remove ipsw.me support, add fwkeydb support

configure.ac

@@ -76,11 +76,11 @@ AC_ARG_WITH([iBoot32Patcher],
  [with_ib32p=no],
  [with_ib32p=yes])
 
-AC_ARG_WITH([ipsw-me-support],
- [AS_HELP_STRING([--without-ipsw-me-support],
- [do not build with ipsw.me support @<:@default=no@:>@])],
- [with_ipsw_me=no],
- [with_ipsw_me=yes])
+AC_ARG_WITH([remote-keys],
+ [AS_HELP_STRING([--without-remote-keys],
+ [do not request firmware keys from remote public sources @<:@default=no@:>@])],
+ [with_remote_keys=no],
+ [with_remote_keys=yes])
 AC_ARG_ENABLE([debug],
  [AS_HELP_STRING([--enable-debug],
  [enable debug build(default is no)])],
@@ -95,8 +95,11 @@ AC_ARG_ENABLE([asan],
 
 AM_CONDITIONAL([WITH_IBOOT32PATCHER], [test x$with_ib32p = xyes])
 AM_CONDITIONAL([WITH_IBOOT64PATCHER], [test x$with_ib64p = xyes])
-AM_CONDITIONAL(WITH_IPSW_ME_SUPPORT, test "x$with_ipsw_me" = "xyes")
+AM_CONDITIONAL(WITH_REMOTE_KEYS, test "x$with_remote_keys" = "xyes")
 
+if test "x$with_remote_keys" = "xyes"; then
+ AC_DEFINE(WITH_REMOTE_KEYS, 1, [Define if you build with support for requesting keys from remote public database])
+fi
 
 if test "x$with_libfragmentzip" == "xyes"; then
  if test "x$have_libfragmentzip" != "xyes"; then
@@ -181,7 +184,7 @@ Configuration for $PACKAGE-$VERSION:
  with iBoot32Patcher .....: $with_ib32p
  with iBoot64Patcher .....: $with_ib64p
  with libfragmentzip .....: $with_libfragmentzip
- with ipsw.me support ....: $with_ipsw_me
+ with remote keys ........: $with_remote_keys
  debug build ............: $debug_build
  asan build .............: $asan_build"
 

libipatcher.xcodeproj/project.pbxproj

@@ -330,6 +330,7 @@
  WITH_IBOOT32PATCHER,
  WITH_IBOOT64PATCHER,
  HAVE_LIBFRAGMENTZIP,
+ WITH_REMOTE_KEYS,
  );
  LIBRARY_SEARCH_PATHS = (
  /usr/local/lib,

libipatcher/libipatcher.cpp

@@ -39,9 +39,8 @@ extern "C" {
 #include "jssy.h"
 }
 
-#ifdef WITH_IPSW_ME_SUPPORT
-#define FIRMWARE_JSON_URL_START "https://firmware-keys.ipsw.me/firmware/"
-#define DEVICE_JSON_URL_START "https://firmware-keys.ipsw.me/device/"
+#ifdef WITH_REMOTE_KEYS
+#define FIRMWARE_JSON_URL_START "https://raw.githubusercontent.com/tihmstar/fwkeydb/master/keys/firmware/"
 #endif
 
 #define bswap32 __builtin_bswap32
@@ -195,9 +194,12 @@ bool libipatcher::has64bitSupport(){
 }
 
 string libipatcher::getRemoteFile(std::string url){
+ CURL *mc = NULL;
+ cleanup([&]{
+ safeFreeCustom(mc, curl_easy_cleanup);
+ });
  string buf;
- CURL *mc = curl_easy_init();
- assure(mc);
+ assure(mc = curl_easy_init());
 
  curl_easy_setopt(mc, CURLOPT_URL, url.c_str());
  curl_easy_setopt(mc, CURLOPT_USERAGENT, "libipatcher/" VERSION_COMMIT_COUNT " APIKEY=" VERSION_COMMIT_SHA);
@@ -208,11 +210,11 @@ string libipatcher::getRemoteFile(std::string url){
  curl_easy_setopt(mc, CURLOPT_WRITEDATA, &buf);
 
  assure(curl_easy_perform(mc) == CURLE_OK);
- long http_code = 0;
- curl_easy_getinfo (mc, CURLINFO_RESPONSE_CODE, &http_code);
- assure(http_code == 200);
-
- curl_easy_cleanup(mc);
+ {
+  long http_code = 0;
+  curl_easy_getinfo (mc, CURLINFO_RESPONSE_CODE, &http_code);
+  assure(http_code == 200);
+ }
  return buf;
 }
 
@@ -251,7 +253,7 @@ string libipatcher::getFirmwareJson(std::string device, std::string buildnum, ui
 
  {
  //try localhost
- string url("localhost:8888/firmware/");
+ string url("http://localhost:8888/firmware/");
  url += device + "/";
  if (cpid_str.size()) {
  try {return getRemoteFile(url + cpid_str + buildnum);} catch (...) {}
@@ -351,7 +353,7 @@ string libipatcher::getDeviceJsonFromZip(std::string device, std::string zipURL)
 #endif //HAVE_LIBFRAGMENTZIP
 
