From 41f445b2467c5894cca7bc22c744aa654ca01416 Mon Sep 17 00:00:00 2001
From: tihmstar <tihmstar@gmail.com>
Date: Sat, 27 Jun 2015 12:08:51 +0200
Subject: [PATCH] added 6.1.3 ota downgrade compatibility with baseband
 downgrade

---
 .../Info.plist                                | 169 +++++++++---------
 ipsw-patch/main.c                             |  64 ++++++-
 2 files changed, 145 insertions(+), 88 deletions(-)

diff --git a/ipsw-patch/FirmwareBundles/Down_iPhone4,1_6.1.3_10B329.bundle/Info.plist b/ipsw-patch/FirmwareBundles/Down_iPhone4,1_6.1.3_10B329.bundle/Info.plist
index 6527f143..023b8c3b 100644
--- a/ipsw-patch/FirmwareBundles/Down_iPhone4,1_6.1.3_10B329.bundle/Info.plist
+++ b/ipsw-patch/FirmwareBundles/Down_iPhone4,1_6.1.3_10B329.bundle/Info.plist
@@ -1,62 +1,72 @@
-<?xml version=1.0 encoding=UTF-8?>
-<!DOCTYPE plist PUBLIC -//Apple Computer//DTD PLIST 1.0//EN http://www.apple.com/DTDs/PropertyList-1.0.dtd>
-<plist version=1.0>
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
 <dict>
-	<key>FilesystemPatches</key>
-	<dict/>
-	<key>FirmwarePatches</key>
+	<key>RootFilesystem</key>
+	<string>048-2613-005.dmg</string>
+	<key>RootFilesystemSize</key>
+	<integer>1220</integer>
+	<key>Filename</key>
+	<string>iPhone4,1_6.1.3_10B329_Restore.ipsw</string>
+	<key>RamdiskMountVolume</key>
+	<string>ramdisk</string>
+	<key>Name</key>
+	<string>iPhone4,1_6.1.3_10B329</string>
+	<key>SubPlatform</key>
+	<integer>6</integer>
+	<key>Platform</key>
+	<integer>1</integer>
+	<key>RamdiskOptionsPath</key>
+	<string>/usr/local/share/restore/options.n94.plist</string>
+	<key>SHA1</key>
+	<string>7a62ee60b574301a6aafc48dcc9cccf0894ffb27</string>
+	<key>BuildIdentitiesPatches</key>
 	<dict>
-		<key>RestoreKernelCache</key>
+		<key>UniqueBuildID</key>
+		<data>3Usl6yRx4qezMq1vuVZf69RDnU8=</data>
+		<key>Manifest</key>
 		<dict>
-			<key>File</key>
-			<string>kernelcache.release.n94</string>
-			<key>IV</key>
-			<string>8a2c03ef8a0e45947780cdde01be40fb</string>
-			<key>Key</key>
-			<string>a374109c958957200f879f7b6ef34437fbde1a9f178b7c2412755cf9a3ed2d72</string>
-			<!--key>Patch</key>
-			<string>kernelcache.release.patch</string-->
-			<key>DecryptPath</key>
-			<string>Downgrade/kernelcache.release.n94</string>
-			<key>TypeFlag</key>
-			<integer>4</integer>
+			<key>RestoreRamDisk</key>
+			<dict>
+				<key>Digest</key>
+				<data>soTe26MUEWqoKnxbAlm9uDrYEA4=</data>
+				<key>PartialDigest</key>
+				<data>QAAAAHhwMwEwggsDt8v7VOdjNK99c7EacJVHFA==</data>
+			</dict>
 		</dict>
-		<!--key>Update Ramdisk</key>
-		<dict>
-			<key>File</key>
-			<string>048-2679-005.dmg</string>
-			<key>IV</key>
-			<string>d26f911dbf7b3c6a49037179b96ecc8c</string>
-			<key>Key</key>
-			<string>35a6872687dc9a1cb0904c88e4abf8a8bf453dae99fd442258e5cffd8443628c</string>
-			<key>TypeFlag</key>
-			<integer>8</integer>
-		</dict-->
-		<key>Restore Ramdisk</key>
+	</dict>
+	<key>RamdiskPatches</key>
+	<dict>
+		<key>asr</key>
 		<dict>
 			<key>File</key>
-			<string>048-2516-005.dmg</string>
-			<key>IV</key>
-			<string>d30fa37b6ed56715121337a5fc039801</string>
-			<key>Key</key>
-			<string>1d8da07783a6f53efbb47657c352b305f0856697c6c824a9132ea0effe1a92a9</string>
-			<key>Decrypt</key>
-			<true/>
-			<key>TypeFlag</key>
-			<integer>8</integer>
+			<string>usr/sbin/asr</string>
+			<key>Patch</key>
+			<string>asr.patch</string>
 		</dict>
+	</dict>
+	<key>DownloadUrl</key>
+	<string></string>
+	<key>FilesystemPatches</key>
+	<dict/>
+	<key>RootFilesystemMountVolume</key>
+	<string>BrightonMaps10B329.N94OS</string>
+	<key>UniqueBuildID</key>
+	<data>3Usl6yRx4qezMq1vuVZf69RDnU8=</data>
+	<key>FirmwarePatches</key>
+	<dict>
 		<key>iBSS</key>
 		<dict>
 			<key>File</key>
 			<string>Firmware/dfu/iBSS.n94ap.RELEASE.dfu</string>
-			<key>IV</key>
-			<string>d3fe01e99bd0967e80dccfc0739f93d5</string>
 			<key>Key</key>
 			<string>35343d5139e0313c81ee59dbae292da26e739ed75b3da5db9da7d4d26046498c</string>
-			<key>Patch</key>
