pymobiledevice3 4.14.6__py3-none-any.whl → 7.0.6__py3-none-any.whl

pymobiledevice3/restore/fdr.py

@@ -10,14 +10,14 @@ from pymobiledevice3 import usbmux
 from pymobiledevice3.exceptions import ConnectionFailedError, NoDeviceConnectedError, PyMobileDevice3Exception
 from pymobiledevice3.service_connection import ServiceConnection
 
-CTRL_PORT = 0x43a  # 1082
-CTRLCMD = b'BeginCtrl\0'
-HELLOCTRLCMD = b'HelloCtrl\0'
-HELLOCMD = b'HelloConn\0'
+CTRL_PORT = 0x43A  # 1082
+CTRLCMD = b"BeginCtrl\0"
+HELLOCTRLCMD = b"HelloCtrl\0"
+HELLOCMD = b"HelloConn\0"
 
 FDR_SYNC_MSG = 0x1
 FDR_PROXY_MSG = 0x105
-FDR_PLIST_MSG = 0xbbaa
+FDR_PLIST_MSG = 0xBBAA
 CHUNK_SIZE = 1048576
 
 conn_port = None
@@ -36,8 +36,6 @@ class FDRClient:
     ctrlprotoversion = 2
 
     def __init__(self, type_: fdr_type, udid=None):
-        global conn_port
-
         device = usbmux.select_device(udid)
         if device is None:
             if udid:
@@ -45,77 +43,77 @@ class FDRClient:
             else:
                 raise NoDeviceConnectedError()
 
-        logger.debug('connecting to FDR')
+        logger.debug("connecting to FDR")
 
         if type_ == fdr_type.FDR_CTRL:
             self.service = ServiceConnection.create_using_usbmux(
-                device.serial, self.SERVICE_PORT, connection_type='USB'
+                device.serial, self.SERVICE_PORT, connection_type="USB"
             )
             self.ctrl_handshake()
         else:
-            self.service = ServiceConnection.create_using_usbmux(device.serial, conn_port, connection_type='USB')
+            self.service = ServiceConnection.create_using_usbmux(device.serial, conn_port, connection_type="USB")
             self.sync_handshake()
 
-        logger.debug('FDR connected')
+        logger.debug("FDR connected")
 
     def recv_plist(self):
-        return self.service.recv_plist(endianity='<')
+        return self.service.recv_plist(endianity="<")
 
     def send_recv_plist(self, plist):
-        return self.service.send_recv_plist(plist, endianity='<', fmt=plistlib.FMT_BINARY)
+        return self.service.send_recv_plist(plist, endianity="<", fmt=plistlib.FMT_BINARY)
 
     def ctrl_handshake(self):
         global conn_port
 
-        logger.debug('About to do ctrl handshake')
+        logger.debug("About to do ctrl handshake")
 
         self.service.sendall(CTRLCMD)
 
         if self.ctrlprotoversion != 2:
-            raise NotImplementedError('TODO')
+            raise NotImplementedError("TODO")
 
         req = {
-            'Command': CTRLCMD,
-            'CtrlProtoVersion': self.ctrlprotoversion,
+            "Command": CTRLCMD,
+            "CtrlProtoVersion": self.ctrlprotoversion,
         }
         resp = self.send_recv_plist(req)
-        conn_port = resp['ConnPort']
+        conn_port = resp["ConnPort"]
 
-        logger.debug(f'Ctrl handshake done (ConnPort = {conn_port})')
+        logger.debug(f"Ctrl handshake done (ConnPort = {conn_port})")
 
     def sync_handshake(self):
         self.service.sendall(HELLOCMD)
 
         if self.ctrlprotoversion != 2:
-            raise NotImplementedError('TODO')
+            raise NotImplementedError("TODO")
 
         reply = self.recv_plist()
-        cmd = reply['Command']
-        identifier = reply['Identifier']
+        cmd = reply["Command"]
+        identifier = reply["Identifier"]
 
-        if cmd != 'HelloConn':
-            raise PyMobileDevice3Exception('Did not receive HelloConn reply...')
+        if cmd != "HelloConn":
+            raise PyMobileDevice3Exception("Did not receive HelloConn reply...")
 
         if identifier:
-            logger.debug(f'got device identifier: {identifier}')
+            logger.debug(f"got device identifier: {identifier}")
 
     def handle_sync_cmd(self):
         self.service.recvall(2)
 
         # Open a new connection and wait for messages on it
-        logger.debug('FDR connected in reply to sync message, starting command thread')
+        logger.debug("FDR connected in reply to sync message, starting command thread")
         start_fdr_thread(fdr_type.FDR_CONN)
 
     def handle_proxy_cmd(self):
         buf = self.service.recv(1048576)
-        logger.debug(f'got proxy command with {len(buf)} bytes')
+        logger.debug(f"got proxy command with {len(buf)} bytes")
 
