Difference between revisions of "Normal Mode"

This is the protocol iTunes uses to talk to the booted iPhone. It uses usbmux to provide TCP like connectivity over a USB port using SSL. There is a pairing process iTunes uses to establish the secure channel.

MobileDevice Library

PC Windows : iTunesMobileDevice.dll

• Location : C:\Program Files\Common Files\Apple\Mobile Device Support\bin\iTunesMobileDevice.dll
• Export : itunesmobiledevice.dll

Mac OSX : MobileDevice.framework

• Location : /System/Library/PrivateFrameworks/MobileDevice.framework
• Export command : "nm /System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/MobileDevice"

This is the protocol iTunes uses to talk to the booted iPhone. It uses usbmux to provide TCP like connectivity over a USB port using SSL. There is a pairing process iTunes uses to establish the secure channel.

MobileDevice Library

PC Windows : iTunesMobileDevice.dll

• Location : C:\Program Files\Common Files\Apple\Mobile Device Support\bin\iTunesMobileDevice.dll
• Export : itunesmobiledevice.dll

Mac OSX : MobileDevice.framework

• Location : /System/Library/PrivateFrameworks/MobileDevice.framework
• Export command : "nm /System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/MobileDevice"

=MobileDevice Header (mobiledevice.h)

Reversed engineering C header for MobileDevice Library.

/* ----------------------------------------------------------------------------
 *   MobileDevice.h - interface to MobileDevice.framework 
 * ------------------------------------------------------------------------- */
#pragma once

#ifndef MOBILEDEVICE_H
#define MOBILEDEVICE_H

#ifdef __cplusplus
extern "C" {
#endif
	
#ifndef __GCC__
#pragma pack
#define __PACK
#else
#define __PACK __attribute__((__packed__))
#endif

#if defined(WIN32)
#define __DLLIMPORT [DllImport("iTunesMobileDevice.dll")]
	using namespace System::Runtime::InteropServices;
#include <CoreFoundation.h>
	typedef unsigned int mach_error_t;
#elif defined(__APPLE__)
#define __DLLIMPORT
#include <CoreFoundation/CoreFoundation.h>
#include <mach/error.h>
#endif	
	
	/* Error codes */
#define MDERR_APPLE_MOBILE  (err_system(0x3a))
#define MDERR_IPHONE        (err_sub(0))
	
	/* Apple Mobile (AM*) errors */
#define MDERR_OK                ERR_SUCCESS
#define MDERR_SYSCALL           (ERR_MOBILE_DEVICE | 0x01)
#define MDERR_OUT_OF_MEMORY     (ERR_MOBILE_DEVICE | 0x03)
#define MDERR_QUERY_FAILED      (ERR_MOBILE_DEVICE | 0x04) 
#define MDERR_INVALID_ARGUMENT  (ERR_MOBILE_DEVICE | 0x0b)
#define MDERR_DICT_NOT_LOADED   (ERR_MOBILE_DEVICE | 0x25)
	
	/* Apple File Connection (AFC*) errors */
#define MDERR_AFC_OUT_OF_MEMORY 0x03
	
	/* USBMux errors */
#define MDERR_USBMUX_ARG_NULL   0x16
#define MDERR_USBMUX_FAILED     0xffffffff
	
	/* Messages passed to device notification callbacks: passed as part of
	 * am_device_notification_callback_info. */
#define ADNCI_MSG_CONNECTED     1
#define ADNCI_MSG_DISCONNECTED  2
#define ADNCI_MSG_UNKNOWN       3
	
#define AMD_IPHONE_PRODUCT_ID   0x1290
	//#define AMD_IPHONE_SERIAL       ""
	
