Issue fix after testing on my device

DeviceSupport/iPad3_1/partition.py

@@ -5,7 +5,6 @@
 import time
 import paramiko
 
-import ioscrypto
 import osinfo
 import mountDevice
 import ssh
@@ -18,9 +17,19 @@
 SystemPartitionPadding = ""
 
 
+def decrypt_ramdisk(osInfo: osinfo.OSInfo, key, iv):
+    print("Trying to get SystemPartitionSize from RestoreRamdisk")
+    plist = readPlist(os.path.join(os.path.abspath("."), "firmware/Restore.plist"))
+    print("RestoreRamdisk: " + plist['RestoreRamDisks']['User'])
+    print("-> Decrypting RestoreRamdisk")
+    os.system("./tools/" + osInfo.getosplatform() + "/xpwntool firmware/" +
+              plist['RestoreRamDisks']['User'] + " RestoreRamdisk.dmg -k " +
+              key + " -iv " + iv)
+
+
 def partitionDevice_stage1(osInfo: osinfo.OSInfo, shell, storage: int, key, iv):
     global guid_data, guid_system, attributeFlags_data, SystemPartitionPadding
-    shell.send("gptfdisk\n/dev/rdisk0s1\ni\n1\n")
+    shell.send("gptfdisk /dev/rdisk0s1\ni\n1\n")
     while True:
         time.sleep(0.5)
         line = shell.recv(1024)
@@ -54,13 +63,7 @@ def partitionDevice_stage1(osInfo: osinfo.OSInfo, shell, storage: int, key, iv):
         line = shell.recv(1024)
         if line:
             break
-    print("Trying to get SystemPartitionSize from RestoreRamdisk")
-    plist = readPlist(os.path.join(os.path.abspath("."), "firmware/Restore.plist"))
-    print("RestoreRamdisk: " + plist['RestoreRamDisks']['User'])
-    print("-> Decrypting RestoreRamdisk")
-    ioscrypto.decryptImg3(osInfo, os.path.join(os.path.abspath("."),
-                                               "firmware/" + plist['RestoreRamDisks']['User']),
-                          os.path.abspath(".") + "/RestoreRamdisk.dmg", key, iv)
+    decrypt_ramdisk(osInfo, key, iv)
     print("-> Mounting RestoreRamdisk")
     mountDevice.mountDevice(osInfo, os.path.join(os.path.abspath("."), "RestoreRamdisk.dmg"), "mountpoint")
     plist = readPlist(os.path.join("./DeviceSupport/iPad3_1", "mountpoint/usr/local/share/restore/options.j1.plist"))
@@ -84,7 +87,7 @@ def partitionDevice_stage1(osInfo: osinfo.OSInfo, shell, storage: int, key, iv):
         line = shell.recv(1024)
         if line:
             break
-    print(line.decode('utf-8'))
+    # print(line.decode('utf-8'))
     print("Setting up attribute flags. FLAG=" + attributeFlags_data)
     if attributeFlags_data == "0000000000000000":
         shell.send("\n")
@@ -108,33 +111,21 @@ def partitionDevice_stage1(osInfo: osinfo.OSInfo, shell, storage: int, key, iv):
         line = shell.recv(1024)
         if line:
             break
-    # For testing purposes, I commented this.
-    '''
-    choice = input("WARNING: !!! Your data will ALL LOST after this operation. !!!"
-                   "\nHere is a confirmation for this operation. Enter Y to continue, Enter N to abort.\n"
-                   "Your choice (Make sure you know what you are doing): ")
-    if choice == "Y":
-        shell.send("w\nY\n")
-    else:
-        print("You have Entered N or other content. exiting.")
-        shell.send("q\n")
-        exit(1)
-    '''
-    shell.send("q\n")
+    shell.send("w\nY\n")
     while True:
         time.sleep(0.5)
         line = shell.recv(1024)
         if line:
             break
     print("Scanning partitions.")
-    shell.send("sync; sync; sync; fsck_hfs -q /dev/disk0s1s1")
+    shell.send("sync; sync; sync; fsck_hfs -q /dev/disk0s1s1\n")
     while True:
         time.sleep(0.5)
         line = shell.recv(1024)
         if line or line.endswith(b'# '):
             break
     print(line.decode('utf-8'))
-    shell.send("fsck_hfs -q /dev/disk0s1s2")
+    shell.send("fsck_hfs -q /dev/disk0s1s2\n")
     while True:
