Cryptex testing

tsschecker/tss.c

@@ -108,7 +108,7 @@ int tss_request_add_local_policy_tags(plist_t request, plist_t parameters)
     _plist_dict_copy_uint(request, parameters, "ApChipID", NULL);
     _plist_dict_copy_uint(request, parameters, "ApBoardID", NULL);
     _plist_dict_copy_uint(request, parameters, "ApSecurityDomain", NULL);
-    _plist_dict_copy_data(request, parameters, "ApNonce", NULL);
+//    _plist_dict_copy_data(request, parameters, "ApNonce", NULL);
 
     if (!plist_dict_get_item(request, "ApSecurityMode")) {
         /* copy from parameters if available */
@@ -137,7 +137,7 @@ int tss_parameters_add_from_manifest(plist_t parameters, plist_t build_identity,
         return -1;
     }
 
-    _plist_dict_copy_string(parameters, build_identity, "Ap,OSLongVersion", NULL);
+//    _plist_dict_copy_string(parameters, build_identity, "Ap,OSLongVersion", NULL);
 
     if (_plist_dict_copy_uint(parameters, build_identity, "ApChipID", NULL) < 0) {;
         tsserror("ERROR: Unable to find ApChipID node\n");
@@ -212,7 +212,7 @@ int tss_parameters_add_from_manifest(plist_t parameters, plist_t build_identity,
     _plist_dict_copy_uint(parameters, build_identity, "eUICC,ChipID", NULL);
 
     _plist_dict_copy_uint(parameters, build_identity, "NeRDEpoch", NULL);
-    _plist_dict_copy_data(parameters, build_identity, "PearlCertificationRootPub", NULL);
+//    _plist_dict_copy_data(parameters, build_identity, "PearlCertificationRootPub", NULL);
 
     _plist_dict_copy_uint(parameters, build_identity, "Timer,BoardID,1", NULL);
     _plist_dict_copy_uint(parameters, build_identity, "Timer,BoardID,2", NULL);
@@ -267,10 +267,10 @@ int tss_request_add_ap_img4_tags(plist_t request, plist_t parameters)
 
     _plist_dict_copy_string(request, parameters, "Ap,OSLongVersion", NULL);
 
-    if (plist_dict_get_item(parameters, "ApNonce") && _plist_dict_copy_data(request, parameters, "ApNonce", NULL) < 0) {
-        tsserror("ERROR: Unable to find required ApNonce in parameters\n");
-        return -1;
-    }
+//    if (plist_dict_get_item(parameters, "ApNonce") && _plist_dict_copy_data(request, parameters, "ApNonce", NULL) < 0) {
+//        tsserror("ERROR: Unable to find required ApNonce in parameters\n");
+//        return -1;
+//    }
 
     plist_dict_set_item(request, "@ApImg4Ticket", plist_new_bool(1));
 
@@ -289,9 +289,9 @@ int tss_request_add_ap_img4_tags(plist_t request, plist_t parameters)
         }
     }
 
-    _plist_dict_copy_data(request, parameters, "SepNonce", "ApSepNonce");
+//    _plist_dict_copy_data(request, parameters, "SepNonce", "ApSepNonce");
     _plist_dict_copy_uint(request, parameters, "NeRDEpoch", NULL);
-    _plist_dict_copy_data(request, parameters, "PearlCertificationRootPub", NULL);
+//    _plist_dict_copy_data(request, parameters, "PearlCertificationRootPub", NULL);
 
     if (plist_dict_get_item(parameters, "UID_MODE")) {
         _plist_dict_copy_item(request, parameters, "UID_MODE", NULL);
@@ -347,7 +347,7 @@ int tss_request_add_ap_img3_tags(plist_t request, plist_t parameters)
 int tss_request_add_common_tags(plist_t request, plist_t parameters, plist_t overrides)
 {
     _plist_dict_copy_uint(request, parameters, "ApECID", NULL);
-    _plist_dict_copy_data(request, parameters, "UniqueBuildID", NULL);
+//    _plist_dict_copy_data(request, parameters, "UniqueBuildID", NULL);
     _plist_dict_copy_uint(request, parameters, "ApChipID", NULL);
     _plist_dict_copy_uint(request, parameters, "ApBoardID", NULL);
     _plist_dict_copy_uint(request, parameters, "ApSecurityDomain", NULL);
@@ -635,6 +635,11 @@ int tss_request_add_ap_tags(plist_t request, plist_t parameters, plist_t overrid
             return -1;
         }
 
+        if ((strstr(key, "Cryptex") == 0)) {
+            info("1337: %s\n", key);
+            continue;
+        }
+
         /* do not populate BaseBandFirmware, only in baseband request */
         if ((strcmp(key, "BasebandFirmware") == 0)) {
             continue;
@@ -692,11 +697,11 @@ int tss_request_add_ap_tags(plist_t request, plist_t parameters, plist_t overrid
         plist_dict_remove_item(tss_entry, "Info");
 