         # Just return success here unconditionally because we don't know
         # anything else, and we will eventually abort on failure anyway
-        self.service.sendall(struct.pack('<H', 5))
+        self.service.sendall(struct.pack("<H", 5))
 
         if len(buf) < 3:
-            logger.debug(f'FDR {self} proxy command data too short, retrying')
+            logger.debug(f"FDR {self} proxy command data too short, retrying")
             return self.poll_and_handle_message()
 
         # ack command data too
@@ -127,11 +125,11 @@ class FDRClient:
         # Now try to handle actual messages
         # Connect: 0 3 hostlen <host> <port>
         if buf[0] == 0 and buf[1] == 3:
-            port = struct.unpack('>H', buf[-2:])[0]
+            port = struct.unpack(">H", buf[-2:])[0]
             hostlen = buf[2]
-            host = buf[3:3 + hostlen]
+            host = buf[3 : 3 + hostlen]
 
-            logger.debug(f'FDR {self} Proxy connect request to {host}:{port}')
+            logger.debug(f"FDR {self} Proxy connect request to {host}:{port}")
 
         if host is None:
             # missing or zero length host name
@@ -141,28 +139,28 @@ class FDRClient:
         sockfd.connect((host, port))
 
         while True:
-            readable, writable, exceptional = select.select([sockfd, self.service.socket],
-                                                            [],
-                                                            [sockfd, self.service.socket])
+            readable, _writable, exceptional = select.select(
+                [sockfd, self.service.socket], [], [sockfd, self.service.socket]
+            )
 
             for current_sock in readable:
                 if current_sock == self.service.socket:
                     buf = self.service.recv(CHUNK_SIZE)
 
-                    logger.debug(f'FDR {self} got payload of {len(buf)} bytes, now try to proxy it')
-                    logger.debug(f'Sending {len(buf)} bytes of data')
+                    logger.debug(f"FDR {self} got payload of {len(buf)} bytes, now try to proxy it")
+                    logger.debug(f"Sending {len(buf)} bytes of data")
 
                     sockfd.sendall(buf)
                 else:
                     buf = sockfd.recv(CHUNK_SIZE)
-                    logger.debug(f'Received {len(buf)} bytes')
+                    logger.debug(f"Received {len(buf)} bytes")
                     self.service.sendall(buf)
 
             if exceptional:
                 if exceptional[0] == sockfd:
-                    logger.debug('Remote closed the connection')
+                    logger.debug("Remote closed the connection")
                 else:
-                    logger.debug('Local service closed the connection')
+                    logger.debug("Local service closed the connection")
                 break
 
         sockfd.close()
@@ -170,16 +168,16 @@ class FDRClient:
 
     def handle_plist_cmd(self):
         d = self.recv_plist()
-        command = d['Command']
+        command = d["Command"]
 
-        if command == 'Ping':
-            self.send_recv_plist({'Pong': True})
+        if command == "Ping":
+            self.send_recv_plist({"Pong": True})
         else:
-            logger.warning(f'FDR {self} received unknown plist command: {command}')
+            logger.warning(f"FDR {self} received unknown plist command: {command}")
 
     def poll_and_handle_message(self):
         # TODO: is it okay?
-        cmd = struct.unpack('<H', self.service.recvall(2))[0]
+        cmd = struct.unpack("<H", self.service.recvall(2))[0]
 
         handlers = {
             FDR_SYNC_MSG: self.handle_sync_cmd,
@@ -190,7 +188,7 @@ class FDRClient:
         if cmd in handlers:
             handlers[cmd]()
         else:
-            logger.warning(f'ignoring FDR message: {cmd}')
+            logger.warning(f"ignoring FDR message: {cmd}")
 
 
 def fdr_listener_thread(type_: fdr_type):
@@ -198,14 +196,14 @@ def fdr_listener_thread(type_: fdr_type):
     try:
         client = FDRClient(type_)
 
-        logger.debug(f'FDR {client} waiting for message...')
+        logger.debug(f"FDR {client} waiting for message...")
 
         while True:
             client.poll_and_handle_message()
     except ConnectionAbortedError:
         pass
 
-    logger.debug(f'FDR {client} terminating...')
+    logger.debug(f"FDR {client} terminating...")
 
