Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
P
p0sixspwn_limd
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Container Registry
Model registry
Operate
Environments
Monitor
Incidents
Service Desk
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Projects in Disarray
Apple
p0sixspwn_limd
Commits
0f99a693
Unverified
Commit
0f99a693
authored
6 years ago
by
Spotlight Deveaux
Browse files
Options
Downloads
Patches
Plain Diff
manually send plist
parent
e24faeea
No related branches found
No related tags found
No related merge requests found
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
Makefile
+3
-1
3 additions, 1 deletion
Makefile
mobile_inject.c
+53
-56
53 additions, 56 deletions
mobile_inject.c
with
56 additions
and
57 deletions
Makefile
+
3
−
1
View file @
0f99a693
...
@@ -7,8 +7,10 @@ CFILES = mobile_inject.c
...
@@ -7,8 +7,10 @@ CFILES = mobile_inject.c
# include $(MAKEFILEPATH)/CoreOS/ReleaseControl/BSDCommon.make
# include $(MAKEFILEPATH)/CoreOS/ReleaseControl/BSDCommon.make
mobile_inject
:
mobile_inject.c
mobile_inject
:
mobile_inject.c
$(
CC
)
-o
mobile_inject mobile_inject.c
-Wall
-dead_strip
-limobiledevice
-lplist
$(
CC
)
-o
mobile_inject mobile_inject.c
-Wall
-limobiledevice
-lplist
clean
:
rm
mobile_inject
# after_install:
# after_install:
...
...
This diff is collapsed.
Click to expand it.
mobile_inject.c
+
53
−
56
View file @
0f99a693
...
@@ -10,9 +10,9 @@
...
@@ -10,9 +10,9 @@
#include
<libimobiledevice/libimobiledevice.h>
#include
<libimobiledevice/libimobiledevice.h>
#include
<libimobiledevice/lockdown.h>
#include
<libimobiledevice/lockdown.h>
#include
<libimobiledevice/afc.h>
#include
<libimobiledevice/afc.h>
#include
<libimobiledevice/
mobile_image_mounter
.h>
#include
<libimobiledevice/
property_list_service
.h>
static
char
*
real_dmg
,
*
real_dmg_signature
,
*
ddi
_dmg
;
static
char
*
real_dmg
,
*
real_dmg_signature
,
*
root
_dmg
;
int
timesl
;
int
timesl
;
// Taken from
// Taken from
...
@@ -75,17 +75,18 @@ Retry: {}
...
@@ -75,17 +75,18 @@ Retry: {}
// Now we create the directory to mount our DMGs.
// Now we create the directory to mount our DMGs.
assert
(
!
afc_make_directory
(
afc_client
,
"PublicStaging"
));
assert
(
!
afc_make_directory
(
afc_client
,
"PublicStaging"
));
afc_remove_path
(
afc_client
,
"PublicStaging/staging.dimage"
);
afc_remove_path
(
afc_client
,
"PublicStaging/staging.dimage"
);
afc_remove_path
(
afc_client
,
"PublicStaging/root.dimage"
);
qwrite
(
afc_client
,
real_dmg
,
"PublicStaging/staging.dimage"
);
qwrite
(
afc_client
,
real_dmg
,
"PublicStaging/staging.dimage"
);
qwrite
(
afc_client
,
ddi
_dmg
,
"PublicStaging/
ddi
.dimage"
);
qwrite
(
afc_client
,
root
_dmg
,
"PublicStaging/
root
.dimage"
);
// Ask to start up the image mounting daemon.
// Ask to start up the image mounting daemon.
printf
(
"Asking to mount DMGs...
\n
"
);
printf
(
"Asking to mount DMGs...