	/* Services, found in /System/Library/Lockdown/Services.plist */
#define AMSVC_AFC                   CFSTR("com.apple.afc")
#define AMSVC_BACKUP                CFSTR("com.apple.mobilebackup")
#define AMSVC_CRASH_REPORT_COPY     CFSTR("com.apple.crashreportcopy")
#define AMSVC_DEBUG_IMAGE_MOUNT     CFSTR("com.apple.mobile.debug_image_mount")
#define AMSVC_NOTIFICATION_PROXY    CFSTR("com.apple.mobile.notification_proxy")
#define AMSVC_PURPLE_TEST           CFSTR("com.apple.purpletestr")
#define AMSVC_SOFTWARE_UPDATE       CFSTR("com.apple.mobile.software_update")
#define AMSVC_SYNC                  CFSTR("com.apple.mobilesync")
#define AMSVC_SCREENSHOT            CFSTR("com.apple.screenshotr")
#define AMSVC_SYSLOG_RELAY          CFSTR("com.apple.syslog_relay")
#define AMSVC_SYSTEM_PROFILER       CFSTR("com.apple.mobile.system_profiler")
	
	typedef unsigned int afc_error_t;
	typedef unsigned int usbmux_error_t;
	
	struct am_recovery_device;
	
	struct am_device_notification_callback_info {
		struct am_device *dev;  /* 0    device */ 
		unsigned int msg;       /* 4    one of ADNCI_MSG_* */
	} __PACK;
	
	/* The type of the device restore notification callback functions.
	 * TODO: change to correct type. */
	typedef void (*am_restore_device_notification_callback)(struct
															am_recovery_device *);
	
	/* This is a CoreFoundation object of class AMRecoveryModeDevice. */
	struct am_recovery_device {
		unsigned char unknown0[8];                          /* 0 */
		am_restore_device_notification_callback callback;   /* 8 */
		void *user_info;                                    /* 12 */
		unsigned char unknown1[12];                         /* 16 */
		unsigned int readwrite_pipe;                        /* 28 */
		unsigned char read_pipe;                            /* 32 */
		unsigned char write_ctrl_pipe;                      /* 33 */
		unsigned char read_unknown_pipe;                    /* 34 */
		unsigned char write_file_pipe;                      /* 35 */
		unsigned char write_input_pipe;                     /* 36 */
	} __PACK;
	
	/* A CoreFoundation object of class AMRestoreModeDevice. */
	struct am_restore_device {
		unsigned char unknown[32];
		int port;
	} __PACK;
	
	/* The type of the device notification callback function. */
	typedef void(*am_device_notification_callback)(struct
												   am_device_notification_callback_info *);
	
	/* The type of the _AMDDeviceAttached function.
	 * TODO: change to correct type. */
	typedef void *amd_device_attached_callback;
	
	/* The type of the device restore notification callback functions.
	 * TODO: change to correct type. */
	typedef void (*am_restore_device_notification_callback)(struct
															am_recovery_device *);
	
	struct am_device {
		unsigned char unknown0[16]; /* 0 - zero */
		unsigned int device_id;     /* 16 */
		unsigned int product_id;    /* 20 - set to AMD_IPHONE_PRODUCT_ID */
		char *serial;               /* 24 - set to AMD_IPHONE_SERIAL */
		unsigned int unknown1;      /* 28 */
		unsigned char unknown2[4];  /* 32 */
		unsigned int lockdown_conn; /* 36 */
		unsigned char unknown3[8];  /* 40 */
	} __PACK;
	
	struct am_device_notification {
		unsigned int unknown0;                      /* 0 */
		unsigned int unknown1;                      /* 4 */
		unsigned int unknown2;                      /* 8 */
		am_device_notification_callback callback;   /* 12 */ 
		unsigned int unknown3;                      /* 16 */
	} __PACK;
	
	struct afc_connection {
		unsigned int handle;            /* 0 */
		unsigned int unknown0;          /* 4 */
		unsigned char unknown1;         /* 8 */
		unsigned char padding[3];       /* 9 */
		unsigned int unknown2;          /* 12 */
		unsigned int unknown3;          /* 16 */
		unsigned int unknown4;          /* 20 */
		unsigned int fs_block_size;     /* 24 */
		unsigned int sock_block_size;   /* 28: always 0x3c */
		unsigned int io_timeout;        /* 32: from AFCConnectionOpen, usu. 0 */
		void *afc_lock;                 /* 36 */
		unsigned int context;           /* 40 */
	} __PACK;
	