-			<string>iBSS.n94ap.RELEASE.patch</string>
 			<key>Decrypt</key>
 			<true/>
+			<key>Patch</key>
+			<string>iBSS.n94ap.RELEASE.patch</string>
+			<key>IV</key>
+			<string>d3fe01e99bd0967e80dccfc0739f93d5</string>
 			<key>TypeFlag</key>
 			<integer>8</integer>
 		</dict>
@@ -64,14 +74,14 @@
 		<dict>
 			<key>File</key>
 			<string>Firmware/dfu/iBEC.n94ap.RELEASE.dfu</string>
-			<key>IV</key>
-			<string>1f12075441b7f193c5967c51ede025bf</string>
 			<key>Key</key>
 			<string>aba0d7f3e2d40d2a0039a36086c469e25e1eafb2fee2f50e36a3e5f7cd4d89c9</string>
-			<key>Patch</key>
-			<string>iBEC.n94ap.RELEASE.patch</string>
 			<key>Decrypt</key>
 			<true/>
+			<key>Patch</key>
+			<string>iBEC.n94ap.RELEASE.patch</string>
+			<key>IV</key>
+			<string>1f12075441b7f193c5967c51ede025bf</string>
 			<key>TypeFlag</key>
 			<integer>8</integer>
 		</dict>
@@ -79,65 +89,52 @@
 		<dict>
 			<key>File</key>
 			<string>Firmware/all_flash/all_flash.n94ap.production/DeviceTree.n94ap.img3</string>
-			<key>IV</key>
-			<string>fabb698a3b2e845d7ad6849fbc067870</string>
 			<key>Key</key>
 			<string>bd500bdc2a66aba636311037b9bd2b6ab3bd7374542352225d5be0c23998dd84</string>
 			<key>DecryptPath</key>
 			<string>Downgrade/DeviceTree.n94ap.img3</string>
+			<key>IV</key>
+			<string>fabb698a3b2e845d7ad6849fbc067870</string>
 		</dict>
 		<key>RestoreLogo</key>
 		<dict>
 			<key>File</key>
 			<string>Firmware/all_flash/all_flash.n94ap.production/applelogo@2x.s5l8940x.img3</string>
-			<key>IV</key>
-			<string>09678f1312084547b5bedce677e6a828</string>
 			<key>Key</key>
 			<string>e7e9b79f5e6e81ff6d6bf81bf272af56e6ab0f1c691088eff2aca5b1ee31455e</string>
 			<key>DecryptPath</key>
 			<string>Downgrade/applelogo@2x.s5l8940x.img3</string>
+			<key>IV</key>
+			<string>09678f1312084547b5bedce677e6a828</string>
 		</dict>
-	</dict>
-	<key>RamdiskPatches</key>
-	<dict>
-		<key>asr</key>
+		<key>Restore Ramdisk</key>
 		<dict>
 			<key>File</key>
-			<string>usr/sbin/asr</string>
-			<key>Patch</key>
-			<string>asr.patch</string>
+			<string>048-2516-005.dmg</string>
+			<key>Key</key>
+			<string>1d8da07783a6f53efbb47657c352b305f0856697c6c824a9132ea0effe1a92a9</string>
+			<key>Decrypt</key>
+			<true/>
+			<key>TypeFlag</key>
+			<integer>8</integer>
+			<key>IV</key>
+			<string>d30fa37b6ed56715121337a5fc039801</string>
 		</dict>
-		<!--key>restored_external</key>
+		<key>RestoreKernelCache</key>
 		<dict>
 			<key>File</key>
-			<string>usr/local/bin/restored_external</string>
-			<key>Patch</key>
-			<string>restored.patch</string>
-		</dict-->
+			<string>kernelcache.release.n94</string>
+			<key>Key</key>
+			<string>a374109c958957200f879f7b6ef34437fbde1a9f178b7c2412755cf9a3ed2d72</string>
+			<key>DecryptPath</key>
+			<string>Downgrade/kernelcache.release.n94</string>
+			<key>TypeFlag</key>
+			<integer>4</integer>
+			<key>IV</key>
+			<string>8a2c03ef8a0e45947780cdde01be40fb</string>
+		</dict>
 	</dict>
-	<key>RamdiskMountVolume</key>
-	<string>ramdisk</string>
-	<key>RamdiskOptionsPath</key>
-	<string>/usr/local/share/restore/options.n94.plist</string>
-	<key>RootFilesystem</key>
-	<string>048-2613-005.dmg</string>
-	<key>RootFilesystemSize</key>
-	<integer>1220</integer>
 	<key>RootFilesystemKey</key>
 	<string>d4685a3c01a0b6f762350191d98b8964d4c7af349aa84bacef828be9683514ccf44a8426</string>
-	<key>RootFilesystemMountVolume</key>
-	<string>BrightonMaps10B329.N94OS</string>
-	<key>SHA1</key>
-	<string>7a62ee60b574301a6aafc48dcc9cccf0894ffb27</string>
-	<key>Filename</key>
-	<string>iPhone4,1_6.1.3_10B329_Restore.ipsw</string>
-	<key>Name</key>
-	<string>iPhone4,1_6.1.3_10B329</string>
-	<key>DownloadUrl</key>
-	<string></string>
-	<key>Platform</key>
-	<integer>1</integer>
-	<key>SubPlatform</key>
-	<integer>6</integer>
 </dict>
 </plist>
diff --git a/ipsw-patch/main.c b/ipsw-patch/main.c
index 513c7bee..e7fcbdff 100644
--- a/ipsw-patch/main.c
+++ b/ipsw-patch/main.c
@@ -57,12 +57,55 @@ void closeRoot(void* buffer) {
 	}
 }
 
