added ramdisk hash check

This commit is contained in:
tihmstar 2017-04-03 08:25:12 +02:00
parent d8b69365ec
commit a04884ce07
2 changed files with 60 additions and 5 deletions

View file

@ -420,10 +420,26 @@ int futurerestore::doRestore(const char *ipsw, bool noerase){
printf("Verified APTicket to be valid for this restore\n"); printf("Verified APTicket to be valid for this restore\n");
} }
}else{ }else{
info("[WARNING] skipping buildIdentity check for 32bit devices!\n" info("[WARNING] full buildidentity check is not implemented, only comparing ramdisk hash.\n");
"If the APTicket doesn't match the selected buildidentity, restore WILL NOT WORK!!!!!!!\n" size_t tickethashSize = 0;
"continuing in 5 seconds ...\n"); const char *tickethash = getRamdiskHashFromSCAB(im4m, &tickethashSize);
sleep(5); uint64_t manifestDigestSize = 0;
char *manifestDigest = NULL;
plist_t restoreRamdisk = plist_dict_get_item(manifest, "RestoreRamDisk");
plist_t digest = plist_dict_get_item(restoreRamdisk, "Digest");
plist_get_data_val(digest, &manifestDigest, &manifestDigestSize);
if (tickethashSize == manifestDigestSize && memcmp(tickethash, manifestDigest, tickethashSize) == 0){
printf("Verified APTicket to be valid for this restore\n");
free(manifestDigest);
}else{
free(manifestDigest);
printf("APTicket ramdisk hash does not match the ramdisk we are trying to boot. Are you using correct install type (Update/Erase)?\n");
reterror(-44, "APTicket can't be used for this restore\n");
}
} }
@ -876,6 +892,44 @@ error:
return ret; return ret;
} }
const char *futurerestore::getRamdiskHashFromSCAB(const char* scab, size_t *hashSize){
char *ret = NULL;
char *mainSet = NULL;
int elems = 0;
char *nonceOctet = NULL;
if (!scab) reterror(-15, "Got empty SCAB\n");
if (asn1ElementsInObject(scab)< 4){
error("unexpected number of Elements in SCAB sequence\n");
goto error;
}
if (hashSize) *hashSize = 0;
mainSet = asn1ElementAtIndex(scab, 1);
elems = asn1ElementsInObject(mainSet);
for (int i=0; i<elems; i++) {
nonceOctet = asn1ElementAtIndex(mainSet, i);
if (*nonceOctet == (char)0x9A)
goto parsebnch;
}
return NULL;
parsebnch:
nonceOctet++;
ret = nonceOctet + asn1Len(nonceOctet).sizeBytes;
if (hashSize)
*hashSize = asn1Len(nonceOctet).dataLen;
error:
return ret;
}
char *futurerestore::getNonceFromIM4M(const char* im4m, size_t *nonceSize){ char *futurerestore::getNonceFromIM4M(const char* im4m, size_t *nonceSize){
char *ret = NULL; char *ret = NULL;
char *mainSet = NULL; char *mainSet = NULL;

View file

@ -93,6 +93,7 @@ public:
~futurerestore(); ~futurerestore();
static const char *getRamdiskHashFromSCAB(const char* scab, size_t *hashSize);
static char *getNonceFromSCAB(const char* scab, size_t *nonceSize); static char *getNonceFromSCAB(const char* scab, size_t *nonceSize);
static uint64_t getEcidFromSCAB(const char* scab); static uint64_t getEcidFromSCAB(const char* scab);
static char *getNonceFromIM4M(const char* im4m, size_t *nonceSize); static char *getNonceFromIM4M(const char* im4m, size_t *nonceSize);