 
 def start_fdr_thread(type_: fdr_type):

pymobiledevice3/restore/ftab.py

@@ -1,27 +1,27 @@
 from construct import Array, Bytes, Const, Default, Int32ub, Int32ul, Pointer, Struct, this
 
 ftab_entry = Struct(
-    'tag' / Bytes(4),
-    'offset' / Int32ul,
-    'size' / Int32ul,
-    'pad_0x0C' / Default(Int32ul, 0),
-    'data' / Pointer(this.offset, Bytes(this.size))
+    "tag" / Bytes(4),
+    "offset" / Int32ul,
+    "size" / Int32ul,
+    "pad_0x0C" / Default(Int32ul, 0),
+    "data" / Pointer(this.offset, Bytes(this.size)),
 )
 
 ftab_header = Struct(
-    'always_01' / Int32ul,  # 1
-    'always_ff' / Int32ul,  # 0xFFFFFFFF
-    'unk_0x08' / Int32ub,  # 0
-    'unk_0x0C' / Int32ub,  # 0
-    'unk_0x10' / Int32ub,  # 0
-    'unk_0x14' / Int32ub,  # 0
-    'unk_0x18' / Int32ub,  # 0
-    'unk_0x1C' / Int32ub,  # 0
-    'tag' / Bytes(4),  # e.g. 'rkos'
-    'magic' / Const(b'ftab'),  # 'ftab' magic
-    'num_entries' / Int32ul,
-    'pad_0x2C' / Int32ub,
-    'entries' / Array(this.num_entries, ftab_entry)
+    "always_01" / Int32ul,  # 1
+    "always_ff" / Int32ul,  # 0xFFFFFFFF
+    "unk_0x08" / Int32ub,  # 0
+    "unk_0x0C" / Int32ub,  # 0
+    "unk_0x10" / Int32ub,  # 0
+    "unk_0x14" / Int32ub,  # 0
+    "unk_0x18" / Int32ub,  # 0
+    "unk_0x1C" / Int32ub,  # 0
+    "tag" / Bytes(4),  # e.g. 'rkos'
+    "magic" / Const(b"ftab"),  # 'ftab' magic
+    "num_entries" / Int32ul,
+    "pad_0x2C" / Int32ub,
+    "entries" / Array(this.num_entries, ftab_entry),
 )
 
 
@@ -41,7 +41,7 @@ class Ftab:
 
     def add_entry(self, tag: bytes, data: bytes):
         new_offset = self.parsed.entries[-1].offset + self.parsed.entries[-1].size
-        new_entry = {'tag': tag, 'offset': new_offset, 'size': len(data), 'data': data}
+        new_entry = {"tag": tag, "offset": new_offset, "size": len(data), "data": data}
 
         self.parsed.num_entries += 1
         self.parsed.entries.append(new_entry)