\n
"
);
mobile_image_mounter_client_t
mim_client
=
0
;
// Shortly here we'll be sending plists.
property_list_service_client_t
mim_client
=
0
;
lockdownd_service_descriptor_t
mim_descriptor
=
0
;
lockdownd_service_descriptor_t
mim_descriptor
=
0
;
assert
(
!
lockdownd_start_service
(
lockdown_client
,
"com.apple.mobile.mobile_image_mounter"
,
&
mim_descriptor
));
assert
(
!
lockdownd_start_service
(
lockdown_client
,
"com.apple.mobile.mobile_image_mounter"
,
&
mim_descriptor
));
assert
(
!
mobile_image_mounter_new
(
dev
,
mim_descriptor
,
&
mim_client
));
assert
(
!
property_list_service_client_new
(
dev
,
mim_descriptor
,
&
mim_client
));
// Get real DMG signature
// Get real DMG signature
int
fd
=
open
(
real_dmg_signature
,
O_RDONLY
);
int
fd
=
open
(
real_dmg_signature
,
O_RDONLY
);
assert
(
fd
!=
-
1
);
assert
(
fd
!=
-
1
);
...
@@ -93,73 +94,69 @@ Retry: {}
...
@@ -93,73 +94,69 @@ Retry: {}
assert
(
read
(
fd
,
sig
,
sizeof
(
sig
))
==
sizeof
(
sig
));
assert
(
read
(
fd
,
sig
,
sizeof
(
sig
))
==
sizeof
(
sig
));
close
(
fd
);
close
(
fd
);
// Formulate mount request
plist_t
mount_request_dict
=
plist_new_dict
();
plist_dict_set_item
(
mount_request_dict
,
"Command"
,
plist_new_string
(
"MountImage"
));
plist_dict_set_item
(
mount_request_dict
,
"ImagePath"
,
plist_new_string
(
"/var/mobile/Media/PublicStaging/staging.dimage"
));
plist_dict_set_item
(
mount_request_dict
,
"ImageType"
,
plist_new_string
(
"Developer"
));
printf
(
"%s
\n
"
,
(
const
char
*
)
sig
);
plist_dict_set_item
(
mount_request_dict
,
"ImageSignature"
,
plist_new_data
((
const
char
*
)
sig
,
sizeof
(
sig
)));
print_xml
(
mount_request_dict
);
property_list_service_error_t
plist_send_err
=
property_list_service_send_xml_plist
(
mim_client
,
mount_request_dict
);
if
(
plist_send_err
!=
PROPERTY_LIST_SERVICE_E_SUCCESS
)
{
printf
(
"Failed sending mount request: %d
\n
"
,
plist_send_err
);
return
;
}
plist_free
(
mount_request_dict
);
printf
(
"Waiting %dms for lockdownd...
\n
"
,
timesl
);
usleep
(
timesl
);
printf
(
"Switching DMG signatures...
\n
"
);
assert
(
!
afc_rename_path
(
afc_client
,
"PublicStaging/root.dimage"
,
"PublicStaging/staging.dimage"
));
printf
(
"Reading response from lockdownd...
\n
"
);
plist_t
mount_result_dict
=
0
;
plist_t
mount_result_dict
=
0
;
mobile_image_mounter_error_t
mim_err
=
mobile_image_mounter_mount_image
(
mim_client
,
"/var/mobile/Media/PublicStaging/staging.dimage"
,
(
const
char
*
)
sig
,
sizeof
(
sig
),
"Developer"
,
&
mount_result_dict
);
property_list_service_error_t
plist_recv_err
=
property_list_service_receive_plist
(
mim_client
,
&
mount_result_dict
);
if
(
plist_recv_err
!=
PROPERTY_LIST_SERVICE_E_SUCCESS
)
{
printf
(
"Failed reading mount request response: %d
\n
"
,
plist_recv_err
);
return
;
}
// The following is heavily adapted from
// https://github.com/libimobiledevice/libimobiledevice/blob/00f8e5733f716da8032606566eac7a9e2e49514d/tools/ideviceimagemounter.c#L373-L430
char
*
status
=
NULL
;
char
*
status
=
NULL
;
if
(
mim_err
==
MOBILE_IMAGE_MOUNTER_E_SUCCESS
)
{
if
(
mount_result_dict
)
{
if
(
mount_result_dict
)
{
plist_t
node
=
plist_dict_get_item
(
mount_result_dict
,
"Status"
);
plist_t
node
=
plist_dict_get_item
(
mount_result_dict
,
"Status"
);
if
(
node
)
{
if
(
node
)
{
plist_get_string_val
(
node
,
&
status
);
plist_get_string_val
(
node
,
&
status
);
if
(
status
)
{
if
(
!
status
)
{
if
(
!
strcmp
(
status
,
"Complete"
))
{
printf
(
"Error: Seems like the status given wasn't a string:
\n
"
);
printf
(
"Done.