	

	struct afc_device_info {
		unsigned char unknown[12];  /* 0 */
	} __PACK;

	struct afc_directory {
		unsigned char unknown[0];   /* size unknown */
	} __PACK;

	struct afc_dictionary {
		unsigned char unknown[0];   /* size unknown */
	} __PACK;
	
	typedef unsigned long long afc_file_ref;
	
	struct usbmux_listener_1 {                  /* offset   value in iTunes */
		unsigned int unknown0;                  /* 0        1 */
		unsigned char *unknown1;                /* 4        ptr, maybe device? */
		amd_device_attached_callback callback;  /* 8        _AMDDeviceAttached */
		unsigned int unknown3;                  /* 12 */
		unsigned int unknown4;                  /* 16 */
		unsigned int unknown5;                  /* 20 */
	} __PACK;
	
	struct usbmux_listener_2 {
		unsigned char unknown0[4144];
	} __PACK;
	
	struct am_bootloader_control_packet {
		unsigned char opcode;       /* 0 */
		unsigned char length;       /* 1 */
		unsigned char magic[2];     /* 2: 0x34, 0x12 */
		unsigned char payload[0];   /* 4 */
	} __PACK;
	
	/* ----------------------------------------------------------------------------
	 *   Public routines
	 * ------------------------------------------------------------------------- */
	
	/*  Registers a notification with the current run loop. The callback gets
	 *  copied into the notification struct, as well as being registered with the
	 *  current run loop. dn_unknown3 gets copied into unknown3 in the same.
	 *  (Maybe dn_unknown3 is a user info parameter that gets passed as an arg to
	 *  the callback?) unused0 and unused1 are both 0 when iTunes calls this.
	 *  In iTunes the callback is located from $3db78e-$3dbbaf.
	 *
	 *  Returns:
	 *      MDERR_OK            if successful
	 *      MDERR_SYSCALL       if CFRunLoopAddSource() failed
	 *      MDERR_OUT_OF_MEMORY if we ran out of memory
	 */
	__DLLIMPORT mach_error_t AMDeviceNotificationSubscribe(am_device_notification_callback
											   callback, unsigned int unused0, unsigned int unused1, unsigned int
											   dn_unknown3, struct am_device_notification **notification);
	
	/*  Connects to the iPhone. Pass in the am_device structure that the
	 *  notification callback will give to you.
	 *
	 *  Returns:
	 *      MDERR_OK                if successfully connected
	 *      MDERR_SYSCALL           if setsockopt() failed
	 *      MDERR_QUERY_FAILED      if the daemon query failed
	 *      MDERR_INVALID_ARGUMENT  if USBMuxConnectByPort returned 0xffffffff
	 */
	__DLLIMPORT mach_error_t AMDeviceConnect(struct am_device *device);
	
	/*  Calls PairingRecordPath() on the given device, than tests whether the path
	 *  which that function returns exists. During the initial connect, the path
	 *  returned by that function is '/', and so this returns 1.
	 *
	 *  Returns:
	 *      0   if the path did not exist
	 *      1   if it did
	 */
	__DLLIMPORT mach_error_t AMDeviceIsPaired(struct am_device *device);
	__DLLIMPORT mach_error_t AMDevicePair(struct am_device *device);
	
	/*  iTunes calls this function immediately after testing whether the device is
	 *  paired. It creates a pairing file and establishes a Lockdown connection.
	 *
	 *  Returns:
	 *      MDERR_OK                if successful
	 *      MDERR_INVALID_ARGUMENT  if the supplied device is null
	 *      MDERR_DICT_NOT_LOADED   if the load_dict() call failed
	 */
	__DLLIMPORT mach_error_t AMDeviceValidatePairing(struct am_device *device);
	
