def main(): parser = OptionParser(usage="%prog [options] nand_image.bin device_infos.plist") (options, args) = parser.parse_args() if sys.platform == "darwin": import readline import rlcompleter #fix tab complete on osx if readline.__doc__ and "libedit" in readline.__doc__: readline.parse_and_bind("bind ^I rl_complete") else: readline.parse_and_bind("tab: complete") if len(args) >= 2: plistname = args[1] nandimagename = args[0] device_infos = plistlib.readPlist(plistname) print "Loading device information from %s" % plistname else: nandimagename ="remote" client = RamdiskToolClient.get() device_infos = client.device_infos print_device_infos(device_infos) image = NAND(nandimagename, device_infos) ExaminerShell(image).cmdloop("")
def __init__(self, image, completekey='tab', stdin=None, stdout=None): Cmd.__init__(self, completekey=completekey, stdin=stdin, stdout=stdout) self.curdir = "/" self.rdisk = None if image.filename == "remote": self.rdisk = RamdiskToolClient.get() self.device_infos = image.device_infos self.complete_open = self._complete self.complete_xattr = self._complete self.complete_cprotect = self._complete self.complete_ls = self._complete self.complete_cd = self._complete self.complete_plist = self._complete self.complete_xxd = self._complete self.image = image if image.ppn and image.filename == "remote": self.savepath = "." print "Remote PPN device, use nand_dump + save, other commands will fail" return self.system = image.getPartitionVolume(0) self.data = image.getPartitionVolume(1) self.volume = None self.volname = "" grab_system_version(self.system, self.device_infos) print "Keybag state: %slocked" % (int(self.data.keybag.unlocked) * "un") self.deviceName = get_device_name(self.data) self.do_data("") self.savepath = os.path.join(os.path.dirname(image.filename), "%s.plist" % self.device_infos.udid[:10]) #if image.iosVersion > 3 and not image.device_infos.has_key("passcode"): # print "No passcode found in plist file, bruteforce required to access protected data" self.carver = None
def bruteforcePasscode(device_infos, data_volume): if device_infos.has_key("passcode"): print "Passcode already found, no bruteforce required" return False kb = data_volume.keybag if not kb: return False rd = RamdiskToolClient.get() if rd.device_infos.udid != device_infos.udid: print "Wrong device connected" return print "Enter passcode or leave blank for bruteforce:" z = raw_input() bf = rd.getPasscodeKey(kb.KeyBagKeys, z) if kb.unlockWithPasscodeKey(bf.get("passcodeKey").decode("hex")): print "Passcode \"%s\" OK" % z else: if z != "": print "Wrong passcode, trying to bruteforce !" if checkPasscodeComplexity(data_volume) != 0: print "Complex passcode used, not bruteforcing" return False bf = rd.bruteforceKeyBag(kb.KeyBagKeys) if bf and kb.unlockWithPasscodeKey(bf.get("passcodeKey").decode("hex")): print "Bruteforce successful, passcode : %s" % bf["passcode"] print "Passcode key : %s" % bf.get("passcodeKey") if kb.unlocked: device_infos.update(bf) device_infos["classKeys"] = kb.getClearClassKeysDict() device_infos["KeyBagKeys"] = plistlib.Data(kb.KeyBagKeys) return True return False
def decryptGID(data): try: client = RamdiskToolClient.get() except: return None r = client.aesGID(data) if r and r.has_key("data"): return r.data.data return None
def main(): parser = OptionParser(usage="%prog [options] nand_image.bin device_infos.plist") (options, args) = parser.parse_args() if len(args) >= 2: plistname = args[1] nandimagename = args[0] device_infos = plistlib.readPlist(plistname) print "Loading device information from %s" % plistname else: nandimagename ="remote" client = RamdiskToolClient.get() device_infos = client.device_infos print_device_infos(device_infos) image = NAND(nandimagename, device_infos) ExaminerShell(image).cmdloop("")
def main(): parser = OptionParser( usage="%prog [options] nand_image.bin device_infos.plist") (options, args) = parser.parse_args() if len(args) >= 2: plistname = args[1] nandimagename = args[0] device_infos = plistlib.readPlist(plistname) print "Loading device information from %s" % plistname else: nandimagename = "remote" client = RamdiskToolClient.get() device_infos = client.device_infos print_device_infos(device_infos) image = NAND(nandimagename, device_infos) ExaminerShell(image).cmdloop("")
def bruteforcePasscode(device_infos, data_volume): if device_infos.has_key("passcode"): print "Passcode already found, no bruteforce required" return False kb = data_volume.keybag if not kb: return False rd = RamdiskToolClient.get() if rd.device_infos.udid != device_infos.udid: print "Wrong device connected" return print "Passcode comlexity (from OpaqueStuff) : %s" % COMPLEXITY.get(kb.passcodeComplexity) print "Enter passcode or leave blank for bruteforce:" z = raw_input() bf = rd.getPasscodeKey(kb.KeyBagKeys, z) if kb.unlockWithPasscodeKey(bf.get("passcodeKey").decode("hex")): print "Passcode \"%s\" OK" % z else: if z != "": print "Wrong passcode, trying to bruteforce !" if kb.passcodeComplexity != 0: print "Complex passcode used, not bruteforcing" return False bf = rd.bruteforceKeyBag(kb.KeyBagKeys) if bf and kb.unlockWithPasscodeKey(bf.get("passcodeKey").decode("hex")): print "Bruteforce successful, passcode : %s" % bf["passcode"] print "Passcode key : %s" % bf.get("passcodeKey") if kb.unlocked: device_infos.update(bf) device_infos["classKeys"] = kb.getClearClassKeysDict() device_infos["KeyBagKeys"] = plistlib.Data(kb.KeyBagKeys) return True return False
def do_reboot(self, p): if not self.rdisk: self.rdisk = RamdiskToolClient.get() self.rdisk.reboot() return self.do_exit(p)