         time.sleep(0.5)
         line = shell.recv(1024)
@@ -151,17 +142,19 @@ def partitionDevice_stage2(sshClient: paramiko.SSHClient):
     while True:
         time.sleep(0.5)
         line = shell.recv(1024)
-        if line:
+        if line.endswith(b'# '):
             break
     ssh.scp_transfer_file(sshClient, os.path.abspath(".") + "/firmware/kernelcache.release.j1",
                           "/mnt1/kernelcache.release.j1")
-    shell.send("df -B1")
+    shell.send("df -B1\n")
     while True:
         time.sleep(0.5)
         line = shell.recv(1024)
-        if line:
+        if line.endswith(b'# '):
+            line_stored = line
+            print(line_stored.decode('utf-8'))
             break
-    lines = line.decode('utf-8').split('\n')
+    lines = line_stored.decode('utf-8').split('\n')
     fslist = []
     try:
         for i in lines:
@@ -170,18 +163,21 @@ def partitionDevice_stage2(sshClient: paramiko.SSHClient):
             while '' in fslist[x]:
                 fslist[x].remove('')
         for i in range(0, len(fslist) - 1):
-            if list[i][0] == "/dev/disk0s1s1":
-                resizedPartitionSize = int(fslist[i][2]) + SystemPartitionPadding
-        if resizedPartitionSize == SystemPartitionPadding:
+            if fslist[i][0] == "/dev/disk0s1s1":
+                print("/dev/disk0s1s1 used size is " + str(fslist[i][2]) + " bytes")
+                resizedPartitionSize = int(fslist[i][2]) + int(SystemPartitionPadding) * 1024 * 1024
+        if resizedPartitionSize == int(SystemPartitionPadding) * 1024 * 1024:
             print("Failed to get resized partition size")
             exit(1)
     except Exception:
         print("Unhandled exception occurred when trying to get resized partition size.")
+        import traceback
+        print(traceback.format_exc())
         resizedPartitionSize = int(input("Please enter it manually.\nSIZE (in bytes): "))
         print("Please make sure it is correct! Or you will fail at resizing partition!")
     print("Resized Partition Size = " + str(resizedPartitionSize))
     print("Resizing partition")
-    shell.send("hfs_resize /mnt1 " + str(resizedPartitionSize))
+    shell.send("hfs_resize /mnt1 " + str(resizedPartitionSize) + "\n")
     while True:
         time.sleep(0.5)
         line = shell.recv(1024)
@@ -197,7 +193,9 @@ def partitionDevice_stage2(sshClient: paramiko.SSHClient):
         if line:
             break
     print("Creating new partitions")
-    shell.send("n\n1\n\n" + str(int(resizedPartitionSize)) +
+    SystemPartitionSizeInSectors = int(resizedPartitionSize) / 4096
+    print("Sectors: " + str(int(SystemPartitionSizeInSectors)))
+    shell.send("n\n1\n\n" + str(int(SystemPartitionSizeInSectors)) +
                "\n\nc\n1\nSystem\nn\n2\n\n\n\nc\n2\nData\nx\na\n2\n")
     while True:
         time.sleep(0.5)
@@ -228,33 +226,118 @@ def partitionDevice_stage2(sshClient: paramiko.SSHClient):
         line = shell.recv(1024)
         if line:
             break
-    choice = input("WARNING: !!! Downgrade may fail after this operation !!!"
-                   "\nHere is a confirmation for this operation. Enter Y to continue, Enter N to abort.\n"
-                   "Your choice (Make sure you know what you are doing): ")
-    if choice == "Y":
-        shell.send("w\nY\n")
+    shell.send("w\nY\n")
+    while True:
+        time.sleep(0.5)
+        line = shell.recv(1024)
+        if line:
+            break
+    print("Scanning partitions.")
+    shell.send("sync; sync; sync; fsck_hfs -q /dev/disk0s1s1\n")
+    while True:
+        time.sleep(0.5)
+        line = shell.recv(1024)
+        if line.endswith(b'# '):
+            break
+    print(line.decode('utf-8'))
