed = (uint32_t)(compress_lzss(compressed, info->header.length_uncompressed * 2, info->buffer, info->header.length_uncompressed) - compressed);
 65 |  
 66 | info->file->seek(info->file, sizeof(info->header));
 67 | info->file->write(info->file, compressed, info->header.length_compressed);
 68 |  
 69 | free(compressed);
 70 |  
 71 | flipCompHeader(&(info->header));
 72 | info->file->seek(info->file, 0);
 73 | info->file->write(info->file, &(info->header), sizeof(info->header));
 74 | }
 75 |  
 76 | free(info->buffer);
 77 | info->file->close(info->file);
 78 | free(info);
 79 | free(file);
 80 | }
 81 |  
 82 |  
 83 | AbstractFile* createAbstractFileFromComp(AbstractFile* file) {
 84 | InfoComp* info;
 85 | AbstractFile* toReturn;
 86 | uint8_t *compressed;
 87 |  
 88 | if(!file) {
 89 | return NULL;
 90 | }
 91 |  
 92 | info = (InfoComp*) malloc(sizeof(InfoComp));
 93 | info->file = file;
 94 | file->seek(file, 0);
 95 | file->read(file, &(info->header), sizeof(info->header));
 96 | flipCompHeader(&(info->header));
 97 | if(info->header.signature != COMP_SIGNATURE) {
 98 | free(info);
 99 | return NULL;
100 | }
101 |  
102 | if(info->header.compression_type != LZSS_SIGNATURE) {
103 | free(info);
104 | return NULL;
105 | }
106 |  
107 | info->buffer = malloc(info->header.length_uncompressed);
108 | compressed = malloc(info->header.length_compressed);
109 | file->read(file, compressed, info->header.length_compressed);
110 |  
111 | uint32_t real_uncompressed = decompress_lzss(info->buffer, compressed, info->header.length_compressed);
112 | real_uncompressed = info->header.length_uncompressed;
113 | if(real_uncompressed != info->header.length_uncompressed) {
114 | XLOG(5, "mismatch: %d %d %d %x %x\n", info->header.length_compressed, real_uncompressed, info->header.length_uncompressed, compressed[info->header.length_compressed - 2], compressed[info->header.length_compressed - 1]);
115 | free(compressed);
116 | free(info);
117 | return NULL;
118 | }
119 |  
120 | XLOG(5, "match: %d %d %d %x %x\n", info->header.length_compressed, real_uncompressed, info->header.length_uncompressed, compressed[info->header.length_compressed - 2], compressed[info->header.length_compressed - 1]);
121 |  
122 | free(compressed);
123 |  
124 | info->dirty = FALSE;
125 |  
126 | info->offset = 0;
127 |  
128 | toReturn = (AbstractFile*) malloc(sizeof(AbstractFile));
129 | toReturn->data = info;
130 | toReturn->read = readComp;
131 | toReturn->write = writeComp;
132 | toReturn->seek = seekComp;
133 | toReturn->tell = tellComp;
134 | toReturn->getLength = getLengthComp;
135 | toReturn->close = closeComp;
136 | toReturn->type = AbstractFileTypeLZSS;
137 |  
138 | return toReturn;
139 | }
140 |  
141 | AbstractFile* duplicateCompFile(AbstractFile* file, AbstractFile* backing) {
142 | InfoComp* info;
143 | AbstractFile* toReturn;
144 |  
145 | if(!file) {
146 | return NULL;
147 | }
148 |  
149 | info = (InfoComp*) malloc(sizeof(InfoComp));
150 | memcpy(info, file->data, sizeof(InfoComp));
151 |  
152 | info->file = backing;
153 | info->buffer = malloc(1);
154 | info->header.length_uncompressed = 0;
155 | info->dirty = TRUE;
156 | info->offset = 0;
157 |  
158 | toReturn = (AbstractFile*) malloc(sizeof(AbstractFile));
159 | toReturn->data = info;
160 | toReturn->read = readComp;
161 | toReturn->write = writeComp;
162 | toReturn->seek = seekComp;
163 | toReturn->tell = tellComp;
164 | toReturn->getLength = getLengthComp;
