Use lockdownd_get_value for reading ApNonce/generator in normal mode

Author: airsquared

build.gradle

@@ -50,8 +50,10 @@ repositories {
 
 dependencies {
     implementation group: 'org.json', name: 'json', version: '20210307'
-    implementation 'de.jangassen:nsmenufx:3.1.0'
-    implementation 'net.java.dev.jna:jna:5.7.0:jpms'
+    implementation ('de.jangassen:nsmenufx:3.1.0') {
+        exclude group: 'net.java.dev.jna', module: 'jna' //separate jna version
+    }
+    implementation 'net.java.dev.jna:jna-jpms:5.9.0'
     implementation group: 'org.apache.commons', name: 'commons-compress', version: '1.21'
 
     testImplementation 'org.junit.jupiter:junit-jupiter:5.7.2'

src/main/java/airsquared/blobsaver/app/LibimobiledeviceUtil.java

@@ -23,6 +23,7 @@
 import com.sun.jna.Platform;
 import com.sun.jna.Pointer;
 import com.sun.jna.ptr.IntByReference;
+import com.sun.jna.ptr.LongByReference;
 import com.sun.jna.ptr.PointerByReference;
 import javafx.concurrent.Task;
 import javafx.scene.control.ButtonType;
@@ -36,23 +37,23 @@
 public class LibimobiledeviceUtil {
 
     public static long getECID() throws LibimobiledeviceException {
-        return Long.parseLong(getKeyFromConnectedDevice("UniqueChipID", PlistType.INTEGER));
+        return getPlistLong(getLockdownValuePlist("UniqueChipID"));
     }
 
     public static String getDeviceModelIdentifier() throws LibimobiledeviceException {
-        return getKeyFromConnectedDevice("ProductType", PlistType.STRING);
+        return getPlistString(getLockdownValuePlist("ProductType"));
     }
 
     public static String getBoardConfig() throws LibimobiledeviceException {
-        return getKeyFromConnectedDevice("HardwareModel", PlistType.STRING);
+        return getPlistString(getLockdownValuePlist("HardwareModel"));
     }
 
     public static String getApNonceNormalMode() throws LibimobiledeviceException {
-        return LibimobiledeviceUtil.plistDataToString(LibimobiledeviceUtil.getMobileGestaltKey("ApNonce"), ByteOrder.BIG_ENDIAN);
+        return plistDataToHexString(LibimobiledeviceUtil.getLockdownValuePlist("ApNonce"), ByteOrder.BIG_ENDIAN);
     }
 
     public static String getGenerator() throws LibimobiledeviceException {
-        return "0x" + LibimobiledeviceUtil.plistDataToString(LibimobiledeviceUtil.getMobileGestaltKey("BootNonce"), ByteOrder.LITTLE_ENDIAN);
+        return "0x" + plistDataToHexString(getLockdownValuePlist("BootNonce"), ByteOrder.LITTLE_ENDIAN);
     }
 
     public static void exitRecovery(Pointer irecvClient) throws LibimobiledeviceException {
@@ -135,17 +136,17 @@ protected Void call() throws LibimobiledeviceException {
             }
             throwIfNeeded(errorCode, ErrorCodeType.lockdownd_error);
 
-            PointerByReference service = new PointerByReference();
+            PointerByReference plist = new PointerByReference();
             // don't reset timeout
             errorCode = -17;
             while (errorCode == -17 && System.currentTimeMillis() < endTime) {
                 if (!sleep(1000)) {
                     return null;
                 }
-                errorCode = lockdownd_start_service(lockdown.getValue(), "com.apple.mobile.diagnostics_relay", service);
+                errorCode = lockdownd_get_value(lockdown.getValue(), Pointer.NULL, "BootNonce", plist);
             }
             if (errorCode == 0) {
-                lockdownd_service_descriptor_free(service.getValue());
+                Libplist.free(plist.getValue());
             }
             lockdownd_client_free(lockdown.getValue());
             idevice_free(device.getValue());
@@ -201,45 +202,10 @@ private static String getApnonce(Pointer irecv_client) {
         return Utils.bytesToHex(apnonceBytes, ByteOrder.BIG_ENDIAN);
     }
 