+int replaceMatching(Dictionary* orig, Dictionary *new){
+    DictValue *patchDict = new->values;
+    int dirty = FALSE;
+    
+    while(patchDict != NULL) {
+        char *key = ((DictValue*)patchDict)->key;
+        
+        if (patchDict->type == DictionaryType) {
+            Dictionary *norig = (Dictionary *)getValueByKey(orig,key);
+            if (norig) {
+                XLOG(0, "+ key=%s\n",key);
+                replaceMatching(norig,(Dictionary *)patchDict);
+                XLOG(0, "- key=%s\n",key);
+            }
+        }else{
+            DictValue *origValue = getValueByKey(orig,key);
+            if (origValue) {
+                if (origValue->type == DataType) {
+                    DataValue *newValue = (DataValue *)getValueByKey(new,key); //assuming replacing with same type
+                    
+                    free(((DataValue*)origValue)->value);
+                    unsigned char *buf = malloc(newValue->len);
+                    memcpy(buf,newValue->value,newValue->len);
+                    
+                    ((DataValue *)origValue)->value = buf;
+                    
+                    XLOG(0, "replacing key=%s\n",key);
+                }else{
+                    XLOG(0, "Error: replacing values of type %d currently not implemented\n",origValue->type);
+                    return -1;
+                }
+            }
+        }
+        
+        patchDict = ((Dictionary*)patchDict)->dValue.next;
+    }
+    
+    return dirty;
+}
+
+
+
 int main(int argc, char* argv[]) {
 	init_libxpwn(&argc, argv);
 	
 	Dictionary* info;
 	Dictionary* firmwarePatches;
 	Dictionary* patchDict;
+    Dictionary* BuildIdentitiesPatches;
 	ArrayValue* patchArray;
 	
 	void* buffer;
@@ -272,7 +315,7 @@ int main(int argc, char* argv[]) {
 	}
 
 	firmwarePatches = (Dictionary*)getValueByKey(info, "FilesystemPatches");
-
+    
 	int j;
 	for(j = 0; j < numToRemove; j++) {
 		removeKey(firmwarePatches, argv[toRemove[j]]);
@@ -398,6 +441,23 @@ int main(int argc, char* argv[]) {
 		
 		patchDict = (Dictionary*) patchDict->dValue.next;
 	}
+    
+    ArrayValue *buildIdentities = (ArrayValue *)getValueByKey(manifest, "BuildIdentities");
+    if (buildIdentities) {
+        BuildIdentitiesPatches = (Dictionary*)getValueByKey(info, "BuildIdentitiesPatches");
+        for (i = 0; i < buildIdentities->size; i++) {
+            StringValue *path;
+            Dictionary *dict = (Dictionary *)buildIdentities->values[i];
+            BuildIdentitiesPatches = (Dictionary*)getValueByKey(info, "BuildIdentitiesPatches");
+            int myret = replaceMatching(dict,BuildIdentitiesPatches);
+            XLOG(0, "\n");
+            if (myret == -1) {
+                XLOG(0, "Error: something went wrong\n");
+                return -1;
+            }else if (myret >0) manifestDirty = TRUE;
+        }
+    }
+    
 
 	if (manifestDirty && manifest) {
 		manifestFile = getFileFromOutputStateForReplace(&outputState, "BuildManifest.plist");
@@ -409,7 +469,7 @@ int main(int argc, char* argv[]) {
 		}
 		releaseDictionary(manifest);
 	}
-
+    
 	fileValue = (StringValue*) getValueByKey(info, "RootFilesystem");
 	rootFSPathInIPSW = fileValue->value;