165 | toReturn->close = closeComp;
166 | toReturn->type = AbstractFileTypeLZSS;
167 |  
168 | return toReturn;
169 | }
170 |  


--------------------------------------------------------------------------------
/nor_files.c:
--------------------------------------------------------------------------------
  1 | #include "common.h"
  2 | #include "8900.h"
  3 | #include "img2.h"
  4 | #include "img3.h"
  5 | #include "lzssfile.h"
  6 | #include "ibootim.h"
  7 | 
  8 | AbstractFile* openAbstractFile(AbstractFile* file) {
  9 | 	uint32_t signatureBE;
 10 | 	uint32_t signatureLE;
 11 | 
 12 | 	if(!file)
 13 | 		return NULL;
 14 | 	
 15 | 	file->seek(file, 0);
 16 | 	file->read(file, &signatureBE, sizeof(signatureBE));
 17 | 	signatureLE = signatureBE;
 18 | 	FLIPENDIAN(signatureBE);
 19 | 	FLIPENDIANLE(signatureLE);
 20 | 	file->seek(file, 0);
 21 | 
 22 | 	if(signatureLE == IMG2_SIGNATURE) {
 23 | 		return openAbstractFile(createAbstractFileFromImg2(file));
 24 | 	} else if(signatureLE == IMG3_SIGNATURE) {
 25 | 		return openAbstractFile(createAbstractFileFromImg3(file));
 26 | 	} else if(signatureBE == COMP_SIGNATURE) {
 27 | 		return openAbstractFile(createAbstractFileFromComp(file));
 28 | 	} else {
 29 | 		return file;
 30 | 	}
 31 | }
 32 | 
 33 | AbstractFile* duplicateAbstractFile(AbstractFile* file, AbstractFile* backing) {
 34 | 	uint32_t signatureBE;
 35 | 	uint32_t signatureLE;
 36 | 	AbstractFile* orig;
 37 | 
 38 | 	if (!backing) { /* imagine that: createAbstractFileFromComp() fails, because of decompress_lzss() */
 39 | 		return NULL;
 40 | 	}
 41 | 	
 42 | 	file->seek(file, 0);
 43 | 	file->read(file, &signatureBE, sizeof(signatureBE));
 44 | 	signatureLE = signatureBE;
 45 | 	FLIPENDIAN(signatureBE);
 46 | 	FLIPENDIANLE(signatureLE);
 47 | 	file->seek(file, 0);
 48 | 	
 49 | 	if(signatureLE == IMG2_SIGNATURE) {
 50 | 		orig = createAbstractFileFromImg2(file);
 51 | 		return duplicateAbstractFile(orig, duplicateImg2File(orig, backing));
 52 | 	} else if(signatureLE == IMG3_SIGNATURE) {
 53 | 		orig = createAbstractFileFromImg3(file);
 54 | 		return duplicateAbstractFile(orig, duplicateImg3File(orig, backing));
 55 | 	} else if(signatureBE == COMP_SIGNATURE) {
 56 | 		orig = createAbstractFileFromComp(file);
 57 | 		return duplicateAbstractFile(orig, duplicateCompFile(orig, backing));
 58 | 	} else {
 59 | 		file->close(file);
 60 | 		return backing;
 61 | 	}
 62 | }
 63 | 
 64 | AbstractFile* openAbstractFile3(AbstractFile* file, const unsigned int* key, const unsigned int* iv, int layers) {
 65 | 	uint32_t signatureBE;
 66 | 	uint32_t signatureLE;
 67 | 
 68 | 	if(!file)
 69 | 		return NULL;
 70 | 	
 71 | 	file->seek(file, 0);
 72 | 	file->read(file, &signatureBE, sizeof(signatureBE));
 73 | 	signatureLE = signatureBE;
 74 | 	FLIPENDIAN(signatureBE);
 75 | 	FLIPENDIANLE(signatureLE);
 76 | 	file->seek(file, 0);
 77 | 
 78 | 	AbstractFile* cur;
 79 | 	if(signatureLE == IMG2_SIGNATURE) {
 80 | 		cur = createAbstractFileFromImg2(file);
 81 | 	} else if(signatureLE == IMG3_SIGNATURE) {
 82 | 		AbstractFile2* img3 = (AbstractFile2*) createAbstractFileFromImg3(file);
 83 | 		if(key && iv)
 84 | 			img3->setKey(img3, key, iv);
 85 | 		cur = (AbstractFile*) img3;
 86 | 		key = NULL;
 87 | 		iv = NULL;
 88 | 	} else if(signatureBE == COMP_SIGNATURE) {
 89 | 		cur = createAbstractFileFromComp(file);
 90 | 		key = NULL;
 91 | 		iv = NULL;
 92 | 	} else {
 93 | 		return file;
 94 | 	}
 95 | 