-    private static String getKeyFromConnectedDevice(String key, PlistType plistType) throws LibimobiledeviceException {
-        if (plistType == null) {
-            plistType = PlistType.STRING;
-        }
-        if (key == null) {
-            key = "";
-        }
-
-        Pointer client = lockdowndClientFromConnectedDevice();
-        PointerByReference plist_value = new PointerByReference();
-        int lockdowndGetValueErrorCode = lockdownd_get_value(client, Pointer.NULL, key, plist_value);
-        if (lockdowndGetValueErrorCode == -8) {
-            // try again, and if it doesn't work, show an error to the user + throw an exception
-            // it always works the second time
-            lockdownd_client_free(client);
-            client = lockdowndClientFromConnectedDevice();
-            throwIfNeeded(lockdownd_get_value(client, Pointer.NULL, key, plist_value), ErrorCodeType.lockdownd_error);
-        } else {
-            throwIfNeeded(lockdowndGetValueErrorCode, ErrorCodeType.lockdownd_error);
-        }
-        lockdownd_client_free(client);
-        if (plistType.equals(PlistType.INTEGER)) {
-            PointerByReference xml_doc = new PointerByReference();
-            Libplist.toXml(plist_value.getValue(), xml_doc, new PointerByReference());
-            Libplist.free(plist_value.getValue());
-            String toReturn = xml_doc.getValue().getString(0, "UTF-8");
-            return toReturn.substring(toReturn.indexOf("<integer>") + "<integer>".length(), toReturn.indexOf("</integer>"));
-        } else {
-            PointerByReference toReturn = new PointerByReference();
-            Libplist.getStringVal(plist_value.getValue(), toReturn);
-            Libplist.free(plist_value.getValue());
-            return toReturn.getValue().getString(0, "UTF-8");
-        }
-    }
-
     /**
      * Returns a plist with the root element being the requested item.
      * <p>
-     * It will look something like this:
+     * It will look something like this (might have different type):
      * <pre>
      * {@code
      * <?xml version="1.0" encoding="UTF-8"?>
@@ -252,34 +218,25 @@ private static String getKeyFromConnectedDevice(String key, PlistType plistType)
      * }
      * </pre>
      */
-    private static Pointer getMobileGestaltKey(String key) throws LibimobiledeviceException {
-        PointerByReference device = new PointerByReference();
-        throwIfNeeded(idevice_new(device, Pointer.NULL), ErrorCodeType.idevice_error);
-        PointerByReference client = new PointerByReference();
-        throwIfNeeded(lockdownd_client_new_with_handshake(device.getValue(), client, "blobsaver"), ErrorCodeType.lockdownd_error);
-        PointerByReference service = new PointerByReference();
-        throwIfNeeded(lockdownd_start_service(client.getValue(), "com.apple.mobile.diagnostics_relay", service), ErrorCodeType.lockdownd_error);
-        lockdownd_client_free(client.getValue());
-
-        PointerByReference diagnosticsRelayClient = new PointerByReference();
-        throwIfNeeded(diagnostics_relay_client_new(device.getValue(), service.getValue(), diagnosticsRelayClient), ErrorCodeType.diagnostics_relay_error);
-
-        Pointer keys = Libplist.newArray();
-        Libplist.arrayAppendItem(keys, Libplist.newString(key));
-        PointerByReference plistResult = new PointerByReference();
-        throwIfNeeded(diagnostics_relay_query_mobilegestalt(diagnosticsRelayClient.getValue(), keys, plistResult), ErrorCodeType.diagnostics_relay_error);
-        Pointer plistApnonce = Libplist.dictGetItem(Libplist.dictGetItem(plistResult.getValue(), "MobileGestalt"), key);
-
-        diagnostics_relay_goodbye(diagnosticsRelayClient.getValue());
-        diagnostics_relay_client_free(diagnosticsRelayClient.getValue());
-        lockdownd_service_descriptor_free(service.getValue());
-        idevice_free(device.getValue());
-        Libplist.free(keys);
+    private static Pointer getLockdownValuePlist(String key) throws LibimobiledeviceException {
+        Pointer client = lockdowndClientFromConnectedDevice();
+        PointerByReference plist = new PointerByReference();
+        int lockdowndGetValueErrorCode = lockdownd_get_value(client, Pointer.NULL, key, plist);
+        if (lockdowndGetValueErrorCode == -8) {
+            // try again, and if it doesn't work, show an error to the user + throw an exception
+            // it always works the second time
+            lockdownd_client_free(client);
+            client = lockdowndClientFromConnectedDevice();
+            throwIfNeeded(lockdownd_get_value(client, Pointer.NULL, key, plist), ErrorCodeType.lockdownd_error);
+        } else {
+            throwIfNeeded(lockdowndGetValueErrorCode, ErrorCodeType.lockdownd_error);
+        }
+        lockdownd_client_free(client);
 
-        return plistApnonce;
+        return plist.getValue();
     }
 
-    private static String plistDataToString(Pointer plist, ByteOrder byteOrder) {
+    private static String plistDataToHexString(Pointer plist, ByteOrder byteOrder) {
         IntByReference apnonceLength = new IntByReference();
         byte[] apnonceBytes = Libplist.getDataPtr(plist, apnonceLength).getByteArray(0, apnonceLength.getValue());
         String toReturn = Utils.bytesToHex(apnonceBytes, byteOrder);
@@ -288,6 +245,27 @@ private static String plistDataToString(Pointer plist, ByteOrder byteOrder) {
         return toReturn;
     }
 