	/*  Creates a Lockdown session and adjusts the device structure appropriately
	 *  to indicate that the session has been started. iTunes calls this function
	 *  after validating pairing.
	 *
	 *  Returns:
	 *      MDERR_OK                if successful
	 *      MDERR_INVALID_ARGUMENT  if the Lockdown conn has not been established
	 *      MDERR_DICT_NOT_LOADED   if the load_dict() call failed
	 */
	__DLLIMPORT mach_error_t AMDeviceStartSession(struct am_device *device);
	
	/* Starts a service and returns a handle that can be used in order to further
	 * access the service. You should stop the session and disconnect before using
	 * the service. iTunes calls this function after starting a session. It starts 
	 * the service and the SSL connection. unknown may safely be
	 * NULL (it is when iTunes calls this), but if it is not, then it will be
	 * filled upon function exit. service_name should be one of the AMSVC_*
	 * constants. If the service is AFC (AMSVC_AFC), then the handle is the handle
	 * that will be used for further AFC* calls.
	 *
	 * Returns:
	 *      MDERR_OK                if successful
	 *      MDERR_SYSCALL           if the setsockopt() call failed
	 *      MDERR_INVALID_ARGUMENT  if the Lockdown conn has not been established
	 */
	__DLLIMPORT mach_error_t AMDeviceStartService(struct am_device *device, CFStringRef 
									  service_name, afc_connection **handle, unsigned int *
									  unknown);
	
	/* Stops a session. You should do this before accessing services.
	 *
	 * Returns:
	 *      MDERR_OK                if successful
	 *      MDERR_INVALID_ARGUMENT  if the Lockdown conn has not been established
	 */
	__DLLIMPORT mach_error_t AMDeviceStopSession(struct am_device *device);
	
	/* Opens an Apple File Connection. You must start the appropriate service
	 * first with AMDeviceStartService(). In iTunes, io_timeout is 0.
	 *
	 * Returns:
	 *      MDERR_OK                if successful
	 *      MDERR_AFC_OUT_OF_MEMORY if malloc() failed
	 */
	__DLLIMPORT afc_error_t AFCConnectionOpen(afc_connection *handle, unsigned int io_timeout,
								  struct afc_connection **conn);
	
	/* Pass in a pointer to an afc_device_info structure. It will be filled. */
	__DLLIMPORT afc_error_t AFCDeviceInfoOpen(struct afc_connection *conn, struct
								  afc_dictionary **info);
	
	/* Turns debug mode on if the environment variable AFCDEBUG is set to a numeric
	 * value, or if the file '/AFCDEBUG' is present and contains a value. */
#if defined(__APPLE__)
	void AFCPlatformInit();
#endif
	
	/* Opens a directory on the iPhone. Pass in a pointer in dir to be filled in.
	 * Note that this normally only accesses the iTunes sandbox/partition as the
	 * root, which is /var/root/Media. Pathnames are specified with '/' delimiters
	 * as in Unix style.
	 *
	 * Returns:
	 *      MDERR_OK                if successful
	 */
	__DLLIMPORT afc_error_t AFCDirectoryOpen(struct afc_connection *conn, char *path, struct
								 afc_directory **dir);
	
	/* Acquires the next entry in a directory previously opened with
	 * AFCDirectoryOpen(). When dirent is filled with a NULL value, then the end
	 * of the directory has been reached. '.' and '..' will be returned as the
	 * first two entries in each directory except the root; you may want to skip
	 * over them.
	 *
	 * Returns:
	 *      MDERR_OK                if successful, even if no entries remain
	 */
	__DLLIMPORT afc_error_t AFCDirectoryRead(struct afc_connection *conn/*unsigned int unused*/, struct afc_directory *dir,
								 char **dirent);
	__DLLIMPORT afc_error_t AFCDirectoryClose(afc_connection *conn, struct afc_directory *dir);
	__DLLIMPORT afc_error_t AFCDirectoryCreate(afc_connection *conn, char *dirname);
	__DLLIMPORT afc_error_t AFCRemovePath(afc_connection *conn, char *dirname);
	__DLLIMPORT afc_error_t AFCRenamePath(afc_connection *conn, char *oldpath, char *newpath);
	