 96 | 	if(layers < 0 || layers > 0)	
 97 | 		return openAbstractFile3(cur, key, iv, layers - 1);
 98 | 	else
 99 | 		return cur;
100 | }
101 | 
102 | AbstractFile* openAbstractFile2(AbstractFile* file, const unsigned int* key, const unsigned int* iv) {
103 | 	return openAbstractFile3(file, key, iv, -1);
104 | }
105 | 
106 | AbstractFile* duplicateAbstractFile2(AbstractFile* file, AbstractFile* backing, const unsigned int* key, const unsigned int* iv, AbstractFile* certificate) {
107 | 	uint32_t signatureBE;
108 | 	uint32_t signatureLE;
109 | 	AbstractFile* orig;
110 | 	AbstractFile* newFile;
111 | 	
112 | 	file->seek(file, 0);
113 | 	file->read(file, &signatureBE, sizeof(signatureBE));
114 | 	signatureLE = signatureBE;
115 | 	FLIPENDIAN(signatureBE);
116 | 	FLIPENDIANLE(signatureLE);
117 | 	file->seek(file, 0);
118 | 	
119 | 	if(signatureLE == IMG2_SIGNATURE) {
120 | 		orig = createAbstractFileFromImg2(file);
121 | 		return duplicateAbstractFile(orig, duplicateImg2File(orig, backing));
122 | 	} else if(signatureLE == IMG3_SIGNATURE) {
123 | 		AbstractFile2* img3 = (AbstractFile2*) createAbstractFileFromImg3(file);
124 | 		if(key != NULL)
125 | 			img3->setKey(img3, key, iv);
126 | 
127 | 		AbstractFile2* newFile = (AbstractFile2*) duplicateImg3File((AbstractFile*) img3, backing);
128 | 		if(key != NULL)
129 | 			img3->setKey(newFile, key, iv);
130 | 
131 | 		if(certificate != NULL)
132 | 			replaceCertificateImg3((AbstractFile*) newFile, certificate);
133 | 		return duplicateAbstractFile((AbstractFile*) img3, (AbstractFile*) newFile);
134 | 	} else if(signatureBE == COMP_SIGNATURE) {
135 | 		orig = createAbstractFileFromComp(file);
136 | 		return duplicateAbstractFile(orig, duplicateCompFile(orig, backing));
137 | 	} else {
138 | 		file->close(file);
139 | 		return backing;
140 | 	}
141 | }
142 | 
143 | 
144 | void replaceCertificateAbstractFile(AbstractFile* file, AbstractFile* certificate) {
145 | 	uint32_t signatureBE;
146 | 	uint32_t signatureLE;
147 | 	AbstractFile* f;
148 | 	
149 | 	file->seek(file, 0);
150 | 	file->read(file, &signatureBE, sizeof(signatureBE));
151 | 	signatureLE = signatureBE;
152 | 	FLIPENDIAN(signatureBE);
153 | 	FLIPENDIANLE(signatureLE);
154 | 	file->seek(file, 0);
155 | 
156 | 	if(signatureLE == IMG3_SIGNATURE) {
157 | 		f = createAbstractFileFromImg3(file);
158 | 		replaceCertificateImg3(f, certificate);
159 | 		f->close(f);
160 | 	}
161 | }
162 | 
163 | 


--------------------------------------------------------------------------------
/xpwntool.c:
--------------------------------------------------------------------------------
  1 | #include <stdio.h>
  2 | #include <string.h>
  3 | 
  4 | #include "libxpwn.h"
  5 | #include "nor_files.h"
  6 | 
  7 | #define BUFFERSIZE (1024*1024)
  8 | 
  9 | int main(int argc, char* argv[]) {
 10 | 	char* inData;
 11 | 	size_t inDataSize;
 12 | 	init_libxpwn(&argc, argv);
 13 | 
 14 | 	if(argc < 3) {
 15 | 		printf("usage: %s <infile> <outfile> [-t <template> [-c <certificate>]] [-k <key>] [-iv <key>] [-decrypt]\n", argv[0]);
 16 | 		return 0;
 17 | 	}
 18 | 
 19 | 	AbstractFile* template = NULL;
 20 | 	AbstractFile* certificate = NULL;
 21 | 	unsigned int* key = NULL;
 22 | 	unsigned int* iv = NULL;
 23 | 	int hasKey = FALSE;
 24 | 	int hasIV = FALSE;
 25 | 	int doDecrypt = FALSE;
 26 | 
 27 | 	int argNo = 3;
 28 | 	while(argNo < argc) {
 29 | 		if(strcmp(argv[argNo], "-t") == 0 && (argNo + 1) < argc) {