+    private static long getPlistLong(Pointer plist) {
+        LongByReference reference = new LongByReference();
+        Libplist.getUintVal(plist, reference);
+        Libplist.free(plist);
+        return reference.getValue();
+    }
+
+    private static String getPlistString(Pointer plist) {
+        PointerByReference reference = new PointerByReference();
+        Libplist.getStringVal(plist, reference);
+        Libplist.free(plist);
+        return reference.getValue().getString(0, "UTF-8");
+    }
+
+    // Useful for debugging
+    private static String plistToXml(Pointer plist) {
+        PointerByReference xml_doc = new PointerByReference();
+        Libplist.toXml(plist, xml_doc, new PointerByReference());
+        return xml_doc.getValue().getString(0, "UTF-8");
+    }
+
     private static Pointer lockdowndClientFromConnectedDevice() throws LibimobiledeviceException {
         PointerByReference device = new PointerByReference();
         throwIfNeeded(idevice_new(device, Pointer.NULL), ErrorCodeType.idevice_error);
@@ -306,12 +284,8 @@ static void enterRecovery() throws LibimobiledeviceException {
         lockdownd_client_free(client);
     }
 
-    private enum PlistType {
-        STRING, INTEGER
-    }
-
     private enum ErrorCodeType {
-        idevice_error, lockdownd_error, irecv_error, diagnostics_relay_error
+        idevice_error, lockdownd_error, irecv_error
     }
 
     private static void throwIfNeeded(int errorCode, ErrorCodeType errorType) throws LibimobiledeviceException {
@@ -350,9 +324,6 @@ private static void throwIfNeeded(int errorCode, ErrorCodeType errorType) throws
             message = "irecovery error: code=" + errorCode +
                     "\n\nIf your device is still in recovery mode, use the \"Exit Recovery Mode\" option from the help menu.";
             reportableError = true;
-        } else if (errorType.equals(ErrorCodeType.diagnostics_relay_error)) {
-            message = "Diagnostics Relay error: code=" + errorCode;
-            reportableError = true;
         }
         throw new LibimobiledeviceException(message, errorType, errorCode, reportableError);
     }

src/main/java/airsquared/blobsaver/app/natives/Libimobiledevice.java

@@ -41,20 +41,8 @@ public class Libimobiledevice {
 
     public static native int lockdownd_client_new_with_handshake(Pointer device, PointerByReference client, String label);
 
-    public static native int lockdownd_start_service(Pointer lockdownd_client, String identifier, PointerByReference service);
-
     public static native void lockdownd_client_free(Pointer client);
 
-    public static native void lockdownd_service_descriptor_free(Pointer service);
-
-    public static native int diagnostics_relay_client_new(Pointer idevice, Pointer lockdownd_service_descriptor, PointerByReference diagnostics_relay_client);
-
-    public static native int diagnostics_relay_query_mobilegestalt(Pointer diagnostics_client, Pointer plist_keys, PointerByReference plist_node);
-
-    public static native void diagnostics_relay_goodbye(Pointer diagnostics_client);
-
-    public static native void diagnostics_relay_client_free(Pointer diagnostics_client);
-
     public static native void idevice_free(Pointer idevice);
 
     static {

src/main/java/airsquared/blobsaver/app/natives/Libirecovery.java

@@ -19,16 +19,10 @@
 package airsquared.blobsaver.app.natives;
 
 import airsquared.blobsaver.app.natives.NativeUtils.CFunctionName;
-import com.sun.jna.FunctionMapper;
-import com.sun.jna.Library;
-import com.sun.jna.Native;
-import com.sun.jna.NativeLibrary;
 import com.sun.jna.Pointer;
 import com.sun.jna.Structure;
 import com.sun.jna.ptr.PointerByReference;
 