+    shell.send("fsck_hfs -q /dev/disk0s1s2\n")
+    while True:
+        time.sleep(0.5)
+        line = shell.recv(1024)
+        if line.endswith(b'# '):
+            break
+    print(line.decode('utf-8'))
+    print("Stage 2 succeed.")
+
+
+def delete_partitions(shell):
+    print("Copying hfs_resize")
+    shell.send("cp /usr/bin/hfs_resize /mnt1\n")
+    while True:
+        time.sleep(0.5)
+        line = shell.recv(1024)
+        if line.endswith(b'# '):
+            break
+    print("Copying kloader")
+    shell.send("cp /usr/bin/kloader /mnt1\n")
+    while True:
+        time.sleep(0.5)
+        line = shell.recv(1024)
+        if line.endswith(b'# '):
+            break
+    global guid_data, guid_system, attributeFlags_data, SystemPartitionPadding
+    shell.send("gptfdisk /dev/rdisk0s1\n")
+    print("NOTE: These following operations won't write to disk at this moment.")
+    print("Deleting partitions")
+    shell.send("d\n2\nd\n3\nd\n4\n")
+    while True:
+        time.sleep(0.5)
+        line = shell.recv(1024)
+        if line:
+            break
+    print("Creating new partitions")
+    shell.send("n\n2\n\n\n\nc\n2\nData\nx\na\n2\n")
+    while True:
+        time.sleep(0.5)
+        line = shell.recv(1024)
+        if line:
+            break
+    print(line.decode('utf-8'))
+
+    print("Setting up attribute flags. FLAG=" + attributeFlags_data)
+    if attributeFlags_data == "0000000000000000":
+        shell.send("\n")
+    elif attributeFlags_data == "0001000000000000":
+        shell.send("48\n\n")
+    elif attributeFlags_data == "0003000000000000":
+        shell.send("48\n49\n\n")
     else:
-        print("You have Entered N or other content. exiting.")
-        shell.send("q\n")
+        print("Unrecognized attribute flags for partition \"Data\".")
+        print("exiting")
         exit(1)
-    shell.send("q\n")
     while True:
         time.sleep(0.5)
         line = shell.recv(1024)
         if line:
             break
-    print("Scanning partitions.")
-    shell.send("sync; sync; sync; fsck_hfs -q /dev/disk0s1s1")
+    print("Setting up GUID.")
+    shell.send("c\n2\n" + guid_data + "\n")
     while True:
         time.sleep(0.5)
         line = shell.recv(1024)
-        if line or line.endswith(b'# '):
+        if line:
+            break
+    print("Requesting partition size.")
+    shell.send("i\n2\n")
+    while True:
+        time.sleep(0.5)
+        line = shell.recv(1024)
+        if line:
+            pos = line.decode('utf-8').find('Partition size: ')
+            pos2 = line.decode('utf-8').find(' sectors')
+            print(line.decode('utf-8')[pos+16:pos2])
+            partition_size = int(line.decode('utf-8')[pos+16:pos2])
+            if partition_size == 0:
+                print("Failed to get partition size! Exiting")
+                exit(1)
+            break
+    partition_size_in_bytes = partition_size * 4096
+    print("Size for partition \"Data\": " + str(partition_size))
+    print("                 In bytes: " + str(partition_size_in_bytes))
+    shell.send("w\nY\n")
+    while True:
+        time.sleep(0.5)
+        line = shell.recv(1024)
+        if line:
             break
     print(line.decode('utf-8'))
-    shell.send("fsck_hfs -q /dev/disk0s1s2")
+    print("Partition has been deleted. The device will freeze! Don't do anything on the device!")
+    print("Resizing partition")
+    shell.send("/mnt1/hfs_resize /dev/disk0s1s2 " + str(partition_size_in_bytes) + "\n")
     while True:
         time.sleep(0.5)
         line = shell.recv(1024)
         if line or line.endswith(b'# '):
             break
-    print(line.decode('utf-8'))
+    print("Successfully resized partition")
+    print("DONE")