pymobiledevice3/restore/img4.py

@@ -0,0 +1,163 @@
+import logging
+
+from ipsw_parser.build_identity import BuildIdentity
+from pyimg4 import IM4P, IM4R, IMG4, RestoreProperty
+
+logger = logging.getLogger(__name__)
+
+COMPONENT_FOURCC = {
+    "ACIBT": "acib",
+    "ACIBTLPEM": "lpbt",
+    "ACIWIFI": "aciw",
+    "ANE": "anef",
+    "ANS": "ansf",
+    "AOP": "aopf",
+    "AVE": "avef",
+    "Alamo": "almo",
+    "Ap,ANE1": "ane1",
+    "Ap,ANE2": "ane2",
+    "Ap,ANE3": "ane3",
+    "Ap,AudioAccessibilityBootChime": "auac",
+    "Ap,AudioBootChime": "aubt",
+    "Ap,AudioPowerAttachChime": "aupr",
+    "Ap,BootabilityBrainTrustCache": "trbb",
+    "Ap,CIO": "ciof",
+    "Ap,HapticAssets": "hpas",
+    "Ap,LocalBoot": "lobo",
+    "Ap,LocalPolicy": "lpol",
+    "Ap,NextStageIM4MHash": "nsih",
+    "Ap,RecoveryOSPolicyNonceHash": "ronh",
+    "Ap,RestoreANE1": "ran1",
+    "Ap,RestoreANE2": "ran2",
+    "Ap,RestoreANE3": "ran3",
+    "Ap,RestoreCIO": "rcio",
+    "Ap,RestoreDCP2": "rdc2",
+    "Ap,RestoreTMU": "rtmu",
+    "Ap,Scorpius": "scpf",
+    "Ap,SystemVolumeCanonicalMetadata": "msys",
+    "Ap,TMU": "tmuf",
+    "Ap,VolumeUUID": "vuid",
+    "Ap,rOSLogo1": "rlg1",
+    "Ap,rOSLogo2": "rlg2",
+    "AppleLogo": "logo",
+    "AudioCodecFirmware": "acfw",
+    "BatteryCharging": "glyC",
+    "BatteryCharging0": "chg0",
+    "BatteryCharging1": "chg1",
+    "BatteryFull": "batF",
+    "BatteryLow0": "bat0",
+    "BatteryLow1": "bat1",
+    "BatteryPlugin": "glyP",
+    "CFELoader": "cfel",
+    "CrownFirmware": "crwn",
+    "DCP": "dcpf",
+    "Dali": "dali",
+    "DeviceTree": "dtre",
+    "Diags": "diag",
+    "EngineeringTrustCache": "dtrs",
+    "ExtDCP": "edcp",
+    "GFX": "gfxf",
+    "Hamm": "hamf",
+    "Homer": "homr",
+    "ISP": "ispf",
+    "InputDevice": "ipdf",
+    "KernelCache": "krnl",
+    "LLB": "illb",
+    "LeapHaptics": "lphp",
+    "Liquid": "liqd",
+    "LoadableTrustCache": "ltrs",
+    "LowPowerWallet0": "lpw0",
+    "LowPowerWallet1": "lpw1",
+    "LowPowerWallet2": "lpw2",
+    "MacEFI": "mefi",
+    "MtpFirmware": "mtpf",
+    "Multitouch": "mtfw",
+    "NeedService": "nsrv",
+    "OS": "OS\0\0",
+    "OSRamdisk": "osrd",
+    "PEHammer": "hmmr",
+    "PERTOS": "pert",
+    "PHLEET": "phlt",
+    "PMP": "pmpf",
+    "PersonalizedDMG": "pdmg",
+    "RBM": "rmbt",
+    "RTP": "rtpf",
+    "Rap,SoftwareBinaryDsp1": "sbd1",
+    "Rap,RTKitOS": "rkos",
+    "Rap,RestoreRTKitOS": "rrko",
+    "RecoveryMode": "recm",
+    "RestoreANS": "rans",
+    "RestoreDCP": "rdcp",
+    "RestoreDeviceTree": "rdtr",
+    "RestoreExtDCP": "recp",
+    "RestoreKernelCache": "rkrn",
+    "RestoreLogo": "rlgo",
+    "RestoreRTP": "rrtp",
+    "RestoreRamDisk": "rdsk",
+    "RestoreSEP": "rsep",
+    "RestoreTrustCache": "rtsc",
+    "SCE": "scef",
+    "SCE1Firmware": "sc1f",
+    "SEP": "sepi",
+    "SIO": "siof",
+    "StaticTrustCache": "trst",
+    "SystemLocker": "lckr",
+    "SystemVolume": "isys",
+    "WCHFirmwareUpdater": "wchf",
+    "ftap": "ftap",
+    "ftsp": "ftsp",
+    "iBEC": "ibec",
+    "iBSS": "ibss",
+    "iBoot": "ibot",
+    "iBootData": "ibdt",
+    "iBootDataStage1": "ibd1",
+    "iBootTest": "itst",
+    "rfta": "rfta",
+    "rfts": "rfts",
+    "Ap,DCP2": "dcp2",
+    "Ap,RestoreSecureM3Firmware": "rsm3",
+    "Ap,RestoreSecurePageTableMonitor": "rspt",
+    "Ap,RestoreTrustedExecutionMonitor": "rtrx",
+    "Ap,RestorecL4": "rxcl",
+}
+
+
+def stitch_component(
+    name: str, im4p_data: bytes, tss: dict, build_identity: BuildIdentity, ap_parameters: dict
+) -> bytes:
+    logger.info(f"Personalizing IMG4 component {name}...")
+
+    im4p = IM4P(data=im4p_data)
+
+    # patch fourcc
+    fourcc = COMPONENT_FOURCC.get(name)
+    if fourcc is not None:
+        im4p.fourcc = fourcc
+
+    # check if we have a *-TBM entry for the given component
+    tbm_dict = tss.get(f"{name}-TBM")
+
+    info = build_identity["Info"]
+    nonce_slot_required = info.get("RequiresNonceSlot", False) and name in ("SEP", "SepStage1", "LLB")
+
+    im4r = None
+    if tbm_dict is not None or nonce_slot_required:
+        im4r = IM4R()
+
+        if nonce_slot_required:
+            logger.debug(f"{name}: RequiresNonceSlot for {name}")
+            if name in ("SEP", "SepStage1"):
+                snid = ap_parameters.get("SepNonceSlotID", info.get("SepNonceSlotID", 2))
+                logger.debug(f"snid: {snid}")
+                im4r.add_property(RestoreProperty(fourcc="snid", value=snid))
+            else:
+                anid = ap_parameters.get("ApNonceSlotID", info.get("ApNonceSlotID", 0))
+                logger.debug(f"anid: {anid}")
+                im4r.add_property(RestoreProperty(fourcc="anid", value=anid))
+
+    if tbm_dict is not None:
+        for key in tbm_dict:
+            logger.debug(f"{name}: Adding property {key}")
+            im4r.add_property(RestoreProperty(fourcc=key, value=tbm_dict[key]))
+
+    return IMG4(im4p=im4p, im4m=tss.ap_img4_ticket, im4r=im4r).output()