	/* Returns the context field of the given AFC connection. */
	__DLLIMPORT unsigned int AFCConnectionGetContext(struct afc_connection *conn);
	
	/* Returns the fs_block_size field of the given AFC connection. */
	__DLLIMPORT unsigned int AFCConnectionGetFSBlockSize(struct afc_connection *conn);
	
	/* Returns the io_timeout field of the given AFC connection. In iTunes this is
	 * 0. */
	__DLLIMPORT unsigned int AFCConnectionGetIOTimeout(struct afc_connection *conn);
	
	/* Returns the sock_block_size field of the given AFC connection. */
	__DLLIMPORT unsigned int AFCConnectionGetSocketBlockSize(struct afc_connection *conn);
	
	/* Closes the given AFC connection. */
	__DLLIMPORT afc_error_t AFCConnectionClose(struct afc_connection *conn);
	
	/* Registers for device notifications related to the restore process. unknown0
	 * is zero when iTunes calls this. In iTunes,
	 * the callbacks are located at:
	 *      1: $3ac68e-$3ac6b1, calls $3ac542(unknown1, arg, 0)
	 *      2: $3ac66a-$3ac68d, calls $3ac542(unknown1, 0, arg)
	 *      3: $3ac762-$3ac785, calls $3ac6b2(unknown1, arg, 0)
	 *      4: $3ac73e-$3ac761, calls $3ac6b2(unknown1, 0, arg)
	 */
	__DLLIMPORT unsigned int AMRestoreRegisterForDeviceNotifications(
														 am_restore_device_notification_callback dfu_connect_callback,
														 am_restore_device_notification_callback recovery_connect_callback,
														 am_restore_device_notification_callback dfu_disconnect_callback,
														 am_restore_device_notification_callback recovery_disconnect_callback,
														 unsigned int unknown0,
														 void *user_info);
	
	/* Causes the restore functions to spit out (unhelpful) progress messages to
	 * the file specified by the given path. iTunes always calls this right before
	 * restoring with a path of
	 * "$HOME/Library/Logs/iPhone Updater Logs/iPhoneUpdater X.log", where X is an
	 * unused number.
	 */
	__DLLIMPORT unsigned int AMRestoreEnableFileLogging(char *path);
	
	/* Initializes a new option dictionary to default values. Pass the constant
	 * kCFAllocatorDefault as the allocator. The option dictionary looks as
	 * follows:
	 * {
	 *      NORImageType => 'production',
	 *      AutoBootDelay => 0,
	 *      KernelCacheType => 'Release',
	 *      UpdateBaseband => true,
	 *      DFUFileType => 'RELEASE',
	 *      SystemImageType => 'User',
	 *      CreateFilesystemPartitions => true,
	 *      FlashNOR => true,
	 *      RestoreBootArgs => 'rd=md0 nand-enable-reformat=1 -progress'
	 *      BootImageType => 'User'
	 *  }
	 *
	 * Returns:
	 *      the option dictionary   if successful
	 *      NULL                    if out of memory
	 */ 
	__DLLIMPORT CFMutableDictionaryRef AMRestoreCreateDefaultOptions(CFAllocatorRef allocator);
	
	/* ----------------------------------------------------------------------------
	 *   Less-documented public routines
	 * ------------------------------------------------------------------------- */
	