-import java.util.Map;
-
 /**
  * https://github.com/libimobiledevice/libirecovery/blob/master/src/libirecovery.c
  */
@@ -73,19 +67,15 @@ public static class irecv_device_info extends Structure {
 
 
     static {
-//        try {
-//        NativeUtils.register(Libimobiledevice.class, "irecovery");
-//        } catch (UnsatisfiedLinkError e) {
-//            try {
-//                NativeUtils.register(Libimobiledevice.class, "irecovery-1.0");
-//            } catch (UnsatisfiedLinkError e2) {
-//                e.addSuppressed(e2);
-//                throw e;
-//            }
-//        }
-        Native.register(Libirecovery.class, NativeLibrary.getInstance("irecovery", Map.of(Library.OPTION_CLASSLOADER, Libirecovery.class.getClassLoader(),
-                Library.OPTION_FUNCTION_MAPPER, (FunctionMapper) (lib, method) ->
-                        method.isAnnotationPresent(CFunctionName.class) ?
-                                method.getAnnotation(CFunctionName.class).value() : method.getName())));
+        try {
+            NativeUtils.register(Libirecovery.class, "irecovery");
+        } catch (UnsatisfiedLinkError e) {
+            try {
+                NativeUtils.register(Libirecovery.class, "irecovery-1.0");
+            } catch (UnsatisfiedLinkError e2) {
+                e.addSuppressed(e2);
+                throw e;
+            }
+        }
     }
 }

src/main/java/airsquared/blobsaver/app/natives/Libplist.java

@@ -21,6 +21,7 @@
 import airsquared.blobsaver.app.natives.NativeUtils.CFunctionName;
 import com.sun.jna.Pointer;
 import com.sun.jna.ptr.IntByReference;
+import com.sun.jna.ptr.LongByReference;
 import com.sun.jna.ptr.PointerByReference;
 
 public class Libplist {
@@ -43,6 +44,9 @@ public class Libplist {
     @CFunctionName("plist_get_string_val")
     public static native void getStringVal(Pointer plist, PointerByReference value);
 
+    @CFunctionName("plist_get_uint_val")
+    public static native void getUintVal(Pointer plist, LongByReference value);
+
     @CFunctionName("plist_free")
     public static native void free(Pointer plist);
 

src/test/java/airsquared/blobsaver/app/BlobsaverTest.java

@@ -18,12 +18,12 @@
 
 package airsquared.blobsaver.app;
 
-import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.BeforeAll;
 
 public class BlobsaverTest {
 
-    @BeforeEach
-    public void setJNALibraryPath() {
+    @BeforeAll
+    public static void setJNALibraryPath() {
         Main.setJNALibraryPath();
     }
 }

src/test/java/airsquared/blobsaver/app/LibimobiledeviceTest.java

@@ -18,21 +18,15 @@
 
 package airsquared.blobsaver.app;
 
-import airsquared.blobsaver.app.natives.Libirecovery;
-import com.sun.jna.Pointer;
-import com.sun.jna.ptr.PointerByReference;
 import org.junit.jupiter.api.Disabled;
 import org.junit.jupiter.api.Test;
 
-import static org.junit.jupiter.api.Assertions.assertEquals;
-
 @Disabled("disable tests unless device is connected")
 public class LibimobiledeviceTest extends BlobsaverTest {
 
     @Test
     public void getECID() throws LibimobiledeviceUtil.LibimobiledeviceException {
-        long ecid = LibimobiledeviceUtil.getECID();
-        assertEquals(0L, ecid);  // change to your device's ecid
+        System.out.println(LibimobiledeviceUtil.getECID());
     }
 
     @Test
@@ -41,25 +35,7 @@ public void enterRecovery() throws LibimobiledeviceUtil.LibimobiledeviceExceptio
     }
 
     @Test
-    public void getNonce() {
-        PointerByReference irecvClient = new PointerByReference();
-        assertEquals(0, Libirecovery.open(irecvClient));
-        Libirecovery.irecv_device_info deviceInfo = Libirecovery.getDeviceInfo(irecvClient.getValue());
-        StringBuilder apnonce = new StringBuilder();
-        System.out.println("deviceInfo.ap_nonce = " + deviceInfo.ap_nonce);
-        for (byte b : ((Pointer) deviceInfo.readField("ap_nonce")).getByteArray(0, deviceInfo.ap_nonce_size)) {
-            apnonce.append(String.format("%02x", b));
-        }
-//        assertEquals("", apnonce.toString());                                   // change to your device's apnonce
-        System.out.println("apnonce = " + apnonce);
-        assertEquals(0, Libirecovery.setEnv(irecvClient.getValue(), "auto-boot", "true"));
-        assertEquals(0, Libirecovery.saveEnv(irecvClient.getValue()));
-        assertEquals(0, Libirecovery.reboot(irecvClient.getValue()));
-        assertEquals(0, Libirecovery.close(irecvClient.getValue()));
-    }
-
-    @Test
-    public void mobilegestalt() throws LibimobiledeviceUtil.LibimobiledeviceException {
+    public void getApNonce() throws LibimobiledeviceUtil.LibimobiledeviceException {
         System.out.println(LibimobiledeviceUtil.getApNonceNormalMode());
         System.out.println(LibimobiledeviceUtil.getGenerator());
     }