\n
"
);
}
else
{
printf
(
"unexpected status value:
\n
"
);
print_xml
(
mount_result_dict
);
return
;
}
}
else
{
printf
(
"unexpected result:
\n
"
);
print_xml
(
mount_result_dict
);
print_xml
(
mount_result_dict
);
return
;
return
;
}
}
}
}
else
{
node
=
plist_dict_get_item
(
mount_result_dict
,
"Error"
);
printf
(
"Error: Doesn't seem there was any status given:
\n
"
);
if
(
node
)
{
print_xml
(
mount_result_dict
);
char
*
error
=
NULL
;
status
=
""
;
plist_get_string_val
(
node
,
&
error
);
if
(
error
)
{
printf
(
"Error: %s
\n
"
,
error
);
}
else
{
printf
(
"unexpected result:
\n
"
);
print_xml
(
mount_result_dict
);
return
;
}
}
else
{
print_xml
(
mount_result_dict
);
}
}
}
}
else
{
}
else
{
printf
(
"
Failed to mount faux staging image: %d
\n
"
,
err
);
printf
(
"
Error: Doesn't seem we got any response whatsoever...
\n
"
);
return
;
return
;
}
}
mobile_image_mounter_hangup
(
mim_client
);
mobile_image_mounter_free
(
mim_client
);
// Wait for lockdownd to handle mounting internally.
usleep
(
timesl
);
printf
(
"Switching DMG signatures...
\n
"
);
assert
(
!
afc_rename_path
(
afc_client
,
"PublicStaging/ddi.dimage"
,
"PublicStaging/staging.dimage"
));
// At this point, we know it was mounted succesfully.
// At this point, we know it was mounted succesfully.
if
(
!
strcmp
(
status
,
"Complete"
))
{
if
(
!
strcmp
(
status
,
"Complete"
))
{
lockdownd_service_descriptor_t
helper_socket
=
0
;
lockdownd_service_descriptor_t
helper_socket
=
0
;
sleep
(
2
);
sleep
(
2
);
printf
(
"Image mounted, running helper...
\n
"
);
printf
(
"Image mounted, running helper...
\n
"
);
err
=
lockdownd_start_service
(
lockdown_client
,
"CopyIt"
,
&
helper_socket
);
err
=
lockdownd_start_service
(
lockdown_client
,
"CopyIt"
,
&
helper_socket
);
if
(
err
!=
LOCKDOWN_E_SUCCESS
)
{
if
(
err
!=
LOCKDOWN_E_SUCCESS
)
{
printf
(
"Failed to start helper service: %d
\n
"
,
err
);
printf
(
"Failed to start helper service: %d
\n
"
,
err
);
return
;
return
;
}
}
assert
(
!
fcntl
(
helper_socket
,
F_SETFL
,
O_NONBLOCK
));
assert
(
!
fcntl
(
helper_socket
,
F_SETFL
,
O_NONBLOCK
));
assert
(
!
fcntl
(
0
,
F_SETFL
,
O_NONBLOCK
));
assert
(
!
fcntl
(
0
,
F_SETFL
,
O_NONBLOCK
));
}
else
{
}
else
{
printf
(
"Failed to inject image, trying again... (if it fails, try a different time), delay ... %dus
\n
"
,
timesl
);
printf
(
"Failed to inject image, trying again... (if it fails, try a different time), delay ... %dus
\n
"
,
timesl
);
timesl
+=
1000
;
timesl
+=
1000
;
goto
Retry
;
goto
Retry
;
...
@@ -178,7 +175,7 @@ int main(int argc, char **argv)
...
@@ -178,7 +175,7 @@ int main(int argc, char **argv)
real_dmg
=
argv
[
1
];
real_dmg
=
argv
[
1
];
real_dmg_signature
=
argv
[
2
];
real_dmg_signature
=
argv
[
2
];
ddi
_dmg
=
argv
[
3
];
root
_dmg
=
argv
[
3
];
assert
(
!
idevice_event_subscribe
(
cb
,
NULL
));
assert
(
!
idevice_event_subscribe
(
cb
,
NULL
));
// I guess loop
// I guess loop
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