 30 | 			template = createAbstractFileFromFile(fopen(argv[argNo + 1], "rb"));
 31 | 			if(!template) {
 32 | 				fprintf(stderr, "error: cannot open template\n");
 33 | 				return 1;
 34 | 			}
 35 | 		}
 36 | 
 37 | 		if(strcmp(argv[argNo], "-decrypt") == 0) {
 38 | 			doDecrypt = TRUE;
 39 | 			template = createAbstractFileFromFile(fopen(argv[1], "rb"));
 40 | 			if(!template) {
 41 | 				fprintf(stderr, "error: cannot open template\n");
 42 | 				return 1;
 43 | 			}
 44 | 		}
 45 | 
 46 | 		if(strcmp(argv[argNo], "-c") == 0 && (argNo + 1) < argc) {
 47 | 			certificate = createAbstractFileFromFile(fopen(argv[argNo + 1], "rb"));
 48 | 			if(!certificate) {
 49 | 				fprintf(stderr, "error: cannot open template\n");
 50 | 				return 1;
 51 | 			}
 52 | 		}
 53 | 
 54 | 		if(strcmp(argv[argNo], "-k") == 0 && (argNo + 1) < argc) {
 55 | 			size_t bytes;
 56 | 			hexToInts(argv[argNo + 1], &key, &bytes);
 57 | 			hasKey = TRUE;
 58 | 		}
 59 | 
 60 | 		if(strcmp(argv[argNo], "-iv") == 0 && (argNo + 1) < argc) {
 61 | 			size_t bytes;
 62 | 			hexToInts(argv[argNo + 1], &iv, &bytes);
 63 | 			hasIV = TRUE;
 64 | 			/* catch common error to write -i instead of -iv */
 65 | 		} else if(strcmp(argv[argNo], "-i") == 0 && (argNo + 1) < argc) {
 66 | 			size_t bytes;
 67 | 			hexToInts(argv[argNo + 1], &iv, &bytes);
 68 | 			hasIV = TRUE;
 69 | 		}
 70 | 
 71 | 		argNo++;
 72 | 	}
 73 | 
 74 | 	AbstractFile* inFile;
 75 | 	if(doDecrypt) {
 76 | 		if(hasKey) {
 77 | 			inFile = openAbstractFile3(createAbstractFileFromFile(fopen(argv[1], "rb")), key, iv, 0);
 78 | 		} else {
 79 | 			inFile = openAbstractFile3(createAbstractFileFromFile(fopen(argv[1], "rb")), NULL, NULL, 0);
 80 | 		}
 81 | 	} else {
 82 | 		if(hasKey) {
 83 | 			inFile = openAbstractFile2(createAbstractFileFromFile(fopen(argv[1], "rb")), key, iv);
 84 | 		} else {
 85 | 			inFile = openAbstractFile(createAbstractFileFromFile(fopen(argv[1], "rb")));
 86 | 		}
 87 | 	}
 88 | 	if(!inFile) {
 89 | 		fprintf(stderr, "error: cannot open infile\n");
 90 | 		return 2;
 91 | 	}
 92 | 
 93 | 	AbstractFile* outFile = createAbstractFileFromFile(fopen(argv[2], "wb"));
 94 | 	if(!outFile) {
 95 | 		fprintf(stderr, "error: cannot open outfile\n");
 96 | 		return 3;
 97 | 	}
 98 | 
 99 | 
100 | 	AbstractFile* newFile;
101 | 
102 | 	if(template) {
103 | 		if(hasKey && !doDecrypt) {
104 | 			newFile = duplicateAbstractFile2(template, outFile, key, iv, certificate);
105 | 		} else {
106 | 			newFile = duplicateAbstractFile2(template, outFile, NULL, NULL, certificate);
107 | 		}
108 | 		if(!newFile) {
109 | 			fprintf(stderr, "error: cannot duplicate file from provided template\n");
110 | 			return 4;
111 | 		}
112 | 	} else {
113 | 		newFile = outFile;
114 | 	}
115 | 
116 | 	if(hasKey && !doDecrypt) {
117 | 		if(newFile->type == AbstractFileTypeImg3) {
118 | 			AbstractFile2* abstractFile2 = (AbstractFile2*) newFile;
119 | 			abstractFile2->setKey(abstractFile2, key, iv);
120 | 		}
121 | 	}
122 | 
123 | 	inDataSize = (size_t) inFile->getLength(inFile);
124 | 	inData = (char*) malloc(inDataSize);
125 | 	inFile->read(inFile, inData, inDataSize);
126 | 	inFile->close(inFile);
127 | 
128 | 	newFile->write(newFile, inData, inDataSize);
129 | 	newFile->close(newFile);
130 | 
131 | 	free(inData);
132 | 
133 | 	if(key)
134 | 		free(key);
135 | 
136 | 	if(iv)
137 | 		free(iv);
138 | 
139 | 	return 0;
140 | }
141 | 
142 | 


--------------------------------------------------------------------------------