-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathdecrypt_kernel
More file actions
executable file
·74 lines (49 loc) · 1.72 KB
/
decrypt_kernel
File metadata and controls
executable file
·74 lines (49 loc) · 1.72 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
#!/usr/bin/env python3
from argparse import ArgumentParser
from pathlib import Path
from bundle_creation.archive import Archive
from bundle_creation.file import removeFile, writeBinaryFile
from bundle_creation.ipsw import getIpswInfo
from bundle_creation.wiki import getKeys
from bundle_creation.xpwntool import decryptXpwn
def extractKernelFromIPSW(archive, name):
data, kernel = None, None
for path in archive._listPaths():
if path.filename.startswith('kernelcache'):
kernel = path
data = archive._readPath(kernel)
if data:
writeBinaryFile(data, name)
else:
raise Exception('Got here!')
def getValuesForKeys(archive):
manifest = getIpswInfo(archive)
values = (
manifest['codename'],
manifest['buildid'],
manifest['device']
)
return values
def main():
parser = ArgumentParser()
parser.add_argument('--orig', nargs=1, metavar='IPSW', help='unpatched')
parser.add_argument('--patched', nargs=1, metavar='IPSW', help='patched')
args = parser.parse_args()
if args.orig:
work_paths = ('kernelcache.orig', 'kernelcache.patched')
with Archive(args.orig[0]) as o:
values = getValuesForKeys(o)
extractKernelFromIPSW(o, work_paths[0])
if args.patched:
with Archive(args.patched[0]) as p:
extractKernelFromIPSW(p, work_paths[1])
keys = getKeys(*values)['KernelCache']
name, iv, key = keys
for path in work_paths:
if Path(path).exists():
decryptXpwn(path, f'{path}.decrypted', iv, key)
removeFile(path)
else:
parser.print_help()
if __name__ == '__main__':
main()