DeviceSupport/iPad3_1/recovery.py

@@ -1,11 +1,13 @@
 import os
+import time
 
 import osinfo
 
 
 def waitForConnection(osInfo: osinfo.OSInfo):
     print("Waiting for DFU/Recovery connection. Please unplug and replug your device.")
     while True:
+        time.sleep(2)
         res = os.system("./tools/" + osInfo.getosplatform() + "/irecovery -c /exit")
         if res == 0:
             break
@@ -29,6 +31,10 @@ def send_iBEC(osInfo: osinfo.OSInfo, path):
 
 def tether_boot_up_device(osInfo: osinfo.OSInfo):
     print("Trying to tether boot up device.")
+    print("Sending applelogo")
+    os.system("./tools/" + osInfo.getosplatform() + "/irecovery -c /send applelogo")
+    print("Setting applelogo")
+    os.system("./tools/" + osInfo.getosplatform() + "/irecovery -c setpicture")
     print("Sending DeviceTree")
     os.system("./tools/" + osInfo.getosplatform() + "/irecovery -c /send DeviceTree")
     print("Executing DeviceTree")

DeviceSupport/iPad3_1/restore.py

@@ -16,43 +16,42 @@ def restore(sshClient: paramiko.SSHClient, restoreImage, device):
     print("Sending Root filesystem to your device. This may take a long time...")
     ssh.scp_transfer_file(sshClient, restoreImage, "/var/RootFilesystem.dmg")
     print("Restore new root filesystem to your partition. Please wait with patience.")
-    shell.send("asr restore -source /var/RootFilesystem.dmg -target " + device + " -erase -noprompt")
+    shell.send("asr restore -source /var/RootFilesystem.dmg -target " + device + " -erase -noprompt\n")
     while True:
         time.sleep(0.5)
         line = shell.recv(1024)
         print(line.decode('utf-8'))
-        if line or line.endswith(b'# '):
+        if line.endswith(b'# '):
             break
     print("Restore: Done")
 
 
 def formatSystem(shell):
-    shell.send("newfs_hfs -s -v System -J -b 4096 -n a=4096,c=4096,e=4096 /dev/disk0s1s1")
+    shell.send("newfs_hfs -s -v System -J -b 4096 -n a=4096,c=4096,e=4096 /dev/disk0s1s1\n")
     while True:
         time.sleep(0.5)
         line = shell.recv(1024)
-        if line or line.endswith(b'# '):
+        if line.endswith(b'# '):
             break
     print(line.decode('utf-8'))
 
 
 def formatData(shell):
-    shell.send("newfs_hfs -s -v Data -J -P -b 4096 -n a=4096,c=4096,e=4096 /dev/disk0s1s2")
+    shell.send("newfs_hfs -s -v Data -J -P -b 4096 -n a=4096,c=4096,e=4096 /dev/disk0s1s2\n")
     while True:
         time.sleep(0.5)
         line = shell.recv(1024)
-        if line or line.endswith(b'# '):
+        if line.endswith(b'# '):
             break
     print(line.decode('utf-8'))
 
 
 def scanPartition(shell, device):
-    shell.send("fsck_hfs -f " + device)
+    shell.send("fsck_hfs -f " + device + "\n")
     while True:
         time.sleep(0.5)
         line = shell.recv(1024)
-        if line or line.endswith(b'# '):
+        if line.endswith(b'# '):
             break
     print(line.decode('utf-8'))
 
-