	/* mode 2 = read, mode 3 = write; unknown = 0 */
	__DLLIMPORT afc_error_t AFCFileRefOpen(struct afc_connection *conn, char *path, unsigned
							   long long int mode, afc_file_ref *ref);
	__DLLIMPORT afc_error_t AFCFileRefRead(struct afc_connection *conn, afc_file_ref ref,
							   void *buf, unsigned int *len);
	__DLLIMPORT afc_error_t AFCFileRefWrite(struct afc_connection *conn, afc_file_ref ref,
								void *buf, unsigned int len);
	__DLLIMPORT afc_error_t AFCFileRefSeek(struct afc_connection *conn, afc_file_ref ref,
							   unsigned long long offset1, unsigned long long offset2);
	__DLLIMPORT afc_error_t AFCFileRefClose(struct afc_connection *conn, afc_file_ref ref);
	__DLLIMPORT afc_error_t AFCFileInfoOpen(struct afc_connection *conn, char *path, struct
								afc_dictionary **info);
	__DLLIMPORT afc_error_t AFCKeyValueRead(struct afc_dictionary *dict, char **key, char **
								val);
	__DLLIMPORT afc_error_t AFCKeyValueClose(struct afc_dictionary *dict);
	__DLLIMPORT unsigned int AMRestorePerformRecoveryModeRestore(struct am_recovery_device *
													 rdev, CFDictionaryRef opts, void *callback, void *user_info);
	__DLLIMPORT unsigned int AMRestorePerformRestoreModeRestore(struct am_restore_device *
													rdev, CFDictionaryRef opts, void *callback, void *user_info);
	__DLLIMPORT struct am_restore_device *AMRestoreModeDeviceCreate(unsigned int unknown0,
														unsigned int connection_id, unsigned int unknown1);
	__DLLIMPORT unsigned int AMRestoreCreatePathsForBundle(CFStringRef restore_bundle_path,
											   CFStringRef kernel_cache_type, CFStringRef boot_image_type, unsigned int
											   unknown0, CFStringRef *firmware_dir_path, CFStringRef *
											   kernelcache_restore_path, unsigned int unknown1, CFStringRef *
											   ramdisk_path);
	__DLLIMPORT unsigned int AMRestoreModeDeviceReboot(struct am_restore_device *rdev);	// Added by JB 30.07.2008
	__DLLIMPORT unsigned int AMDeviceGetConnectionID(struct am_device *device);
	__DLLIMPORT mach_error_t AMDeviceEnterRecovery(struct am_device *device);
	__DLLIMPORT mach_error_t AMDeviceDisconnect(struct am_device *device);
	__DLLIMPORT mach_error_t AMDeviceRetain(struct am_device *device);
	__DLLIMPORT mach_error_t AMDeviceRelease(struct am_device *device);
	__DLLIMPORT CFStringRef AMDeviceCopyValue(struct am_device *device, unsigned int, CFStringRef cfstring);
	__DLLIMPORT CFStringRef AMDeviceCopyDeviceIdentifier(struct am_device *device);
	__DLLIMPORT mach_error_t AMDShutdownNotificationProxy(void *);
	
	/*edits by geohot*/
	__DLLIMPORT mach_error_t AMDeviceDeactivate(struct am_device *device);
	__DLLIMPORT mach_error_t AMDeviceActivate(struct am_device *device, CFDictionaryRef dict);
	__DLLIMPORT mach_error_t AMDeviceRemoveValue(struct am_device *device, unsigned int, CFStringRef cfstring);
	
	/* ----------------------------------------------------------------------------
	 *   Semi-private routines
	 * ------------------------------------------------------------------------- */
	
	/*  Pass in a usbmux_listener_1 structure and a usbmux_listener_2 structure
	 *  pointer, which will be filled with the resulting usbmux_listener_2.
	 *
	 *  Returns:
	 *      MDERR_OK                if completed successfully
	 *      MDERR_USBMUX_ARG_NULL   if one of the arguments was NULL
	 *      MDERR_USBMUX_FAILED     if the listener was not created successfully
	 */
	__DLLIMPORT usbmux_error_t USBMuxListenerCreate(struct usbmux_listener_1 *esi_fp8, struct
										usbmux_listener_2 **eax_fp12);
	