         /* handle RestoreRequestRules */
-        plist_t rules = plist_access_path(manifest_entry, 2, "Info", "RestoreRequestRules");
-        if (rules) {
-            debug("DEBUG: Applying restore request rules for entry %s\n", key);
-            tss_entry_apply_restore_request_rules(tss_entry, parameters, rules);
-        }
+//        plist_t rules = plist_access_path(manifest_entry, 2, "Info", "RestoreRequestRules");
+//        if (rules) {
+//            debug("DEBUG: Applying restore request rules for entry %s\n", key);
+//            tss_entry_apply_restore_request_rules(tss_entry, parameters, rules);
+//        }
 
         /* Make sure we have a Digest key for Trusted items even if empty */
         if (_plist_dict_get_bool(manifest_entry, "Trusted") && !plist_dict_get_item(manifest_entry, "Digest")) {

tsschecker/tsschecker.c

@@ -900,6 +900,7 @@ void getRandNum(char *dst, size_t size, int base){
 
 #pragma mark tss functions
 int tss_populate_devicevals(plist_t tssreq, uint64_t ecid, char *nonce, size_t nonce_size, char *sep_nonce, size_t sep_nonce_size, int image4supported){
+    debug_plist2(tssreq);
     plist_dict_set_item(tssreq, "ApECID", plist_new_uint(ecid)); //0000000000000000
     if (nonce) {
         plist_dict_set_item(tssreq, "ApNonce", plist_new_data((const char*)nonce, (int)nonce_size));//aa aa aa aa bb cc dd ee ff 00 11 22 33 44 55 66 77 88 99 aa
@@ -949,9 +950,9 @@ int tss_populate_basebandvals(plist_t tssreq, plist_t tssparameters, int64_t BbG
     plist_dict_set_item(parameters, "BbSNUM", plist_new_data((char *)BbSNUM, bbsnumSize));
 
     /* BasebandFirmware */
-    if (tss_request_add_baseband_tags(tssreq, parameters, NULL) < 0) {
-        reterror("[TSSR] failed to add baseband tags to TSS request\n");
-    }
+//    if (tss_request_add_baseband_tags(tssreq, parameters, NULL) < 0) {
+//        reterror("[TSSR] failed to add baseband tags to TSS request\n");
+//    }
 
 error:
     if (did_malloc_bbsnum) {
@@ -1141,7 +1142,28 @@ int tssrequest(plist_t *tssreqret, char *buildManifest, t_devicevals *devVals, t
     if (tss_request_add_common_tags(tssreq, tssparameter, NULL) < 0) {
         reterror("[TSSR] ERROR: Unable to add common tags to TSS request\n");
     }
-
+
+    printf("Cryptex Magic...\n");
+    plist_t chipid_node = plist_dict_get_item(tssreq, "ApChipID");
+    char *chipid_str = NULL;
+    uint64_t chipid = 0;
+    if(plist_get_node_type(chipid_node) == PLIST_STRING) {
+        plist_get_string_val(chipid_node, &chipid_str);
+        chipid = __bswap_64(strtol(chipid_str, NULL, 0));
+    } else if(plist_get_node_type(chipid_node) == PLIST_INT) {
+        plist_get_int_val(chipid_node, &chipid);
+        chipid = __bswap_64(chipid);
+    }
+//    uint64_t ecid = __bswap_64(devVals->ecid);
+    uint64_t ecid = __bswap_64(0);
+    uint64_t udid[2] = {chipid, ecid};
+    uint64_t nonce[4] = {0xA3E5796653BA4F3F, 0xCDA1BC56E6F9B24C, 0x7F80200449C54C70, 0xE42296AD9826E810};
+    plist_dict_set_item(tssreq, "Cryptex1,UDID", plist_new_data((const char *)&udid, 0x10));
+    plist_dict_set_item(tssreq, "Cryptex1,Nonce", plist_new_data((const char *)&nonce, 0x20));
+    if (tss_request_add_cryptex_tags(tssreq, tssparameter, NULL) < 0){
+        reterror("[TSSR] ERROR: Unable to add Cryptex tags to TSS Request\n");
+    }
+
     if (tss_request_add_ap_tags(tssreq, tssparameter, NULL) < 0) {
         reterror("[TSSR] ERROR: Unable to add common tags to TSS request\n");
     }
@@ -1221,6 +1243,7 @@ int isManifestBufSignedForDevice(char *buildManifestBuffer, t_devicevals *devVal
     isSigned = ((apticket = tss_request_send(tssreq, server_url_string)) > 0);
 
     if (print_tss_response) debug_plist2(apticket);
+    debug_plist2(apticket);
     if (isSigned && save_shshblobs){
         if (!devVals->installType){
             plist_t tssreq2 = NULL;