 
-fw_key getFirmwareKeyForComparator(std::string device, std::string buildnum, std::function<bool(const jssytok_t *e)> comparator, uint32_t cpid, std::string zipURL){
+fw_key getFirmwareKeyForComparator(std::string device, std::string buildnum, std::function<bool(const jssytok_t *e, std::string apiversion)> comparator, uint32_t cpid, std::string zipURL){
  jssytok_t* tokens = NULL;
  unsigned int * tkey = NULL;
  unsigned int * tiv = NULL;
@@ -362,6 +364,7 @@ fw_key getFirmwareKeyForComparator(std::string device, std::string buildnum, std
  });
  fw_key rt = {0};
  long tokensCnt = 0;
+ std::string apiversion;
 
 #ifdef HAVE_LIBFRAGMENTZIP
  string json = (zipURL.size()) ? getFirmwareJsonFromZip(device, buildnum, zipURL, cpid) : getFirmwareJson(device, buildnum, cpid);
@@ -376,16 +379,25 @@ fw_key getFirmwareKeyForComparator(std::string device, std::string buildnum, std
  jssytok_t *keys = jssy_dictGetValueForKey(tokens, "keys");
  assure(keys);
 
+ {
+ jssytok_t *apivers = jssy_dictGetValueForKey(tokens, "version");
+ if (apivers){
+ retassure(apivers->type == JSSY_STRING, "Got version, but not string!");
+ apiversion = {apivers->value,apivers->value+apivers->size};
+ }
+ }
+
  jssytok_t *iv = NULL;
  jssytok_t *key = NULL;
  jssytok_t *path = NULL;
 
  jssytok_t *tmp = keys->subval;
  for (size_t i=0; i<keys->size; tmp=tmp->next, i++) {
- if (comparator(tmp)){
- iv = jssy_dictGetValueForKey(tmp, "iv");
- key = jssy_dictGetValueForKey(tmp, "key");
- path = jssy_dictGetValueForKey(tmp, "filename");
+ jssytok_t *tmpV = (tmp->type == JSSY_DICT_KEY) ? tmp->subval : tmp;
+ if (comparator(tmpV, apiversion)){
+ iv = jssy_dictGetValueForKey(tmpV, "iv");
+ key = jssy_dictGetValueForKey(tmpV, "key");
+ path = jssy_dictGetValueForKey(tmpV, "filename");
  break;
  }
  }
@@ -423,15 +435,26 @@ fw_key libipatcher::getFirmwareKeyForComponent(std::string device, std::string b
  else if (component == "RestoreKernelCache")
  component = "Kernelcache";
 
- return getFirmwareKeyForComparator(device, buildnum, [&component](const jssytok_t *e){
- jssytok_t *image = jssy_dictGetValueForKey(e, "image");
- assure(image);
- return strncmp(component.c_str(), image->value, image->size) == 0;
+ return getFirmwareKeyForComparator(device, buildnum, [&component](const jssytok_t *e, std::string apiversion)->bool{
+ if (apiversion == "1.0") {
+ jssytok_t *names = jssy_dictGetValueForKey(e, "names");
+ jssytok_t *name = names->subval;
+ for (size_t i=0; i<names->size; name=name->next, i++) {
+ if (strncmp(component.c_str(), name->value, name->size) == 0) {
+ return true;
+ }
+ }
+ return false;
+ }else{
+ jssytok_t *image = jssy_dictGetValueForKey(e, "image");
+ assure(image);
+ return strncmp(component.c_str(), image->value, image->size) == 0;
+ }
  }, cpid, zipURL);
 }
 
 fw_key libipatcher::getFirmwareKeyForPath(std::string device, std::string buildnum, std::string path, uint32_t cpid, std::string zipURL){
- return getFirmwareKeyForComparator(device, buildnum, [&path](const jssytok_t *e){
+ return getFirmwareKeyForComparator(device, buildnum, [&path](const jssytok_t *e, std::string apiversion){
  jssytok_t *filename = jssy_dictGetValueForKey(e, "filename");
  assure(filename);
  return strncmp(path.c_str(), filename->value, filename->size) == 0;
@@ -803,19 +826,6 @@ pwnBundle libipatcher::getPwnBundleForDevice(std::string device, std::string bui
 
  auto getKeys = [cpid,zipURL](std::string device, std::string curbuildnum)->pwnBundle{
  pwnBundle rt;
-#ifdef WITH_IPSW_ME_SUPPORT
- string firmwareUrl = "https://api.ipsw.me/v2.1/";
- firmwareUrl += device;
- firmwareUrl += "/";
- firmwareUrl += curbuildnum;
- firmwareUrl += "/url/dl";
-
- try{
- rt.firmwareUrl = getRemoteDestination(firmwareUrl);
- }catch(...){
- error("failed to get firmware url");
- }
-#endif
  rt.iBSSKey = getFirmwareKeyForComponent(device, curbuildnum, "iBSS", cpid, zipURL);
  rt.iBECKey = getFirmwareKeyForComponent(device, curbuildnum, "iBEC", cpid, zipURL);
  return rt;

libipatcher/main.cpp

@@ -18,8 +18,9 @@ using namespace std;
 int main(int argc, const char * argv[]) {
  cout << "start" << endl;
 
- auto asd = libipatcher::getPwnBundleForDevice("iPhone10,1", "18A5332f");
-
+// auto asd = libipatcher::getPwnBundleForDevice("iPhone6,2", "11A470a", 0x8960);
+ auto asdf = libipatcher::getFirmwareKeyForPath("iPhone5,2", "14G61", "Firmware/dfu/iBSS.iphone5.RELEASE.dfu", 0x8950);
+
  if (argc < 2){
  cout << "need buildnum"<<endl;
  return 1;