	/* ----------------------------------------------------------------------------
	 *   Less-documented semi-private routines
	 * ------------------------------------------------------------------------- */
	__DLLIMPORT usbmux_error_t USBMuxListenerHandleData(void *);
	
	/* ----------------------------------------------------------------------------
	 *   Private routines - here be dragons
	 * ------------------------------------------------------------------------- */
	
	/* AMRestorePerformRestoreModeRestore() calls this function with a dictionary
	 * in order to perform certain special restore operations
	 * (RESTORED_OPERATION_*). It is thought that this function might enable
	 * significant access to the phone. */
	
	/*
	 typedef unsigned int (*t_performOperation)(struct am_restore_device *rdev,
	 CFDictionaryRef op) __attribute__ ((regparm(2)));
	 t_performOperation _performOperation = (t_performOperation)0x3c39fa4b;
	 */ 
	
	/* ----------------------------------------------------------------------------
	 *   Less-documented private routines
	 * ------------------------------------------------------------------------- */
	
	
	/*
	 typedef int (*t_socketForPort)(struct am_restore_device *rdev, unsigned int port)
	 __attribute__ ((regparm(2)));
	 t_socketForPort _socketForPort = (t_socketForPort)(void *)0x3c39f36c;
	 
	 typedef void (*t_restored_send_message)(int port, CFDictionaryRef msg);
	 t_restored_send_message _restored_send_message = (t_restored_send_message)0x3c3a4e40;
	 
	 typedef CFDictionaryRef (*t_restored_receive_message)(int port);
	 t_restored_receive_message _restored_receive_message = (t_restored_receive_message)0x3c3a4d40;
	 
	 typedef unsigned int (*t_sendControlPacket)(struct am_recovery_device *rdev, unsigned
	 int msg1, unsigned int msg2, unsigned int unknown0, unsigned int *unknown1,
	 unsigned char *unknown2) __attribute__ ((regparm(3)));
	 t_sendControlPacket _sendControlPacket = (t_sendControlPacket)0x3c3a3da3;;
	 
	 typedef unsigned int (*t_sendCommandToDevice)(struct am_recovery_device *rdev,
	 CFStringRef cmd) __attribute__ ((regparm(2)));
	 t_sendCommandToDevice _sendCommandToDevice = (t_sendCommandToDevice)0x3c3a3e3b;
	 
	 typedef unsigned int (*t_AMRUSBInterfaceReadPipe)(unsigned int readwrite_pipe, unsigned
	 int read_pipe, unsigned char *data, unsigned int *len);
	 t_AMRUSBInterfaceReadPipe _AMRUSBInterfaceReadPipe = (t_AMRUSBInterfaceReadPipe)0x3c3a27e8;
	 
	 typedef unsigned int (*t_AMRUSBInterfaceWritePipe)(unsigned int readwrite_pipe, unsigned
	 int write_pipe, void *data, unsigned int len);
	 t_AMRUSBInterfaceWritePipe _AMRUSBInterfaceWritePipe = (t_AMRUSBInterfaceWritePipe)0x3c3a27cb;
	 */
	
	int performOperation(am_restore_device *rdev, CFMutableDictionaryRef message);
	int socketForPort(am_restore_device *rdev, unsigned int portnum);
	int sendCommandToDevice(am_recovery_device *rdev, CFStringRef cfs, int block);
	int sendFileToDevice(am_recovery_device *rdev, CFStringRef filename); 
	

#ifdef __cplusplus
}
#endif

#endif

/* -*- mode:c; indent-tabs-mode:nil; c-basic-offset:2; tab-width:2; */

Implementations Libraries

Need to be writed...

USBMux Protocol

Resources

The dev team's page on the topic [1] iFuse

USBMux Protocol

Resources

The dev team's page on the topic [2] iFuse