From 349869728db4ef2e2485538d2eae384519fec367 Mon Sep 17 00:00:00 2001 From: CristiMacovei Date: Thu, 26 Dec 2024 22:41:22 +0200 Subject: [PATCH 1/5] Update code to build on Linux with GCC >= 12 Signed-off-by: Nicolae-Cristian Macovei --- dfu-util/dfu.h | 1 - dfu-util/sam7dfu.c | 2 ++ ipsw-patch/main.c | 2 +- xpwn/src/xpwn.cpp | 2 +- 4 files changed, 4 insertions(+), 3 deletions(-) diff --git a/dfu-util/dfu.h b/dfu-util/dfu.h index be88a32e..621e2a00 100644 --- a/dfu-util/dfu.h +++ b/dfu-util/dfu.h @@ -104,5 +104,4 @@ char* dfu_state_to_string( int state ); const char *dfu_status_to_string(int status); -int debug; #endif diff --git a/dfu-util/sam7dfu.c b/dfu-util/sam7dfu.c index a7235125..61131582 100644 --- a/dfu-util/sam7dfu.c +++ b/dfu-util/sam7dfu.c @@ -20,6 +20,8 @@ #define O_BINARY 0 #endif +extern int debug; + /* * * CRC32 code ripped off (and adapted) from the zlib-1.1.3 distribution by Jean-loup Gailly and Mark Adler. * * diff --git a/ipsw-patch/main.c b/ipsw-patch/main.c index f90f518b..204b55d5 100644 --- a/ipsw-patch/main.c +++ b/ipsw-patch/main.c @@ -19,7 +19,7 @@ #include #endif -char endianness; +extern char endianness; static char* tmpFile = NULL; diff --git a/xpwn/src/xpwn.cpp b/xpwn/src/xpwn.cpp index 00635e99..4f0c9cfc 100644 --- a/xpwn/src/xpwn.cpp +++ b/xpwn/src/xpwn.cpp @@ -11,7 +11,7 @@ using namespace ibooter; using namespace std; -char endianness; +extern char endianness; void TestByteOrder() { From 0771ba8407a2726f5d0d4b3cc6914e12fab5bc83 Mon Sep 17 00:00:00 2001 From: CristiMacovei Date: Thu, 9 Jan 2025 13:02:17 +0200 Subject: [PATCH 2/5] Introduce Dockerfile Signed-off-by: Nicolae-Cristian Macovei --- Dockerfile | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 00000000..6dc114e9 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,22 @@ +FROM debian:latest + +RUN apt update && apt upgrade -y + +RUN apt install -y git cmake build-essential libz-dev libssl-dev libbz2-dev libpng-dev libusb-dev + +RUN git clone https://github.com/malus-security/xpwn.git + +WORKDIR /xpwn + +RUN git checkout testing + +RUN mkdir builddir + +WORKDIR /xpwn/builddir + +RUN cmake .. +RUN make + +WORKDIR / + +ENTRYPOINT [ "/xpwn/builddir/ipsw-patch/xpwntool" ] \ No newline at end of file From 30b3c5e7a5fadad3eb4001519558bbbbc89be1c1 Mon Sep 17 00:00:00 2001 From: CristiMacovei Date: Tue, 6 May 2025 22:51:54 +0300 Subject: [PATCH 3/5] Improve Dockerfile structure This commit makes docker `COPY` from the local files, instead of pulling the codebase from git. In addition, good-practice changes have been added to the `Dockerfile`, such as replacing `apt` with `apt-get` and adding a newline to the end of the file. Signed-off-by: Nicolae-Cristian Macovei --- Dockerfile | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6dc114e9..e6d65b42 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,17 +1,14 @@ FROM debian:latest -RUN apt update && apt upgrade -y - -RUN apt install -y git cmake build-essential libz-dev libssl-dev libbz2-dev libpng-dev libusb-dev - -RUN git clone https://github.com/malus-security/xpwn.git +RUN set -xe; \ + apt-get -yqq update; \ + apt-get install -y cmake build-essential libz-dev libssl-dev libbz2-dev libpng-dev libusb-dev \ + ; +COPY . /xpwn WORKDIR /xpwn -RUN git checkout testing - RUN mkdir builddir - WORKDIR /xpwn/builddir RUN cmake .. @@ -19,4 +16,6 @@ RUN make WORKDIR / -ENTRYPOINT [ "/xpwn/builddir/ipsw-patch/xpwntool" ] \ No newline at end of file +CMD [ "sh", "-c", "/xpwn/builddir/ipsw-patch/xpwntool /in /out -iv ${IV} -k ${KEY} -decrypt" ] + +ENTRYPOINT [ "/xpwn/builddir/ipsw-patch/xpwntool" ] From 1e9bd8c85deda326b05ce20b518abfef46b975ba Mon Sep 17 00:00:00 2001 From: CristiMacovei Date: Tue, 6 May 2025 22:59:53 +0300 Subject: [PATCH 4/5] Introduce usage instructions for Dockerfile Signed-off-by: Nicolae-Cristian Macovei --- Docker.md | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 Docker.md diff --git a/Docker.md b/Docker.md new file mode 100644 index 00000000..8326c3ac --- /dev/null +++ b/Docker.md @@ -0,0 +1,27 @@ +# Docker Usage Instructions + +### Setup + +Container images are available on [the GitHub Container Registry](https://github.com/orgs/malus-security/packages/container/package/xpwn) (and soon on the GitLab Container Registry). + +You can also build your own image locally: + +```sh +docker build -t . +``` + +### Usage + +The docker image is designed to run `xpwn` in the context of [iExtractor](https://github.com/malus-security/iextractor) and has the following default usage: + +```sh +docker run -v :/in -v :/out -e IV= -e KEY= -t + +# runs this command: ./xpwntool /in /out -iv $IV -k $KEY -decrypt +``` + +However, it is possible to override the default flags: + +```sh +docker run -t --help +`` From 3552643e6d624dd91d64b39043f7cebe773a2704 Mon Sep 17 00:00:00 2001 From: CristiMacovei Date: Tue, 6 May 2025 23:14:28 +0300 Subject: [PATCH 5/5] Introduce Docker pipeline Signed-off-by: Nicolae-Cristian Macovei --- .github/workflows/main.yml | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 .github/workflows/main.yml diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 00000000..8ed2185c --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,33 @@ +name: Build and Push Docker Image to GHCR + +on: + workflow_dispatch: + push: + branches: [master] + +jobs: + build-and-push: + runs-on: ubuntu-latest + + permissions: + contents: read + packages: write + + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Log in to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build Docker image + run: | + docker build -t ghcr.io/${{ github.repository }}:latest . + + - name: Push Docker image + run: | + docker push ghcr.io/${{ github.repository }}:latest