diff --git a/tsschecker/tss.c b/tsschecker/tss.c index 0aa5ccb..31061f0 100644 --- a/tsschecker/tss.c +++ b/tsschecker/tss.c @@ -108,7 +108,7 @@ int tss_request_add_local_policy_tags(plist_t request, plist_t parameters) _plist_dict_copy_uint(request, parameters, "ApChipID", NULL); _plist_dict_copy_uint(request, parameters, "ApBoardID", NULL); _plist_dict_copy_uint(request, parameters, "ApSecurityDomain", NULL); - _plist_dict_copy_data(request, parameters, "ApNonce", NULL); +// _plist_dict_copy_data(request, parameters, "ApNonce", NULL); if (!plist_dict_get_item(request, "ApSecurityMode")) { /* copy from parameters if available */ @@ -137,7 +137,7 @@ int tss_parameters_add_from_manifest(plist_t parameters, plist_t build_identity, return -1; } - _plist_dict_copy_string(parameters, build_identity, "Ap,OSLongVersion", NULL); +// _plist_dict_copy_string(parameters, build_identity, "Ap,OSLongVersion", NULL); if (_plist_dict_copy_uint(parameters, build_identity, "ApChipID", NULL) < 0) {; tsserror("ERROR: Unable to find ApChipID node\n"); @@ -212,7 +212,7 @@ int tss_parameters_add_from_manifest(plist_t parameters, plist_t build_identity, _plist_dict_copy_uint(parameters, build_identity, "eUICC,ChipID", NULL); _plist_dict_copy_uint(parameters, build_identity, "NeRDEpoch", NULL); - _plist_dict_copy_data(parameters, build_identity, "PearlCertificationRootPub", NULL); +// _plist_dict_copy_data(parameters, build_identity, "PearlCertificationRootPub", NULL); _plist_dict_copy_uint(parameters, build_identity, "Timer,BoardID,1", NULL); _plist_dict_copy_uint(parameters, build_identity, "Timer,BoardID,2", NULL); @@ -267,10 +267,10 @@ int tss_request_add_ap_img4_tags(plist_t request, plist_t parameters) _plist_dict_copy_string(request, parameters, "Ap,OSLongVersion", NULL); - if (plist_dict_get_item(parameters, "ApNonce") && _plist_dict_copy_data(request, parameters, "ApNonce", NULL) < 0) { - tsserror("ERROR: Unable to find required ApNonce in parameters\n"); - return -1; - } +// if (plist_dict_get_item(parameters, "ApNonce") && _plist_dict_copy_data(request, parameters, "ApNonce", NULL) < 0) { +// tsserror("ERROR: Unable to find required ApNonce in parameters\n"); +// return -1; +// } plist_dict_set_item(request, "@ApImg4Ticket", plist_new_bool(1)); @@ -289,9 +289,9 @@ int tss_request_add_ap_img4_tags(plist_t request, plist_t parameters) } } - _plist_dict_copy_data(request, parameters, "SepNonce", "ApSepNonce"); +// _plist_dict_copy_data(request, parameters, "SepNonce", "ApSepNonce"); _plist_dict_copy_uint(request, parameters, "NeRDEpoch", NULL); - _plist_dict_copy_data(request, parameters, "PearlCertificationRootPub", NULL); +// _plist_dict_copy_data(request, parameters, "PearlCertificationRootPub", NULL); if (plist_dict_get_item(parameters, "UID_MODE")) { _plist_dict_copy_item(request, parameters, "UID_MODE", NULL); @@ -347,7 +347,7 @@ int tss_request_add_ap_img3_tags(plist_t request, plist_t parameters) int tss_request_add_common_tags(plist_t request, plist_t parameters, plist_t overrides) { _plist_dict_copy_uint(request, parameters, "ApECID", NULL); - _plist_dict_copy_data(request, parameters, "UniqueBuildID", NULL); +// _plist_dict_copy_data(request, parameters, "UniqueBuildID", NULL); _plist_dict_copy_uint(request, parameters, "ApChipID", NULL); _plist_dict_copy_uint(request, parameters, "ApBoardID", NULL); _plist_dict_copy_uint(request, parameters, "ApSecurityDomain", NULL); @@ -635,6 +635,11 @@ int tss_request_add_ap_tags(plist_t request, plist_t parameters, plist_t overrid return -1; } + if ((strstr(key, "Cryptex") == 0)) { + info("1337: %s\n", key); + continue; + } + /* do not populate BaseBandFirmware, only in baseband request */ if ((strcmp(key, "BasebandFirmware") == 0)) { continue; @@ -692,11 +697,11 @@ int tss_request_add_ap_tags(plist_t request, plist_t parameters, plist_t overrid plist_dict_remove_item(tss_entry, "Info"); /* handle RestoreRequestRules */ - plist_t rules = plist_access_path(manifest_entry, 2, "Info", "RestoreRequestRules"); - if (rules) { - debug("DEBUG: Applying restore request rules for entry %s\n", key); - tss_entry_apply_restore_request_rules(tss_entry, parameters, rules); - } +// plist_t rules = plist_access_path(manifest_entry, 2, "Info", "RestoreRequestRules"); +// if (rules) { +// debug("DEBUG: Applying restore request rules for entry %s\n", key); +// tss_entry_apply_restore_request_rules(tss_entry, parameters, rules); +// } /* Make sure we have a Digest key for Trusted items even if empty */ if (_plist_dict_get_bool(manifest_entry, "Trusted") && !plist_dict_get_item(manifest_entry, "Digest")) { diff --git a/tsschecker/tsschecker.c b/tsschecker/tsschecker.c index a73af30..0aff9e7 100755 --- a/tsschecker/tsschecker.c +++ b/tsschecker/tsschecker.c @@ -900,6 +900,7 @@ void getRandNum(char *dst, size_t size, int base){ #pragma mark tss functions int tss_populate_devicevals(plist_t tssreq, uint64_t ecid, char *nonce, size_t nonce_size, char *sep_nonce, size_t sep_nonce_size, int image4supported){ + debug_plist2(tssreq); plist_dict_set_item(tssreq, "ApECID", plist_new_uint(ecid)); //0000000000000000 if (nonce) { plist_dict_set_item(tssreq, "ApNonce", plist_new_data((const char*)nonce, (int)nonce_size));//aa aa aa aa bb cc dd ee ff 00 11 22 33 44 55 66 77 88 99 aa @@ -949,9 +950,9 @@ int tss_populate_basebandvals(plist_t tssreq, plist_t tssparameters, int64_t BbG plist_dict_set_item(parameters, "BbSNUM", plist_new_data((char *)BbSNUM, bbsnumSize)); /* BasebandFirmware */ - if (tss_request_add_baseband_tags(tssreq, parameters, NULL) < 0) { - reterror("[TSSR] failed to add baseband tags to TSS request\n"); - } +// if (tss_request_add_baseband_tags(tssreq, parameters, NULL) < 0) { +// reterror("[TSSR] failed to add baseband tags to TSS request\n"); +// } error: if (did_malloc_bbsnum) { @@ -1141,7 +1142,28 @@ int tssrequest(plist_t *tssreqret, char *buildManifest, t_devicevals *devVals, t if (tss_request_add_common_tags(tssreq, tssparameter, NULL) < 0) { reterror("[TSSR] ERROR: Unable to add common tags to TSS request\n"); } - + + printf("Cryptex Magic...\n"); + plist_t chipid_node = plist_dict_get_item(tssreq, "ApChipID"); + char *chipid_str = NULL; + uint64_t chipid = 0; + if(plist_get_node_type(chipid_node) == PLIST_STRING) { + plist_get_string_val(chipid_node, &chipid_str); + chipid = __bswap_64(strtol(chipid_str, NULL, 0)); + } else if(plist_get_node_type(chipid_node) == PLIST_INT) { + plist_get_int_val(chipid_node, &chipid); + chipid = __bswap_64(chipid); + } +// uint64_t ecid = __bswap_64(devVals->ecid); + uint64_t ecid = __bswap_64(0); + uint64_t udid[2] = {chipid, ecid}; + uint64_t nonce[4] = {0xA3E5796653BA4F3F, 0xCDA1BC56E6F9B24C, 0x7F80200449C54C70, 0xE42296AD9826E810}; + plist_dict_set_item(tssreq, "Cryptex1,UDID", plist_new_data((const char *)&udid, 0x10)); + plist_dict_set_item(tssreq, "Cryptex1,Nonce", plist_new_data((const char *)&nonce, 0x20)); + if (tss_request_add_cryptex_tags(tssreq, tssparameter, NULL) < 0){ + reterror("[TSSR] ERROR: Unable to add Cryptex tags to TSS Request\n"); + } + if (tss_request_add_ap_tags(tssreq, tssparameter, NULL) < 0) { reterror("[TSSR] ERROR: Unable to add common tags to TSS request\n"); } @@ -1221,6 +1243,7 @@ int isManifestBufSignedForDevice(char *buildManifestBuffer, t_devicevals *devVal isSigned = ((apticket = tss_request_send(tssreq, server_url_string)) > 0); if (print_tss_response) debug_plist2(apticket); + debug_plist2(apticket); if (isSigned && save_shshblobs){ if (!devVals->installType){ plist_t tssreq2 = NULL;