forked from ninjaprawn/patchfinder64
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathfetch_kerncaches
More file actions
executable file
·134 lines (107 loc) · 3.82 KB
/
fetch_kerncaches
File metadata and controls
executable file
·134 lines (107 loc) · 3.82 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
#!/usr/bin/python
try:
import urllib2 as urlreq # Python 2.x
except:
import urllib.request as urlreq # Python 3.x
import json, zipfile, io, struct, os, shutil
from socket import ntohl
ipsw_list_raw = urlreq.urlopen(urlreq.Request("https://api.ipsw.me/v4/device/iPhone7,1?type=ipsw")).read()
ipsw_list = json.loads(ipsw_list_raw)["firmwares"]
ipsw_urls = {}
for ipsw in ipsw_list:
ipsw_urls[ipsw["version"]] = ipsw["url"]
intended_firmwares = ["11.0", "11.1", "11.2", "11.3", "11.4", "12.0", "12.1"]
# Translated from BootX-81//bootx.tproj/sl.subproj/lzss.c
N = 4096
F = 18
THRESHOLD = 2
NIL = N
def decompress_lzss(src, dst_length):
text_buf = bytearray("\0" * (N + F - 1))
for i in range(0, N - F):
text_buf[i] = " "
r = N - F
flags = 0
src_idx = 0
dst_idx = 0
c = ""
k = 0
i = 0
j = 0
dst = bytearray("\0" * dst_length)
while True:
flags >>= 1
if (flags & 0x100) == 0:
if src_idx < len(src):
c = src[src_idx]
src_idx += 1
else: break
flags = ord(c) | 0xFF00
if (flags & 0x1) == 1:
if src_idx < len(src):
c = src[src_idx]
src_idx += 1
else: break
dst[dst_idx] = c
dst_idx += 1
text_buf[r] = c
r += 1
r &= (N - 1)
else:
if src_idx < len(src):
i = ord(src[src_idx])
src_idx += 1
else: break
if src_idx < len(src):
j = ord(src[src_idx])
src_idx += 1
else: break
i |= ((j & 0xF0) << 4)
j = (j & 0x0F) + THRESHOLD
for k in range(0, j+1):
c = text_buf[(i+k) & (N - 1)]
dst[dst_idx] = c
dst_idx += 1
text_buf[r] = c
r += 1
r &= (N - 1)
return dst
# https://techoverflow.net/2018/01/16/downloading-reading-a-zip-file-in-memory-using-python/
def download_kernelcache(url):
raw_zip_file = urlreq.urlopen(urlreq.Request(url)).read()
with zipfile.ZipFile(io.BytesIO(raw_zip_file)) as zip_file:
for zipinfo in zip_file.infolist():
if zipinfo.filename == "kernelcache.release.iphone7":
return zip_file.read(zipinfo.filename)
print("Couldn't find kernelcache file")
return -1
# http://newosxbook.com/src.jl?tree=listings&file=joker.c
def decompress_kernel(kernel_stream):
compression_info_offset = -1
for i in range(len(kernel_stream)):
if kernel_stream[i:].startswith("complzss"):
compression_info_offset = i
break
if compression_info_offset == -1:
return -1
unknown, uncompressed_size, compressed_size, unknown1 = struct.unpack("IIII", kernel_stream[i+8:i+24])
uncompressed_size = ntohl(uncompressed_size)
compressed_size = ntohl(compressed_size)
kern_offset = -1
for i in range(64, len(kernel_stream)):
if struct.unpack("I", kernel_stream[i:i+4])[0] == 0xfeedfacf:
kern_offset = i - 1
break
if kern_offset == -1:
return -1
return decompress_lzss(kernel_stream[kern_offset:kern_offset+compressed_size], uncompressed_size)
shutil.rmtree("kernel_caches/", ignore_errors=True)
os.mkdir("kernel_caches/")
for firmware in intended_firmwares:
url = ipsw_urls[firmware]
print("iOS {}: DOWNLOADING".format(firmware))
with open("kernel_caches/kernelcache_{}".format(firmware), "wb") as f:
kern_bytes = bytes(download_kernelcache(url))
print("iOS {}: DECOMPRESSING".format(firmware))
f.write(decompress_kernel(kern_bytes))
print("iOS {}: DONE".format(firmware))